From 9f4560941bd7a6c9d41efc36553d7dcc4a503286 Mon Sep 17 00:00:00 2001
From: Kristof Gyuracz <kristof.gyuracz@axoflow.com>
Date: Mon, 9 Sep 2024 14:25:50 +0200
Subject: [PATCH 01/11] feat(charts): create helm chart for telemetry
 controller

Signed-off-by: Kristof Gyuracz <kristof.gyuracz@axoflow.com>
---
 charts/telemetry-controller/.helmignore       |    23 +
 charts/telemetry-controller/Chart.lock        |     6 +
 charts/telemetry-controller/Chart.yaml        |    29 +
 .../charts/opentelemetry-operator-0.68.1.tgz  |   Bin 0 -> 80883 bytes
 charts/telemetry-controller/crds/crds.yaml    | 24307 ++++++++++++++++
 .../templates/_helpers.tpl                    |    74 +
 .../templates/deployment.yaml                 |    86 +
 .../telemetry-controller/templates/rbac.yaml  |   247 +
 .../templates/service.yaml                    |    16 +
 .../templates/serviceaccount.yaml             |     7 +
 charts/telemetry-controller/values.yaml       |    53 +
 11 files changed, 24848 insertions(+)
 create mode 100644 charts/telemetry-controller/.helmignore
 create mode 100644 charts/telemetry-controller/Chart.lock
 create mode 100644 charts/telemetry-controller/Chart.yaml
 create mode 100644 charts/telemetry-controller/charts/opentelemetry-operator-0.68.1.tgz
 create mode 100644 charts/telemetry-controller/crds/crds.yaml
 create mode 100644 charts/telemetry-controller/templates/_helpers.tpl
 create mode 100644 charts/telemetry-controller/templates/deployment.yaml
 create mode 100644 charts/telemetry-controller/templates/rbac.yaml
 create mode 100644 charts/telemetry-controller/templates/service.yaml
 create mode 100644 charts/telemetry-controller/templates/serviceaccount.yaml
 create mode 100644 charts/telemetry-controller/values.yaml

diff --git a/charts/telemetry-controller/.helmignore b/charts/telemetry-controller/.helmignore
new file mode 100644
index 00000000..0e8a0eb3
--- /dev/null
+++ b/charts/telemetry-controller/.helmignore
@@ -0,0 +1,23 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/
diff --git a/charts/telemetry-controller/Chart.lock b/charts/telemetry-controller/Chart.lock
new file mode 100644
index 00000000..a27ab4fc
--- /dev/null
+++ b/charts/telemetry-controller/Chart.lock
@@ -0,0 +1,6 @@
+dependencies:
+- name: opentelemetry-operator
+  repository: https://open-telemetry.github.io/opentelemetry-helm-charts
+  version: 0.68.1
+digest: sha256:39aeb55ab857b7c6aed36ed56825444dd8143b772288c7dcfeb4227cd19d6461
+generated: "2024-09-02T16:06:49.084247+02:00"
diff --git a/charts/telemetry-controller/Chart.yaml b/charts/telemetry-controller/Chart.yaml
new file mode 100644
index 00000000..4b7b4e48
--- /dev/null
+++ b/charts/telemetry-controller/Chart.yaml
@@ -0,0 +1,29 @@
+apiVersion: v2
+name: telemetry-controller
+description: A Helm chart for Kubernetes
+
+# A chart can be either an 'application' or a 'library' chart.
+#
+# Application charts are a collection of templates that can be packaged into versioned archives
+# to be deployed.
+#
+# Library charts provide useful utilities or functions for the chart developer. They're included as
+# a dependency of application charts to inject those utilities and functions into the rendering
+# pipeline. Library charts do not define any templates and therefore cannot be deployed.
+type: application
+
+# This is the chart version. This version number should be incremented each time you make changes
+# to the chart and its templates, including the app version.
+# Versions are expected to follow Semantic Versioning (https://semver.org/)
+version: 0.1.0
+
+# This is the version number of the application being deployed. This version number should be
+# incremented each time you make changes to the application. Versions are not expected to
+# follow Semantic Versioning. They should reflect the version the application is using.
+# It is recommended to use it with quotes.
+appVersion: "0.0.9"
+
+dependencies:
+  - name: opentelemetry-operator
+    version: 0.68.1
+    repository: https://open-telemetry.github.io/opentelemetry-helm-charts
diff --git a/charts/telemetry-controller/charts/opentelemetry-operator-0.68.1.tgz b/charts/telemetry-controller/charts/opentelemetry-operator-0.68.1.tgz
new file mode 100644
index 0000000000000000000000000000000000000000..9580e2bcceb306db6121c8c2b62225b5a25a2777
GIT binary patch
literal 80883
zcmV)vK$X8AiwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc
zVQyr3R8em|NM&qo0PMZ{ciXnsDA=F%SK!LM)40c?B)^hseLZ(Mj+<uMBpy3$*SGR@
zY>0#;)D*!2plqEs^S95!iv%e?Wm$Go@~qRyBpw?Z8~cTg4HBY&BOlEXr^_A*5rv%4
z{^<--?kwTl|LXqFU@#aQA0Eno2ZKTO-@)_a<FAH?$H&9Nql1H^<F5w8qvwZ*UxC2}
z`mTH;#v%P`aPPjdgZoS#7~)?MWtapbu-NawFpU2kIK#nnXVCEwb14qFeEB{^!3RSx
z;x9=r;78=ofh&jxOb7)(MPoz*#1ZSv$Q+HpjPsC<`u!BSIhgc2*cHv1?-brTQ_N@4
zIAVypB;Y9Ej!Wi!H*hC?Nck<HH+}eg_+kRTdp?;=kUJcIH}Qst!^7vtFZR)Q=m5F{
z_r;6hb9dYiDft7roTWSNi%$D4@d-_T=!p+K`N0W;X=e^`z#$G0Wus0H1W=6S#P`wN
zF#gk<V@{XwE`IR`q$D7d$#>7=S09!>q5?+|pLNu${Ds$HB%&^oy&0S+d`KjSO1)$l
z1#R$Uh(-X0p^sfCrmeF`=Jfc5GwdYuU$Fic(2o$?5CbS*|NDnW`_D7$|9F3J(60Y&
zJUieOn!w2CKux(^zWGGqbaudp8D;=80KtEsy#2X1A#@HoM;@49ABh65kn2N=zyeYX
z$39|!6EH>~gp45%;D8gbBoPH1%|jn@#GFotB1x*JBntQl3_G2j9dJ&`0(%HRxr6`?
zK<Gmk0Wv874?M$x>qnmGa)uN$`i23Dd;}Sit?W9TogKOU-Y*cP*h3@G?aJ<ch<twu
zh<+_wko`VGceNUwM82Qf@CBM6iUI+7fB>OjPACElxfF4OoJgSNc7_5FM!t`ODZq0$
z6_Y{99KeXrP{74nMjoIjBn)#xu|S<HcOLovrD|{lKK?GdO*k-c{fKcyfky;811y?M
z@Lfm0eI;LxOd-c7F7!K{9dJtKa}od_j*&0ngq|n=@qIuz@)NvMq?wij&IA!jFrlCk
zGsjK`dL9;>2>L(E21nqpPimTp2VP-DBPn0N%gCD|4qOsU@HC=|d+qFWLT^0k0I;(I
z&H_PJeGfD7FMvfYP^2o0N*$p7Mk6qRK0~Udw>ZG_XbysCK1Q@3BI=@m!>OdPka%Ls
zAqQ+mB46NLVb7f*FY=LR8lL0eWC5`+pb@mInud3Enx4a@nEpBR5QqY3nu(i+cfTZW
zV~R2>qd*kTVF0Iy3LGlYrHBc@z_X@GAXS$Xh?Pae50DVpas;L`mkKFeOYRhjBhe^_
zQwcu+F7bWjazfwacPR_$3Pu9~fP`=!zNFZjq8jz&Zw~1c@e^NAbiMB6Zy0g%CSaUK
zb1`LthODZ8zy(yla+|Rm0w5qB`h(Rj9xnNe1htEMga?S%E)GNJ&d`sXhhFVEg5M+X
zngE<e2w+hd63PWv7HlzQ1(*T7Fg-9{0#At+$23L&lB*YBz9*Pos<I<6pXtb%5->rK
zM-+jnWF(@cDXBSv9q@y${8~sFAOsTxE}73^&qF?*W5KF?%(z&Wc1Hkvg5^#yqRf#k
zol`WycL1u-x0uhsH@$BJM>MQRBgHN*Sb3_(zrGP7ARr)A&D~<(H%Lj<KLJ9b#IP-(
zk3AbG;KD%gjtPkZ56lp?l<cMoV}I<EabK{vet0wOYdi?3?cdInbbvvU#HYrx09sSI
zXcxQeoKQXjF9t6L^6f1e&j`6uZ@)V{Jdkf^2>N{XpSY}GoiTq>&B+;x7myo9BQP8c
z=KAkBn#+kF?!S18^}8K_!Wo()3jH4Ago=d=jt2TWMSn(!RkwJ2SgXOE9dP1#3?#x0
zpkRS12?PNrDv&CQoGCba_v_WKCl@18?n)|L9Uy)yfX?2Xy!`p>>bJ9(KfZte)8z<s
zIgL=aBMG9{1E*4k$wgzB{3W6b?4lFb6}nRg0G4{8+BLFIw5E7L5D>M%lpvM^-2v}y
z?MJU&r3I0Re5V_Ss&Viv){@9XDRpA`Lf@B7?<yWBjh(I<gpu9`?6)Kki&yHL=akG5
zpP`5uDgw-<Fht3qba6E(wP?IVq6;KhGock1qBvB#L)E|?r_j<y;udW5l+@2dqK5n|
z@Ir!vgwT3&k&MiD-PbQd?c)S6#DzvFK#>e1@N~h8<fYPx%HY|F*MAtJQpj$PxXgOh
zmr6J9r&O%WUppF_EA?8h9RrI}GLzw6WWFf=m01`zPB}@@@GBJhWGR+R2LLbr<75TD
zjat<hvX(@qJ;}Me)m}p4**Yo!3GOZ;9~DyHl#(b+aI<5Ut64}i^0j$2SF<Lj)q+?F
zbyZk&6cbNQUxxQ&h&{cIL?ZzDh;pVYC72W6GPIv<)5dMHhF5V~x;8Tnlkp$O<;|C9
zaWmPKDoN?LnJ7%t`is`}6~hD<FHcTEi0B+M7Na57Uzr0g5ds%yC$HX~Ide}>Efuz^
zvWtZR6Pq3vW9XhIZKW)cpS6^?P~`d;KsuGGkfd$1LQ#fhc6MaP=nl?9VI=f=3cGs%
zaaVLNk$6I_#Tm0<A3+aMfW&}=S~o}T3<j9ZWs@N#Tzn8LX$l2v2Q2h42V*KMAv^)|
z$mclpEd&bNrmxL;rEf6~DMy~8Iu;m{ID$N8SAsz~LNj4AJkicRW4rW({V1^6KXitJ
zzUha>zpj{f(<jWk>8Zi=%wU`upZgu4$9SgSW>&A1h>{#MMiz()L)#Yvk){B11);|Z
zufR(h|E9({@lN9MB_hhqb*$<rQ&2Qo)VWag1V$+F9pkQ1G!aI7T4|9|V?|X_`m(O;
zBkv;CuQV+Ph+d%y4h&h{2?L+pBFk2c2OSbmv3+=Vq6%57QtDFsMwi-2w6lTHzRGp8
zG#ogn0|yQ^3y1t1g&ySSocP#Xj$$qFGDNP>ycxLFjDsR!NT9$&p01+}j4<@E@#iS_
z1ZHL#$Z0BRA@0v^$%|rH;p2(awq&~wI46u@Nw>;*Cu()yPbS?x(0vnNj-fApULeJT
zx_h$!t{~K|qx(`lza<_T0r4RQLHb9aubmi*X7$3pondzd0;Kepv5*FMf#d}JBAcVq
zRm3@(hg^~~T42{OMAiKJz+VDszKN>V0QAH=()cve6Em=H>dtX+p&=Q8eS7&D;cpg@
zV8Sl+{Us3ej{~8~=wD`4D!z0YJ4=|FXcsW#Mild<_=N7bDo4>Iv9oSsA6u+vama31
ztWBX_NW5Om%=)HD`3l|f{tiRD$7iUQ{nDEd+Ji||sm7$>iFG20u5*eP*hf=zCU^!^
zdo{6y0WJ*T82gxGrB>_+RfCey{O*C1pMS37ToOa>(J^#;AtiUqtdmK)l|&gKI?qLk
zQ76l83!P1WMo?}EjVTP=|MW9mC2pF<z!@G%uaISV$}-xPR2F8nEqPRCOXk{&N4b{b
zx<Y()gsZ}w`>f~UaE54)MVKSDr(e!-(9_#GrJ}y2Y)#oGp4PpLKZ1cdyg`78=^%m`
znJHJk8kbOtT<$MHvdf`#c<Hp6BCd8b#7w?Vwn(JUYzd&xVsDo;ow0{pC@kbZw6Y~8
zI<?A9jb<sCbjAk>PA|S;9caezn;ycbvtr(Bb4RTOwG<{0`w=xV4g3JHuh32rf0s7U
zl@MkHF#BYRU4R22eVA71df?48AQbJ%I!Rf~WWPP3*(qKwxU$6E7-^urJur@Vs<T@X
ze8WWv)l#fE_9WOvowz<>$N_JZpF&Tt><}{$5Mf_KZ@H&@@2)fmEGQgh_UW~r!Im0b
z$M*La@0~F@BQZz8H10QmbELtR8)n*97ioK+P)`~jn5|Zoqz8Rp`BU_+%r~nACH6%>
z%F$@e;AzA-ndAQ?XyAB`NW_I6VfIAyt4rjPz+*x?(zOl$XGmK)l1?Qs%A#VrUlu|a
zUFuSL$*K~mm#WpKp2->V=RLXE#w_Qgeo^4Wj193J$uos6J&}86J+ZDaMcTt4CgtZ#
zaGDeV@731Pa0Gr~2#Bh0wIaa@n4&=RAW<^uF+2^B2dw7xMBBCI5tHPl1)ro#{d*5U
z{}wJ8;P3`9K}at0)b`*)C|RMhY4;@$IFROJ(r}*jq78R5Z*qAs79k35aG>-}>7wHV
zc#2#_gK|?5{6WT!Y2an-uHP#X{&MX`%*F)OovCKj?+YPGVtrgdG19-KGthK+lJPGj
zpaq^80-nfMJ)_rQ7UNV|Hpw*PIUQ6h`R)j_7~;v&;!*8fK=7K#MdG|N<({FylUuU^
zV0&N=2n93c<1|fK`z90x==LR=2vhg|9qfP)LQ=UxJC<ezL!29v!0u{-k#AJ;1)@tJ
z`J&-d*7}#?l_?%1xRbDwrOK|FgFf&H3HL;AT3NBz3ucCj^#+is6e5a=o*N4;i#ru8
zy?wRxWEhbEBc;3FV+F>$QG%#MtFLui0)~}!s@f4kghpz^)N0ewrIgI^8QN3e%2kmD
zSo@FQ3c#{WC3g*9b@ZO24Orni7qBtJ<%H4*?STN@#%%ruE&FbImJH@RKms6`Du}`<
zg&s0fw6Zm@BWFiXq$E%=#~xg=6?^R9_(*+-m*Tms^$IT8NPI1y@&h&HO0?Vt4JNmA
zE>kluYW;wHv?q|Ge#qBQ{7x1o;<2>WF&<K1&@mq>2#uLdkcp@oLO#=aqIf4!>xf2~
z^IFVp6vWo9i2+fo5HsKrHx`JZqQhoN#g;u^nV^ZQX@ou0hpvkl!@=}Qbj<pqnJDlO
zWgG@73PIU6#v3}ZA=I^{7D|#377f=q6!4Q|4$jZs_E6vwZ*>j~D$UkvMeUH{g_!Ic
zv=p^9`d2GU)^Z|Sm%YHaSY3yIRwu6I`IoLpxeToqW1To>>me?$ysL51OgPIMwE+fB
zFJ4_H<U#Rt#^ZIWnK#q60z=a4p|{Rd=u8|OwFj6S<x;U3*N1GT+C_JmNf}TetWPgq
zN%m~(k;>I5dK3CD^rcd)ohDK$#k8!cM0;$vp}zfc{`%tN)th&(g$6e`Iv(^m=?#va
z4-&t+hd9JOb2={dRxKX^thGZLDuu`c7ev@>V%dvdFR>J|0{I<E)OJp-W=<6flh&*k
zcB5|cdbMphncx8PrKA^5d_)bEef+%>5HGDza}pAtOqZ9Tn5a`CEJ7%^6-DtGVf-DE
z@vyNkYX?Y&s8Xne^<%=7s92DMVvd<o0ra2CQy(&x*no=8ZEGCNi0?7cSkFfb<j2-J
zfSgl2j=08$s{+OnkC35rNk$uXFLbg#gAM>R3QpK-N}_NCj*pHG_RYI@B)A}i$5Kwd
z{DmQ!l$)e0b~s}E2MXs%qPN&*HICSFOzslrl-gbGJa$-T?Wa8cSCG#fI)5+{+@p`u
z_}~5ggTdi26aV}C@Nn41|8C>?OOkH)Yc<o|5$KvlDki<B34qXP-=lEC`}>38cfG-P
zeO-P}SI3^II_mee`%=mY^INoLO7mriL~-RVFmJVH*%hqM6vW(@CB^aum#HqbQ7`)a
zsGYL%Z4ybWOUn0lXs-P}8$WA*OGU`qA3|?z|EY~r`&G&XZhu&D;H5gGUg~clpK<`Y
z$h<Z}#eQeWmJ}K+5tA-nAZhGEmcU72BP&Vlj~O<d>eFViX&j|vg_TYHyPo&t>p2zd
zietpOS^(-Iq5a{nq+xAPrCw^%i%+-+YWsyn(u_;OvLj|Rt(>@X8S2cUvC^5WkpP?6
z$AtI@2Hp7UCu_)4pNyfu3Rq^P<kn4*d|?YX;3!R`Aid}YS-8#G`ylQ6q>uDEOpvP<
zI!mob^9)mOe$O38YKaz(gK>(3Y4I?+EBLp^VfV4lIJ(^$1IZo*c&Nc-`+2YdtuV>L
z0YOUPvUofne=i$Pwwr?SV2<X@k`na>`tkP~15I=M^`|X$n4)kFtBz>oFLxn)s`x}9
zWGgsJO+e_43viw*Y!kHU;DXgJ_Th-!@2L|G8CuN1P|f%g9OVmuEWml+KpxLtg&d^u
zngc}An2loX8O+6UT%(kb&0_}xrk~$e-hQf@nnFyF0KK1-!jWGwZa|~*W4vfUH;8<{
zy9#6puuc1lg<W-L_rYMAcv~E%o*W!@N<d5zec6&NSZY~%9@d$#jP(1IFBOb_|3F+f
z4p?4;^GcDK$5_*+tnx}^PgLcV$vZ-oSFY&HR9;#807>3=8Pk*Z0R@Y^*XaWfB_(vM
zd|rv%p!2fM%1fog$_q+p+a~X0Dv&uB6(-In?_)aPHLpZ&$ZB3e9V(ZPiL_z2Ezzwg
zzEX1MF3Gr5@zP8hTG31^gm&pdwMrS^VL>~pb2#nhGu495>mxX>Qi13^h|9`>N(FhP
zbg`YY+Hl4g)ex0WNnE>@J{6bV#F^Lp*)z{ta$6F`6PW=Hrw@Yq#lZRQz!|KKz1%NF
zE4*Cch>NA@e>22UImzXS_*73l&8PrdW|`^UTi*FZR_+7yPQsC&q57B*<lY^{<CZt-
zYRypl<XK~_xvyq@8{m8^rp=alU$+02`#q7h`M}(-<!rjzmeBU_Jgo-5x)-O)b+Bxi
zTjjyfa;zt^=30)`a;zuCu?k(iTjp9taBPHg{Q(zc6w_6Sy~;|cTwY}*RQj&65>rz4
z)yn7fWca7VTkW-9N)U1BYQjhwwh2VQQgiXwA_}W?4Y8KMR3zTaQ!q_&1I?!^u3B^2
z;_?l|UtFgVBads<XXr^s_YsS6D~<SkT&sKr%~Q<x%~L_Zpsx5#3O@?=Ym3#m`Xi&g
zv_utGsV9cx;<d$bT%%Mh$55`PjA=>rM0m1-rsc{lS5CLma^;pQXTN^QTv=NOPlPKg
zXj-n^a^-X@Emv;2a`x+&%$2oA=814+1x?G9TdtgLrRB;kSI&O@lDYDfJQa>SB`r5@
zxpBIcmK(R+IQ#WW=EnA};}c=a3Z&jlz|=D6mO-amX&H3OptD~;dj_5R<(^?g^<p;~
z4Yqoqo7lSCB1m=p_FDw0uG4CZAl0$hwg^rmm1Wa#<*(Fwp?0a0(v{(Lr4pfr1jyu;
zvHIRbwu%BA)kB0j629dCL)qy@q6w`_5z7MltXmSxidoktKAE^bdxW*Eg8YnBE5!>l
zRIN6g%Bqln^bjGy@!gh1&wA#SO#@E^krqe~fynqe(4uEOMB1z5i6GJf>47M6xGo|e
zLZ3|Y1hHOf)4iaH+H+et?wV3Iz9wkf0w%fFtiF(W1m3RhO?oQM9tF)BZk{#0E;7sh
zW}Pl>7(I1+-wmU!*!#o5V7^UPi@LSzsbgPX=(v>$*njaBZ*vA#ZeD!qld%HuR_5hs
zu)%5BrZY@2H?^>vEXX>PxaO9Hxz+8dh_LvUxmJjk)@p@Vet)eH%hWnPY-QL=N39G?
zAla4-t0u&4Z|c-F-s%szzR2E;OkNAJ@`<>YQyvA2Z9583u&8hm6v+J|)MnYxLr~t?
zyOWncpI!ZS_VUN~?|-@!y$LnsUbzP{sb04{4e8!DvNKSaI6W?5-A?voy!{o~)8lgW
zvZ%+!Yh_bU8gH6aJ+9eEn#K1b7Cmc*QCZXaM9dQVX1&c@CTZGgB(T>#`3&a`X!K$8
z(8vpT_4SdOjR07fusYRF!~Bbz%|`nWf+6M}<yL8SiQG$QXEK22Q$?M1R=K)zMTYLT
zY+2P281el@MOagL!3z_M>q4+JHMuUNcW=%DFC>|JpjH5vH)7%-Hye4XxeKdkPRU#z
zQco%sUhR}A)<h&V5lC5uP2E6SgN-&>-xac`XdM?a$rQQNL|hFSR9gaNkd^>b3vsoj
zPZQZwQ}Ps}w7y{90!kZ-^e2ka6;@OeuX%S-Wr`NxOqFdjC$uC6s1|PHTdOJ-c{6RV
zk-le-<D{+&s9CJM4%Vu2`&4L)&Hd4)-@1;tbzO05Ipgvo%bI!M*7d<9tEZkLu8u3N
z${AO~huY8~mrQQm(Uh1B72q|&^Y%e+&OB}HY?FL5bzkOXh+I5bf~mZZ-v>#j8)Co7
zm49nWkBgdUsEvdo6j)c)Cs+`spPByBChMT11~PKq=Nl_^)}f_ZmsxCCWwN%4)JX7`
zF1fl(?NcFkGs~sCHx<1VkGP6kbg!=Fh{LPo?(?gVcvk`O(3SL6l&$-6<wPcMmVk)S
zix#W&ywHa(nj`5%?SB2&@Y5Q&%3E0<^ElKBOUpCS^RM9AvWqtthz*42)l!!$73DIQ
z_~YSh6@n*?u*}_TTR&9beMX3?a1A^hj_SAp9veOBOZv8rqg3x3*^8=jE&|Y<QWAxA
zR2TtNX}LO%$|t(}RnOD7)$Oka{>G-3WbrM-=2<hViz21kNUSzW8rTyniCrWxHPKge
z{rF13MtIIuoRVkFgl6_?d?MS7HcStat)ZHa#YGb?A;76*M+Nmxs+g2{n(dL+A8F(0
zvw9pUuGWY%C7rF!q2eai@_AKrEc0w88ZeiL8c#`0Z?CS^#OG@|N^K0}z}#?d8f^Z@
zbs7Z$#I@=M1DL1zq}4G9R+@MUGgsS|SZVYLPhV+?4TpLrEVL$TD_rjPrn-u8ucraj
z-{IYw0?=@u_sPc@wV_<4rE8-&_sczFjcPCN#2zViy*E>+8!?x48Oyp%r2*GyK>hcM
z(o&IO7h~w2BRa>7)$`DmYqRyV*JS<tHbZ=ds0`IJ@pFL9NaTAa%=F^r$tegE5W$4d
z<i2amiCkn%)KhGW71^4R>S7j8XvvOOE$h05Rh`4&MZXnpsVYOd9+nCW=Xxme5%dr}
z6BCC^@;W_`6EEHSMxA)Avn<v4mYikx2^N1?@mC00P1d{+lkGzPoOmY@C(MODDvG0h
zu=SD)#I}6j@&a?g<GqVGVMs~wIlMdZeR5mg=o|+%N=2auIXWjkc9-qSPB;FUyTS9Q
z>S_4Ib0GWj9OTw2eIlk?0@3GVxz%HEPX)m-L|+7gQ?lWSpxB1#LAH2Q2XCw5oOJ0q
z4lYpWV;63Df5rmyi6;n1Al*u40HM8YHDiWF0gY#(UQ)ogTJ7Y3Nk<v>WI)}<RP1kR
z7D`KO*lC|ySBjV#6G8dFpRS)WUtuhDTBenp`qFxHVyE$h)t;<-`5Ofu1(V&fhf(H$
zQeAH%v+{l2gbcY6#e8{60*>w;A*({F`==B0mwJ<FrD9!o@w_Z6P$tRvbmmeAlRgPi
z(2Eam_w$c(7rZXQmrhW=7&zY@ID=K0o9l)*p6oYGMnO38Gr+|S^(5EA;|eI707*hP
z4_{L3O;IB-D?q5%xeB-!tkQ)|@w5>DV8qFrfN>hlQJ}V8DuAfG-JyQw`|_;!MeD7`
zZ4M6&LXF!S9vXxiw>3O82o<+8JaqSUZ)4aP9JLly=BkCf?y7DfsGIM)cCPC>d9K$?
zXk8;MSk1&+_0oYA5ksvsV9g;ZPXASp8cK6~)lO`6pA1$tlB85`y|0}KrLIL%Gf<%B
ziNA*D{py|eTl-W{<&l{C915w2-O8Ah`tc|YEX+0HP}Ye-Db~x^BB^@o+KPzC!)fh!
zfQpUP4eX%SqmX9afO?*QdR~C~9)M=ne=W<u-fSo4eE|ydOy7*zmv9fOhwe=@Mi(zn
zPR}X1TOEA4p<H4hrw!v&C;4V^x!b&CS6dsXg-TB8+NpuaREZ2VHrSM|^0-%SLO-Af
zr`Be3Jr7P{a7I1ZRpD%S7`Kh=bR)4BwQg4}zE$-RLLVC3n!2U@f=zEnZJ1T?&j>CZ
zO!{LA1NT3D!I^q=4BcKR8DMDx>uqb+xf69uxUGHnX+xwg2F~y(&)sD|Ti%CA+uRk?
zUTu+=4zado{#oDsCsFmJ?&?b*dLs9t#Q;6Xt!VeSUhW}Qn2r5H*xH-R+MCPTOJCNC
zWZBlGFGuaAFS?^I;^wl_5*rR*(eCV{_KK`j!|fGWUof|9dF5mB%8g!-^%$)3pLP#Z
z4cYKW_b^pX#g=YiYR|UXPaD@4mwM2+zN%EX%>w_{@~>6;*4A*MRXQaeKFp+o<83j_
zq?E&LGRUNAGkV?KN$Bas1iz_3qt#(=Xoqs8qqTM^3-3VdP9XLpYWA4(F+>r62j>M_
znO^Q@WdP^soT3T7%lpdl9Fd4$B9{ck^;rmAbcs}WYhEFR*|HKYqWmokV7_BjhIqb~
z`P4Z&MKq5u%O-xne(vaR(6Z>03yZ$wWD_n#d#yq`kR$c^0r!I|Zl-&{?ch2$&~0Tm
zSWjW8gTJO@-@-$2kmBmi789bfr|39GlOXzDNcpbFRbCG%X--m!mQq8ohT)e+N~-fs
zP)PR&i2Z{7q`Io1;hS5=Mbh&|5OE(QNb#`!)YhBXR!kFgJ{GpW;Zkpz#l^R?f8SvF
z#SJvu$$v8q2ra$8Ve8wB*_kMXv8K&!=}lYa8cENO&NVXX;pQZ4(P@EnEJ~{PO(0`9
zxCb&;HQ_Du(-i=oj+>#{CfG8r(!D=vMA@d%ma$}Yy{*hrn6U`a3p6P!B;djm>_T2)
zon@M>OitdWj(WmL;c8LM6WOzk0s12H>J+TECxYvI=)MTVud=Ntg7X!?z6f-C5rw5^
zopiYdwpwjVEpsu5h9veMohC$H-c0>#i*1Z`_lL)WS$ExlnE>6sL=$0CJv!zrV5Ehx
zH4Gk9An+k9+j_TAW(DMWtiCayy4RleipPJ;s&BUcZRx)hX}5i=pQalBy!F#~R-X_S
z4NRXA8U=GYM-&t96<jvZg&H5(I5<A4i%Q8HLJ5?TH#h(uTry{)2t7DHS{I*>Dt9cx
zuPC`Pw?#v4;5LyvyIXY6ivB<d`3!IZ81g5*x%8fR;KR?Cww+Q$99!_&nyv6BgO(e#
zd_;8U?f)l%jnfk_jsnkrO!8>2P;PwZbT<BD`>};-06qhBJ<eUqcHd72NvSstLoh3Z
z>*~&@43;RI799jpknpQ)hp+Y)Yvo>QZs#i-jl-NB!u%b$dV5c6Z@kpeglbve%`NY`
zR`>nP>skZMsCi8lwA?vQ6qVf1vEa`An#+~z@S|Emr7q1`3mb|fJ-v8!uh7xdhtDax
zu!Ou4V@p}A0!Ld5E8G}=u0vUr<S3&XqAbz&Ka#SZc--n%3C#5)#u2@EKsvL!Xvr<x
z*guTi;ADaW%pWW-oN2!Xp=C*^RDCa0+wH+|;v-sM^p&2tD>-SG32{q$C>UYU*}8JN
z$(*IjA6`Jb;#jr~&7a-JBh6t*d@@~Lh7>{Xlmv`ZsPnBp%#0TFxBdB@5ysykeoN?0
z@nG}0UOBf*kJ##_V2q_hS-sIAe>5S*L>>_HA!E7G{N=v95+7bRLsO=sbw-u((d7@R
z{LpII3M^cIjgO@kFTb+IS8wSd#($u2j>;+Uehenn$y(}&I>ovzZKTa#nOC9BUs+bW
z*#V7l#Fk@n*Cwje)tX_?hk~O#spBo_bM$6<E2pV+D35vvQ27w5z^{2M+%S}at%!}C
z3Qza5Jsr1W4Y^=;1loP<!c%?y!q8U!;T*kRAWE^9b+W3-Jdb?;QaVqwXZE|HH(teO
zY&zyi#W@a677+VzEKxVieuj6y1kfsAsZaK-&I`QtCFHlA>!(Vup2|*XjVq@%bKO+g
zRa04@YF#l^eN9dN^)xF>sP2_go9eL96;kEbM?J(1R~6SqJw%rk*F!x-mlfARJw%r!
z*FQbTO=b3VPb;4v2#!+1uej=|Bv($YE1qgy?^JcQQx@j(Tsu{Hc4}OpRGnWZKLt=l
zUY%w==V#QZP{InXYN~flQ?|7l*E3ZHAe7!rQ_x}AbxhS)!PK}jr^Xdb4X$6RzIrL6
zOlOB(dEHX!RZDfQS*n4x((9G#U9D8}nx2MNDmA@MsW7`#Gm@w<c8arA)wwpQ?8>BU
zU-hp_sxiy;uSlxC9;y0jq<YsP)xQ#{@;apQSu4E)sXW1$ZDds3cT^THQ{N70oDHuu
z6W%I6DU|A^+3y}k5|?DVdtgainBDHaa=45?)F!kVsq0F_Z>`wB^0>d^n7?}Qep$4X
z#`#sp_|=N<tB&ofjO(kB*s>y?uURZ#ojATcgS9e#uX-S5aeH}aD+swOiPbBP)2kJu
zR}!CB9X6Few%XA!)z$6jhT_10ly5A%sa|(4I@L&e=QbnFa(6;g{=2GVxLq0rC+xM*
z2)iS2d~|fMpJn`_z&jFL5RxCdr%L?7<PytkVUlh?7rhl5gtdifu|K)Ymuyj*{PpSg
z&Zo{-?eir+1%6(R=Ak5!{=4@d&MqB($Jg&;Fc=Ju4-e(PgTWyC?{IkZ{Hx*N@$vBR
z=-}Y!_^ZM2`QhR4D=^sPK#QJ;aY(-!+`F&r;69V*ufKW#Pe4F8aDIh;gqWlE6r8kI
z-mx}mKYi-_^_R@72f826E-v0*{0_dUto99<M~s6p0t|5nTp|Q!oQG`G?@uwGMPtV$
z^YVR&8S>{ncLphE{jpER{W-)zU%x0I<zLQUU!1&p^X|1X_hf1WEZyGHR%K3C4+aIE
z_$7XR?VO4R9U1BJ=@Xbi2F3^lvLY0wqytW8$h`rWGr&0H5d-5TpivOuU^?mmd3meL
zebDR08XWlRFW_7tA3=s>)9US~Phg6;$_&}_1s|6szL#*=#lfdf-A?CM%rI|^HiL_m
z;R6zY8My_Vn9$7s3%Deh;Aun=cpswRgK6Z{Oe=ta2Qpg+z>OFubL(cX@e)J~2UD4d
z;=S(QX{E_idn)<=)eQL|qRio;zh)oh{C{{bJUmGA|NX(i!Jy^;+j#!^tN(51>@F0G
zn(LH`fK23X$yc4uw|&VXd%!~z93armrx{07?SfuX7)Cw^HZwI6#@=cNe+y+gaKZ6`
z{E6q6(PV<}K)0uPbI)SV{ck(^L=233m_)w61b;@*#}kY^0K-rY!|D8nRNJyV7d?m}
z32yGfh#|np9D$#rF`@zDh^fI(F!DVHAk}yFAy2SJKEn(=8!shdUcI{%Wd(a<A#!(}
z&YKC)oLe>Gl7K@TFoi?)4s&peeP0N`hzU3ufD(8OZCyNzDrsEfNsL<aF-EU0Quw_N
z`h6C+^R*nx===Kfo4^<&MKzKYZwk)T%Z9*(6bF0)y8oN?{x|Dp+ESg?r?&i`DH^mU
zSFE1}qD%-w$kYUDYEh+pVbIr~WLYVh;q1t4q^sY*>dyZL6otM}ExP~eg6>tf`2r*J
zISCZNtTw=^xPn-yX%3qy#cU)r9~`)T<W&yW(b`y5ai;wV+Dl^Usg<DcaT10GC7(WZ
zU>G_#@j`bn>Fddo(5+Va8~hm&jxzXJZAB+C=#7`7l!AAuHumx>Nj)-f(P%{{tU3IZ
zSgr&CshNz=88n>BEP8vn!w_^|YjPE{$_G)eq^#)C8>0ZKtysZ<BZe9bz~0DxSHvuh
z$&xPaXjM2P$ez_4=5AH<fyM4@?qxcPL+u(hl*g$m@s!z!EyGc|XjZHgl=>TR^51ao
z-y2Gs5{m)U5r@UF=>nSpYjqXoK(`VOsf+N?2hR!%831=zR!yNg6aYd!M3I+TM{grB
z6~R<*sGMrsPEJql)s$%@y__<V$r@8;FUPUcxQp>!%4q1_>UEXqJI=0_V7i$i33h>a
zL<2khkd)7-C(;0p0qVTrU<L!vM+__=#W3Iu+|Ez{psXt`e@=wLHq|>1QmFrk{P|u-
zm%$A91bWB=6H4Y{9?%_TT<V6>lMjT=%|J-W0*hh`48gU=(sk`QFcXMut>9}HiWg^r
zD>SlhjEt`ZWT!<RenQKY4=IYxPF!~D#WCsVOsgS93l$kFT7BjdaubE1yBKysSH17%
z`97Y-tkoi-c*CCREJ3uV*<R0;gKtDHyCuW2E+g69wGbgl<(cgetAP=-t+bm$M$UA6
z4{+e2yHv5R2RZD5F87(^iXrCAR#m+lw6yBQWKmYlg{j`O7tpF~Pw$U}+@vNqMhZn!
z%(!AH&dm#@T#1=4<30KGAjzP5f^+$i19m~TH;<I)>855>jO!Wt6Ff6qCmGW&=>AuL
z{eO3NbFueqf+^!kaYu*uv0caYF$%aEmE*#fGLKb-4PhHn(3iBw1Xg{_ICy6BQr(Xu
zd1@mLnS<EfqP88ja5vI^%#rv!RH*?yxRgT^GumJwrIX@;zhkZF;P}XzA<^;_1*a!P
zFeg7;*v*1vuP@!wC7uSzlc^1xp(DV)HJ6!=1f;o4V0?Ut0$06sWUskvK2_`|w9KW^
zxDZUWR77_vIGi7_kC^isl}(b_2M2$fzH))B)t25j&uPjUQ9Y<&ZbR0vzov)@(iwdZ
zJnVANmF&(&Kv%L&dl+3wE~`9HH&viHrqmAGmJux*Ira^+GcsGga-o#m#!5+Djo>!X
z2yBfE7}sqb@&%thDd`$arF5+|CayEkn{g?V_7CLpo(p?g3o<r9YH&&myLh$UC=<gX
zrD>N-YAf_5tG09l5}*n{Qh&vdq(xN~k64)<XSYg|PtK((YgeMKp!wSPQy~L6+WJV2
zEMp?!>`vdajGNDLk>uCqaGD+HW4pN9r{t;J|B08BQ5)n&s}imHP45=-Sue#BmT;cz
z7M1V+><<Qq`|16kgW>-3<97dN8;@=ClyFgP+>{krWwg7>{fU1yuGR{hp>u-+Z&dEH
zm?I8_{W9tROUf{Hwy0bx)$&yq$Q$W~0osqMI+K{IXw8q^vwwp?SYiPOhpH(6Rz0dN
znTI4m0UsHW*#RJSvsMcB0=wwbr`Rm&m^Cbh&`ajy0xdAQ)$_#6L9HHGsB=lSsbfBB
zqdYm(RUgib0+I|hX-G=hRsXn&nTX4Vkk3Y-FUN;^>HaY3Er!q!XK>iV>3D^tKG7Q#
zWp0A_MqSf$Di*k+diwrJ-GIW?JOh<;Gj=dZh^x#evwHQN)pY7ZLakbLZPI8$w#TLe
zOS0F3G;{Hsu9kk=0LDyn)d14SN1CL20ESpbVX}m7dubiZ%z#**IJ+X$nou;QUn#22
z7COB+JNa;Cz4+z)Rq`TM{p~6lVqj*Sxg<m*5L3S=-!tr?v&jUxoQ=Rc5~yh1bU=9p
zVP-Cql-T-5u!J$<aG3rO$E-aO#*h!30KDZ956mM9xI_t`DBu)ou}ETz-{moj9Coq7
zFmhSO3P>@bu((XiJ?_Ol7Q<dhyn8Z*cAai)oi^dGA@RzYY)Cwdo7Q6iR=R<bMc;J2
z7c6cug2!0Ny<Tq(v+Y;tW3M&b)-l{N{A-~x`Q_ScdW4^y#kR;mrTil5ICra=wbol}
zy?r4JLLKfdS@|CFQM=|pH)|}l_KVfCS7$$;RjX$OOTJz753%T<zSCxr51g$cv<{rl
zk7cwDoR*htP>sm%RcR9~d-zh>Lp_D!3Gsq9eCHqXY$E<A9qqIFRK))r96ZnD|JXkk
zpWFDKEj$h5e;Nl{?ydw|Pbis7{$3eFnL6|0<OS%DzSptQ`El0C=llTc`1_3tt+t)s
zv0q!An&|MQ;Js<LFZWrwU%P8g!isTpN1z*0)YEB1_QdZfoKooNEOM#RJ*5-$!Z_jF
z7)=O8J^4{i2qr<dp8Q?CG1-!nmEv}_c8*g#C2=3a-Ci3F$w9n^7>Ez&l@C5vd!Nkl
zrWmX$CE5_OK8Ykt+6ziHq>mdVAN6XIAJw5E{mqV|UvE>Xb}Zo2-r(74WS%*TlrsrW
z&`@hb_gb^9-TZlM-_4i8GoHSixQ*@mhxvY5*YIb`UN#c^_ka;=EsxkTk7$Gc+Tg#>
zGx+cG;=hj_{L_X9evXX0wGdks?#Zx_Hh%DFFoiaLu;mI*EhwlBFl>2>#Zy`@Qp;@G
z2*j3uv=N9aekc{MqwZ|`4fENl$+9{69?TJ)BJeeMrc?XrPj>RYIATa8TTYS+c3l!o
z`Y!dD_)jm3^(%Sx|5#rA&t!00cQ+pn3(h8e#F%}E#<M%q6<uU=-)#a{&c+b4c1s0V
z$fnbN?C`rse=6fYT|{|qR=4_3#r<!G`@`)0Kf~d18~?eL$BO@~3jb`LWz*hA$a?wX
ztph73YHFXLQl#6R=3hUngl}fUp_Y8F(e}#Tz@tY%*4K7dvy;}35o9598_$oYcY;(m
z=C2B+ptyk)sv7}9QGjk=%1ByO+j`LeoRwx$5P5;Tg*J9fuWx`jMbqH0h5N9rI~FqZ
zt--Iz9AZ5M@r}@<dJ4FWy|`|pAl&>GilT9~N+bSOeCCa;(z%ye$dEr_GE;aDC(Whi
zJ_);hf-%4>l6H%lGD4>?!2f~j=8<0l%q;_@IdYokV@{DlcHg;BUg&vTTU4yvJ-!(!
zvD)nCEFfyoeG^$B>Z=U<@<Q{!a<gDRwkq_Ge5&<-#ri4n(ZlHf!{OmznAQLH+xtJa
z^JG}3p6v@U+sQR(HeaS==sGasGeWiOSP2F?O&WQmGa9QB_CDOtG!gsoa{PC3bl8e#
zt*38Pp2LvEuR?)N#!<i*#E<64^&y@Yf406PVPQSv@79;(t-Mz+7Kn~*VC1aEe=5Ik
z{O1($__vQ)@<#}{JB$BPyG`+*xB6p4yr2a#P?rN4uGfAnp>q334X<<rFw`@b(}xGq
zoCFM6*!NKAljR(xW`skICXpW(eC%0?$0R4>j-!CZd(b(<q$u>U3yZ)n1h5>2h!f^Q
z9|zN-ekGS70f&A_JX0Rgt>f^o{5uC#mltE`o+GNY!(^*#b;O0tvygQp(wF7E9OJ;l
z!Srd+RLM#to&|sTx~!z7lp382$T%KC4lI9=@djyF@peZD5;nsVUNV<Bm{6$h-jAq-
zj?DYM;1$tEK_t|}K^=0FDtsMcDug7amt0WhB*2_d984XTP(+yHl6es@A@Owi70H%*
z|JY<7Abv~ejTlrpc5yJJh}A>z!-Ji>*O&`+PMA_%!hCq}?ER<D3a>Wc{Rs}BkN;C3
z*~%ByS{>G7G6h(;Cm6+h%uk7|a-po4s7J!x1I(sMJ5j=#J<Mnn3XU+2yy;U>Ybl91
zswItONtXGu??#N1d2dEEG+P^wy!Jg&Fok7%@$%&KoRYhxy``3Qll~LUal|QhnQe{-
zB)HI1{L979)`ay<;ew^nqO%tY607iS2#lbBW4DeH$;k~0s0{BbX9|T~)wPcFb_R4^
z#8`EYDYtX$b(T*P|F1SS8@quk;y?EHkB&3`-~FTK2d)2i8_xs#e_tw+`63u)>;@)2
z()-?qf0dx6WA>kIxv>E#H1E?q+oUR!*71q*2TT0a?}w!-r@}(&ZT4+Ph53>wN{ik{
zr6&c$)1#(VSa0R2l>f<Y#=6_TRrx=MM}t9j|95cM-v7ImCza|U3|Yc+U&Rx@5^Hmd
z`D|q`Bq5Zl*qU^7&6A0f*(h&s7$9Tz*HR&f`sJzMpeDG?KB+Q?+@1Yw;in#kOd~(%
zVCpzI$kZHH21Ob=i)dtfSt0<dVS|R2MAJB!+NY|-D?Jqy2HuGu&fvRf4vxUz;LnKg
z)Df)A;T!RYp}5@73`vLQ$&fsV14Kt48BZyQA@OqZsn(r?bnWyUyeJ)spPKLc&-hAj
z`D0BdO>HpDT772bsyXQaU{;cNW`yx~YF8$;pse>vcbPGV6cdX1^3;cnC6SZjS^1P|
ze6`{VVXh1{Cc9L!2uP=?b6MhD&$zvM(DUf`14sUEWc8m+7Uj&*rR|e}6_e~E=plM0
zC`D+SmcpKeM1AV13O%H2tn`tYR8xC~pwDMQ?;ImFnBq~Wvi~U=1)=vjw~&pGO+%^!
zCwl^x?+annrHWw8!9vcNi#VXb`1Ie*;S>o8Kp5tPE~`p%IL#YET&jmfvAj_fclqg4
z-po{Y+<e$_YwD%knyMW5O4)*;$64xSg`V2@Dn>&Y2>FPp14wgJa7d?!pZGp;VI4Zi
zEnk2VRkjCB;bLr5L6MJ<y0A3I3XC{;lir9{t^WZRunaxr6$|hrDrNJ-^hAYXgw+Nx
zA9Ibt+#m`A;-Np-T1eDYo1jruSp$))U^YZ$F|Zp%X1L@t60C(xU9|}^Rh2c6xe8`O
zWEKOvL1cP_2Z*nQOkK4JGF6o|khuzGLu3{MyFp}5$y$h<l150Jk~I*R2CX6T@&Vi+
z;$R5f8Tyg)&|3?GcKs%(RP}l@QE?5V7J%IlyA{BfqdD8l1VJ8A^cr%+^3b5a_okvi
z-eAibC;=r87IeocJfTwt@@f>9{@XaN5_5LApWCSbCjG%B^EnK>tZmoNx*YPXn;4Q{
z(IgDnJSbR<>P(SnK4&l#22%vS4&WT^fv*>$4j6r3r*<!Kp~>pm?*PcwQ~}knv73AK
zXShBM*1%N)^yS&buWwGzu1-!*-~aON!_~W!w`Y0K|3Jxnl=%R_1S8*zPsrwcJC~V)
zScu%5{gUc2=Dw7SqE^yeSyDM>Rvc(?%IOu#ltyosf@43%c{XQJZLdV!qZP1Y^-2jR
zF7Zd;!|C~U{Qz~xR^kURV>1o~G1)1kRu6Gyo_)MP0b=Z&k}*ophmaVr5zmsH&P%0z
zD%p?agDY{w-~e+B{a46`%Q)H3@F-O#L=+P*{<=S~zET7|yw*rW&E*3Rq;wp^^f*j>
zlH4vxpB;`J+on*7_;^r?R_Dpy%JX8`RXi7O6;JB(dDy>s!Fp+u?MpTlOyxQC>>5=x
zF1}<wh<SP+_{$OCG(uGjtZ;*gAvcl^R+Y#oT`Ti3H3t>A&OlHziXlN;zPnZegnGU_
z#wY!ph_O7sZMp|VrE*g~k48nyQOGz&aQ?km9ix7Kxc^+XI;`sr?yofIlPM>Rdx+BS
zGjpU0EWRI<YE>CD)zYns>fA@e($cS6h+kap$;vCN)ZXrjY!qdCbPQb`Ly>%MC?gwD
zfazUKeqAZKvZT^ICQK>SS3W~)wwNmW-rAzhyjlTE&h>fZ`|7?&3m4fh>AklccwUt3
z_^k8`Cleufme$6rep58uM$L2Ln}mQ#DeL7%Ithrkk^vF``|XCt5)z+GmzSZCD5pf&
zs}Kh~HL`*t>j1E-lW!pQ2>>qa4s{&wHH9uZFHkBTOb^g!%Iz)3T-mMarumrOFn>!t
zGy;eFX{qp}bKew9ahk()R#mqwhx!}Xr1RMEJNJDm<G(_0ymsK1ek$U>hb!^l!{>*G
z!#4hF8&5X+!5bIEeX9duNqE>f@m|G8z+TEDU|&K^?){SB3G~fzaI%2d7nXu*(0-E+
z8ObePmfTL(fOo$HFw;fq-D)Q}RWe!2o^D`Sn<DA~pKAV3$sF++iWrU7OaWDu|MhT?
zz5jpsyv_f*ou_0&ESdQWG4savvFetQ>f2kDlA$R5Yi{NTOPZwmN(qvflQ&Qd>of94
z7gVYJl^e7y+g{1e$Q`F}^)~xN+a7`c&APHx@QjDPY58m8@!zey%RV=9do5t$YOw5P
zfi)s|st=SF#j>WsQl;(Y3Ou*@^)eu35*t=`uT3QJo29*rz4Q)@EFob`UwP&u%17Wr
z7>_RY(HW&lx)gL5(h;DLqh|@}UC}7uc#f{9sdL2%hyGtlk?*_tc?P<B6tT$X-*=Jd
zru*sR(fs#a@NZzOz=<&QkLLQXY@{+n3q++~;}+7uBz?-Y^y^>?dLCA(OU2)-@yT`E
zGdUJvZkW1<m`ib}au$E{*I(BL;aDXlmiS;|{Bj#pjoe8v3O;=Tm<iTG5o9=+N`^aw
z3<TsBPz2o>@<i2HG=~BH4>HvM=@YpA^y!-z5E=zzLT;`i>W{!Tr!(Z<7zzPCnJN%O
zA7Yu^&X$1BFavWuopCUOVTginHi`9u2>7*79~1L$gx>rap$NS~A)lpa`PO{8^2E2l
z#1bi_)=&RP%KU!>dVoYvmLB!?yQDjd=Kfiv*5;l~J(c?ZeG<Rwr^^3xI2>mEKgav+
z`M<3^Ir=}f4*%CbB+~Fi_ZO2sW%U$H9kXLYsbrhx2LyRpj57I%(#eYA6h~_VS~EFS
z0Td6LQnr-<wfO(KiC^?n>Hk06U%mgQ&Hu8M=P~*Jmz2t5O);=u>W};8{Kx|Pq_clK
z_6qs3pGy9(r}91~Kn4Fl7#wBqe;6F>KX3W}HXfU8$IMx;{d##n%vx`gel*=Yw!#E6
z-r~}z(_T&l;7ZhU&6vWxh(UFVS4Al%eXMxv^1}5ig0FMK|EoYqdPr|lKkA-z=K+GV
zvU$;(Eyu#kq1%O-y3c#f1=?HlI__%vUO5!<gvh*A!@l&VuKuU*7<!2KkKu4|xDx*{
zXygC3@)T@SrwzD*kie{fGPYuF^u~Q`#?K;<qaG$#!XWMuVNuoe=EFhS&9g7<smuR$
z{MJM8|NWyJ{@=!bZ|5oJTK5a;yG%8*rdas$qx!PAe)y=qdXxSDqN=dz2NhM;EyPbY
z$Xy<04GGrAvP%LHGpN+=kuy^}4>8r=JJT9Pav|VgYDL*tFKtZS_c&kafG+X?S^2ak
zI57*kT%`!>;(nm+LI0w6C@SSYM~tig$^&}l(4I?zKyLz8ssvT?|9F^<|35lB+;8Ro
zHlCdQ-!&YW_C@#wx`KUhEJqdSHV*KY<Y@S3_X#QniO+FGaCT?NpF3>U7X`W_AeL7w
zrm{(ajjR1O375%9b0C`dfx<buCG@5$%|Tw_bee-yz9<91>Dk4HtG6fbPF|l~T%G>>
z%jJi&i#K+n0iDXJYfp{wy>`o+JAZ%iA*ZFo!vj-sC3{v6u$lEo&yD}s0Uu@vOo;E3
zTO3RQn<3u^DpFP=n+c-lGX!i%&4F)#8Hhp$yir9`Z}-6M3<cm80Zx}zf1Jqq0hlv@
z?n1(lCq2e{qUbI5eIUNV0Q~sj!?}tV2Zw`!W5NHoHGI+56^VEl@$bKWCR^_P3A$hB
z&%o&G6;yV2t=8}))!_GC@z)3_k29c%M>Ig5f@&lo><^uRfDgQc9=Je%Mu>4c0|pmJ
zKzEn}`vf@h8B%YD*4qh|3GM}-<>&Gg=?J_-i`Z#Wk`AFN6++$?MRf{<8tD&eHN2Yk
zpiatz)uta)m1rXW<AeGQWdB#y^8e`QFf0ELg-X!M|1CUg-r2NyX|C;<rzpsC&9yH@
zrW>L0_UyyOo72lHlk%`kyf>cRRoP$EZGjrlAhO|M)rHmcCFWj+wDMrJU8zQFOL?fA
z>QP~lR;BoCRf>ma-IjvivhFRi?%&Q{{`mg=PY=Vgi_Nxdx794WDpKY_S+*X>XJFhF
z&gW?5Q_GJ(FMj;kYJTBUY5y${<=BOONIV#E!d&R1hTFhZ@!!LPto?Ve-`@YcoyYS3
zK66fC2*=pR93$qOoWIdJ19N_a40O%(<6xQ`=jrZ(XW0!MLo(;YJ4r}JTa&w4$8c`5
zT1ELauceJ_B**X9Qd(db*6TE{!+U8w$%T>X?4#zk9bn%kCtu<uOGy0TT~1Q>g3aLk
zNsRR=?_xD+Y|h8rVDL4X&fQI{4fPz}od`w2&fJ{5%g^W9wBh=jp!LDV!7AACyZeBh
zG+Yg~idBxUG03|xR=i)iG!`^EF}4!s(FjxO@UU77s=ECq_lQOP2K66ri5F)QP2Myh
z@QOAww6Z?9a~xdg>ts!1)~j^^&S|v`4gCC{0{zbs7BQX%grfWRQKA10j-F@pza9^d
z+Wdc8d3L}#<Q&m}2`g94xUz!B5%xV{T8GfRfm6hsjxf4011t)q+f^IgQ=g1g><kX3
zdoo&x;{}qpbXf0U;B|IDfTk*C*0YeJ3BE&~GPwTNt^?i&{t}Qt))XLt5K-Xc0687!
z)#cSCClqydz$ux}NdSI5y#yYntm8~E@5}!x@H@`<KeR9ZYhKKzeeoajCtC#lq@gi%
zZ=w)Pu#Z^hTZi3-ot(ULjBHWc#o4xP+qP}nwr$%sZu_=v+q!Mrw!5d__sig$%wJPU
zo!Te0bE;C6v$OWIp7pcOW$ZfhxwvhAm8HmY>-qZO;@(x4V2s4@csP%7%}Ge&PnhI}
zdq%jd+)w$OcSM^a#Y57y&{ZM?_3S{d*nZ9j@TSrDDZAP6ZS#1zPlvbP?shxg{(Aq*
z^+OobJ@vk0f8gKpa2fF8HPipg4}g;k#flq6M3???{Y|l)U0w#H&-0+z>z(CXJJMFe
zxN!;p-okHJ36E9Njsg@Ke`f<uzmV5PHE5j;U6_WBz%%1X>82rH;R}ZlW50=-6N;bN
zVRQx=7QghO8<NJykN`VC!y;s@<A7xS^eMW{Ay2;ZmiPNy@1{pGmm7l_kD5h~A_Fsv
zUk*xWkg3~%BBCh}y0-`zL<2qIz5bKu#AkGPKNuelpS*ckIdCoQ2;ynqUoF8)t`mc7
z_zk}>1^}m~$?oy8Vkp01mtu)S$JiaE$KM@ViGczQAbxyh^1$+(zm#Rn7S_W&quo9m
z1$=;BinI>8;R0;S0KlXH6&gfg1SCT`p~6Ds3JZ3C|9KG~YN!Qt(G?0+xKE!!HptWO
zQ)V#ypFrwX_CsY^&JR8ee4hD?KTP~{K7RA3KX&}#&o3qc5K{j~v5Jcli7VGXIR59N
zH96Y-_s9Rn4VdYLT>u9@ISpl2_(Wi)6>PGP2BcVX471cLd*^1QdDOb4{*PzNH_^hg
zKhY`S|I>yMhZsIs$(cu${(ZyrWP&0``G}yfQra=`M$d=AnE=5yf8V}ulH}VELG()%
z2;d|3LY8#o8@ImK`u@sX_&NG~8Xl)ELA-*Aiv#DC^9n9H3D#Y!9WDc#nRhndb>YG{
zlQ8_Z^w$vQoiCY&4gBJwaaFhf+&`*S@E1A|Lwqg)0ac2@3;-Mu`Wb2Oi@E^PFJ4)q
zx@u={j|&Kzy$6|2@DB0s&#YvG?lL<;y>6NF0IKO&BcwNgbEXdq^LqwF7Cb*%e<uJF
z>2e67;h|#}@}&gnaSl<`cMQWIPQ6^2IkC;@CH}YcACa^_Lh9sA2+me`q$6Cstb^b)
z?mtM~zlk({{UBu#&O8Hki38}R!pA7r?bU@Qa<f<k`1uSc`I(&zU2eI<I17}&X2rQC
zHx?sB8`9m&zz7#Nzuh{xD?uT%1hdaXO~9E|^hm+SAP!iJ*8%X%B8UO|KL$Z|f#KxH
zB8q+ev^q@fJ~|iy5`Vo()GXc|wHxv=GJ(j^NaVyzvyg@&2?iq^%VDvOEaP5dJb+jX
zQ>aWTL9IqF$PSHqT^Y{2hfKe=H2S-0Q0wVX|60otyHvZ`?N}V0q0znk3mov8RfokC
z=u6=LPh1dWTC)g5J*lANe7#AT5vbFGKhp7(+K(B%^nZd?H6(mL+VWDrR-bp$sG@)!
z@NHN<gknKT)*IqP*Wu_<TYtkoXqFE3)>@+P*c~{8Cz5>57`M%xNO{)^JI8HJKl4_Z
zL0=SRIl7gWNk72Md^7NNVh9T(b27cBv&>{+S1eqAnG%O|tUdxM%;EAs9I4sT-k6g~
z>MXiIys)+=pR9x_karl}Ny8%*WPz?_UFezwal5EsiK_EPv`QAzjqvw4T1fzDq-r?s
zynC@hTx7mV-s5Jl-w5_t_<wqB8B?hOuZTtnbghtOm&e0Tz%Pp~y1Q!GEz0@P0#1eA
zcw<?^cn^_J0ojdmreN_+8xmo9c&2t&(?OJ6bxINB+c~;(4e^H;2+0+LiBI%qJEnGH
zgS*s{b%a*R=P4r+S*h}qDfgL&;jrMx0wRJyH3TS&Yi9o^&MyUCt`jGqKI8VHCAEb-
z3ykh~s$Aym>wA?HfQawfqb7wcN(eajAfUAjJczSUi(8FjkfaDEqRm@wQLi$|)qMH%
z<XTpQ;q*ys*hdB;!=!f?{yCdUQT$dNCl|%4oSJnf6?Ye#rkFPHdHog6Tte$F;d1cn
z@GWN><~7Z~!0;Da5OHz|%3y4cOheUp^ST8Kn;vrSqKEZ0zgCwWc~AR+xQomIdk~p6
ziklF(GVG?EkP^#1EM?ngfJ}{NQz>)nLxVQEsNVAD>dB8C*#(}ELZ*D=IUJ&&`E+Na
zS5=li#bPxLL>MG{-3@7fc=wI6OS}myWQLKYWuY)Q$e>xsvtdVfR{f36mQQKC(4+VB
zu67Vp@%jcAH3yRPE5OrciaUl6f7hNei^L>RQKuclir(X$lt6x6#uLH_O9?@V7Hf`4
z_&~u570XX_`L1i*M)}?!u^NYHo{>IB8P|6$a!&iOv{7La(5(T3|0M0Rq|1n#V^J+4
zXbD2@ap5MmN*8IzF3B)9phL_@r%Pb(bsPj`?g|QO6Cy?0Pg1o=sM2eIjyg684A^UG
zv9z0F10ygV8g^nFf)VlNDq%gGgqlcD5|qrv3Fd3b2i=JC-1V^R^s|?|g#|Y*-jiyt
zDA7=-TEl?c;7o#6b-giNNvadpxxSd~E5RG<4G85de}N+tZQkR-QU2{A-lCddMmFXv
z%gV79Oj%Dal4J_EatRdDsvN~o2|tPK)WKwdOnb4hLI+_IE44Ruokd7MOy}8d1ql1i
zO34{1a3Z<|pa`$Bmb`EYee_;Gp_v(*><^YNoPCl(NUx(u1Dn^CJ%ipyieP*QSt>v&
z<6_N|=FU(;X3&sVv00W+(&?{3gCqz%>(y<Nz^EG!y{bwSOx8zh=#Sq~BVW565n|HO
zkom4i)|!Rpo;O!bEE!mot*fZn<pH^oog__<*>)|)hSDzCk$z-qZBJ;Z`%%to_C%3l
zFCf(bUVV{;7!IZ2$dsl)YDJECX^SQ-;Lsr_L50vD{sY@5$g}B|2BUM_EzEEW0|%?X
zgyErdU<CG{o8l;N2E~IQGVC7^(6c5D3&j)%d`VAQ&n$GA#&p%5O<;DdS^)|Mi(7cm
z4~Rd>m~7u(TT9HG^){x^;&Kcf{`*WF37@Ci#lyKZo!v-ehWUZEUqX@vKv<~NAVutg
z1S*B^0$CCSPx}Ip#CizS)?6Rg_cRR+*1j$vN>eP-Cvn;gtXF_A?($-UD)BKBZG6;Y
z81QR<j(=j9GT)V2;!DY+JpvRE#L2VXH0*Nc%E9}5*p`-3JYBUC-_o_TIl6Hxzim-C
zA)+xO9oPwt;|Qc9jr8%{bHe#bgPX;{!3*+0Az$jrBcdO7bOjG(9P^oda)nwU1zaR}
z$e_q(u^a*KkMj%h8|`MD3$P5WH3#VJ@%Nk0hG>&07dR$HGY7^_LO8b@peiS1BqU?O
z>s1-xtmd$TDZ}#+QrHrU69(*R%~iR9X|&==)Q+V@xk8|lLQ88I38c!xD!J2@N)8*>
zxYX3us7ZTq^%|<d-{n%eC3}gCHNs#ay-JrYyghHQI~#@$1VFPyKBZiyOA|UVhFyCy
zB}!dm2v4qm%w6yz5-HWoZ<?>$p)ygR(YG`@nL1*{d-5oNccr2t!&Sj>_BUwmGoebv
z`$))kF%kS*;}b4lK3XIxY!8UM1Vmu~&EMV-a93b}G;N@0GNxN$299#fe8OK)6lx0#
zNpV1!l96yG@sPXBsOs~(R8dKS9P!q!=ObPWPZ3RHz>GA$(kkxzcgU5C4<UP~ZZ#{b
zV2v|EfN6SH9En;5Tu5dWE_@DU!qgvBP&$0e+Y;<m17&;`@5^*OO9=PQ$b5bBaB4EE
z4Vk@Krp)jp_9o%qBWfJhUJ`1;s$6}Mq2}cC1`sD%Y_r|gSSfeXoiOZ0^suNB9YsPP
zwCzN{U80B&ElLO%ka0UCaW?c3t`tH>Dr#(8yn&39Hm-oj1c*F8pmS@<4dVmf6=We7
zBt7)fM;eYJOZ0<88G4W8Jr=5R&5BvDgD4w;NMg&e%kDb`7Y%wLiiK#5@+Z>3{a=*{
z1cco<2n|FBGh}qY4O*mYUmptn;&gVH7U{95VzmwlZ&2%yaHO>`wRF(cL}V1^XmJcX
z#gF6V%n8HoANqqlq471)$eXp?ZK#=5Ol$leZek4w_wwEi2v%n+Alk2zP2q=hfe~Bi
z^5jBX%;%z{O3K?*5JT?(B*Solmr`O6ApnHpZ>H_K^wFR+Aqg2lls}ya?LmYUow&nN
zVTo{04Qqt%rgf?J_pgvmQMTm;q}CEyOF?y}P4Fq$|Ioa0s+Mid=%)8jSsSM63S@=r
zca?`qU9rp0KX(vhk1!>_puqIRn?kNbc9l)}yex2J57b|FWzfW#s-H{`j%&B76b&x*
z1Jg-QWd-0rSNwCke+XTptU{-MJ1XGK=W>cC;ycDTrC3`HV&$=?k0imP2Tvt-A6X2*
z#&Dd=#W~LpA3@~B-!Cis?Q?W);3HoSF`^|??6>To`clGb-nq>dZ59*hVFvc^kz(JA
z_*Sg>LODeE;1ZVD%H~ANdypXd#X&c3meni$Z|A=g`U=JmU*a-wuL4&kG5#D=jqhlo
z8zmUCX;w5Buz=b)=Up0=DjK9ssK|sVQqbThFQ(_lt@WeDIKuw{Eu6HW9M&**2t2$q
zbHZNT%nKP9>c5s@EX#<Ou#NO!>O*+&reDAye$g&D6Mc7CNyMQ`J_G)b)f2IU<i!m1
zPw~UzVnjukfQw89Z=4NkCs|v$g^W;L6{(sjOy;85M=X(nEM)1J)}U`s#g@j})*=*c
z7`pOEu?&2M^1iN8M%WSuv%sEOUMmc<RgZ@1rwlj-US5nOrX=_v?Qb{C=}c7r8nd(v
z=ioRAF{iqBEYPQUNFQ^3lqs$ywK9f>2^_{dvru5P8>s$w;wF?@UD;x>Gtr|bfHKDu
z!Z7p@i8KNU6?V#T@7gny$Jn`xl5hzgoIw?SBwk+m(;W8YS?WCYNbhs%dfkPK*DesF
zdsvr5NBYzpL8@jL?~!dFC4Sr@YM%(z4AzbtV4&cWqINM_mp2=|$}-Z41)h^F1+_pz
zoG}XRu$&he1Ht?sS&XM3k1<W#Mf0I18fD}N{y)~NLmY1QX#n07yBYMU@;2}^5x?NM
z4OU+Zit9<+D@^9k<ro<ni~|pehg~^7c(8m*crz@>DCmV(heN^2)*&7>O>;(nP-C9l
z2?^donQ0*Nj$+2G!)5T}kq0CqqOoLT0WxGv%RzGp<;hmEQrU!KkaGcnC?6V6Iuint
z7{jxyg->wh4KahbbysSmSfM5;)bZk*B=Eh!c(gHfK5HXd`(gXX>#;mF-#QE+)ln3P
zHbDxV`PQa(7#)1bW}4d=$&tuy`atDF&fL}zA|lV)`e+h&hA<VV#H6*7Xa5kG`h5mg
zTWfA02023Ug%UvREEO81Z-FT$w^SGMK93~hoC0o|<P!)!?qO(@RYnvri*h=%oYko*
z_@<oX5t}eGi`+XT0-B=uKPQ;2o=J(2Iu}9I+FrgmpMg3xO~uxO$iq#MskqW(DUPy6
z=*s(aOMckSbENcL>X@zsYm>e5I&LG~#NFn|LML}}3&czku@~DRbK5>^!G;;8$zIEB
zgD7t?`;fg(<2)gBKRj#3TbvaVjcoc*CMSnPl_Wnke}3!)y&CjN-#FMavDyUS;7Xaw
zXLaT4+wq_c8KMqC=J?LXKQ*n~lCW=;B1IOLT>nGfqGqnSZjUCFoVkld)c7FK+~-lW
zQ#pTH6lBVm$!%{<#*a+!ijEBX%PXMf^F7IT?sUU9G3yVTj}HU3_Mks1e)Yw#?U@9T
z`AfVQmN~i(=NcdxD&sm_Izxe&j0ZmHyvgYYlM8?5%y~wyXy1Cq$aIa7nI3iI!Ji%W
z(J&kaY?qx$8wbG82*GS5Nq|tSj)oeRPBW$m5wd+uH|S~t#=QJv+#Jh&x2IAb;7CEU
z4_YuLh2AKqZC#W~G$!%qt};j^sJsai>Tfg>>bfLRo;<{x%OA1}a7&n>3AIt1D#I4=
zjCnw0Zm!bQCrQubdrNi9U8AWo^x7obOcUKUD}RlyrM)k)7j-?8vyp_6pv5O++|}sW
zs59!02F6oI*W|J(D8VLT_(!hBT*Ui61!owo`VZeVkPG<m(OKH3wJZtanQ;g4NWHQJ
zPDG4?h;a>WR6zg?aYAK7TgRs8s0vMz0@-_&uFagJmUvApt{Nb4=zV&Sj@0&nvCS6s
z#p5EWmC`y3hZRiX-9&)E`hjvI@WMzu0-&W<4Q<~rMTrMzpn46ObR$dMoG%|YCr`Jh
z>%*(eNP>Dj-Msvqyy3KjxLS>*Q|$R{o$))h@A&h+;G90*z!HRZs~d$-_c+3A*UOe(
z`k3&`ssM$ACV}uAcOzF#LRm3~hI53Ob;Xh+z~X<D6p!|!L%>!nV+n6Jz2B2~GiCSx
zlFpe`Nx=AqgHuxKju30i1eU+UwmsguGdxQoe_F2`=lYu*3n3(jBd~?$H<o?Ej=c?V
z9Cr~#Khva@*#Uz|IaJGNlZJf7fJh8Mq(X2x!L>qgp%Gi0>OMmP6(Crc68*3#W5;Mw
zPGwA#=kE+R2p^!B<;H!9B#^2@h>ATsEL4ug2mvpU<9yOze|J1Ktps!GV@DiRG)56p
zrBT;H_?;Oa_n*0k2lW?H8rEqCglJp$I5qS|Tue`-gH+bSlIx733j4~@o39y(a(#sG
z$Zl2JC_Q^pF2OtrQ%B?V7?_pWM6LgvX$Ez=J%A58&LxJLiP+GUSR#K3ihom6hoZ7q
zjK-rMvRC_TO#aad>am;|rS3r*ohx1Hl8VP@MO^VfI2t(c00bv`<gV6yaA;4H?4J|3
znuUxgo<V7vfKOGFrw6t;y5taukZXR8ENOVdLjIG}afKO=(MgJH<jO-L-B%X}FQ)_#
z^%XEH-VzVv5dX7ro0I4kHo=SBY@6r+mfJ-UTE*+xaEmCgLTG{YiQk~8Cj|J_#*Bl9
zYa^k}#Wfdb{ln@I2WPCkH@1cz^SohSyWRccz}E5ptZi`b&X7RK$pYO@Ff!F3o5Ug4
zMxaqM9LYCN4IHMC<HYaUCapz=d|CPEFm>j_mv=5BpjOBF$f!@{Y6VEy;-+uBPIpQ*
z6Kmk=$^RLac=HlI__b$O_JH)p#HJrOl!EUQqX0mGbnCgklONJ!KJ(;5{9@K@#TLE^
z2+a$sR6JwS_RWzM1lhAt(X~ryBU<`b7Ue7<8AfzgJ4n;HLo5FdVG)0@8yz2w6uDV8
zfrij^zQT^KW>11>hFigxwDa<d`vxJK$2M0TT2W6;9{+x(+%q_h6!q!t=JhsS10p!1
z3tZ@c<Bq3_LWY0>MI}hX=N9z5s*OP-s=0$41y5a!1ezok@fW@X>J=Xhus<o_11J{Z
zqd)R|zAO}#k>R(Mw9u}1V*?%m|9DEMlZ_zboHH=WC7%YU*T@<iIOtpC9I2l>1Gzh?
zAZqjO09DgC3RX*sDpjaf5!71t39UmOLwLX+GVllDBTYl_d6z4fxbHM^C2nuK0O6Fx
zNb70*j3-i`j3o{hUG+$dSuT8E2e=%?5DOGsJnT0Qha|on{T0jAAmU6Zp0?ag@^w0`
zSkynB;+Yg#t~~Zni3r&_firUB$HNaWj9#y+4Lm2Rq}$`pXeH+^afni7U>6&2qv#)l
z$MbxfXo5SxSk~$MyC|OvcZavCt-CsMo^*YT`pR*K@23nPl{-Fabe9@3t)vA0!E*N4
z$Z$zcu+z<G^r_h=>gdkZnEtziy1j?Xr_ayu{M~n=oHzN02~H@0G!L~I5;ty>)h{J1
z!&hg4G?2O#R-FloD%<L(o#^TdJvW}IvK5c09X3i%!(M=Zk00+6N)PFe_MkWwJc)J=
zs2AS78XU(&wJYutt!XhNN77*?4o+*blYpfSR*zAai41;8lJ+hvGXSgfNzw#XvAM}#
zbCVrR7aCtKxE95Vm<cL^6X?K;-tUUBnD4WN=14{9+y&;lOeW8mJ$lKQWu4U%#uo>!
z^Z_#t-vxeOP!2-A|5~ZYW!IusFF0%9p@)dAtKKDWfuKUK1th&E80}0ro5exQcJ0={
z-yfibDBc#Le&dq8a{CZ9$UH~oijs$^WpNn-z&K2=_#<)m1#T(C1!j@_Hn7V9c1((B
zcyS40sm~3TB|Wb(HEgvy1?SmC?NK1q%wQBsRE?BINZ2DtwiLLOYhzUb0Qn&Ia@xsN
znT4EtNd5&~*1$dq6%~usoQa5ZAv364yqRHu4;nXj2ris@V@qX&*Twjnt6`aK%+*}y
z)ox3bXD-O(Ud0%iFgXVW%%?@%aX^6wetPbm1mD-6D;du}Tb_eYnX0bEw2~2Sx#~Y$
z<@qGlOrWTxwX%h&93kRidPozh@%Y8?yyH>XZI&><z+7>aj<)9}c8!T9je}wjE>RVV
z66FZsKu6#Cq<JhOIY2p|IEz2<p_i)H$(gAViEyB|IJb%k`Tb8bx3_P*Z)9ZC80CfC
zy269tjIj7nSj+#cyGSZ2GuQ~~;lc-kkh=u792;YVD`4W~J7SMgCQ=DB_2OtGB4d-9
zB+nrT+GWv-9zll0({M7;6pjE@B!7hP$9XxEyD7oNyou=!6jK;8`+<~^ButrF3Zj`=
z$E%dqtO*tB+Q8(n2k$`nL7flxRm2AJN`>2@g_=liG`}1F@l{;=ukueF`tR_s<2Swe
zx8AQ-tU-Vjo6CEfF98#86-FLc`4ncs#|4;><-&UV<712JKQ1_Yt?1sDmpOgGGrje`
zyu?4lZ#?zJmg(;PT$Xu!)smh&=T|)O^GwzJ?0p;lr(u<x_J{lz+H1S=!hb@k_d``s
zxA?lE{BcmG^nFvi`Qz=eI`LD@bM|CE?HPETUz~||);QeZGRed@S+@P&oBmpx_Otfk
z{|r7GpWk}nk1gLh_Om8G|4!ate4`}aZr+GEs$TAK`0@7h93DOjKC1ciOKg7r9<Aod
zv@We4<e`3f4CmN}HKt~Ns)TSr2Kc6$`IpW0-r=;$>U|N*b+GPiXfHIbqo=Cts@$^;
z&ncRcKQuks8lj#3Z($n+lu1r++oqCBXK2**i4H}9doKe7{}zW4?qpA*wD}6acVbW{
zI4`zc9o!yzMkd3!_o%&QI&+(nRI$x#O1rg?kU_j#emk!>1$LtKw}eu5nV!$6{8At8
zCsL3PCY;X&SDFZKd7hjALI*idA<25-Du82DFoQkF@#i{cKY-Xv>eIrGtPT9zfP^F5
zhYcu>5Y!xW_#L5sU_KHLDk0E{n1KF9A=WdZ9i{RDh3Vtz7*EL;hxaViag6wwMrlV?
z{*0@FeS{LOw6ZU{-BDq8JbOy1I;TXxhNVbqSp1Q+V+%7&*tte)>S6pXTOXcIxi%2B
zz#`wg6|Llnt<3mIf~#D4POp4zfa-Ym-9UoX^FA;YK%RtM!)zygDKUZ=kBhQOTUS3-
z09l0cUT@qYagw8b4%-vG$<Nm<d^4ifV9}33{9!=vyx&MTB#0!s-&Y$YzH8;_lCC(S
zKBPB|KUG)@9_4BCPY~y%Hxxy~C1cf-Ah)8M{1+XTfs1X145<XA&T@_OigdB6JVa!k
zU1&0=n>DNP^?fCKPu`z^EK*uV%`X&&;`@EqL|1v1an)B~v7QyWzF3!kbOINa=mw&|
zumsXi%;AP#c6Nw)GagGge-C(x1AzVN^r3AEc;pq=P!=<P@=Ekm(3A%$D3zcyUCG?5
zDOruXYuDA{?V)5JkSKQ+!9^-HBxvattn5kUsd=>a?uJ6dE4yvGlHCBc<U0ZKgPzsg
zd934#y^_2uC&WVCR09)_+x}Xxk!+)%x=MqQI`l{$$=X3@Kvp+)WJ?9RHVMz=<o*h#
zKjnXbF77W~L6&*Btf|`ixCSopZmY?M`piHuEoi0$hy%g0pjqd1>H?b++5jKNmp&Vt
zQ#HO;y=|sfPO(^8(vlQ9U*G>>7vH`hYuRZj+DBAgWszrm8IR(b?^qw%Y?Y-pzJ%AN
zHde}0n?vW(%gm6aGyDV}!jKc*jk~-l^V)3~P`Ii)&4w8&<0X^#ny0qRNKbwXv(>O2
zzgZmSS+G}2<t>|Uzfa|7%y!jhHTFa`rmfb5Hdb?dXJ^i^s;dI$ERsigBZwHI_nULg
zj9dq()ui%N>sTLYQLpeRx2x^Q{K$Cv0w;Hooj%$8^D=ui#>!@Wz5|Zi=>Bx0?>%0)
zW;`w1GN$ld=LP#}@`kz6^Xp9Cxjt%jYDsNO{r%S3oSklWzcaTc)#W?W^Y#C3P3ku)
z&RzeO^2o39!k?PF@nEO++-8faj`@w^JGUn3J+#`@?wg#dQ?09YK4gxxey@k|=s%?A
zH!hAIcFr}p$*SZ|S`IhzANpEs2l+z+2*vKD$QEA@9}Fppt{}9jvJz0I<Z;KkxuidZ
zMpYU;NVgP!Lb)OI*k30=2}+;db$$gU3_eBiRz>#Sp3psc3(r8ZYzN0hg#;_-W~Rq1
z@tqPLpsnlD4$^|c7q0^fE!T17_|eo0RMw*vuLkRZ_S@8||>blCC{ABkHNtP|Ub
zoVJzGEL7*%XL#%!+;k9}eSmp))-<&%$opHMMyqU4u*sK_A^@q?6&Lf366<ma!e8^<
z0OWhe{O6&z*SquQWUVnic-y`A=VI-L<9@WY^T+(f{$aG&%{`y@<8@(U1%GDNZ?x0j
zAExjv_Wk0<9Djc8h825l>x*BXeSXZL&pYIKF+wb0;V%uMi4d8#E>7vfs228lShAXx
z<}AOAl`4xan6JE?VgZp>#n6dmIfcd{wUPBjYQ3JC(6*~YXB5gsq9H9(m9U?yL@n4j
z3wio~%zbU`6}8RM+~}OLGo7mTAu|ZCi0us_x;|}41?GWQ?jd`~ZpsGc2gitH>t?F~
zLhBsy9)CHX%j2=4hK@aWhq$lJesre-EROMP=&cneSca>`$c=ny&p$-Y!SiV!{-|}z
z;~VN5)os$CGl;@2iJcGvsp9oX)+(OESl&Y@&|2WjvbX=VbQ%_alp0f|;MyIBm_W+8
zsfA{e3xn=U93sE{pSQ0$oi?OUULHPCDR#7<8gJAlvpn{<xaqZ{SPo=jN7W>mXN1|@
z(TU{UiHRV=0JM{GKW}=8)-K^$0dWFO(X<CVBbcp_00JLk9}<7J)Zxy06m2(m`<aM=
zX-Ao3?QJMN6HL>b>yDHMkkeLV_Bi1j2Eji7X0e^DuCOPi!vp1?^_CLLAJ<}k*5K`7
ziY~71j&4t!wWb8fQ6hYSMO1UH+)Jim_#gJ8oMi#>WT~yhUWo(`E--pTAo=SHJAQ_T
z_z*Q<p&2avAym*lEiD5Rq&g@60@AP$5=wgLiCr7+lvmI&j}<7eSpQuRe_VwGMjpY^
z%itRmIiqXNk54mlKC-|ix{9Ah5-S4OswX;fcOnSSIZDcdmMBn&F<ar@LU8BrZyW3!
z%*4HnAWXL*1+)}kj6v;9(gaRF^d8oAD$toy+Sr?KFx!YC*P-68+F?4~Z)q{2Z=V~v
zH8y&=nyT6Sfl1TV@hs-c*Z0asQJE6Rber^`4(Wsy+5+;_X~@VOdjhoV2A;vA6PMF~
z8o|DxEK+(#ZZVVxNx_u1fDg=Mq%M1*sl9JKY&L88c0RX@_Bv)p_D)hPP3|{Fm<<NG
zz!Nc-n;frZTU@Qf!o5Cfy7c5T=DaXI8)AIDQ7Go`h}N%#)*p&RAM>F31yK*iJN@~g
zo_yUZF@R3%huIzvF;mGOHd{b0V!yf@)8b+lw?SIun_qOOwu^-oTZ?7e6Z9btRPJYm
z>zJqCc4{ycm(3ciM^vQrxQ|r#MJ$h?M;BPokGkB8a(>D)CBQERl64`Ukj2z3pHE#E
zaw+M6t)rhu)K%v`h}m!@6{OJsGMD@}y9|p=ofkMKiskXqW55+Eav@cJ9ZWbi|6W7O
zJnsiliQ66)g8oj{ZAb?lR;=#v?$E(fa?yZxeA1O5rJx4#<X0#qVX%o$SKb`q!s<gs
zOBIS%Le>%>pXrK$l1&sX7wejVUH0R~K#&Wc{%$4jDO%d0g{zkxzs9%y(3n_Wbxm0{
z_8@u*xR3Y(p`k+w1kF|iTqqNM;^@HH{kyVter<;xR<-SNntI7$nB@hP&7o>AiB1yG
z7xJ+Kne7Thbm?7SxI0typd?X|mBnnIvU*hF+H|;R77E?iAJgoOUqcN_eplo`W(_nW
zsq|NwBNzPjvU!6nNZsdD<&EGc1f_RNw^;24ovpyZf)|m9C9VZ$DcR9fEW#DMO`3t>
zoAA}&aDzj803Zt%5m160M{@|pnn+Pp*n(M~Kl*5XZ^37}nCW_1sXJqiBPtla{{sl>
zey=N5Vl<x5l((rzP1mFmrs!OD-#Gshpn@hvh4R}VFt`Faq_e&%8A5RNe4WClbNLn2
zoIR$VS=g%zM3-?Xd1C>XDlVVQNo|(z!S%VSOlEJp)_xk;qvMOgBS+xUV;VX?Cjg5C
zC3xkrgd2PpNUx3$wzuUST!b9#zIWOz>j)j>?j#2af-&wVb|HF!e};D8EeDzMaQ25I
zIR{<FQFmJo8iGA2Ik27lqP+>lkb?r&UBa4(=&`VhGH<AV^oay>SK=m0zo+{Rj1qy<
zJ!D_DqDtavlIPDc8rC4OmesCB)0C>v55lERUaagSj5U%5>B8R|FsDhq=3ONl+)jJi
zRgmN3hzNM7lREn8(Abf^s(4alEeR6rA$AaL7_^=K5aVQC#Vr$=nc5;3W^@4Pi&#!&
zsk&^bO!s@r+8zWm&)~_Pq4fLC{kW*dOQj36$e=b|?!wcYi;SUi9s_8(m1DRPAYQRi
z^r#V3_)Q(4hU<p}I-yw^RHw@LHk}~k3a%w77d_to6<HfVRo;5gR;;Lv8x9m(eBJL6
zHkgWvRiNL+0owb3EW#=}n|hU-xj&0g+`vRb9l*03k8ZV2fm=dz=jrFbbk!&2lKnOE
zXlj*bYJ%)`3h;M{8i(K+--$yw!f`_IQbr6$tQPXiQ%v&@>zew@bdOQBJ0UoqLS<!4
zMHiHiB~|*w!#8jY->j!G7xPtGo!0_;VDTpd*L4s!NAS8UOf@>TkGQB;2J3-V%Ymqt
z1d!5N`94Cy*+D!rOH#K;m3oCuw#g*yuvOP#*~hjXCKzn=U+m~EU3VPWw0a>P3kv6|
z?q#6XaSbDkDb{bvgoh(b(tFB5#KMNcw*k6_!lGiZ9(s_=in|Rzq6|9dwViNGgEqky
zVmFT9T4qrV-2|N|t4n~z(MyL2+ZPEw?ReofxvllDi~XmhPPRW1{`gvuH}V`{ayuI^
zDIcsLc-8C@lcsRM@t>h~K?+AJB&kj8P$Yc9-Ns13mf3no3QQV59tWHJ9H+mC#Hi>l
zU|~f59iT+5yN(8ZJ?0I%neZ51@ReeDtToC>H2p5S5$#p+GR=AAz+k;*ONwMP&7o31
z_v!ih!a3htxC`kk99cJY2i{;Wy=+52J_83avC3K=6A;xHn>`<^dILYtxKQlV9!}ge
z+C(K$69SUPll475m^f4RU-z0o=>#OnP*AKa4-X#BzLP9t{kU|*jk<L&<;<?2r1&8>
zGAw@ZL#<lu)rU!-SXTWudntlS2FupZd_h%7P(yV#6Eznfw?sunQf5szKj(u_AcgR)
z4SBN44YPHG8AXr{1y&r~qIF4t+{1@`E-@x@lZ{f-^cga*Kny&6rIN0~daZg3d%$2w
z)>Q^kio?}}O>Ohvj46|}@;AbYjf9h5hp#bPNzkIxc}+!i7lp9(AFFvv5zANV4CS`K
z?NlG(*EwXY1s47rI>q$rc*}F<8B$DCqJ^|t-T^kg!7#ZrE4$tqM-x0BuDImf5{Jvc
zIGOE@T8%GsGwu7suQFSY0B`S4B-<Y&p&bWA0p^Y_M<j8jdP0;QU)g?9^QD$V1KmMn
zR%F$RUz#dPU*%Lv&a^ly^N=n3j|q@t0d4T{8X&!^@bRbdfQ0aVhy=i7kC8xkF~FF0
zQa>6A2J-}bcLX(vgnEpGdWwX8*jOgiyhg%dV&NV}c@I5Yy$m!`L!?<7j=&72ig@sL
z%0kNl(vUA2Ehdd$N4A|N*ILX5k=Pv?7ZTO|vQwN6PUNLG#5TB~)#$PZ6@*p&)pP>~
z!|h@02av|jXl1kxsYY~2Fp)2`9!~0ALs&G`x0|RpI5vhNo2zFSVPn)Huz9RF^vHwg
zbC_)KcN7(kVD_?`^>Z`3m|rP&KA3r<&@PLG;gt@wT^{v^%FE`)fq5W@is$CA+boAF
z-{!D!lxnoEWLmbpSEdd4g8x*Z1C?sE9H?=d!h-L`T?`9GFT9bSPiq?Zh*=j6eXnv~
zoz-dzLosMYE}-XyhG6-)pdC9euFd_RAv#CuVJuUbD4vy8;}P2EF)QY;*bLUUpR1u~
zxt<U0eYwIZ?)%H86yL>%?eQL$wiqn98&fkm9Z&)TFq5eSE<1vPo|~84aL5FlljvBC
zZUPavwk`23R`#N8_stZBME=(8<jerEzyybnJY#XqIG^_pz0EPqVEA-?tTM98T3N_`
zT+F3OF%@9?yqbdWn2Mop&hIgmq38%IQJdSgo=C`z3dt#%-9ULIXQIj;s<no)2C-b~
z#JOSyu}^}R8+eph=!nJ;e40z9ukWZ!RQngcnc2gcy12!%$*{C6o#*qlEUkOk$ZMJW
z)l&!T99bXlGHvitD4aRnzbhINZ*qr8YHh@u(8^!~>7X;=1P3gVB-A{kz?8-VJMrhi
zqTdBvBa#9lE5jHNq8YW$64Vx5<tUBZ;%0dJ4waP<lJ**8QY%_7%I~NEsztC)jjA|D
ztT}h|D2SH$muGm>#O-gR1icW8{YFY>_g&JlR^HjA!}Io~U%R{`m<%EXDr=Z{lq|b+
z6~~*VNovvZX+99m_NvoEDw=9qyIxMHJEG_6|NZr1raj*K{d8X04NPC4kRS*r#Us;E
z9C(AIC(|n}LUr+zX~UaxTP1tM>G{VqEc4*;_Yux+pY@ZMmuL6&^7O+0x%W7Y-{bXl
z9FDKo`*!fM^K%zoEBAAI{PeQpFDm!)^QP~sDk(awUKV`f_30=M#M)3#$@$hizQb7_
z|4D)<fV%kFiija$F}|xOIREE-{K|g}d8Ajn%WsM3(~}f+wl+=08E~Q01(;sXwk2iF
z5;QqLAvp)l1*{M+4wW@i4v8xhDzBHc_eV}6(L@#M@WM}qw>>zU^Q85JU~$drwRT*x
z+ou6$8i{oxY8)miISYMTg+_V<lABBzt&F^OCnsmwM9ZJ|VAwn@ScQdNeX(OrAvEo1
zJgatDnDrd_O#i5|#7*>_QZmox>nr3=T{k-+1YJ8ufl3f{3U529w+Vmy)3qHEw^oV?
zER@UM=xgQE*^{<oTwz1>>zi9~l1ymbHcw4cjeqO<^3cxs{z;+QN+sUi2^3QSlAJoW
zoI9R$qxOj9t>&vk7E{rwU>z|HLvkU9mC|?eCY5~hrtMH@DR`NKiIg1Dwh{e5|JKJ1
zNkNp)*4Nq93O4^wavf2qP~wk8zK+xS(MYx12NW92wOY=bD)|jst)<$`*+ne>W`NcA
zmR@6GZjsLQbg9Q{NyxtQ%amt0*fel+$hU>ZDLL6vn$7$lm1tULy2UVuEQA^YX^)n#
z+M~g$3{_0j4nk|s)LX5r8aP(p=A?ybnB;1Z%5^mKlja7Ms$+RUvLIHlLv1HO(-Hjp
zcNV_8rUkEWI?wr2$HU^%pk$vf<>*@M+3QoFc(c`Y;Rc?WJWs4hzlPQK?p&LX+`Kop
zaLb(SNq-%|%=(atYR1}tQux1!+}EBBgQ+cGJlVGP5>luZ>8)pX_WD0{cjy~&epYR+
z&SonW*`+6QYVo#w%{;wJ_8pwc6rdz3wr7@G_||#?qVplD&kJKwQjp2m#<>adHfoLX
zg|AM>q)&NWTD5l31Ex&jK1*=brO}O(@V$Qi-B0GZXqC{FD-?B|Us^2i&+e8Blv~_i
zrH@oESst^U0mpa?N*9_<YegzkO=%Uwx{)pAvUK$D?&<>%Ip-UvF)m9AG(74t52$Or
zq7paq$*g#G#V^hOEO4d^=!DWK-w^Sh=WsA^1J5zIpNWVdb%9107)!vTWny&a-FL@2
z3rETJxgunTByEU#)Yq-;dkcM@wIotz{T5bxr~g49F-FHLD)^t#@>nEpv{B{8CN3zM
z8)Ud#5r~aQ0k$f!=QTJko(Orusf3qt@H7`t4yIE{0V=!U4~YnaQV%U`?pR(&K4_e<
zg*|Auc6oj@Of;}*^m*sR$P#)=JU+oHmUy+RtVBT>|ARye-s7{O_K0q@Le3M#_F!qB
zN~Q8|GH2<$e9Dm)32QpIUb^^Xo@-jU>VSp|Kg}b#`nS75&5N=3fz1-E{m$6o?e2V{
zPQMlCfs-wa7vgcdmLtc#v$<o$qoyGq)QR1{7Rj(GW^WfM#2!Die^b2npire`2C%#z
zK({HfubiQaoS};V+?zcK8osWOnzF*v&I@$*03`WBX#w-3LAk5tNK7b3%WRdoVI8A&
zOeaFC{Nl05#BT6eNM)5d0$7xW**sOBbS=>=b3u%$EdZ#b2j#~+W^JV`ST7N&!kdT{
z4UDu)TH4wql6#TTQ1$El(Fx3Wnr%kby&W?vf^iDLymcP>9$5C0e+lycL8WG3u`MxQ
z%p{(Ix;!?<;L4)HnSvk@?8t=ozR=t^V7jDT1v4cxkOcvM*ae7zGe`R4jy9;E&=Hc2
zw^u9-^AF#_>gRM-ZKH#;Ga!bKU_t}z+65-)?s0cvf=W_gf*fI%;_F9pXo$INb`UWI
zD6z3n(*Ip?4up=^VbkK4h%xr4kJ{B>z2SQ9&-e7x-K!Z{LGao-!?iRu=Weq;4e#RP
z=N^*;j5_b4vX4+*Op%hqFtT$=b8JTa>`D5d`EW>#9brV?YaW#wN@Lf!mGeAuc99I|
zT#6_-NF-duX~1gWX+Xq(2LC<G3AhM|{08a1A2D$eGCW^y0uTt+><wlVA@`+D?;Wln
z_bk$AP*EqkT*46<kFSr#Gw`+PujbV1RdZL%5#KNvz_UzJaO;xT<t#-T>1>XyE4j{4
zmUs15){plDs{bwd3ua+N<(&COn^d0uBfUpK{5K)0#wk&eh^CD}z^CY;Zp=C65hLy!
zg8^xm9=yz(mhgX;aqt&4g3K^`J5g-<nKJshGv})2dt^8kYG%`HWG3%r4s~>(_)Onp
zG%kg#$2^1@kG=Z%$Q%(Fr-Q>;_%8axoMNV<)(G9wOJ^6(WF)AjEa?t4_+c|o8jG(1
zcq66yljXah<`C+w6#y=IyE+)x|X{Hmgu--@cSO*NeBGat<L7I%<Np?fsm8$!PT
z{-@qkqLQ5&@c}ShVF<X~f$D)A5TCrZ@o~Zl6GmhPDLL@K1hs?<L9BA4k$BIInSf;0
zUVH+iM1fMY_9R!Xvn7Pc-NnsP8ifCSUnv>|Qmo3b&w;&mXa|^%CB$t1cwZ4?2w<$J
zZG;i9b1n%3Ouz_35C%BJ0Kgmbki{4V_&AL_2!O|rItcKdA7=<aPYfeap|XR#Z5PQ}
z`=fNaB>aJZeewWVT+D2&EJN+~48wjIBtkjaSsHJxZLcR#EqKFjOl*5x$IdH|<o*W)
zOvYx|>nJRIM6+<c!)1l~6-^(j_SJ8mw6+W)jP}YRDBZ=Z`;MChYX4pRU`q}tNlKz6
zfI8gpYPhsA+n}r-=VHs((vcjTcn_5g7Z-Fx?OLkOU1zhw$gRIg+kWj)m`%HMq4dfU
z9xOXkqF<R~p~u=kp9Z=)7$HGV<w;J5+*zVB2DK5sF{t+Y^BON{VoI?}4yh@+S`!f?
z1#<<_daPUuO9_P1b_D?UvN;5|Lm9%+9Wb%w%wQqNwKkar4(E}a`|9sYmQI&|HHJn_
zoX6thU=xF7{^lvT4LG<vrsH;1;KrhY;lcwIl0kwb5ulv_i9pH<bTiYBn}mCx*#mhy
zi7;2A+I#3-{WCL|cQ-=#g=_IvE1c>^Law$a)XJQj<TuQ~h>(H~nUy_Q!~ii=d?IB0
z-)_)+5~N))5g?r4=ddrlS$e_dexE8E7)SN@%TUwRq_Ww$i<a-dUbDhf_L$v)Ron_N
zuANfA_*V&SjmqwXqB@|ccSmb{K-PUGH9^s@5Ve3856DI&F$Baj12G(sEc<ke5uFCa
zdf6BTA6Qo3<;R#7HjeUzTOjZ_4@yXL@$i;*J?;MZw3!#UJkfsAA%`+OtM>F3a1F(f
zBAn5o6z1Wz^b>2k5l(8rvobR^8rRZE%u(q)2aVzJ9CjDCl&^N;*wzq7jF?}!OD(Q;
zKF^^#I-n0e9PQ-$C8>agvpnxp;>XPHYR;dkIP~>b2}^C}qrKT@J}I2%cyvL;UvlQ|
z0x8yD5l*xd%@iwfDm8o4kHkk$aAcfZiqNWAkfve$CH0YQqx2}z?r(Q=_>gyThQH5#
zi2r#d+&&uZ{Pal2Ke9<_REuz8o6x)&J<#>*nza9Y>xCcX=AIXv^lrvjK6!{c9yY=q
z5AN8Z>w%&Bjp(}VK(`01P>1>V^A&4E+ue$tXt$5J>AyrbkFfoUjh2JKHK3U68Z4Kk
z9Df&#+QbY^vhBVcx(qqKwIfUB3(#I{o%`}bOzEl^QjZdHmy2LH9URV~{>;WZ7mbq)
z;qWwHKkRMsR#y_Y_`G&wY(aKEL1`2k^XKEq2F0#m)((5D<gL1xuVs|8Z|Q|RxX?Qf
zpFTq%qiAfu`{6kcW~byaSt9nxO_2KGG;k*`e^ApAqzcV8-~N`+<3AwMEQ8qX@L?Az
zn_Wj5GfOp0B=|#Y+0I5hOkrgNgkfbc`uZ^PYoQo<g@NX%c|j}H2)68ZUI?hn&is7)
zV*+PDAi4eM%}Q!{TGqPNXX;gOu~tvwIU8SyD{214SHcwnDE8w&AIH7lSNX~IKM&dV
z-(FmAz5XAq_TLx9Z~Q+e8$X}V`CI(oR~z=dZ^yOx{9mtc_gg!wtv{dEibt(iz29%s
z`g>bD3Bf)eSN`Aj>LKn|m{NJ0YEdUX8P0AID2>`d65C<Uk*!i~cZq4DSa|*1Q`Ny3
z^~2AiBU{2*wp^)%=EFVJEpGX<^t~FQ;(y!u1ZRc^x67Dqd<UW_v#;c=`@)`6bJBRh
z3zimbfx0ZG%+5V*Mdg#PEIrpYLu{Lyw)F>FETjvjUWMU8-<3*L`u|hDoN71C-qjq5
z(&Ub~!IhW0sikIQc7Tn39e|=O{(GMS$l3j)GzV&m**zZjVNAoLGQ00fk5QljLUIpC
zVl`jxVBd?blU)*1&!9E)5}Ag-w+9vDg}rPb`06odg){PzHjtv0=_TFs&9&InWdm!m
z>2APPWAsSYI0;-{_?9`T45o>7`e`}t2TF)2M)l5<b+pzw2?lqiG5xMmMkH`AMRLox
zdq&cwkb+9!CzgQr9-!1>@bB8r_uTELs2Lo5EeJOYCxxR!GCzuqgak+>MGO0Opg7I+
zRJf%e%xJzg!t)}Px_c^M8)LDhfCvs&ks?BnALg7;VFXwAKceoY+PZa<EKd}^EiaTj
za=KlGKe*#yU+rZ5><1-nfzNxVE_NC_T{Z2DNLJ<sjTx{39C8XmC_1QeM7OjbKV6!a
zI!r^ZdE1J&MoUcJuFq4fWU(@X?FO~>)0YQIWCm)I78514pkpPZPDn@zvfGQ9Fkwc9
zKV3zN6}>C#>?&L<Hi!rjzJ!))^M^$=wcorNU9=be3Ee^_A2M-CcEWk${VmLNT*^J2
zmm}uyh)z*nI7FvFg?5_-z$`?7+U6<^%a9cKw!&$*Jz1A#1Hg1GtZipe?4Gnn|Dvb)
za@gbUi@AUXn5fU>F)<m;eP3S42`6n6)rW-o)<v>tHO5-VhE)P#Ii4f*^)Il}djp71
zYN$W?f{Vp5a?`o1aCAhyLt{!0x?gKHJ9xwP6zvw!q3xGgfKWjQsDjb!0ByG#@`Bj9
z>yc*RUq5<EXC8S+U{ALPKz_cjY}bEflKVMH%YjGtZ)FpR3u~MlZ=9IOa)|E~4NN?L
z?`xj+GWHb#?|d2+C*Zk`?*gsRXFG@@|EpB+DVAN7pV;h<5$c@2n{_ddu|~?=_^@da
z6N5~bJ0daAaji2(eD43P(Wm0Rr$tvAfo<h}>_$AYJ~*d&9q}$Uv#5ioF=4gsy7>g+
zlItl+;3N5Z;L|lImzoO)GU9@U4cfy0w5Ot(FOl&?57b*YWm2ntW3Yu<%#^tD?00xS
zas9xsT)B2$59m$i@1d&hryqyS1l;BHH?N};nO1wFBp>etB_De!>|4^9rwET)o=Dpr
z$Ku9NR$JD^(j{|($XmNpnDmR*6<RO>Gc0OY_J?Lm)FzShcL~~?oi-34sUm=M7f?~w
zdOCT7{5t_nx>laUIImagYu*<ViqSG#WNKZ(Xr9uI&?>#Y`)g{~_bRHo$P^3wU)gR<
zx|L{^xh&4q5&%@(h4N{Zu(DVhw4Z#XP;sJ|wkh_%RXL<hI}y&)lnCY_1mj_Ee4Ive
z1Ol|%ZWSLiZ_x~np_&0Z{@~oa%ASE30p!1FpT2CkxXtZ;lU40H*a?}wEC{&cen1S|
z84`gTny>;M*Str9FTk?r_&D48AWE@D=&@7aLI?*9%g~w@TsJLEQb>t6kbTUOAO6S;
zkK;#Aj-d6i!H@rMH9jEtztwmMUD)=&hww=PMx7@G`8&vdrZ}m7RQWbi8*5bN=eJL%
z*Q$(!d0LQp<Q?VVIHNRnO<OuIBj=QIfUJho0D^fyL|g=J1YCsw4*q+<`mZD>n9b)a
z0tRBf`Nl;6BKd%w;-nJPfz-vT;U&bGPAVxR(!uA5Y43bPJRV(^=5A88Q6=w)$51h*
z9H(HuD1|s;b(z7*a@|vr3i%%?PB!uXl;WAz7VR(TLK4*InnwiXVp=wa0k0x^y0J$F
zl%Z(xj)$WWiMwu`7F!3UGla_UCtV5-wM#sVINAS8ichUqRq5u_u4VjRE~^YK{cR!X
zugjWs0r-(IBs#<bkN59Y<@j5UA}(>R!7|kPN-XvW_3Xig>o?-%oCVFfEH8ZgMpM4w
z(Zx|n2P)5ZSHYmwDFK^T+KaL_h<b9)J1M{?0Xj0_)rJ~X!I8`lrH3icQ`NpY^~Owp
zZV&kgs!xJ3Y5IRFbCwilJHY=4^RbF&jQ<LAWF^g+aYF_aMrjG8ymZCC*8&&?UMnss
z>421mY0_SF1ffEVS-R=ZGLnyQH*mO3!c$0;N!$CUzQ#u9vsG={eI;RYQ`p^IRK^&6
z8jEQdV7skeNP_?pFu)Op0E{pK@CRLHzlz=0d6XewRDPHt;JfU1<|G7g0+p#2c=r~P
zwcbz3TxIw(A=}IevV^3$LB*#1@J!xbm~H}vsprb0BXpiBr_TR>VO~=U{!3q3FC<G%
zumMzu8(fc;RcG&)Gv-|G{P?#o2PZZ_ZNtR{)l$8g8gSFrW;%QsWZAmia29^4ZB4;w
zdrXwp@Xrm+<k`l^83j>KHU)b43Jb{a*c<B&f~wA|*}>bKT{Xcw=-I3QZeTb$^vRg>
zEo+XCCS39EC<S4gI_C!Js(qbV$k<11EVpT6P#!&>tq*R*qdX|mvWPRb4^tYG2j{6!
zYG*Hco3Mxqq0^Y!F??R}^12xK;lx~$?PJt+5_rUERPiHnebzW)U4GFIM%p9OhR2E@
z>%V7Wm0uWsO(?sp_<VF?lYX3L+%%7%AGhTQD`$h`{knPZ`J)GTOEaTY$wYRt;eJ_w
z1<qP?n1>2~twmMgrD~z<o8?Qn;RO_*NQh*bX5}SRPyLwd(sH)-|5JH-wn_2~mdQ?T
zG@>88Z!)KM)lO9!^CUD(N0pU;`mJo81E0SsHlQGNc<&+;T`c6NY3}?9)1~u(T1gNr
ze1DHOW~Pco8VHE_6bsU5vee>DmovN03Pz%tS4hyM(r1vgXKF*?0cQ=D%0mTJUqo7s
zYgY;`#CuJ)^lU5e2~`_cJ{Z0H(2&m4W1y@clirnA<+@nNrwNz7=|yo7)Kt4M{UO6b
z!Ho$DR<Pkg$;v@B7jLzB(A3+wx11J_oN#GgpyopaFQ{dUe}y+#R);NTL*sR|lA6Y@
z@uCUm&tLdI*n6w!M%pY*H=Sl?W;+dOW@dJpnVB)o%*>ExW@ctP&CJZq%xsVHud35k
z(>*;s>s-uPXZ1x$`Xq%`L@1>A_TJC??j9UL!?vl0Z-{U@CEP|+1KiYRe!WQ{;!r}m
z4eW>rz9R>FUGKAg)Wef_k;a9Pl0S6z@bc-?Mi?v<-BX$8N|s^s4$*dtYoNcUVb3hT
zlj9raGGxK`JegQln#6<motOiRGy4(s9lob&4U3_R|7Ps{7QP}gNWza&(_1N?6GA8#
znvKy5l=8+Nk%#5ju|agEep8E!M{Ut)MfG6yj;7IKFKOD6p#xj0rL#Kqs*^i>jcp1x
zsz&&uc2zDe3=;!>?x=Hsy;6?G0)BM@XQ<d#)*Xz2<7QQ!Zez(5God!i6XQYXtee=F
zeB9&!yU@<VAm+~B@D4A(nw<#1AvE#nDqwOajaUTdUQR2i-nQb_ZH2c`X>%o#u>%l<
zg&7All~e_Gj<gX>T>EIzg_)F&<aE!h2++OqX+?5m6y*0^)Mo=4MAnmjja|I){Y^_D
z!|%_=xA`3Lu7a*yc`7V!Mj9d7YE3{7BpkWumL}=8?%j#=ITOF~vnsGj6YVK<TOjXG
zjKp70Ad;PO9Anarn9c463{{!>j^j}~x=|jShi8%;jd6fkrC(7b`60w;OWmp}<Jj|+
z2Evwu)w)%@y`162jV7z%@T@l~;a~#sJVZ&Q-u!-~IvB;wC{x%X$K2O=B+d6wt1`6X
z19N<Jz&>fXC%(obwYcC(Z|rt$0<VC_Py56Gn_FA~@tCfGBV{gR<66&PeL*c_m3#~v
zB?VjR3`*T(9J18Aum}mjfqbSH64-Fv&ki_i9;tY?Q*V`W2DfBsTHqv(5|)PK5G(}s
zs9aIUujN_sO5LZwGd4i%etl}=hR6xxsCQinDgS`^+M7A0NoAfV7XquHgQDMNgChVK
z#m2a6M+CG7?Go(yo9EGNvTlt|jg#Y3ibB95)+l(n2VivW9YbG-Rr1#JBzcnO0fJ`9
zEPD)NBnG}y5-+MX8B-+uZt<WYXdNI98+m;GA0C0<F&mY=bAI$dD({eJhSvFzcnKsv
zL8|X`wD>kQY(w$Ra}7b3t)-3ffXR5=DI2G2V-{+~RCvCd9^bS>M$Mhq1j`uY(qldv
z0Eb;LaE-jfhS+U>k-HFW+2o6V%}acxT=<wVO5Y)wd^+1E&Mf2fN`+QQwyY$pXFWN(
zU}@^WS~%3X0yVLT{#DmTrfogI8LM|1?o0&OVP_(3^A$SOag7eX%YA-Yx3zURxcFm0
ziz5go1lM*=n#sM@jx|cT2@!TqOHa9p3xW7LEEi+Dh4J%i$-RiY@ZN2Ot46Mk3VJkP
zTudE#ax??UuP`$D5#sQDZKS|`ZG|q2bA0U<Soc~A5hY7L7zVYl^aJ_uxofO|Etk7s
zMcDr+-uH^2KPHW&Cv8J8kOZt6L2v8h^2qGrd3|AlzO$YLmbtvX7#>*{LQhIR&<B*8
zj@#KuZsJThq6W*w$c}9w>E|^P9z|cn#kcA=8-c#~Ll%^A{GiIshon75l7f8BP<mgp
z>Gd6VO1y3qQ?`V(0zbcq)#DYxE)()Qza&&<s(HOdP5$}P`7+SgFyYT|15;(xLh60H
z_(wnNJjZHtr9Z)-XYRhJOY>K&MZ!frNNrJjeV;~yBVA!^9dBGW$ac#>qL0-v<_FH-
zbwX`Fb_uZF`*-5`6Tt>B)oXS5#mZJ|L5u7y65Yk;--d;j%|Q*=Ix5MwUb)ltd!U8Y
z^enJzz>54Om;J=k#f{JM8zGx3%{_l+GdE2;YOI1(O<1H&<;=z*sx<k~PbCHj`Gg@c
z|4>A4=a;;Wf0r(zQXq&S4F!|{Y-UQ6c$~hB9!vTsC$h3at3SYR?JQU8*BWU&M}pLt
za-z94eI4P4OvGRVi3-=GQ^QtC@;l5vkR7he-3r5M)wA->&p1;*J&&_$c_IwPnkA8;
zO-51b)&Ecgw7~A8CxG+a@cw?}S6lue@;;~*4_995t4PO1;ye*nXL9}h;kK)h*^Q(*
zGbb6XqB$o-p^Muusc77w7rYi)S`ePc57|gT!CTVLoKHLkNNBWV;;=rsn`BZ|Up5Z`
z+wk-P)9L;}Ityf2iW--<mj-+GJ#MR{e+@K#OT2Flc1|ywuip3+E({NX-#%G7=bIg!
z-`e;;aJ6P%y{2+>0k)oAFiCxDwsvdQJ%7pgW2otu994I8gQVOF$+F#bJ*EgHv-;i@
z@Kh4mI<QBViDc;(5YJQ^TzklmZ<?Hk959h5*%CM~#D-*AcSzu?!j#xoZzC$iEZXyk
zdk67c?|smP&DG$HEh67Q;?hF1Nj%6Et%kAZViI0=UllyjBco=E5=^Ns2~&@1d2fbT
zr*3?F7z`lisroYIbdf_dOjH?taVO&<7~*8H^Twcw3LeP)?bM~MBjwT(=a2i;r6tBW
zF-KDvB#(aJER2%86(GGZn8hcFZ6t|`MY9gMSc*DYCW0Fh1ZyT<w@GxPQTb!G$3c!4
zvu{J@MGLWRg2Ax<LRN2d#vkzPIVX{#R&gz^mZ+a@KBVIpkne`Y>&ts30AY#8ZGdCO
z0{JtCt>zFK_tMNhrWJm$`75y;126AOSPFM;5ZSqXgdNqnokaDJ`+1h~I+>W6RQGK<
zoN!bCWs)!1j}{EPqSpZ`w8k3PyoyTCq?n#A)S=m5<9vnrTRYw3I-GkM5|M|uE`o9r
zti9I4$S6B)K2kg?$Eyn+SWX$cu9jw{TEUPcMH7|0!$Yw_NR>uo@$MGQa*niGPSmN*
zI6roJV9?}CpOHI<p(}@w=MJmUZzncG+ZUss99v)Qe#S&UgO2Y|ejy<55r%HSt3M<>
zy!&`TyNF>JSJj6ko3&Hcyh>+aB!lBL=~g&8VO;L1i5ZlKe{Mkx@C6ep?93f#O%uE>
zh*6|xH#+c<$lvTi1ML(dKEHg(Um3nAeaxB0&{ig}Q)Wuti1s73f%IeUPJjQAr8dt<
zSSSa-cmta@ptsObQDiAASAMxNhj9AE6c;;BXVukDuBs7Jj`VESAk!c3JQ9d}9W$@F
z^=J%&J$Nxe&aKve#Ah)Y7p(uJ-!x-M9N%d=5S-kL4R@*XlgLqrY~A{2DZ-CM$3^>$
zJFZ<k0zBJA3tNr~(6s4Hh}msdoOEID{-anYSG`5G-ZB40g^Jb4c^Smq<<cbeLB7+x
z#8^qm;e7v<JDK#0<L}R93<XekW)a56<SvOd`VR$|eXKS)8!11IYO#lH_q4dnJlLR#
z7j?KWlMFE$C`|kc!I;iy7Z?fa<++MVgWsjay2IBe8Ov?D>nMV6BWm9m_l!gUR{w6N
zT@UJbPLv_2>Is7{c5q>ZiqnLpto<ZIJOxMsL-D9g23@`wvEWqL4LfMXnX{$jYn`-#
z`P(Dtfdk@S<-K-FT*IUL#MP1S8yZ$17RCxl>iSMCy^wmSnCPhwyW#MVw5v9r_(GCx
zb-X`c_NWt-cD5hkjE$7xh@&7fs4(%Ub>(^zNvHfa@3Cs}5-gZ02GtewB1C@b>Ecq{
zc~)>&WCyy8iF%9`4;sQ)hjvqQ()Mj7W{MivgdZAsjZ`XXPGP2-DE`oxqdb{a_nu6V
z_ghzlGCYd4cx9N91yVL*Ek#wD&psMDG*YHLjS_TgP%NrSgRMO<<jz4Cl~8Bo52wg;
zBW=E|@$Ev&`Py3S4OhA;Hs1+Efe(d>q&_30p<ff|60yrGqFry|&`h2b!O}v(dX=L0
zW4rRiSr!zzKVl;s4d*V(jXDdI+OQ6sSXCBI-W<BdE$X|^4@qC=V8Zd*H4Cx#f~-ZK
zC5X%i2?R|LLc>S2-v(71zN!W8pzs2}en61VRk_a^+Go}t3vzxmpq5lif(2)qYRW5)
z{r-uJbI{H1Qt=cf&~GQbpNZ-<>4GTg*jg7*T3wUx%AH-}8u-rAj`;_kj8I}Y%aH_w
zsq0)TSW5$^EAWRBqaa-VS}7}txj<Bw#?RU6@wx7KjBREGnSBC)C{@Ngh6!u9Osj`7
zJX9!osh$-E;#MvC1JOq5G@U7UHTGD;pc56zjZbrNSvUtoh(Lr%4IO{r(|}$0aj)m6
z4J{%IdY6G{(z$Z(^&zK@snJ941pG*8hs~9q1NLlrp>s*+JF;xc5c&7$q@XJl%tm0|
zVxyHLLVKJ&g#eq}xk<ft{YR`dedl33AA1(u&D?=i;Mn0-AvHDi7~GFu+?mu6h>l{X
zV!l}J<RwfGnLK~C3Ti+vPf(PAbWVY5QYGd57b84bd+5k*L~3RmCiR2T`Qv{@ChK_Y
z0m!7!dd>K;t*-)$ZwtFVpJ*jFYF&N9*Y!Gdbm0w_pg;rV;`RPJAOMio*Vt0mDpbqw
zAz0n7dyOl}hQ<{*dO~Vo=Y?C42Kg@NZm@9iQX`^7Fm?l$<QYo4@7#}zdc0h)K#c@y
z+va3wVY~<-*F?HHK_4$2*@!FZ44Kr|xat%ZfHQ;kv|J)^q1C4)H{TN1%-G1`fb4uk
zb}=irmRIy-+8e-uv8J+CQTK$`0$JPj)D5ssg<=0n+}rwfNaEh6I|x<IFaEw@j#oQq
zTy)sWKT8$x<vSXL$C9}G>cS-)Vc#RTD<lFVb{oMDsP?rq0@oZQeqsPA8|;`N4r#k`
z*l}!T0L5i9e0HJ6O4>G{HJIvVd&Dt_;j9A65I<vMco~)4N8qp_qSeF`1>fZx?=CTE
zW`M$NK0bdMdx1-5){!jic-&HLy~e<)av-`nT!dG@Ich==-^1&T&<eJL#TEJn&G8Q~
zGJ*nr+Lsb)XGGXxtBM4H^%3~mfggdF6$G;kv=$a<4Y4mHbZ1n`0bzO%G&gj1H@OxS
zx4D*SkpT^t4b|92M;ZF)1`XGRu*9Mz+&8WzzU%0>Eg;7D!$tP;VHW_STjhajwnW^|
z9@S#vvOxo7Nx@Wm!Wl7hV37VlXymSZkb%4J5cL(sD7`M}YQnQm&SSOto*Ho+sstS_
zn?B7c@hpEJ2XOzR;a^mwYlZjo=;S1!^yfuXN*Xd=zw^>HxBn{(^7C`RpsmL0LQ$nV
zvi~YRZ)4I`muGN~6l3NZ+-Ra$NiKuz%#vL>tqvIYtwxu}!rkq!KNHufvB}->d+J#N
zaOdWTF{kd0qKP@wcn^e5#_1>SAm@E#S-at{unoG6HX{Vz=}wv5@%fd-LG@KxNKnj%
z@3n$ilk^K(5J?zU9=-3k-M&r-Yp6{Ynx$GVA&gCfEXy*dXAr3l`()_b>2ioL6z!`O
z9H2{*dH`YI>CWc25>{zc9bW+fhcYYE^%w6fAgHgIeqxO5Cl)>C6faL*ZD4}4I7!f;
zFuTu0^;Cwl^j#RZ{~$E)z)FJMIm;-k^*)*~lSdAFXc`xOvD@cQ$O+S<7%oN$P5stq
z;|(yl;ZUpWexw^saD6!Ckamh0ssLwWus3NizSK&$?+?FDX*~wIxjz+ee~g5792EXC
zxpOokjw96(Ab<73`i_z(H7gY04k|S#sh;;zSDgQ%pp<{0&Q_U+Y)N}fh#UiCi;q_W
z;Z=i=H;oT0fcHkk2PS!h47!5}&Y+v{QA5z3%kQznuSqP>t}oD@EAYm`G^Fg-7X%Xt
zciqQz=;`RCry3t3!PK-1raO|$g|}81P!5!YbWvkDZ2UU9>NLF8VEh}2)uCn~R^2}>
z*?wzJT5?l#i33WVHg!NrP}N^UD_}6(9`@$|^1uO=w8j=izved#q)Uyfy-M)YUk5!}
z*Av}nB7Kn=QF<Zm0&`nxz1Ix%9zYp-w+PX>92Qp#eYnu)FqzXb#{)^*uI+rH)NajC
zi#_4!5<EtpENDmKe0T+33tLix()->ETgm$Kem`^PA6B(VUlG4)H6W1Rmx4CU@LRBv
zdkdkXxwUta=|x{qoHEJ_;w~(1gz}o~Q>ceb3)FWaPz$YX<<%jOgn&wHQHi@K6;HmQ
zAvi@EV9rn&$(|Kd;}hEGFib0swE_eN2a@T`mUJ=r8*JtObxsmZL>QD=(&yltmTBJx
zFmY?gEYDPBFZycVcy>srtX@}3ffcQJyoQUZWmV2DSJ8(=Iy~%dM0ZnLG_L(@e$YaF
z7o1heH{{grU>%X)3dV}vxVSX-fYkN320N#2`;j0M6d^mex24P>@sTqv{+|qWxuI((
zjnyJCK^dbpG=f*g&jhG2RVa~VA&3E=RLAnKuTUlTGEAFi<2ex%mD53?1C8qMvxAN5
z*wN?W;V|>36uOJ5oGDF`iSR$>Ftxb6;-5kuqWEu|76jFxXM^|_1E~%PbeX<?qr@dK
z81CJAix%Al<s#4!692u2BB&a&?;^!$S_XkV$W-GFPFj^BNKslU%2qhY9eF!Yeaj9=
zta_@JE9plZVwkd~GGGHlE0a)TrJ>@eW>h=tK;!l0Iw79)ji87Y!phLo^+&cwnnXM8
zZgTE9&=Rw7OPos+_-Su54#ZRj!!aAbzK`$S$jpyR-=B*XH6^UfUE$fySPzQd?uj?m
zl(8B@iZ>~(Lz8?XTZimA*_`jJ!SATem%n-K(w?_8WSq_6ak165ub`nf7m$w$)r};5
zOw{B{xemsG5;kWvX5ZN)p=DW2uJSf_2pl(Yp4gp+>57;22!gSb-SMT$gLOYJ<F%=|
zcjsJw;N-qNhpXfAugF-#x`i@*@xiJ&jj;a(VOn{>Q-_nE>)OJ+wQT7wC|}Cg)-JWE
z@%j=R*|p?!hfIA0lgikpyw1cO+~{U`TeAOL;WazH%+uuJ2^`jGT|$&1*lCW?CqX_z
z!~6E~e!r0A_$G;NTAFjP4hNPB{`!h`+_x+Zj>dhfr7-P^zH>-aXo-b|%2;t>Ousd)
zUN{VKNB0Fe^H6b9RX@KhNPoLUKmFdYDI?}VHck{1z`*%oclb)D^k`j7iMlKawn;ij
zCK@pHhlf<yLgxGyQp2TECVPO~@Fl)P##uc%A!wW@sj0ZoHmkY^7kxf!i1|}otMN`N
zV8+r%!_Uk9n9*>VB5JZ#;=m>@Dwz09cf7(M5s~oKy1<&tXt#JW@CK(CPR7>7Tu>p1
zRw@2#;TcazXi#fscu`B&>>Bc6&4d+<O@p=T?SoN*(fNJKBO7L#z)cLmu`(x2#jd0h
z6?K5lk_xQXbLn8{Z}qi-p}*DFOee4HmrvP~LelvM*UJ{4O|s3N22L-`{As9vb|4)f
zbawGGHk0h-ye_k-?A*`bh78tdt@yTv8Qi9&J9X|EZ!7_=#BN=P*f<fvG)|{!<W8N>
zRX=f>J#e9v#bf$3XeL6l#y;iqEXMPo_x-*+u<OoYQ6$-Cma&fJduivJ@r1$><W`1i
zR$dbeksAe|Zx2{`i7n7_qjTJN4P&qvUBzMQg|@$ojYO#J%kw$qsb^or2GC@E;*<O~
zVQx}a6lJO8iIimW2X=fwTtbhjspSqi3aH9JJTjqU>@zW)i7demB;)y`5ClJHQes?I
zbQZ*GrK0+vG|}Dv<67I22C6rBoZioF7IH=)3nI2;aBy7*wzw}Hbr?Z@GbC$w5M;Re
zF&{n(ucCvEE5?P(poVuqa!b@Umof+uMc`S=%79pf$Ja&V_)~_6G?U#EFDe@)Bpp?X
zWg*&+Me8}k_J0Q8q6+`D<n}KB-0agEBoCqLfZX@yozRwtDUq?I!`spAI(-3=CIlfF
z4;fU>FtrWChL)qyak;{;rX#t)enQ|v4t!^SF>inee~nBDI0yi*aCyH(z(I_)zdG|l
z#GJ9x9TtPwk~p|FKLpq?NhF3r8ELonhG5t`-x7~SS0p)^mMxV^pUsWB!6XAqF^s^e
zuA&vy=c=JMqLnLUI6zt0RNa~1+GHyqpL7vO!3a;>bqepy=i?GqXc{K?=VO`G1On|K
z2LfcK{t<&NbN?v189<7YB)hR42Kv477c7|lOHKmod^CXZ{Kay3pq^?{XrjMhOQCQw
zq@SifD1wa1q7wYf00|v&mdizKw+_#ed{E3({HN-G<!jKoRw|E75hGy<T~SMn!8?;-
z=H#zdV25M!KQ%WBzVPZw!`HvcZC_SRdRL$-C?@uz8$T@d#`}#YvRvi7C9-Ls^p6!$
z9)Q2S^@W{$Bo%H5AsGMa{#x!xc}4mKpRBIQIo=KfMtBVASHPhWN+~CTNb$xWDI)^`
z$(Wt^Bxt@Yxk%k<hI~tFAd!=cv#BH~@7umgI0~d#nQosgOYQLbR~qI3<Bg+zCCuJ0
z1G$X=<gIHy4g-u&AA|3&Vw)SrA+rGt@KG9P5D=Fa1ptNP1)y-+A{ai3C7lwr|5|BN
zST!G0Y}pLU;O>QOBaj=psXX3YF?K+gwU~MxUlL1WKa+xw*~2CG1wz)S(Qet!u}v&)
zq*=d*>g-P%pzPFf7(V^(rzgRgx<!(q_VW!c(yuwH(xoZRCm-n-_11`<s(a1x3F(p<
z)u5ZRj{4egx0p+yl&ENTV?rC!6)t*Hd9oJW`GN+^d(64$v4eUVHaCW)F%hWDw&ZK&
zyJs!c9Gn23o7_C7ZN?a31%vV!&lpta%Wa#x7zLwf4Tty?O{1}}uB@@9XgOgKg_#&)
ze!Uj3L-it((~&e`-#Vz!N}<1>d0PTlYQF7OHt({TXvgB-4ybzXZ#&1nyh8lKK=D^Y
z=R`Q^4qN4Wi{k2IS5!#4p>MHYSP75_Mot6OQ@lCzId$uv<1~K}W~foV_dKb-V)}Pz
zhxFca%v@*$ms$-?RB#1W`ahZ=u%P+vFvz(x@}c0#xkO012%S?u{q3W+FzQ*)9$ma3
zOJNTTj0{5BW=v?QdK0-kgS4COMd#h|<XuOPU=7!O^@~@Pu%1kV`!X_Gp}+4?6o=4G
zJ|L<BliH(d_KCW{s%B*&5bJ?p+M*fviDx4^=ZLI<VqdTHeOX<Uy_I2}<TD6&M>;2U
z*-B3O<>TccW`8^W{%Sg`dAX%_r$O}1<fh-to!>r&M2cWUjY^1})8n6#>Q4Q3I=|B8
z+V?QCxIOx8HG*ZjojF%j1<9j_k1op_E9`gcX!mv~k`H@_xe;kAU=TbHrcHPlvRdj=
zcdK?>Lal<!2e>&u)+G<~#^fGt5OI#3Iog2#g+GJ+S&09=%9(C>I#j)QMv|QI?R%tD
zAGcSIYWrxk^RrlpGmHda5&8T5H4X1y_#3%NUU~x{^)EN!#*24(1Hj*)uW7nIb6k=x
z*~vql@!V6tZMa(Uwcpy%1@C4AACIHk4&q+kFeB`z0_AFk|3UAF6D+Q2HeHWtcW5@R
zh*9hCxPHsW*v3iKDTj>)7<)$cjWJw<9XND5+zivmq^Z$9t#AF3`I8(rqUxsP&e6bk
z*xDH)gqui@Eb8SL#NntvyIsBFX{{ixalaeGU4>}9hE~tjWv^q^NsQdVEuZ$BO+E`U
zI%_Hvd(=sNa3GHu+y#b1M$lNhilYr0NQ+GqvPNnV-y;p7ZsdxYeWfI4Oq3n(Ifrhf
zW&$Ts&BX+CyQR}C+B={gw5xPVAbcihTuw*cjiu)Tg{0>)dV0}!8KLRBLV@KfyFzKV
z4m52GUGy(bPI<jX6b1W%PH+U%S)5RNGpBxPF4d*)XsTGoyR&u?-Q4&_Y=timn(HF*
zvB~;*|MN55<27s3<92a&`15_W%kx%;Z2a??ck|=0>GSO4`sb$C>o}|T`_u8@WYXow
zK<E3RPB=xE)#v@>&kv}}k06}ARRBEa-A2@IF)4eq*C@|**qdG_n4i3kBy_`)F43;k
z6B%7kHFE{Ap=XWT2iRL$h6}tI%h?hbcFG5<hK5%UujhUW4uSD|NIM$52c8VQQ)F$)
z<+1w*f^FgHCBxLZ>dbpI_QeJC5Kzg|oyINae#4aouSG<bwIoe)E5UnDnaXUsrLfnG
z4iqk+?^&k1px=I@$<$xp_ew67k5}Ta0L-n<B;$n|(s)QH2@L|pQyd#4s-bEFoffVf
zSXWta@O!bS<FD={`o7~+TGH_}yett=gec&8s*p~PeZ`zpPv~}a3JFY>(XBQ9deN@P
zTYoGj1<roFR2F_gryH)`u&aWA6_x&XC~ouly9wxM*&DTMg_=bd+T29)Y^@0kb?i#B
z`K)v!&P><Z9(_~0r8RDwy83069`<M<ik-Hm|39&NljVPB_o~t-kKY|hjKLHJ_3aG+
zeeONa&6*GHJ|y_j<Bje}IWMAX=rlUCPOwoE1pZ8#!$P9l5U#Jco*?>(vd1t9=&7Q_
z*H$k<7ZYE)RS7EyK7>Z2uWUd?4#^gZ`8DHnQ7y+%AAWE?znsd>-qbcc*lgPNx`NeX
zlz*mO!p3?@cX1Ypu){cf)Ei1DF<@XZjkYnFIz<uhOc*eqDrAIx8K#W={pwQ`cO@XF
z?DK@luYLp!=tTyQm3}?(>p!>aKh`&@PonUrQRHA^C%1Ko<3Y6&69XwGZ(!L96sI1Y
zGWO>xABOGE)j_;npj2^70qUSHwh|P^!OE3I@b|))6U>g_Z2dDu-OyOHZjs^&$Ft#v
zmO)ChFYy9%9PB^85KZ9;+^?V9V6`;39RSQ%TWzdn+xjJa&iKDF`c36-mA2R~Y(<a4
z#-j>S6{-Jhz*C{lqh;OV%9B4)l1yVvQ2F4&10^yEB$<N=8<8b)7EmQ5ED6x=NI?)Y
zDa?|fC`g6Y9>04KtPtUk4GErclG^o7%^lgQTL{nH41R%TDx3@$Iw9R>H+uKztu-uw
zhQP%M*D<J+n-tXiLNrgk)}Lj9VMS?eiH4<L0Nm?wx50|ML8az%uo%?1K0R<nQm%W_
z&S)X1O@3d5sPVrB`b;*KVHv*76AOrIi7>eS)c75&&go*O6--KVOdDlex%7<$JsjYn
zq<ZRVZ_@_5{*@;jB#C<`KA7$sG|(=(bvJC<70(VD&Lq+~?E}X8J{3LQ-Z%-)mXMam
z2z7Htd7O6(=wPq#OR5H6@ZBrOy?elY^b+`b&lU<?J8x@X2O@rtU`LA|@D$#H$+|%N
zqz1x%-6qq+&$@gBqJQvwC^k(02RxsI<q|-*8*$C_XrJo7!?n=DtOAzCh}F2}=IMh&
zW}qO3hveyjU&#^rm*hs8l}8KI4~@Krt&C+`%|VARZd9}6X0Y1z$)2WS7jf}#!Nzx@
z`=GP7AUbV1k_#~b&6y!?6C3K3@Z#4g?y!=C`Tq##D`EMqi>*a!521}cl7oeV-c12L
z3iDgGxEd7QnyBLh?BfcoBPGY;R9sPs`!1+7zx`nN98oL_U944x-=KK#2hd^|HYB}y
zirna$w!s{OGog7(>mVTJ0338BxltxK0OD6{6qVp0T56<@KfLr6D&|K1Dve)TAq^@_
zrctmYQ*^lr%&}5or1r<}!<H}XhbgvX)y%xMbBxGFF~of_pFArg>OU;G@#tigvjQ{a
zOrq#0tJ9+Oj!a8!=!j!Lj*WS?q`*b3FaK96n@kQFw|@i}s@(ut#h(acTAaANUZANQ
zlCz@x7f8MbK&(6SnI$C2W&gs3!*8{>{Z4NBH3^T+n#m<LdBAQffrHLU&Dm6TJNw1O
zgE4NZ+tLc-u^<6Qz!}B-__^082BXrgxacWB7gMxgD~xOnsj(pp6Y!_b?x8F>bcE)2
z6na^rFG@d}R?dRXUBf=2_(e+1fiLDSK@IM|DQiODAYlIrFk%j6vZjH2Q=C8HAb@_o
zgB{=`5L5=xz%OPZL>Uju%OO^#Fbu4%zd_s@oEG4&P&AezuZzNz*2Ejer#LDE++cB-
zz>T-sP>=}x6<E+B8~t-&F~(fKmR3)cpAcSd7o$i_-AKphk$Y7+U{@V45I)FuW6&pN
z(}q)jVXJT$^EZE#Me|IID5<)LO)aQKUCgnq3`tYt^QYB+71k6+p}S1~x(+ZNzxVN!
z+#%9W1&25Dps<fqMEQGYA>i1U_kSPf8w`uz9QKK)8ztdJj}geh7_XFYFZ|{f>>LcY
zLTDU{BL36%u9Ker-b8tgdP`o=^dM4OJAocXm&#lM2KY*YJ5=w>w?7&i9}KYUU|Vg*
z0Xm<~768S!TLg$bK4<A+wu}OR#1a@P{Qm=)4V}_OlfKEMO)rgDd~LhMOY<K$4VvtQ
z?8mg4SQh)GG(3V~PT8-(q>cI=cD;hTRB~2Yt*59S;k1z|9$iPj78O8x6P=j4B{=Ff
zo^Y{17Z-t(yXmat;{H#SHV+j>`|hcA<w;7WEfKcw3oUpKGcE}|PUB%}V2fd-O{v@N
zhb-}<EcQYYp_ZJS%<g72&xsK5)FZfiP6d88YAzg92q;$fQ`-*{)=q?vAm=H9xB=lR
zaHnzhH)%QVws3hn5`u(WwrspOE6`0Q0RvB)F`Q;i=UFrh);?0v*Ug{`>=BhfAQP%T
zUbc(Tl?LE-e#2uD`YqvVwD3f98aYSeCiC)2)GqT@YT(f&T1Wk1{qO|mymB85RC`7Z
zcjaEE`TmR;)z1g7@(PlxpRa7MjUU2!R`qiHL4#xhAz(3hAZZYEpSbXxdz^TTGf-@S
zx$b6RATnnCCJ2HBv?xp6WZm|Ct+FJY@qBVm#7mP+v$A4Jr{0Zqso7=Rm5b823Sw>r
zdT4BA{)YF-T>K61YYPP6eeWrM;eC$iT!9ut1ahA1!+#FYqub^64K}3yG^y=<^Wyj$
z#h-a>w|HB+L`ps@rY2OTf2ttKWSAeNIi&lbW;4GW{M&Fn*P3jne)e9;wZVgD`QLDl
zIKitTii~@+Z;8DHk2+AT*;HkZwcg0ErNAOae8o_B6aoO;BTu7op9<P_<1W;RyKg1C
z98%LF1G~b`Jtn;0&7l#i<@<4evvP#G)h$Lgib`4V7kVi9cbMiHq++py)^SW!v}Ez^
zl|&b75fH^6&A3Tdm=>y*SNOjzVKD7xs8rdQ_p9L+Es}b(Ce8HV8ta64RBNq*tL8E_
zEEK*`J=X)sz~M|`02ye21|S2emj94}*l5F}^-R9Qo{?+*Of0Ty#*yn{bwM1SLhu97
zri+U`(6itv#b?VF-&ttWt~+}?07*Ddh&UxHUfd)}^FFvXV;SNgAtOlxOH;$dJGv<I
zxqG)ZRMX*6Czty2<;EI{&U+0@ParyW3@0z<;$gvVg{4m<sU|32<LY$OTxVZg=8|OJ
zYraTl;${uRInR*bv|gO+vX=L&h$qLrrUKpenrQ|KBi>iKv(O5Bfp)>=!Ee`aM&8ck
zUq>QH>P_@-^9vzimDI*T^h^6Vz}6jO7FxhNX3}BwRU<XvLQ4EfC8oy(#mlEr7w@1*
zs{w2vk@-K^z|wrQ!)gT*`7}gSt?|FHfl<W(Hn2gkqPvK^2#Qp7hEjG$6W3ubyeYlB
z;-)AvgleA0${83Al}C=}&1Dkd5>q|o5yl$$Ou|8^>tcd!_u-TV8aR_goL7TYlIl?L
zw;l4y{OGTTgc$mBfzun#QS+H2*ycLZklF8)Zp8a%m%j>}AI8|gtkWO9C;R;+nA6t!
zcY-->O=1@(={63!xu<K~6sB%73Ns2NpZG?KmNXx#$fLG$H0y5pwO#t`yC$vT#f9iT
z_vG@Har+gp!*#rR9uJCH0}NSpTjZ;IQqJVL<ee)A=Zzzk@(sFmN}9iE&%7oH>Wn}u
z2$Af*?F}M8x*jI@Bh~IwG#!kZ9kZ<CRxhuqpZsE5Xd*3cJ7(Tea9@0hxu1TRrHamB
z#SVwq0C=?WLom<f^lpl*jF}){JOmu*%V9?fST4QfBCH1PBK#QztljE=+hfK7C&X98
zc6{yx(h0f{d{bo?FbxUGxLGCcyCRX%2~lx)&$(|o6T}<`Bo$r)Zs_7-fYfQP4Ys`m
z;+`O+8HBW-pr(A|ULfRmC?$uh8(yH5kff`TXt#f)gHl~1*Y?RwAzhBc)>pu)Je3^q
zORMg0sJzj;?Bq2u?B0#go%>mypNdNOe@fZpTSs$yU?E2iH{)Z=IwWn&UHk-qbpW*+
z@5nn??izl>noi9_63s3Ot?PgZJpQ%j`t_`4bC01tcTR_#sB=@x`Fu6crynhwzk7W8
zI`_35<3=cqhE6;3a^P+=^0oYIP>Jcr38)(_yxa8dg_BLT<Y0%LV7Bkj?!KKXDZqYD
zI}{*^TL$2Sc24NI>GQuC<La!fqfLlRaI|pXvizF%udO3%Fph?vehJiI7$E7oAQ?!y
z5o|DH0+#-^La-ezfG1I^zGOdGA4Z%N0P*ug*zW|&U5mEs@+E&1rG7Ms5N9=upa&?;
z3;?U@M}z{X!m4cmzNpiNaM{UpHFnXdZJ90{K_5y_3Wu<Nc6Bez-Ucl<VZN0zybM_9
zPC?rtB6J^U1ufmUy;<3hBH4_^dw!l~JJ3*`KZn$w;;?l+IClobMN$k*u~hsN+*k4T
zU(rAifD6a7laG)7^ydyns#2g?eJjp>$JT%;Zn=8GmHvovmMK6#U&*)XIOM46w>X`S
zk$sNAp*lUVs1vOHl~yAs<deld@*VDqYPxcUEkwk-hRrCZz}Ge?@k|9_=A_ZG`*<yN
zUt6Bpn?bHoy&FTi>J;+H3%)4%Ph_{WB2wOcOrX%Hi)8W(le5I?Yh{`GCbsFgmBac1
zOLy7r3aP`<onhZRwJuCO2_a&3u23Y>Jm^mZ1umnm+3%w$5c%Rn*)8Dd^(O^&?77`F
zkj9$OCpGC4Ob|a^?dxQXKflo6AyWpbMul&RA%r&~=Q@Yy;Kb{O`rd9eD~uRg)ocCJ
zmE)+k;XT&L&bp#Urg48K7{@$6iK|0bUJ>^6MIm8=4;kN=4aDuUARBt5_67SM-$c&1
zngT}N_IeJ&PC1=BT&5=Lv!TM5s{5X(zuv1KRyh6T39&uh8V{Q%MvDO3?G-USBt7-T
z8cESW!VgALUD}bSs2_&LbpXlVEog~AV{xjwtjQUHM9kX!_#2kfa&l!Zhz#|?1>lzG
zfF=(P7&MnzV^Qvo4+7Bemw+VJA92rG*(ik{E-+WE7Z#??sKc}e5sw7{+1`G~(Sis-
ziA$=)Ex`A$Ok=pCTXm@8zQE<_l`G|WF7ixKnI$K*4B8JkY>^zzIvn>&T#;?B#4hTY
zDw=5T=wc9Z-sL8-Ezzhi`y8rtV%1zj#SpL-?H!Y8)Aa{(i$MijSp&&+1D8E+zu80n
zw8O%{AGxCvAQ5oGn&uZX2z9oBpt*tkE|AsgZ&=5*x7(fY7fy&05;&aDVHfM=U3ytR
zYi4Cef<?Q6P-eF*$ju<Q+8c{mNx;xM1jA`#5|pS13UItDKF~PF3}8`cXoFmk)HPug
z7fA_)88i(CtHFCT#a;-pw-}qLE|(UKW~XMpG^8>aq06CsSMwLY;{SHE6)Oi8=>i^3
z@UxkJz<{&VppJ_GSS#M>pJnV3smST{UVbj`jX=E_i;&c-$soHt+Yi4A(QuIpXgEtH
z-REEwx?x$}MIZSgEXg^|aZkpOxt{yVdfep9I(0x(KjaPJRnp5Isel1>Sd84GY3Ho#
z36_oJ0nSwbTe#D)z}U5@?j|?+ONcgz3R;c}SPv=;Cp{l*_WQR14yodfS~e9q1KsqJ
zf3SsO@EGR^L|X8n&Kx8aqh1{}7W@0@=<<*wP#K<F82(f9Y1K3|ixfy=@XZ?Y5DpCx
zqD8G5ju3<0TBZDKO1?Il!KdrpTjlm13E-NJ;K8MEM;ahWQkd1aa7x&3rOa%9hYLxD
zw<tgUBe+l=@!!FP^ea92vHu1aCbsfLI<f}uND!9j+l`EcB8YVbQlDCcimYs&3p0_n
zm2Cuz7`UkU4yjF>y75A#{w9G~_@;J8>1nJq8IUZ(tvSkSi50B&*qB+%FI>}Up&(ce
zob6~C;bnCQDblfGER<3$6YUD;R?iBS?O+nIbCSzQyoaN$B62(oM**zO>x6+)hMwoB
zPv*HKjE<N6wC$kV_7Ohknc>jZQ6fODwWu}eICC4}?&H#@Rn>o7k7g<2PV|?TAKE)=
zp6JScpq2?NBfPdugEgx%uW*QQnYKADa7DDb2m?Jy9Gv+quWf5l(O%U^O7{1oQ?$E9
z!ej*X@0kko{!hsASNhJOLF*b<<s;i%c~qY;t|@Z!gZ1sq@b2^9+CGM%DynNb)BSV5
zD>;PB2-=bWXa0IeW-tOBU;0TPvgbY|Ld^iIG@+5Oxz@y~jYYF6YnuLzV4o~AwdqN0
zO@UcXN8^-34;Dt9K_b8JfQ%5u4tdrN?`*5P`TislJ|JY_{=U9aW<$Q00?+GGSJ`-<
zZYN}F7)fLED;kL<&<gdFmL&n@XUoF7efbOP2-_AKnDU$8X8ba6t47G6N8ezCo8&;X
zABJ-EtpE(=kt<UWsteCS(b<oF(2Q<?4z<1?JC~>8{xSVK$&yq7Ul3kPBP}p2s;-h#
zp1Pb8Y?y?*w()&!FL1t!gyT!=GJyrl7_ysfeLgdCeKA9+i619E_7f!{MRxehVfIU;
z;yHHqO^z&K4vAE~unAxT*gg#Qgxy7g!)b?1<4A0PvoH&fo=Tyhl<4Hfjyg=c`7etX
zZ`7s)SlsFSK=%m>8krgnlfM@C)z8>q%utPX1X<$2vJ$X3<-Q|<pz}j4cLYi=ostqL
zA8T{^#^fV?g}Oi8U|LQuvV56}^0pGDpo;6xA;U^SL1nyJ1qpVwfzzh!%$2Q4S7<Q_
z+`KK^kjuEB%Av4C(b0xCHAgn=g8eCi&<?O`@cinI5DL^=PU}28aR4M4>hgE9g*n-v
zhM^PVsVJIFZ)csCfo639l~%^fcP0Cuc4AcUSX6dooAV>^5+Cu`dk^ZiIsFVUiy0%6
zXwQ*5ek7=2DWk3d6B5<25d5)_Y8f-Z;l6FU@OPJ_H}`#0n-oCkk{fXB*8!yV%42?P
zIr5}G{fm+B`E)9IVDQKgI99ET<op8!WI44R2X#HRM(2b1T^=`NF~0oewP-bk3UaxZ
z9)=*T_=;J9Ug4du5pl^*B0Ev!&(+|nVRFabY$hR5H{?HK6I@S9BtTn=OCf6rPwE7=
z$$dc}Z86%tT3QW4co-$yE}no|;*|nEw<ciVA|wHe6PegzPQeYrnPg%x%g~z&qCCuW
z;?cHNt3s{oY-#VNxfL&^YaN9#6>A~mM`<OM^mx`U9NQGBx1Ee??o5xXLQjQVV|7tZ
z6KjdEiC{^u>H&@%1*pE&whkw!>xdp33w%y(Bsa8qmCK<*)U|gT>Fh{6YuSnlyE&CO
zh70kpRpKs#Y%&YXWhOVlM$yNQ*GgsH1Ld^^NK`KP#=jSf4H3dFWo1y*Pqe#qkts^K
z<d9R+fueIO%V5Eu`-xjBGBQ+Wxqv((KYsCM*r3aS0|R@BgGF)Ix1OOkpc(_Q2*UA=
z)zbpnD{yPp?HyU<8*!+3XHC+(m8;#{B1>d6;GSJt(}T?1`zab?2geT4Q4-P}l6eD8
zXi1>4477L+(FxOiVq0|wu|va^;euN!$q&A3%3=K9?BIXO4zBj#{!i>+@7RBp9dwZY
zFR+7;g8w-?_^$mQvx6#D|NmwO(GUNd9sF;0@c$$1;AU6#FoXFWsy@5CoD#QyD0iy)
z8&{B^`PuL~>sUNN_L!;wv!ebYgJo)9OJ)h^{t9jz1I;vB01!P|Yc|cfPlx~cTg~u<
zB*;$Hi6(ur}A!+l=w>Ik$sL{fTvo9zsj>&*G-39OpH%(>#D0OYW^^Y5w`)`p*F
zqE%GaiEkfODi$b(;$I8=3N6QOh*MKfGOj4=eoR?DPX?e{nfrQ3gi!#<__nXd47HW7
zx0hY41#ClqIW|H}Vz@vC`u!mV^=1loJydRIE|FqKUc5;);A;dZ<o0Fj&+Vk~Ofyps
z*|@p6-?zup4!VkpidH{8-`|h%yFRze7Jqs@ZQrNydVRj*dq17r!Fzk$zT8pTxrM+M
z=jZN}&34;!e>4;OrcN!#r@yTj4rI)Udi{dPhB9B-glHkDH?*nBHeKrbC(A~LwA&vP
znL5-d$DopFx#aCG4a?<bMZ@wv&?GL2zR6?RY$ZxQX<<g+LyWJiPx_CCPg%)|m_JLC
z23)RF_6bnOM^Uj?&xnOaZwxD>=LDIRfsaKWR3!5JxOyyIYwzD6cdJ?(+0L~{mY+SB
zQS{@Wy_fLnp9>a#@;to1Ajg@9oAGMPQ#KrE7Q;I65^C}*^S&HqjSi~OmoZQ{iIk;y
z_gIv))MCu2P`a+c@GOrAmnA^kYM&<bo1b(^Xj2KRIM0!B7S+e=oU>$Aa6MNHNtgJo
zcVopuK9ZnA^@*#XnOkH#uX?Y^p*s!6G0`$2klp8L2x>L)Hb)EfmoHCsP7kFdAB$Mx
zYql4vu@_aX+W$C+sY*?qZ+3Kg-d?<{YWgUjC35V(#=<pkIt@GM{?NAI=x{5th}YgP
zAdxz_GAS6rgYGT=u2A6cm@eW?G=S95f^MU%JucZBaieXMmxpu8qE;~H82~QS+#->V
z$RIiWeF+TP`~c1LpdKWNfH4Vy(GmxdbZUxFb(~ibHf?uz4u0Z$(%|u0x}6h_$Uqi0
z3;rQN(P66Tj$POUB#AWmaSWTEG@7jpf~_<ZrX$hN)*gIPKy(KJIz!4XLH)e8rBEmq
zNh$OOL1DG~Bdpe2`EFX3mWGrZEg!WgTt89i0j$tG7sIdO)JrPX(t}eY(RmM8Ip*ln
zXM>Q^XHucimmVd1!GYNQdd``4bCoRr#)gm#jMQJ_VDdEscR?`sg8J;0t~mwF98f^?
z^c8L0(#%mCJ^p%vRAsaMGW+#&?FJTQ7wQ2s6i3%z@u-(XzfX05vj2KbUQHh~z+SIW
z!<!oDLge(e@aOU_6@N~BFWgQHA|Ak@*-;gB%AOE4W6Oyz%cZ>?pz6y-FZVwJ4d-yb
z^E;<vb?aUjjnb}W7NS+X^WzRW0$mLtm&-$^a_ep+bnA8y6ro+Jvo8{&U6R8~8;3^Y
zR^vvPiJL!-n+f}#=7KdBws7R#(_wYPnUh+u^Dd<-9yt{@eR32R-}2kyx9T~1k!^B=
zcK*O=(Yd~d=+f=rYsA!{?*l66{1^I<oQ}+}aG9a*?ubXw9C(OhV1Z}vH4k2CudLY6
z24<L>M_o^D{!rlU&1Fg}T~7`<b2Bh5w-O`FmzY5JRuHSl*J&2V)!s-0)#HdkclCAh
z>&yj+=`x&4v)4rIOS8q%sK<JXkjMJ#%m?~D_Z6uSB<79T0rwRvz;msHyWHn>ZCBxs
z^`fqpfOmvmnte*6GriO}<O%U6BIYjOzN>nUMtYUs*XH3{z)nY_zN<zPzSOV~{+L6*
z7*tp3*o+IysNIgt5M&~5{AoAhfYh^=dq2z_I_>!ck^5=`or`bo;8lFY!!=?Me$h+j
zgpbCkyw>&tZy*uLECjD#@0<&6Ytl09->mI)M^H)VhL8t-O)mt$^Vhk;9a2&FlzGn_
zNcun=o%D+Pzdg5Zlk;nVuM^c+4cm>poE8(V6Q9YWsW%vS@2MGOwlBFA5oQ&0$tX|O
ziKp7~$SfeI;~Idc;{Z*SkQY`FxYgPKOBw=+`JJJ#%mRy$OrrJB(Xg8nP3+My2Vna%
z%gG)L=f4I|6z_OKBB<Mf3eTTzrXY}*er*T@ee?w9AY^r5Ih9FBk4d{^_MRw{tl8N7
zkY)zwBz%0gGZttzS6+VA=!W+6H8qer;Av6jDR#}OBY1(#%c4_fCayNm&9Z@<mT3l_
zmRSNORtRh)e1UWZEUbWoeMA=F)ngUnC9obdE%S7SBRwtS5<iIc9w2i@HfJ%AI74Cf
za?QJ!1dnd=1JX(1JD^*aVy-n%qpfDhqFc5|J>wg>nYQtT=XP<jQiJw(K^7D5V`uU0
z!UCIA9p?+dXWFAh&go{60<IiH>K6%6r3eeW?<GD0>#~r?-m3?v?#i5x2fZPV^_@GP
zXfgKlli~H!2Jzs{;HXTzV!}%I5TI`O>(6;0H9ijhUIjb3%4Vz|^6O_P9~#nPUZ0C)
z_iIez*@`hAlD8Mb8p`>UyTxM^{B`@h$lCP*B%8l-M`~5h=VEBMwbrw|KRpGq#r|eQ
zJpFG*#O5>kVd0lsojE$s>+@}O;WC%fHx9pX0N1c0-gej7w?}{(@wK;%x6AvbPKVcR
zFMQSJ+x6?^=TomrQPt=B{c#t-fEd`T2#uno`02#qN;8`GLTt-B)_F9K)Z@o5c2slM
zBw6N&e3$!^Ndg}_adL5&M1J|t2G`_6cG||QM8gqKIeUUXJpKhj*@ue1Dp^2#-f+64
zYogx~PQ<S%KPtJXHyL|cA{oF{_8mS)cm;-xPdP=u|LoesTpBg!>kv$s8=TnixZv#%
zUh_D1L)X_FvMOz<Ast%v;Gu_R?^okvvge2SvPpXacIu`2g_N`s5R~r_V&WvHsPl2}
zGK}SZ04IIFPcxPxZTBWGHG!T&Dm72zHsH^!Z`fJxb}m8FR-=1x)(7dE(ih38GDrvw
z>}pe(A;w1j2XwQar@ZYSy{A?$pC9A+A5X!=Mc&v3T04u*xHO)kv+2X?Q4XSny&l<^
zq;bP#pTd<I<H~{zn~tW`?r6`rNdDSZngBB|y06BPrHKd9)}MlzbRX+G_hrfu-lZrN
z;vcl<zYjGmzk>@al%`65uP1Ldf99v`Yce)@<5ZqI>HU@ySF-iIIsv(oF_8b+M%GZ;
z9j10mUj;D?sMm~Qn%nWl-d<vf<gPXk9}mNS+TOIf0$Q{TuV9p*&$|>d{WRBBbHIMO
z2h0#=y?NQ+)o*oQ&yV*GwyB>P4O<TAmBoa^U-ptXr@4w;*|uGW!`0czM)SNH9I6mU
zc@C7^IjT7FOCD`%2mB~i>6$f4<f=H79Hy<ce$kUFy1!96R`R4u8Nf8e+_x^$4*y!f
zt`-WNmmyKQZQ5%yK8_wV@Thf>s<V^UkvXA8i5#Et+Bxym-tA9gwc;E6V;O5R%$Ug4
zPICEuRJ%eYgBNRW@8Q6(q&J-6lxY?+hvZf6s&s8CjcgUdp;rEVaj)^-q3L2jYbC?=
zZR#0tDo<Xrd|d6{=)VVNrmi6096=j8OF~x7KW4RgN^88Q7hG8b8juV(?H$r=2-V=Y
z6jbIY*Y9iGyxd{x4#SeaxV;7!p!EmhSKdV{P0mKMVD-^wM}fJnbXfD4-Z$~Q9d~Er
z;>;)-d)MdBFAmQ$(n9B;RgsYZ>ajO^$~Hi0$?`XIm?SLLps-?FZXc<=G_F`@hJ)op
zZ$B6lMU)QMiy6ZA<?sp^>NMXv=TrLg_>q7V`IQzFMCT8NzD;-97>jCh52T_nOl?c(
zW*9^Nyc0OzS(mvy6Oi(!LDYN5fu(&JT-jrjV~jcq6sgjxoa0p=O&1ALXZxr(;o=CG
zWe}i)*ecwhPsiKDNPhbS{8r&VKMw9*ML#|li#9)P_C7v|eXoq|qhmE|9pU?Ncc0pS
zg&nF$7&`(f0D4L@gs;Yf%P|Vmr|?fFN3x=h&Nw9|Ot-ReyS^XfC#FW0cK>5CsburJ
zF!J1z!I^iqy&aJ%!<TCr5vMjFAJ0o!BBjaGufPRo@k+w=;rK>o+-F>ek#v4=u<NbQ
zunkk|srP^(aVGnZ`?Usd$4L@yIBW{bGL*D_;8)v;Itp54r!9bXCv^{?2Fmyxo<Qqb
znWLLfE{V4)7OTLa0+;yXi7j{h6JJY=HrD?6V4&Q}W@uRd^wFvC+}Wu|uMtfrYa9}w
zAymt06me~OAI#88bQ>&`BZ_0+yE|X0rv5iEPL5KmB9#=Ij6Yd2IP383b#L1?kA$L@
zKM!1lG&b5)9FblWE~N{U$%^y&Ws}TrlmMT*+*01AjqUmoReB55-u<l2bwT;>26h_N
zPxns3vP%kfnhdgbrN5rrUgdq592(cbPRX9B3qTEjNJ2+pY8VzU?$(aClbH#!Un#Ji
z0sK^LhC!nFlOTP>Qcu35HOzh`buMzZ8?Cbh4i3QIX;%YoD#_^~wPpM_Pu0;c;KPI+
zz$|GNJIjl7`$R>h;$2T4@Wn=}jAk~+<`#cL%!5Q9k{5%PPX9v8**euMQWvK<CV2d-
zYY<S9LRZp&a<4*q3=DgS&3|^2g@QB##eNyg?$GNRyp=c$=2})_p;}2W5?y=jVXz#Y
zH92zB@K)?NBur>JP|yB<>9A_HOEC>sInUYH4LsN$4|2ErF_UI_zA0*8md?y3Tez!@
zyTGLf;LKksBB=g1kU5O@6td2(odIkP7inHs-Ady`<YZ?|c$sb{JlUgAdp!f+U5aSd
z^N`2Egn3j~*e*$<oVydkAA8k^e2QT1ZsPtg0X9zmDQF%mF}R%1_J4^pH~6bl!Ga92
z>JM|WDaTS4sm*(>SQE8@%a;kDHZb5H8aCYy-+~&P`!$^pna05T^&ef&XRKcM6|j{3
zMU=mq=3iAeZ9-SVX8k^5u?nA;segljSIIsWipG!HLixs|!f5pqe6)4uCo8rQY<gl6
zb?0uU;3j@2Fite%DXQ4>{{LX^9)t7X+IQi%jcwa%Y}>Ze*tTukHrv>2Y&K3B+h+S-
zN$<z|*)#8+|DM?&nxtRae7a_>bsp#OBWo*$u4S5f{QdjHOWR?)xyCemU$y#fJtQk5
z-h}ko&c2v3>1vrVqik)-X^Al-M0$cE)lxE4-1j5j(sJE?*H1zUiA3QKF!1ptSXm(_
zYQ$5(Pf$_6rj%Ldy%6<zF>lftCZ6ZmE7b8UR9l@9&VkM*YP%RibKon3)^j5#%Ib5}
z!8KnjU&0HO@5Ef3f14$SDIpf|RW}X$cs<7O{^D_aT%hfGxxL-t{rxyd``d2jW$?Gh
z<3dW8%kPKn(UdRVkH>I;>$v0PS<cPwc~@<DGa!5ZoYM8Z&4&=o?eXf{?}dKC0x9X{
z)cP-T$9dlZqNVOeu-6J>`mqodK2n-j;c_un8DT63z7{SKRuPypZG}`S>0avzj;(yv
zS~3E?8i;L-LbfvuCFF;G)Dwf_XE@tYfNajYUvG4#vf9#t_C3~dtzCo`1J%EQP_MHF
zEi~3D&jA>yb`_i^u-^!%ha7dgU|gAOw3OUBPrUYStRJ(Hnebj*tB?gMho^Kt?`yc`
zF41N+|L(9vq{OYKUcP?Wm$G&~JbpDlD-r+<ZTAACVi&o>Rm$|P!`VIhG!S+IEWp*n
z<KsnsL)jx&1VVRKBZi8ZwDz-;Q_|IaM=4CoHMbi`^MC$Gn+-@Rt7nJ%M?m%1n0{Rn
z<)q%_B5|YMiP|QHo!j8`UD~paX$|(8RoINOT-JewTY+MFzO(2(c)EVDf2hOIQ=Fm*
z>g)WFuV2#EU!S%~HbKL_0KBnOnQt68iOAF$eMv6y5LbKj%Ov4JNRD}|NB5OLO#NbT
zH;A~bz9JH{`#TciOd^_5BJN#M`3OTuv6pk_8jlN%$PWV(Xeo3HSEJV0vKei2UL30a
zy^(1Sp=CTQWY~cZtp%UAUF-`3Gg0F+A%=V@B(5r|tV36FbhS25H^*R|`(h<);{BOo
z(f5$MX4Hw~uR6A9TI6U36;}4*YEf6hOSCH9<hG-&MxK5h+q|gF!M?MVAnlfCjL#L#
zS7KfqZ5KQW@bn-?8r0iW@MkRGPEb2`!}`vI3s{A>uxuX9*d%%s<Tf(0>~Z#~H82){
zw7i)FDEgR`I!H^2uyVWfx~VbNdP&c~{hCW^D)%_VkHZZ?xyb_LV^}2<{*iaO%{MCg
z4pIS@D`(apHtYsKx7mED^sz<j(n0GC#iEV1(}XqGgytQI`}K`$-v!No!VFf?l}s@n
z$qO}OTqbh8K7`2PaSXdAEq6Z5FxbM$!jkT2)l?BT%!b&Ow0VHv<zh(Fx$&e~ypElP
zloCXi_sX1{5YU7DN$ies6fFfX&t?K^iG^gE&LU?uax4;2HHVr`I%4VmswC>DZ58FP
z_>~GmUq+EldRDK-I#ulwJCJ6kd*vR4l{MB}n_}LHE|6X0XM+*xGOJz#p=zvsvCRzD
zUahW_dr%2niKJpHrG=6AK$?=j9O~S27$t$9olkS&JmJibi?aGsWR1kM#ZNp&^LlcY
z;h#B}=k=^JUsrlU9eK2lD!6x1(vHlXTyOE}yxR9oh!oY=6xHIMBh-NUh|UnIn-zdj
z%|*b3(pV-9wju3(oS<CVI$$WsIrl;G+{Mw2aR(R=AU~(&8^xl@=U{>`+T#o9d~=Fy
z!>FE=LKNPGAz5&TT6c$K(Qf@Lu6M!ekbGf?)oYvHMOor+Xj=p<Plux>r2C^=-8(*3
z;?lqL<M$lm$T}-zm<rZ?H)XzUKX5ZU<Xhk38%`>-dLnS0__7|+mSc;Ri5`92Zby8C
zSQUX8cCGwi1|wvpg#s1FM{ldn)8O$|ZoC&}%csZ!3DYtzQ@)-o&lIFG(<kkT*%hk(
zpyUxc<Flw2!y8`wsGxXo;qjou3#U)?DJ;&Y;<5X8)+s!h=Pz$`+d?WKfNq;8!xsBP
zx6NP}&BkzHb)8})H8q}S-SFkm@<sxNiR?cWjJZs6K_P^5om-C@dmg&?N8t(%&N_Og
z!}8i}UzUrTLGn1+i9UUbH2hh>Jo6;VVd!~J5oGVoNI6ls5lQ)Vbj9rBrid+v?%BbO
zmPR<;Nm2-BJ~KT6CWS?~$=1fUdm^-Lp-VsQ&vnlL<j^cmkxOIc5eDvbkNQ;sMOWgt
zv0_q-!~vdQ)@VnKdYWDgu*$gOlnYRhQI&=*MPsyf6RIU-9WUWlz<2f&Ne8`xUfcP>
zcnIpk_~>{n{|V8GbKQ}e;q20{4wNRU@@;8QzCpJGnUo|4PDNu>kEyC(LJiymM?1$-
zE;*e=g`C~<0HZ|V)vai9j(rZ}EhXG)kP-`r5CuQnf^8__?QpO=dA@ls+*#p+urvYd
zTZ9yHwzzV|Dj|~-B+s=zRJk8Wnzj{r&5zN7({}-*KNkb#l~FXi=T$8AOlE-Pt!iR=
zCW0XD(CvXkps7IR63y*o27{LQMMA#*#>)px5@&vHh-%0gT+>ygc0+;Hi?NCEZw&u(
z_9r)y^PR#&p+}y^+%aL#>n9^0$s{j`?4kVn33)h_kR@*`A3UtgaJhRMZ1E+p5ej4Y
z&}R9_EW;KZ2Kl<cy4jC2mUFw>yavJ5@Fqpvpi>x1<|L^Y-^eSGi*N>eO}-daLDh72
zq(K^qqKx3t3M-TPi{|Iv(w-X6ZTe=(Zw2DlNu^*g!my2TYl@?*%t3k4!Er;M;G$7y
za2c@?Ft8+YECZ+@(vNH{dz+(|Vb4PPW<lZrbX&Y2x1XiJ2N$6&8X+qu{ziiMVMb!4
zl0lN%X_GC28Ba`a(lctxH7p;}uj9N(c;oMO8^W92ChdvoAKg89YgilnVVoanA2csa
zF=48&L*8_&0N4|izWa)u1y)+50uK&zrKk|wBQ!1?iUCA0ju*#&h{P2gz4|!KQgx3g
zc>Ux2P{)9iL_A3<3pRbqZ5&pWiFr)VH#et52uZ8FnXccjB_;4BJ}#oSyUfvhoF_Ng
zy|1(|*SuL5YzEtjsJM&*RG>{Zyp0JLUD_ev*LJu%a8jt_5QGhL3u|`Oa(H84_nN#P
znS!9;<0U|(qQ+mi*0p{zK-Jnkj}BQP+^sv6)8y?G9At$Loclef9Oox#&F~41mr-Xj
zh(V5Fnw(P)QI+vUjuxM^cE->$xXTSk-raujYR=}r*;JYDFq62$Kn1R2=0{bELMs86
zXV5Py#ZHTkn-Fu;C|hDrqR0Uf0bTrDW<69fZ^7Z+&1W9PP);ttiYX9*b^6nwXx09n
zr&<GA{frFmyjs&fFLWuv8F|0eHF(k6Qj|jI_>L-dt}#v_>6d1cY(lzxeb;T=P149V
z=2Il2IP6HQX~g^)f#%O#K{82fPu4muoJnu>!Qp6ymfH`a&a3L1CmrF8U)ea@3#=PM
zJYU@r&z-gf*6a|v>s)RB8E*^tdqv5L;4PWF_^oz7!#m!FWZ8d6k3>wg#lxkK@S@Ml
zmCq{@$n_xX8<{#q2HD35YY3eDzo;ldWg1cdRFp&lDoP5u_MHF~C0c(fN<O_+lwhwK
z|EVbPYb=~y`y1Yd#A^Siq9olRc1K3wr|1#~r3P*G-zrK%hTiZti~`<>S;S^@dNi2e
z!e>;jA}Sq&sCgCF!*CbaMq9p_MKi2{gFkrNH~2Taja7C_UJ0PGB{v)7Wlb|aVXQqc
zaKRxs*5?mq*iv(OGyw3nl8{_7Ah*OP^#E2l_N3qH0S4j9P@Q2a88#j`OELI|<w1O9
zs?^O%uo}HOyF{(kQ-UwJ!d$Hxm9j(7PTk)+kbFi4l(`57kn(SXTmg8Sw=G%U_}8|a
z2WtEY=4c}T#_?%IT(67R?>RmnbItlw@#!hNj_Y&{k<alqyHFe)k8$)&7nOI%l&VW_
z?CG3}vGJrl@TX#>@((q~kmwlZ6{l=}m6A*VN=X_3r6gOMl2%*pO7D1^zZ4JvZxeR7
z!{nS$e8bxo-|@EBcf8FNfVV9I@HP^5&xgkkh9imO%|zQyG8E1J^(+(1){}8r(Lq^-
zV?XKbvoc_$cNG4Pw;>3yj0P#ubt*7@B@}^wtlN=1J*Uc_=biSfYYJrGXoG#n+c2{M
zc-s+oBM}vY(zgm<ZG%(Gbx3s{O8NZ_0Nyt6FL+zagb_Q?N3aBe+FE)0bQ%!=-iA)Q
z0s0TTZN=g*yiI(S6Z}!Hk5pVj!d}`zBVjq<4R51`Z<Y{Ny7g7LW#U>8CN{gbwOy{_
zWho0%KNs;9k9h4;TF`V#Nf{#heceS1z}se!|ADv3a3#Buh;_c0jHqLI()=W?9JxjV
zJepD)d~4;EB~3v4O{T8WB<l(x#SaTYUX$u5|N3pN_Bg~-xYnPAoi>59Ior;g>Wh=C
zlMlOkETPYI#Fd1Y_@>TBi#_g^*E+7emme?V5vb2~5|lbxG$|X{*6CcH6FN7~0hYJ7
zV*I7z{OD=^r6C2CI@jV7q^$mEHk@mhkZ0oZdvqATYQ-HqdW#d>o1L{L5;xpn^%+2%
z6%?<Xgs&^Jiii>ne?9GtFOYpZ4nm#UxD7+aN1+(`;eM~FA6v_%?jXXgRPccr>X&{Q
z9;=UxMZH3Q5ZBVfGsG@!s|Xy030C3fBz(x?h^FD6D{E%IT35@WmuE6RDVj*v-=za3
zqiK32o5t0CKGe3!zqP0$JZ>zyH!#2<`=-&y>b)V*A>H}wsR9iry~3s~kUgjkg{13X
zr}qVBcof5J_PLk2bnoYBgHUaQt>nqm$&CZViQ@g3deZ^GLKAxKxtNMkDu>aTv(#;4
zWu#GxNh5<$jV<B&`Lb}OH&U!D6KFk@-leD`nUk~>+o3kxU>rOwA|T=Aj9}7WuUGNN
z7+aPb)$_{29>TC6@hMf}Xm-zD`Zo!?#f^@=!tAPe&9Abe==D0y+Up)@EQ{37O%A%*
zBA>FySiNn?Ry<8~J5Tj6$u_U>QsnlSNbC*9B=MI%G3%4%$}}2w5BQeMj)M$`exi2w
zf-?j3yR3h)q<X4B2p!MXF0)Selh)*(_c3qrsrc#WU@QkI7PdTPv4%%s;zQ=otY_NG
zRl7A4II^xrHZ00f6{P%bq1|V<s~I%)Y%*l=*O=oeU-uvOhkWU5U4E#OIX?a#%M9t$
z))lnZv-wqpgUG0YH)dT(o$*{9?E{ByxCJ*o%X3y}*?etNv&)nTd_qKbFL&%!KK@f9
z5m-2Lbqm=*b6vx$VH6iNt9s+6i2Iinqk(DctD&~BT0GsF0ORt5Q0_ss3=;&mT}0i0
zu$~o7V$~DE4iM3GVGb7Ud49{*%)a7L&fSi?M*JfaTA_UJyNrQfR>=cyq3WKnAh#*&
z-vuOBMJfRSP5;DJpy1(oSo<M0j185u0SA`oXDzl#zvBz+kbM>=lLvcYijClPF!uaB
z8kcSBGiz2CVz){Mtlpd|$@O+G`CT`UmLqN%85?}<!Y6mz(wSndaw_3KdNDl79$UOd
zr^bHuA0cGZELh_-j71~orx>|37Tnv2aq>sa?#$UfK=DB~qvzR5M>FtCR9T1s2aP#E
zvz4@U#SY-06`XZ*MFVzh=Nxb|Uia#+#*-)q41%19o7)gFv%m``55}qG4~#w3p0b!M
za3z#Ru)8&+#)Z?xJV#0_zL!AhZKyhg*_MJRo4NJRt`JS}OvXCl1q{l?Bz^jd%*vo&
z&rp!m5@t}(&_tl|ww#%?6ws@xJUs$f&a4_UHNvGl#w|@U^CB*B(8b>k+E^%PFJ?hP
zmP{0zMKY^lga4>w;BFx~*SQX#uKI~*9C!$0GKva;h1Z301Ya{$&nJaTo$DNq80!G6
zUI8Syr0OMd*`crIQ`-Z&U-TYihyids!CEvN=keu+t>L12HOx_}FE=3@HryTlfvxDL
zn-P6r$dP2*I-*R=Q29Hci4$J7njej=<C6qrP(n*x-C274a@nU|8tO$9VvpcQ7)HN&
z!vWy?OABwX0zTwO`c26>i1_CBfPpA59pa+tPp(CGW190Qm_N=N*KvQ25j)apVhwod
z8G*ImM(l>9=kRI)hi#fKZ}EO710H3g1X1N;RxLj2j|5zp(Rryz4IKmcZpQA_Y6{SA
zNGtk<Wi6u_Q1}=yap1+@%3u0W-}f{B`Vt754@Ag;573+bY-`@XZEODemu*edVFiS|
zu~N>+Q1-Js-tRAqm<?Vz;Z=KmD$*SxzDrX~WR5XOF?J$U8jgBYAe!UiCDow!9NjE%
zV33lkzlCS|<dBulHKp1$9*F9bBEH&BDS-j}g}^7FX>I9U{B0K8TNZt$W^Fi)1vLQ;
zh;meuOp0ba<<OiR_O3Q~M;V9I@0@Az?KPcJOtV`ik}RY~Zj_KTG{9YX00!-IKJyOX
zsl<U>7mv|S9>AbIb9v4OL?xlWLiQ4<q!`N19%d4!0Xkra2cOJ_xN=Bbzz#MQAhW%9
zlzl<%wfTQbPW<pl2Wo_hXpq<Gm)X5<JoD0vi5So1wNrWTfU!I@KzZwc5mR^i?NIiV
z6dLk@x?B$yz@R-4ec+YSvpHwoqeBl*BPpby9Vu06!jDwwczYIMz$cS}5}yDz>_#Se
z{Gn2&g_9qOvW|<X*aPSD_ybWGa;6;JE}r^OvdOnJxOxn$?cH0*OQoiV?uL5?EN2q`
zok7FiduxF~Pk(EH@dUKMK)<!XWQzh?VA4868efU$+kY|6W&pee_vdSbLSjV&Bz`I<
zSZLO>zcXkk*@9O5=PU+97VivN?OzNUrbDk_2!KHgf7{NKeA~`!+EJKO1TJ{r&SYp<
ze>lwmwtMxyv?lv#Mnas`Thv>9r$76{sd`N<`u41|zBwVF<{~^jIy%5AwT<De1tw8?
zvdsCAI-+xOuYRZa@G}Qrk1@e_SJ0BTcYCr?fm3{7!+qrrMAbv+T1r5GSa0OvX!87w
zplS@U|A?5sZ4ooFTX(EET1}8&X}OwE%&ZOcK(~bCWGYJl(FILzh6SL#XP-I75BLTA
zGAu#49T@J1st=CaJwl90_fAD6Jx%C1Yjd`>O(B_xV75=gq_K3@5e9{35I5|`6#^A<
z>yS%*Y!Yk*;>hA2A;FkQYpA7-jA_WBUp@|6)cQt!+UZoe6nwHe!r1KJD0xK&&w}6|
z&oJ%I$ftxW?}nXv6*{kZAx;Q%htIG<pk}jpe))o^gf$j2Fo5n-G^wE$Ozn0D++lqj
zQ@+4ec$u7FG1LarZ`)MCa!~_|<YIU9wGdHNIO$=;5-*5ZpFy=h>4E$k!owp)4RIu)
zWM-23R^b$)OHpz&Rb!t80?_9#z2m&|3_#M<XX5o<7rFGbL?2%tQup>=Z=ZYOTh@CL
z4w@2)L6Ro#Rxl{|l8J*#O={q8Ph4N}v)6)4O_(qGZcZe2c*wX5T!$Tav|oG^8UdSB
z=gxDz1c`$?8|RfQvik!jIm7+Rbdw<o9)vm?82C?P1(Pq`fOmT1=&rEsqDGurOqY`f
z7fud5qv+O<hz+r>*(DtKTR<I)PJ}!4Q3KHriwA?JxDoddqQ4w8CupCsUeYbx916_0
zh8G^hEu3D!p8$kE-v!?bVgQ9OM@yw9Rq(f#b9L)6?=sp?f%Z{6Z}RnB57=}7frcZE
zc+TYxf6j#+-FrFFd$U*9ydCZGh#BfW{z3kma0lw`a@<h^pgAV;sjhjH^+l}D(HFKF
z+fd7JwlZmpf#gw+h`vsyJs2ZRG0VI5c-DB{!JD;pM{(F8T?0h&LPGXn9t@|M%^nfV
zMCSakdV)R#mb&eQr9H;lK=K5a+hMQ~c<lkCO1?UNNt0%D-~x93pwmpsS=!-AQ?c;*
zT-t*JxqticqbNiuiS^E~iQx7)xpY2L*bK1*QXirwF8R<aNg}&+7^ofRcNQTiIsfAH
z&8QhLA}0xJ9s9~1^BQOhu$u9`OyHQvO$xElO^WTyh)s$W_+CY(i^A`KGJKT$Q_^)<
zLVfeI!4x(~IR-HP;tTbv$Rt3+peoy|e?y*p)i1<-XP+>O(XMv~?SJ$!K50YSBbYSC
zTP6ItJ;&<}LCXP-tA*J|w289aCaMZ$;_`P%)dZtgh&YXitO((1Jd_Iduhq_3UUuSX
zd$3f-$=iDZ2SJO-k~L9#O02`;Sj(R0gE^%Fp#WnMuqazWcAZTfpSxU^$S$rc*)?)N
zYD6&)=nA%)PUcU$7XB#ZMZ=iCApw!Ed$d|BeZf^?xeUAIF{l{(Tp=L^qtKh*SuFuo
zR?g+b$A8Al$Uw$Kw(w}@6Db^gB;0-uLR9U>M~c^zkD38_f9KKDpgxj{BtrGb6MqG!
zrsY3v-HWRR&x2c!5pvmSWGh&%1vpDT5WXR3a8u3a-HuxQi_*p^U^7D3oHRe>hU)m9
zWhI`Vz{A)I^Y07zC)c%EY)uEv=LeTjKE|sO2Hk&jA={Ng7~y*f)TO=wHFA_GT3dTs
zJpBcC$HjK^c`<HSC#@jkrp8rJfRazR>PLV{al>c9^Ew#j>c?t=JuB6(Ck#Mt24X8B
z;cN^-arnV6bcG@K7%uh{AgfazHkxfoEOxY@-A=Sz>XrjVPY`o}&smOziHnjcf9R}x
zn9;>{JNexfnwh>EnheNTAR%2+`0wbdQEgI!yfi89Dv&iN<{fkH8V!-1TE2CeVr8uK
zR_jzckI$~iq5cd21g&~RZp|WIj+CG(aJ@Z^I96JkH$_N-8L2(}XcDdg1LQMG#0)CR
zSyx8>$YuhdGv&)$XNqW!IAO(cBw8TsC=Ard8-m6WSz4@BkoAV3rT+~<TU(Sd1(y>2
zgP^slhrc0cHf;$21dY7lsFL#yL4*5)ph^BlKmu`-lO2ihr>h$F&Q*hZGL%Or%COah
zGZgzOy6WE+X?V5X=o^D*cd^q7o7F6I#;!AMuuY{cGo}-&D?9nxb87NW2paug2-@5`
zg4Ue!2SM`yAZYjUi@njU4~d$#E9zvw?V+MGB5s(Qe4|CK!bGn^#W-~F9H9ydCNF*+
zpgIqDg2Mq0qTCnnohfsZSn#)i&Xm&5%i;r*zRx@%{!fxNFbyV=YKIf(AQVnu05Te9
zC-xmdOUZ4S47$c{hMlx?wH9;;rd3VFdG#VbS@L5k@nJPs9bY@yizbe7vK~+3_Yvuh
z*Zc+-yS;M*IwM>jbKXm$BH>gNN>^N<OM!kyU}|0Tem0k9L;Z6$?=6NOZ?2C{Y5uAc
zwg1!CFu;1jYSHYGu{|&Sp{ON~QJ2faw(2fOO#K+QzwohX!?5Kn$t^vBaU^fM{)&Wk
zbO06>fS}!AXcserXV0I>4f#jt3Qrrt>Xz2b_(w3s>5#~FzG8Ny=8gJ`De=SK_?OqW
zZylZ@nC6%awZ`<kx2C9uV`0#1q)m^k_5r@Fz*kAFZBLJ!^lVm?n;Kz)MXDIrGr%P|
z!Oe}-^Tf}x)5Ts1TpY^-T2mn2T2s=pMb+)G8osdx?j`xkGJdolaM+g69Yxt}Hu-ZX
z|E=xVSFRkGI?HWxtNwt|upepw;(ST}31=Jyb`YFcuoVaILKIBY?EJqS$wv(K#bavm
zY>j{Sgi()_<`eUVWPXMh_U$#Na%?!Q2Drr1{3D`rljP68<>&g4_9tKIm1yD4J@^%x
zFLLd+{m{hC>Obg|abG7p1&N@*mNyNuGD6^t%?I0kQClK#q`yi2a}X~NagUS*PqtHn
z{OUSFt*2R$S|e+Mw*5{L!-r-+;!-&y2LK8goBtFtiis2e5&j{G{r{6B7P`85WaPl7
zyFOe0NWeGqvpcf@u`g+AcXJu(`!u0CCE@p5zg}#YXFNS`%c$i}*?tv={O3@4=H!`7
zxjL(GIvv6Nu{>e4i9(^&1Q|V;GoyS<Tv+7fufHM+!}7>WTY{54d?*4N?WdJt(~tNf
zs3YZa$XhGQus;_~ZL#1!{Ous#T;?G5V=Iyo<X&SGiKs?A`??K^f1fFYqCJ6PxN3Yv
z;{{O2Som31xTim8gLQ81^3yjB`|SAk7ToHXwC2*(y&f-Io}`v8Bnkb(LQ9QJjW&4$
zBjG!ytO@aW2#0h@`^uc)v1@hvCOZ#1DZpN^_YMkUwsRaR*RZ$o<5s-GZT22Mnu1?V
zEiSB}e2wB`$3~LfU@tCO2D{Hz<*#JEFBj_mHCif*aIqIeMn7IBi}Et<piJdq9Qafk
z2C+Xr=s`XcmwkTT`S+8#1;@y!ZzdfzF*~5ySut@(wTN30vE%!SAlNB<9dWp0HQUov
zYU&ds)gdbU5BOv^gA`RGXdpJ^I+9?(Kbiw5O!-G`O7A;^Ciupng}gCnn{N!-^&5j$
z0ASGm^H}~?o1(DaZM*%q+7$N5icb@Hjkzv>+7#yZ+LWcgYEz;B^^CoM+7#ipdd8x+
zdPYrqiX#et`S*IpG!2`VJ8A#p<Bwyysg0%ozfb0!4Z(=B#uWM#R90yG#*?Hhq6nKm
zgj(cQzY@R?dQJ-R_(N6dP_Hg8#ZV40^Ly0EVQp>=e}AgU^prNmOYSXwu$KToN11R5
zy3;yM&86p|+L2hE?2Q31Xj|BkmkJ<?vjf{q{>Gn;E^JpLD7`{x-9sYF`6{EU`fvtB
zYT6R+KIh~RubgDhQ^TQ;;)ouTY4E}kXz)%y(dS-p^}E)4Gr?Eon7(3H-WohiEBG$7
zKQ^ONKkuem)lH$DY?laVmBi!#ySVXq<HmR>wPDxEgf}zeJez^~(|{8xlKYlX3D12H
ze`nB)HQ_!~fFdH0F7K0x_d9lB2ubpv(dNBPiBX5!`HK4~$XAA|xv<nE*A$F^At#6}
zBl5-L-wq%h{6M@C>HHFnte){h?yNTDo~ClWl#JOuC_Ay`dB3(7BP9xg>EMaFlJWPf
z(&xL264YB!bAhFqu?-hS_Lbs~v1x#5`NnhOOCs%rKl`1gQZeh^cH>DOYzAK`YmiJv
z;?*5nQM)<I6qTlb_B$`P<S^t_XGvN0F*cMj)%mu2L5K;B6X_Q~XUPSf?q54wAh^<=
zqT1-GajlZipnduhF5AbySTRoY3n=weS+G2+U#5e;XfKMDJGnP!9Gr0weu>7BT0C%@
zzM%wqxv+#p+LkLkwU7^3IRoh<LZPM1uN7|E#rT(#X;b6u?!p`4!#JkF;@UB++3Xz{
z7ju=~gO+|a^Am}Yy<kUY-jN_F<+E#k^xu)=w~<%AYTD!I#*J(Oku*kiR2YYZ5X~m3
zhVsv6&BUREDvQh%$n?aN2*?h$e55|n38f;MHr3#5$sLv%q9YoXSP@>DUHvL&*hm`I
zDXInL3kxO(YXzqEFQDl?wW^`<C(bj(`j7)K%&p(-qAe0fm$xlVU=8QkO1XhBaCWT#
z)BXulz_ee@6MbIjr2Ab#OMX+(LUIp94-arm^&Et%KVtn|L3`dh52&c#bK*44Lvv7X
zZ>El^r4GicDmwi9m8rzuktKnVV-GjFa+lGAp8c5v18PXUpiE9wPU<E`btk4pXqBJH
zCdz{;#ix!wu4pG?JmE-g4`%l=QfKKP$%??;Xbp5R=_pjEy2=iA1*)+U)+xQXSAUJJ
zCKKV~sBmdb3JFFzk*-G2JimSVLM1(Vf?f^0jWszIba8c8#%C|}k^y?#?RwcB81Rov
zZpz<&D02i<j!<NHr!xF$My2uycDk^=M&+bKcE7-3H`_u}S}vptNNiLH^WvKyyb`Vm
z(yTUg<pp*GJ|LZIhC#Z7eOJ(ud)yjCH$!5^eZYy1EN(x3ajXmwm!^P~b$O2R?mvQ=
z?bxaf{h0i1bMGG6UNiL>laNSM#2Y*=u1RN!iilIch5ie_MAPA!uZ+pOyGfWq+$?Yw
z!R#j<RVynvbv!HH@hf!qnwr3kj@LEJKsrI3Wv*Mo3SPhNP_laDh<Q^b{q2hg2}`VK
z!7yP9CWfo-h`6`~TkOboRg1aZXAw_~R*YT2ZE!sTLX{DlDEQtKE)P<j>D!R`=UONO
zz(GFt*a5azDn7E>9f=p=tb_>(uRkqv8m$x3ai@?coas`zc$iJ=HOU-NriN5!gxOA|
zIxHt%`UTl)tE1U3xgib`aAzJ0D}Q6qfMwlpSl$>k6K!Iw<EMb4Q3pKimK6gSy!}uS
zBdr+RY5;?F^olFgVdGnRU$Ab2fAktK|4cRgYt`wEL3?z(1kx!7FlZ4<sW+Dpr%@cO
zZR674f^Q#9JbN%!3wBP<!csCWWel;s0bj79w`KZ9rLau$-7?S)8di^mW7<}F{1|Z-
zMxuO05MxqCcf&l}QaniBuD*ktXtyUULfjR8WW^?HtGKd4lWeVQ*gPOU$%Adou)Ds|
zk+gc@1Lz4KddcVq3_omXCw$z}R&2L02Na&*+`KVp2mF9KlR$I>24MMfEWmGGdXE+A
z{yX>fZw%VXzc6UHU9R^HFqdbNK(Z%i$4dk1fSwd|gRKwplhK2;M@v?r?kYgCQj>uH
zF*oO`(m?7nTx{b8)9%UJC9GWiMH#L-kx{(pQ!yzcp-Jlxyffcyrix6UIP;k&eo*(`
zCOCrqG-8rai0!m8k+x)s<><9+9DLvLkS|<;#>#rj3N)f_w9WJyU=}JxnQK#rq6)u0
zL`Y6K<JjY{^sJc5e41*6!KrlJj-VAN=pI#}*y<YBGUx(o7pu=;f-Rr^LcI>Sh;=gw
zzFox3oHQFZ>TO_J(S*ivrIV`Y*aFv%-9L5y?4c>nq!37}vg*UkWML?9ptKWZFd%E-
z*=Q|?>F{e@h5fpsf!EIQ?KY37MAYCbte@ZpHALA56lU|eQX0pA)Ghkwto11^KR#S>
zV5WQDg!%RxcCaabDds>kx4JJ=_O2h$CWDjWsYge?k%YRf)J(OZ$bFQUn!_isRoKZK
zd9rmPaQ$cwn#5%kNu_@f-0&FZ+-M<dgJ*RBs5tRRrFs9n$3(c+PLk$F8uVQRw*Q?L
z$DZf*8ub)YhmNDB2xO+~YJLXzye9)FXs=zh%<j^*+=BGf8g_ytGOu@t?L1bvSiG^?
zc9`xLBy7sg21hYzxtMaKLm%>Yl}s4F7u)tYq+^be_kCJw^$6}?Uq58zmr#@(oUArA
zX!Rj=wWfFZD1Gr+{|xkqP7YtE&IwEyE^vcgs$_~-q8hj*U0Hok?t>z+O`)G&!yAJ(
z@DBz}pm@YF$n;h2#0|}XMmUF|D%vGvnyy4*o4wL2m)~sF%r@jX@-Q(Y*JZZIz}o*O
z#KJ@itY87h0Vyoln}fy_UN9+K!ML$h^i9~Zy<9RjLh<T^$VACb56;*=N({W1Rgquf
zp<Br-o;8(#>V8o5+pRVehj@;1KD%2?jZn&K9GvGzYB+Fmhjc_3!n?>%84@R4z3C7q
zj@f&G>50n(NA36;<{=!V_`5sv=nZB)G9~kn3g+v>X8cKd0;+q}Iy9TKNmD7}U~XYM
zUT%Rmt^tuN&PprBZhWBjL%aX{)|{D&ludUh=6HRp`$E7@V&rkJr$x4^5kF?16av{M
zgoo*ZO`1xawgC#aHSGoOk2w;pIfx5@(0H%H)p7ETd1+!#Op<A7*j3NXVC@M2WhF;b
zJoE1g+5wjLggNcgWOnm!%R@JIX~hoATKs%h*zd@m^c<!**4FsU^HzLSNhBxG%%G%k
zuuXOq%5DCMj1E6ftD7hZzTb<2>NzdZsTx_eXWEe_;U^wW3>Hv;Yma|C-m)L36gF09
zF^bEt6U7nqT&oqv0dpCKbsB+m>g#0&vvNem<T*x4IX#TsJ%qmv`;v$-x*6Mln9^~`
z2Q}2d&$EZd6!GnY?*=#;)m-azc7_(<twpn0@QBGEj3iTr>OI<JERO9g1BiD0anM!(
z4qBP~KOD4=&tt^$O6zhC-6S(MdJ&(##K+yacqp72VjXL%F$Jffg!<PG%slJFBGd3q
zk)}E<9x!IOlYVDf-qdK(t798$Y;sD0Aq~IP&cM*e`Cw&WaAMIWMYsH;Q7|#==_YYs
zSJXrC!-(?$`d1njMuEvqE2G4$6J3UlQ-cux8fW@tQs>$bZOcuBV7v*?#+5Fym4)HP
zl{AXLTBo&BEi%r@X3$X4)l-d3X^TALdb02JZn#(`HDBnR3$?#2TFuj4Z=5O}+Z&uJ
z2AVf67tPa8-IW><C&)1@<+3~@nRvLH|0*8~{p5vNpw0=Iy`Lz}%Np<iN;5~L2%+t4
zV2|ylDocqsK{#}aCM%K%U7)h76g$Qj+}rO?3Q>kk8;S|vl@Msx`054<z0dUxl5G@%
znulM0PY7nZvgy_0+pZojh<q`#TO}=8u9yfihJibhmj8(XCV{xU;9DLEA9e^R8Lxix
zF9+@G9|ui%zzkBsdne5;?9D-AyiEc)Xm_cS66RqGhdzi~YNm)969K2(#O(urchKDT
z-yF0(I9Ov8fP;n$&#unErO_Q9NG+WU(sj&i$W6Imt`yx+3d?}m5ftZCI(6T0SMQIy
z#e#RqQh=L4-%JA9WZ3~9pb3f_)kB>f^N7)=V8>r<n~X$ZCI78d*5Z}BL;}KHn<6$(
z^y_4bUofO^(yLrmXt{{6C{LBaZS5JGVTz=~Q@J|6h0Ht=pw^_486{AeeHyB#DhB2y
z2^?vv|HXms6?X0fOYbUAjDUnhynzH&GjzrEVP#0YP4qd!epo!A!X74vycqec+#5`u
zPJZsK)}-gG)b5cOJYgIY`-1?8SQ&NS5qt3mLVA#OoM5J7`)>rdDc(9j`b4hFwESWS
zf$?kVA7VP(!9GdeL*k0Zs|b8h>^d2Xr*;*wK|Os?RmuMjiGl5wZzhgF57H%Un+mqS
z(J(_5jy#GH$I0@*y)BGAet1T#6cj~5ee_X!oa&@$a~#}1#n8MmUJuTQK`!-nmu7dJ
z%a;O2iBAJUeBU+<bHq2I@~ddo!PTqFeUVLJ1Bq|>%5~2d=6llT!mHdKLYFITtCy*p
zw#<?y)o>{4B)!77JmU0EatbxXywa)&=fx9rtO#Oq7IBrfn@!Ih%Eejf)-X?Q`kf|;
zZuX=m17|Lh!^m1QcrqoCT`PEpeB6WU-H_>RU_z6XQzr9RIbidW3Tv!LIM2=(y704g
ztPw@s0~+kEMk@pVsjN%{gzsVI{}x0XQPiwQVaV~%XsoZNTcLt;5wg%HWKuYl^CR@2
zt6_Y|7V)st&}3Oxfg%Uzbcx&=FHbabXSz3S2`au2OU7iwq;mLi<OuCVb3b5g6wHmN
z#yrb!;)R;rVE(a9|MlHL3tGaX&m~&O4p(2+@H<<Kh|ssm=>85tHFu={^g&;UMSp2k
zSex>YyoKPvv;GOT7#m}9BfoW`EK^(f)R^#3t;sJrfV4e$6`bsqM!W5D5*>PSBXEow
z7T(;Cvy{FBs5Pk?ZghYyQY^3<oYwwMQghmvMMyAM58`cK9P5E*r>fv|Mtmk!1-sUV
z^Az^%h<txQ;a#mKfD?H}bvCc=88QRB^u^QWJFo{dyT4#C3J|$O16#><I5{AEsBrYp
z;X~!MMSVkv>=PTZP<v1i@K<>RK?I;(IDyPR4w~eJ5x7c>N0BJ;*~qN;{N@O<<3{Z6
zb`TRy@1V{=Za}Y=!<gSH2ACsh&Gyg%En|}4L3db(ts6EDHmF&&40msm{6Y7)^`ObT
z%ZBBnKEr7T*x*&v;D&1fQXFrW_f))SSJ-C-_ejnYjzo(Cd_?uBo@s$)gJ2>;10}am
zSS@jQRhoPtA1VSn2VUZAn$W&Um^kbs2t%Y#%|wVU1mU!-)BMB<CSs&AF$N<ljvJIS
zTBB-?8%n7?I8~@qyVM*PgbEAxXhdWV6h6~_+vYLf-$RCRCW)|Gl~Jg+yA1QP1*67}
z8<l^>3=@AG=w?1$=GJISjMRjnr!Zh=fD@*4S9~4}{ileb2q{&v?y_y4*1V{-2+9#O
z^3McS(X{Hhy@p?}=e*oOY_Dyc=GHQ<$UpT;?y=8Sq;^V>a0jidH1XQbq@k^S9u{T3
z|8~ZKbV<0ran@=S5<!mhiyuff@cPBYk^1v#ceXeurBLCcq5&gs4C_MEn7`%fF9rt9
zzz&zJa!K+>a`%$_OOMF&5whH!cu-7p8LQ1ieg)lmHV+$q9RP%;#X?eDx%2e3*Gs9A
z%Z2aXLWb$ZSpNed!>IGDn*Cnu;UGd|*=706<1GyR=Ng<M_y(P*h+tc18s)<-r)Q=z
z4B=-@Jn=7OT;&YNSSIn<i3IX>f#~Ox=tckcQiimb|4*k3kJnoZTf|h`9jb$X;s<0_
z=tRB{m|s+Gx(1<l`c5>vA-+Rsjc*WIWcKvr!5f4Ynp=Rvy&h<>xl}=tQ_I5*%#ATr
zFgJ<W?lx5RGKq<;SgCO#UBB$Pay;Y>EUrooEYV@!Q{^~?c}Iyi9TbGSbx*!Ey=Leo
zU|b61eVX;4$ntdyf<7C*inb4l(E1{PlRyIAA^p2q`c-(DEC52=#~frRR2K0&Ev)_$
z-|ZzXtVn+hsW35?#%6H<5o^=s+zmy`;k;wx#T7z+)iXFI|K!sD4eja38of4ad1UN_
zJ)EyQQ33_uS^Fc=m}zNlFvL`5Aym|&o32ok^D>wQmuH!@R!n#*ILe)-+VWk#NK4TF
zN$7CGjsM^w(tk(>4sQj4Q#`H9V26VhD}AWQ8p;CLY_SFVm@v>X8LCXzv&d9SI1>NL
zWH@E{r>anuPyVB^4TO=SGmd4dsbvK-mzQP54-ZRG6~j^;)sJlh%S-JjwVq1(6FvRg
zqERuX=jg;XCftb)bXMT@S)=x#pI}LY42=qQn6x7&e!J4?bi>pNCjv{!&<6&oH7+m(
zG=^8(NhLJ9z+a`a7ZR4c^BK4=&$8J-Q+@GGG~^KK*B}~bj`33|ps0(RO@!9fWs#OD
z7IPq6$DJA*br(7rT7;LVL{X=fnvEYULJ;orhKaw^LQ5{jv9+xR#1tQk)M-B(P{gj2
zvJ$6^@+vQA{%FEGSr;)^B=U$)aAucDCzEXr((WLT6l*Iw(jh0{K6HNQzbJ=|dfiAO
zNg;g;HJa1UOgfgb>SX><sE~|IC&n03ni`1r$jB6YpJ$TX(gPs0E@Bfe?1)?0sH!O+
zXA553u?s*j4{1lv7cs&R!-|bg_Sx?`>gUQZ%TJ6{8;{goT+7Oxfz%YfS`hQTuZ$Do
zl({YG&q7eK;mEuHoRfQZ(B5-$adZqp#*<%_SjW4It8kBb8&<o1*tD{*?C;rp<&R^f
zRxM;CSAp?&g*ds{>ZSbxIBuwuO*;A&V_L7D>E^oGHrvF>WLY`sPDA}<M$2*{@TM^z
zG0sDv|FLYH48*lO!i4jQ8`hVC7Bb)Fvt6zlP=<$oBq#UMq|DIue>iAx)r<UpbI|Jk
z=AfNYzdLCD|8UTx^)=VBu5^y!qMw$a;!6L?LCX>3e=TaNo<eLwpaST}_(f;FdbJG!
z*bFM5%}H&SnNiz3XcG<_99)B&EimI4om%p53t#-vrlrSi%^7Vg<2d5D$EyP$RFC6X
zZN4bEt?T5t#U#vPiJ_HsZlRUClB66-Am~B&4k*yAhFC>g0_31gaV8Owx>2dJD-Vz8
zoKcO*W}zKuj=!dCn^@o4N?=;++ixXO1s{HijBg~zhMbwKXoW45a?-^ZwAFJvp$zV^
zvR8QykJr`!)f4rsMQxl2p?itgSceHTDfZ5s7ph;&<tyxcn73D_nGxDbc+ygQ(gFwS
zN|y{2q%M^hrOIB%^}BNmu6#!43U;qVwk>LoLnuhXs2Y>T24vu1rbhq{TGbdXc4v9G
z3cx`#H4>q^mQ%mytCBh<V$T8sqM!xt!rf(VNXu2r7fR0-i|F?QzrdW;)XcxT4W4R8
zyf7o>n{c((3aiFQRg?!^5`cbgGZffz^HC=oW?_$~wADVL{xA8rimm@TZ2Qmr8w=x~
z{F`1=cL(qPKL2J}c@ARMdc`^0eAyjQ$fWTB(9rER+A2`Mkv_k&oskv@Yi!ZmOj~*4
z+vHvIB6ocq5`j;zCB1zu`ZuniWN%rp<Nxa1EfK>h1c82V?U!gOo@PPgxnj+a%*FDQ
zTX;IG^u55dnnvmgQ{f02OKP<W_Cw_P4V}Xudz*ZE00>Pi9X;It$SWdDHNp9RF?lmw
z9Vl2Ai3Dvr=0C=i6r<w*Gj}VHs7m;kjWgEylrZCeox3UJAVdh)2WOTL+q^+&q%@Sp
zZnilglkU|uh(shLEye5&RankW;{Q2!bMd9YDcU#`)d4X@m`}3o+R^GLVb^`ORMX5;
zK2h?vIi5tlYhE0CL^8Q;0)FzJOqLPW<K_Dvlc;>p%X&-d51xR%r(31z$NTA`7y0fk
zS^+j7FI8P2{VG3F!U^g-`47$!25&MT`|tI!J5m5KRX+ZURno{0f^fCX(>!{Vmy47y
z)bfS+RpAI^OYxnKP@(4FqwO`L6%4^2vBQ@Tdq2EX%K{_<zz^>h+ElOJyHSw$W)$=S
zjDqfqH>1Gq%_ul*BVLi!A3x@0>~J&1%WvYvTTwA69(h$c!bZ1V1qo9~c9F(gU@71X
zS@vJI8W5Qu)3b5+H9Y5ofKFWuXWk1Afvpp2Kyg~2dPvs6{PtiyTvS>DE<$~3`gWJ=
zxLjd{*y3p2T9f%SBO%5SA{nB0+Fx98tlL(DeZ1ynW=95Qu!+Kqg9Elg=VG+MNn=fs
zk*#<-qlxO3b1FJKF7367o~v62ug4Xjc-nS%pJ0^d4F9S2x?Cr$!Vy$GNs;B1&dBq2
z-{n45#W+mgDLz-*5=KOq?hQiA!>6=T`wK#weTUG(+MvkIGGHO|PgO8Y|2HAHH60GN
zTiCktFTFw1lNCe0{G?&fivdHv<loRB8Gk#Ax$u?LiM9|6a@48Z1zpzMF^YI}z-Jsc
z6s<KyGq1#EX}W=GgPqIbTM`1380Fs@`<8O$U$N2cB2+bPBnW|?@EdjuR<Bq8+<qh}
zWl4pLilRT0$Z4pC*1S4_a9^9pQ~u^AwoMIq%6GvE-?Ub>+AzQ&J=>bo7AN@{PI;NM
z!~<#3XZSUo>QY{Z=;B&YUmRUHnT@KhPdtz0OoG}@)iP{>5LB%*IK!vX2sB+|HNo_G
zgWo_$<kQn7{rLFv@qGY^Lq`DFv<-zgBxTNN6QhFfXK_gRNqvH&rOO9l?lu_tN%M`c
z!=<DlFBx}{%lLiI)`yQ|RyaH$KTk_T-Xyf1pXyfGfHifVg#TDm_j?@68prlQ8kDr+
zG-N(oygYYy<Qc(sf<x<x^De35#6MyN5(4DUH0CTs%NH&NZ-|m^VMXm7^HIy0kdDxQ
zrG@|~G#*8!_1(cXPvSn#V3IygP@+HIgI!bb-r=*kI{8Trz^_|s(t!sM(*O)wkZTI>
zi(LEYJvI}7LgRd+&~EV8-Po}IP-rH9QE2~?y#r8a7`G;NDK-yrp@$!EblHcRhl<sy
z`i&&6@<jBFvs_^q8A>=_4HrtrEB9Zl9fwQe_n8_XlQ)vGr>fvMZ0&Z40TkN$tX`G@
zERKfrqm?V(+CcImxBFhS6~r5bR-j8#*QAvkwfPr?mcDoMMxp)808nV*gR?-<i13oD
zLkW`r3Qay;$PBSaJdre%q>)Q5_F3}%sdmdb&?@wOG}?<*1SfKoxZ1v>HvB^$LjhJl
zW1JlV7o%4(7La-y*hcGBY$OOSG2IXkD%r525?YaN#}VqATaBT$L(VmX^_SYL)4-sL
zv1<5g`vhVkSfKGrGI9C~aUt19d?iH5PuC{l_tO=g&x_a9)wj2O^W$NkU)M2Ter*>%
z#{9m&`bO(>{_Aou1+b=mwSdRt{rhlhjrVZ$r;m}c-O8`yds?3$m)}CLS691Vet)Ct
zX}g1##(k|szIWq&K7pq&=7k_M!kQpi$J`tc)j%+F1wN;1g4HiXT|vW8g>$o<O@jt8
zYU62WIQDeDTq=Ka&=4SLP&soZs&6PvSRIetJ!0(#(izi?X)8TCdM0iUq57~%QQC}N
zqNS~um(Mu{f}i7|imXaIkB3p{de!Zk>Qekm@OO!*+kKG_UgA(Yy;G0U8<tK5S2{^j
z9Y`e#mScEGs0m8O498ltC96SegIwk>TmcRmCND5Hb>_tb`Br2M3Nw0+hL<HgQeRng
zXGN^3u^+a1#mENN3K-!YPHJV4Z`<b|a8}C-vm!Damq+@Xk!tz#Cl4TjB7`P?<>Ho~
z%5o!7l`mP`3VNItA<a!bi?P#XB#T=qG?<ZTMjw8$zDm{9VQGri&SQD7SRAOu@bj;u
zlFJ#5ByU#mCr{<LPeb9Fq{wItcsP3WU;U!2Z_ak4HnF;xz;fkz>Sjwl^lBoq7r3{>
z!3%KEz%^f6=2$5y1K##Z)Cvc!LT{Q~+<{r(N*zQ@p(6|s-{X8m-gG6gDhNKryKvRb
zzy;Sx9`6ns%$tKY!tuBj@#dg$pKf+;r(a`(V_E&fK^tI$uK!(FD5=PRj=^-GjsBT)
z5W()bCjGX?S=e_cNo>=rdrh2OF^~bCmp~1wgC8SH(JV%tPrJHV`zxDvCH6_tNGVj(
zf2k($#E0|P0cF8s>1#h7NzyjPw}CcW5kn9SCP(ax#S6ZHC*GE!De}c~Kew`Injt;w
z|ImCEL>4jLti<cry1nK6Tp*Pr0L9?A&iWbPpb01KzdLA_lzg!8erbH*23pK66PQnS
zEq=8Mp+>65Mf0=eMmM{kGIxa}I>O8ximyg~4i@ksC#nmK`zi+`wj=~HK$wx-?2Qxq
zS(-n!5G$0YZTwL3@h%-F*DX^^Y_!1qy@sp|n^UiY{K_%+C71n43Q=9#q#fT;&00-P
zrPX(8y5@m-7xR>>4+MW^^}F_qTkv$_(SWmnpe_f)nCQ6|<Mg-!u&K9|>q?d-^cMjP
zWs|iUmYtv(Tg)0GxxS_wJbL+9u-n3Ra`4&o6R_~xTv^m0`ZHG(-dKVbTm*?DhWKHR
zl}|i#%RLFl9FAM@zqZi#!=)AM+37t9{JFXB!J2aNG`mgWHflvPuiys^33Ok+Q#Z>a
ztpoCa+dBEL{kR2fCnN&_tD<^voJU)V);(4xSudm1Y}Pb03#*?v3V)K7{v@jW?dvr~
z9VxTf{am2Ah;dE8HRlC=*X^N};{+woYr{7;={>vHH6AYzn%ciFC+BlmmFHXVZ#ND)
z8jqAqM5g-|+iakPO?KExE7OUKUC6qEu9(1%zTol0pX2B*4y<i0M8gJInhr)&In&iU
z^T$9tZ0sF=j&VoZ&$d6r3tJV0&>dPY4=Lg6`NIBe+jxEaE77;NIr-0tzR<Z0!v*HR
z%V6^@8R9TW%$9xVuOto#PI#@N^bNHdwzXRKBV6Od7`sz;8jtZAMh0LZN?5vo5`8-V
zaL};-IA~^X4x0Bfvpc=u!hAw$x%<KY@TyIYWe5XzOsx%!`4=1TajK6w#-DZ~_Xm=?
z=U@8lCY2KT8{vC@wV6^`P}JPocJrxwp?Zs)vTv#RX?sTUi8=)J(tjF`wH^d}neLHa
z=ETNuMzsv!Ak~clhaC*y2Ip9f`_NH~?sv85HdAl{mbv6(s~-W_)E$1`upx`8UWQz&
zB|WLHl~9bmLYQM5`Q?MmeA)Nt-~;_*wD*1B#AUkbx*@E9N$sm@KG|-hohKg@aCCY(
zE+qg~*PyqGrs52~CSSU{4~NFD-+YvZyN%>;gq`G1m2EG%I8SMOGP~6OpiWOvfCZdy
z(m5E8)1S+#PEF&k?~qvbA%6P6SL}U_rtw`>2JF+k|BVSA2Y&iv9GBOxcVoHj%~-zq
z7h}0zEIB;Xc0BRlE*1wo`btqnOk{JG8HAAwQ|u0=(?N_B2z!N!Y5^W;<QXAAK}8k6
z3C;A$A<e($?XDN1<W*@oCIu98OzA@r&5?zlnNxyEQq(s`fptcq!&ol_%rjdbVJkGS
zZA<lZ%wP41S;p_boC!>^kLy968%o$)4E{vr)vTqb7*&+FwIg_dVRmZou1Nm(n}w{A
zb$oa{It9fr^SD{*gfp>6y39WDa3K3Q3H!XP;NIismX+oXwqlyMqKj}0*)}n#Y(w5U
zPrKn3cUgy6sIqP~b-0kc(#5hDor{s??SI*{`P`#MLv;cs_TE&oKO;BM3{qbj%#L5N
zY!Ln7g)Yb|UMblNATIZhy_c0Jm21L_l&#ArUvgr^A{7S_n|xx>4Uc~*uQ!p%S9SF`
z$i>l57K(#K6~)6uQuHw<S^Jca`JKV$<f=SU??Z_G8@J4R0^pWo-x)Oc-VZmnsSA++
zB+c{;9rWU&3>}p2#St3F6<6<rf|1g3Zc|QQ`ht(K`}Gu$kc|(If1)Aezh5)n$|<_p
z=TL8~8ChzLVLfJnh&{k0bi4ahD(P9d98*ckt4iB+dYW!#T>D)lX@t3j>CDYUk=ltB
zkE4Eeirac|`(i-PqB2(n7CJOLqR;DCwzk4HVvW|Uuce^6*wdlv$j?sORl_)_f_83i
zCD$IZ|DfqGn!aCZN=`l(=fCEc&r4zud8u-sc3ggg(1e$mLa2miG{-Lj9I!@=GDz}^
zgc`Lo(>v-HJtYG}P<LVN+Z6blKXc)rf=4&HAJ|%$@H!JLyg_JI{~baz@PC8QsLXg*
zcy%h*LK(RSwo%7+=vqPHnG7fnL$-C4FnB#b@)`z$>pNNQKGEGJuQ4~8JiZVw8Q<4i
zyLGFzvcIMM+`y-w!scT>2JKS}6x<g0nZ61g@9S3K^~NOYf8QG)?9W)DeX`65f<;B=
zMImI;eIah<^S!)wU4>ZLO?6V}gSl9gWrTMGZ0`zul+vci2NipV(8d~ZKd8VED@)Z+
z%EpHudNYP5`<nnQ9+FOiBWH>)8lU|M_`MGQ74S>31qA%Otlt8DK<kkvwjk_<=B1qM
zEI$!9b?{boys7!eR*1iTyl++4L3s=KF_|qmU?lBugh2H`$ua(ah23RPT<f-|VS*<(
z1Z&(~f;&NiySoK~JHaKmyL)hVcXto&?iSqX+hnc1*WTxzs`F$1r@N|a&Tlft`xNd_
zebqvdT;Sg8Mo{DZEsEyanB_kEd5C#?;KWr^G9z7)s+c@*qlG#ZQJpkljO;EGI~gry
z-kh^F2zvV6S0+L!C?vG3pC{J`ll3QLvBuJwCiBvzNO7#b=Ahji#U|dtK08+jK2|%$
zU!f?fVd`%V8vI`l+OKE$#{Vh`#nWA^NWm7y*>KZsGS5}Mg@Ya#4F|<*<Tk^p0>8Iv
zx8S~7h$L|?jAK0L4b|gC7V$RBeG^l=G#$u!bI|1895jJ92W|E0%|W9YspWZd(0-Aa
zj_(*Hv+s+<u&*5ExH9T|ZfV2NNv1a}zNE0uTWGcDfBJC6+xLn<D5X;8;iSb>ghF$Y
z!W)i-8viMrQ;4J{cR*Yzr;L4}?DL3D{TPW6U46LnMcKN+G2D-#uF8=Td1-vC3B5bY
z6f1P_F}+0^;d5|qQ`ApT+W~-c5t|0$!Y5=T_CU@pRr{w+?2BVcYe@kYdy$dgxSp+^
zO7eP7SP+4R8QaSpx4N43HXst?9XuABLe8RO#L660gnCT0P@Ypdj<*oMXNU~JX2nUE
z|Dl-v3;SJO6=Hc~zAB@)zs@MS{B}Lha6Oi1tqNHkM_@X2^b(@{)a<j3AzkL;anREI
zkQ(<4z&*sSSkH&74V-LjRsad$GBUnI?X{FNsBk*%$i5-BiMHDlc?W-yk>&3^vGFJ4
zbA4<D%J_J$8tHdVv*2MI2L$hi!K%><hPTlU$-T#(rmm&$m~Q<R-t~h!)Zf`&Xi+aW
z?Pb;QFrAk*!W*Z+<Ac>_*un7<*Rt|o*oMk7i`PAI7qf4%JB`IqbI6Ht(<%s|aDw&d
zSaJ^OJn6g-QNL8k8juEm1+|;h*}x@i;Um2>>aY|FUuHx(*Q?%Rn=r*rQ+503d9Rco
z$e3MgK=7A?76)?B8rJ{ipoL=TJpimcWr-Tz95g07!<|56Y?tHsHl}Kl1e`1MT!+*%
z!~=(Kbl;Of4w{Ud)3kYK!EN~|(Q(dcfjYhr16u-eYeR>oFY>oSp}-EErBMoGtP8&c
zgDF6`gaxjre6VGYEoGHSxQGb8^CzZDK!k7fomqIZ`+5+A&>fMd2`&+>aIeHe8H&Mu
zjPXP-P4nxdtFEJd*xnAn&O^{8NjwHc#d?dP`z7w%Rt`t(r^jwp?})S+(P;AaVHWJb
zk`4vwZmPLn$tLpg4{R5T)xnwB(yf^6lhtern*$oqobvH*x)*^P;*o3pVbe6*rJ;sj
zwY@4??$3QmoZLz`w{fQm!;YsQ=ClJu+tz&x?+}o0JZGK|gxkC(UA@SbGFu`PTX#4!
z={-9ozYoaTM}LUr<NF&zJA8xC!u|_F3+rK63%2O7T?uwhHr<wDvAzOtOK@vDuyx|*
zu*u)nXhNA3+q$r8;)%Atv#Sv1#ko1*_>U#N($wYc-~((?%)p+4jfqR=hW;$v$><9*
zsi`*z?Vhwh3I21dITPp#ags*pZOQj-HxK!Q&I>}&Qb8kt0fa{$p!XF7H=Ypk=LEHD
zk)Oy{b3r48I0j+je`{yw?V#iLd3!z4nuqB|@Tv#zGDqkiCJmSHf4orn1EFPne}m9|
zVWj1!X;TS&lwu9-I5JDLBQH|woG}#Hk!pDCq?Z0MKsw|t#%lUP7-fntIL<6CfsEGA
ztQhV{7Y{}<-((E~t9P}DiIk<ToFq~*BEJS_6*kwEqWpGPevFRe@7zMI)eh7Ol>W_@
z5(`#qDFj2acE1%mN%^~4Ipp4&d4Ay>i~;qOJlxmpS~ZmY<0UQQSX9g_xS+;r0v*Sx
zrtcY)e2u805e+<|{#|p%k8`KWP%7gPxo_q;RnP_DqX%gcE77A1;$=vU<z_<GKj|8L
zkL%}PD#pz{4h9dWl1hX&kewypHnze6ti^Dvg!#^+o(1eIs)SLZsPD#jH*#4S(j!R#
zfK<Kyx+r|QK_#Kz3G7e)Oo1>q7fEWIz17;!8a_!4>Bw!G@Nahxgcul#bSCO!p=JLK
zs6uR|%eYVFL0Kbnd!kE=O}yxywOOGAb|*w_JD@O4wwds}lQJ8Wv^%5$+TSPS8}=jq
zaf4AkX{_AMEmM?_ap`=)vQ_86_%d$`pW`nfrY|8l)V4?4i5oW#R}1&vCm$9kml?W>
z25}VE#~^1Hm;|87=?b_~QP}+9GNxzrGKeq+=U7>2Z*LK^-z%hOa0Lf^!I@TO>9P-P
zYBBLKMzK$n5A+7VNGUs}bR~qG(C3OGm-itXoGk?<;=q%LT}Tk%OWq)~Pyaw@m`uv~
zCE~|{1`|_BSM-n9X5SCE!vZ+V025B95C{_6GRfR4#!@hAkZq~->CR}+GL4Qq-?0F*
z$?Ucqe<U<{Tn~DU^mh~V9&`rV=z2a{X)(qGoH-$IZc!g2mR7*CePC41yC3#Z*LGMK
z`Qi@6{UrRZS+aej5XsiMh#Chea$(z!5mUx4qatBc^L^reds89X$I`g%62BbPwNJ|!
z*BQl|w3>XCi66l~lE+%YkLb36lE)I!U+`{Wtc9m}E6A~|n@teb;wiVJ>Wx7<eu@Q+
z7cTrpp2!xEiR9+Nne+QYq3IQD5BS8TIN52)86{1|153L|?+H;Ieh&)#L!nu67hC>C
zq5aSC!oMiAIp2%%<G46WDIeQ(8*_1{P=sKnL_FzyJdJ?ljeyj)oF_s^);PR|i0^yv
z-&SO5bd*xgRlWcFi5mG!WcyQ?Q~e(djnB9a^SmzOzHRPTsB22TE32V^FsK<vMQP^{
z16W!4Y*sq$r$G~HkIo9+pB%E>I9seOFsxobU=oOY=qlDcjcuxZd#tRE!(f~yP6lh#
ze05>+K~UAYySY)TM2wJk!%CTCa+Vl3{m5#T2p7hw2zpZqsv8AqzQuP+egB>ssqqLA
zQ5kQt0hT_L$$%5LnC)KK+~z0L&JrQPm1Inp>a&22UnsiSs>y^j{oo6TRww$NQk6?A
zQ-B_qe&r)qLyE{vv5oC;gJr4zYtXVN@Og%^`!fWwr1sDL=G1?W7ZO8)#tTOtHU5kj
zqJ$5z&9zjTz%$SwLm7qV-L(-?Y5n*q9n)7iWz2RX<!4&kQ)k!n%{Ix>`j{R^>f><>
z8*?ug*iwK0!n|X$UTukGASK$(A=N}z#BDxU+-cY+Ep3Z$ei<O&f|7f&%dm5K0MXar
z)Sy=S#1N@vp_>GrKMld6!7IAHBG$5jSrOLgxOurr#xcVd0Xed9xsD@sPH@ab*3a~c
zhi%-T!{9`$rM+^wRDZ8)xoB>;f2ja=)}l_b?CZ}{`4KVlEW>I6%Ug=^+v}NUWlnTb
z2#-~tO)kh-Kcx^%VFct?QvEc`922#+Kg&XPf}yf<ah&o(f+Ne9m8#O!%b9Ve@!>bS
ze>!Gg!|;7*uzx3Q@rzqgl5oBt^uBw*zw}i}_NLx18@4`M!ec;4w4`K`0UeS_CPpRQ
zNzaN>iYiLKr&q$jD=0|j3Ik)2p_{}_IFah_^i}|F+Ym(A-#vKCj?)`vDnnBFIg*ss
zIK!Mj?-&M`S-+D+tp_{Bc&2BIiU(>PzjCU)a1VkcG?9NKv}O0+<$p_PHy{ZO%lR(}
z&G=11OYT;e$^Ey4_NOWLCZX}^LIbG5RBnaph>HQ}iMO>8vm=N|QQGulhb7;<OBWd<
z5BjF6=ai6Dc7+)r8~E6Ms}f6n#=M&7y5^RvvGyAZB=(PsBb~)aw<NOK-n1q$KE*#}
zXeXqQPUvKH&rZtTE}^Cr?h=;Ixyy!vY02r|jU|*~Gq(YQMgNzC7W9{dR{CEOn%_qO
z%Ek1*B(zG0iu5Q_Q!+@#n~`zaMIYnqZ&MLoMr72bQC-m#DG47@6n|^}Eupn#i-Gn*
zn!ftJNoZ4PXEK7y3zY5I_>(i_gPu5RVT8`&`TdWOw}hw={_47CG3jFvNvIc)x$#jB
zh>3++@Qs5<t}`M3DWQQPh9C*8T9*2639TPVx?{w})h(}aQUP1!Xl+my<0U-ChYTeo
z<u3`XO3cR~*04^JU|h7^hj+3AR4_yn@+^T&Q*`0}HlP?YPMHdAD`=#&2K|ZR$eT~s
z6N^`d(5`+}Cg=Z87iKYn1)OzXm@ogNfn6QKMj=Woyyev(0ZC{={Z5$*l*a5iJau0{
z5*pQC5?b4(jc6@7xgg0bB06O?3>vrZIer6XL7maIrLvk&rTqZqTB(G3zNmd<f~Lub
zNW&uUoGK<&>AV5CeLHIlm2V3q-pb5)4(;0d>LnPJG;^8wm>fomNiQf6Tz048HhE=-
zml17^l(+ToY11kN%jomBsYMJ)62`P=^8TY?7<~axUwoW4yr?{5MSh8N8m``QjKo?D
zZcA%zvY7b5<T-E_G$_MRYZYA>q`49;{ac$v_%zrhbpuOi@u%fwX(ZMvnU<YDjKW<G
zXl#&0&&w`<lIv>gB|?n#ZS(sLLaTg((9$ISKxq6IuxGL>5YMqa2xv!ohCjW2kyME$
zkmCUYiKQwBqDVLl)js{mRtmM}DtAXPRGMGvhzuAL75DNbFck>Dk@{*MNakGKkxn>_
z{gLom^b7nK_&9!8Tj=U|JR3ZQu0$d=-m`f8=tde@3iUu5#mO#x7QC9oPX`-}^SJhe
zPW|uF#ZNex9!I2hk-2OP7_{(3VFCqGaug?Qj6QPN)GS{l-{5g*wkJuso&RYRa;zN)
z?@Uw>)b31K6Nkp(ZzHxK?gF@igfSd!YNKwGHiHJSl<~76R6(n#p$DDo5@IVWNWleg
z#25BLq=ByBi+*5dLA}~RTO-mA$U{5WF~QT@N!93hjUg=aOc;0^=-+HaOQ0NFLJ?bo
zX6jb@28XnUbsaVumvVmF^Cp+-?_lRaV4CMZX*Gr2OdnKZ<8gpqAbx?bbVoE|<-#iP
z<T0^Gi~&6w_2<D4kb?q+zo|z)8IUi>KLlkt{b04Lh#m_0SD!Fd-k%Gi?`~&So}9MM
zrOXTXBr8iK13ZgJ`HMn3<PCgcLwh*%8?e>v867BhL-SoG;QK%Fgtdpcq;HS53!@X;
zV>fg)gg6ZyVWSxO=h_8Fs1kf3Yego{_}foe?<t#dy#rDdH9;)z$0XMAHO(kh1#hfG
z>G!lWP3`OE1n4vqcydfR9xti{<;KV!jq%^DQygalpt>xiqo9<x`=|ut!qlj!Mf1Pr
zGAm@Lm^sQA4e$Sme#a(RjB{ChlM+F|7^RUDMlJENAz*S#<mpb0s$r!KsT4zK+s*jo
z;eSaKmZ@%M6Q!j~DnDAU@=2SCOuf#D{!*omEQasvPbP&i5}TnV>VIMuIRxpJFzaKq
zsslB;bGFqvN>;p`(RfZO9Bvg`VKn22=Y^@KM7kXry>6?Ga!y*1ziIKcID>PF66HSV
z0P{1q^rl%*HgyEhSf_90Uc{9YJXEVjwcrN6UqdeUxr{;%1vMf?szG)vAVnTTq7Wf@
zq7aghUk8I<gh60?=XueJRhl4YIwQ{qAy*_JR}><5Kp|Ae;a3rT%@N|EnsCuh*Tupl
z+d>^XZ3IiIrbL2iz$P;9%=2^mNq6Yr<g!ek+%gBh&>OB*`aO4UBYzK<v?+G-PQE@O
zWG=M8b{2VVLj`k_$gX^I%(?$yVyhOiTx0Z$FVSH;l<Z-11HCEzFZ6R<i_IUoRnu%?
zQ>sA#9&-*Iq5y`U%vKq_IfdhZRyx}OLGB#mYv$$)BWHZ#1CuY2?3)_Sw`M~HrLsr@
zve1{5H#N}K_;%F58t8$KB^d5#Wo+xWT-5{uzm(y;6)H4rXz*$S+J;3P^s@r*c|)8X
z*wr(mu#bM|x>3Bwg_k%BhEWI~!(I3V;XH511flk(<=dp>w;CLwbwKqt^;f~0#>?w*
zQ=KG|+UP1wDUCM2ZH17J16;v(mMidncZWvcJ!le45QVt^{$wBbs(o?n-`<Q9U{O%d
z#OxM9jLev)02QRI+6l`Hpf1!0XQ4P0Byq&Ynkq}b^~ONbHA9=vAto2}f5AwoZ!46y
z(w|Ce>yNmKdt|WXV+&)3Ubo_R9F>j*=uE$I)#t@Xi6att@_{8Yk$pHDbWT_NP)=AD
zUSqF=%*B^OSUue{;Mgmpuy>BtG(HwUZdbJ24G;i0(hoGl5~c16Qe){-0aQ^)f}Yhc
z^KS3Z<&QH>+7~qivD39-aL576W(cwb%VszD%hBlA#q-LY<yDSs*8a2v@rCv_7x(hp
zBum`TL(A$&Ms!j*K3e<LY2H74#fj7xDLJJvbFTRD!!T`pEl|kb#VW$<6D6Foj{Phn
zw!obxJ;U>RW;BR3nmK@j<WfLU<|P#6O@5Qmq|L@-m#vdH1wJQF$C)(tS{W_S!rAjG
z!VT5YIGPHBBs6cvy+0C~udn3`NJ1NR6+n=5JOk!6uTg8i=v}d0`T+W+WtL_+Ofz^6
z=f2+r&=Q@h6uV{lUFR-uVD^M^vE2HqCOD)%PXOE1Vj0C1DbZPsz9tY%%_yD6=_afC
z?2LHjr_~ifU0QY*^LR~_e=r;wY(ATa9op#wiYK(eq3VDuMhU%>pe5HH@29CdIV9GN
zF8wJjGQERXZk)D0th%bWsw;z$JE(hYaF42>(5Tv(;v#DWq?M)gV)eSp?t3kb3BgPp
zS>+5&%^wCgW_VoHt#7W+O{40%!tFKuaFUxqHIF{Vj6AlnI&(EoVcpK>qRkNWWA8<_
z7OY52zI-lkJ;^U_cSwV8R*3am&^LV@+Ojx5rXpcwFwHIJ>Wk;Msv#fF>8@z?%~SQT
zyO$=v1>(}P0^BG;fagoJM4bQ>lDyfXUcdj*)CB3~hs(z)7@!uP%wp|u@B*MLKR<5X
zqLE3U8j}Xv8amU0v|;9#MA~dfNLl`C;*P}-+^R~Z#p$mYq9r3f?IvhV>?jndWnWev
z*uTj#<8NO<d-Pr_G5pKh;tFw`L9vfh;aTNN1S_J%21~RDlO{t&Nk<^EEUkmcg_Fd3
z$wR_euC$qSw)VU0#b#nfIooTgqGYp)X1Ls%)%M#Uq)V)fymejH)UljGj03cnVlghG
z`e<<?WnK%%CoW3H{Ib(lA7&hJ9Vh^Za2J`txy7v?o_ctP5p=Jd*a>C05<7j$%jVce
zXV>>0DzOkfF$vv551ia?i0HA8{}w8hWn)Hfn2NL0bUiHw3?!DF<FIvlF|_Ohn$D_2
z$5D=Ca1N1!BO>^mA~~EQnD`F{FQ=w<=uvjK_2~^A?sc3?ZsJ7#^<tv31rEWo3nZ4E
z+iFP4SA3?^M6|${zJks+#fK7S8Ecpf&wl`%nxs?^rR+_yc)?DwoD0nqPOPx7=Q64}
zwtO8M!FU3%ZToOCIyv)$wK9ZNjM4A}IcC^)b&|F%K^`*beav!1Mxp6721Wo>m0khd
zAf;H5%fMX0VqI~%^3*muk46<iuHc=@j@aSXvsB!M(~bJE%O7k%$*V>h*vw7_QsOHP
ztO2H`3kIWm#Pv6wY%?x22;6bDeF1_GV-g^Xj0?0xZBir3uz=A#1y?V^4N}XH+dxC8
zx5yyP3`ssm<V`QL6ukC13<%Syq}Z1U)~U={VM_%$X4TMyxfJG;6nV;uY&R^$4S7>Q
zKey!_C&BN!y-%r?DFA)+oUtj<q0|A*PPJo9W80)Mo!q`-<3C{8%Ntns^ahsIy@6%v
zXa9g@?EeXtK`5G=W9^=IJ-YfZ!E|@jD6VxrI%LoNf_J{w7-72Rqw#ilzjSt&V|i2`
zh%@lxFz&y>vcSo3kX2R-GRXj2yq2v69<Ub~^`MUh(#o7=Ti#z}sDNCr0uMV(PY_i`
z*+928&3DOr+A)|0vdXOD4hEP6Ynwq#8SLu8fJP2TE;A4EEIk--g`J9=4J?$;Y$7n%
zzVQ?#cN7_L3PG4!ooOG$o;8KFpBNCmBNe&Zga|t8K?w3J^t}@La<?gOrRhMxSN#+v
zP1WLbL(rc9Fb~4-bzTd`@1=9dfw2w$$15WOL1qNmA|8AAy>klgvVqN`<hOKxys~MY
z4>2Yw)>$~xSFB4@EV@E0V>za;$l0cAfBqm-{8*)W!ZoJjfUt&9*|TP*H70`H`aaFQ
zfp()k>}T^Ia0V$7AdIZ#3GC$TU`Rvo+R#$q+7O}Bo9b9PD5KO8bnyv?19;UzkQoRw
z%fn%Et<Ff3Bz3Khuv^ZiIF9C3uj?jK%)XZc_fye+R|5UQ9V`4kM$n_%=P3&zopj!i
z3r{9KjdWhu^i@l#DciT>CDeq?F=hqnI9a?~*>`utI*j=*uZ*Zog?`3jP#yWjZ%P(R
zmKDaPIM}nBOqhQY19XAmCQ;SC;bjOQybSc&K&06lT=w|>yO0R~W~@EO7yh?z^csz?
zI#bRXTT`OMa1qH1l!i&m{BxvrC^cjb=7O}?Ze*<ZE);HPd@mo9J-YhTjq<6?tfhN|
z&(ss&U4Fl;%rs@k$&d(`ilhnh%B-y%q=>{mu%HRcm%HSWf+sbTqgDg!$Jnn+9nW5S
zV0kojFTCI=8vzMlGzvZqL-2h5kV5chE*{)B(&|OtCrM~-TeqmOP<m-ixA?fM+iT=~
zEbw6+^SDVoMX-qQDfr`RY(tz;Nss)$Z$4pU|D<={yfWbLH1EXDkAH^K#mA0>Z9!37
z92Y`ey2#85$Vzxf!wLoDV!|*ffizmNXp%kWm&co9>yFpv2jF~#F8?!--{Wcz#Fky%
zG_1EjJf>E(KkhAqtgh*KFW0LZf|z-?`&WJ?1(b`x`J8>%ds|WPzixKr8q&!og#vG@
zk=`pyFPOXowhBOwL(jZF8Q%o%2{R}=A;s*CFYiJOg<0{??CcO8Vj_*BFe&VAsnb!i
z9FnATGToo{W7)^xK!uvQIYC}sdxx3UA{V2z&DXx;SoR9w_RbAv3e57vF!}sjeV34d
zB~qRoUH?Xbp0m(J=E`O`G^R$wjoitGcl-Ia@A7%MjdzMxh)$6zRptm?x1B^%LAGUQ
z9<$o7R%an>D5ElM0a|Cvwi<U&cwF%uQ}$PD42aPjS5%PHr8a^x*iAJz-4?nU*h3nW
zov<cNXBs50b*sC1dhv7N-IaQuu}{b)VTsA?Z}rJ&_MjX?ls?~YYF*4c)8kuPPmQIx
z&WV3r!U$#)HLR*-Y=U>)(LhDY01nM=6<HHO<1sLy2x@{T?A7aPFSVlK2I%!nbp-VI
zQ4-}^`Gg}Vp%r`Wr)1XOr(l?|@~Up70e<?F$P<~+Svk6-BBypS%S&I}I(rxE7kBN}
zRZ?A0n?R9Qb~R^+9itGXQ2wek7fOuIIQv+#qzQI9(WdKM|2m-16~nTNuBho{4P=C|
zT@@7pQ^#|m5QpZxe&vL!dpu7YzTub1{<V0dtDJlT)1>)&&`8f1h-l6nled0PgU-w`
z(7%t}@gr^|9Vdx|M9zjhtKktlj#KwzWfe&XWn<ChtZ!r+O^LPHX<2!d?-?`HTSO1h
zgU;t0F7?}3<9Ij|qczC|haxG1%N#G#7USG+*PA`CJ>b^-yToF2B8s{nG0d(xG6@-F
z-oaEYD8kh8dBv!_Ll+z86&m}pVjr6ZDUVAi@Ip9|gJWbgq*Rt!f+V`Im9^y9c*UE*
z=w%gj4x*@B>fJphe^@=gR27B44QJKAQeGV?u%Q#$!nL~9vO5%`9H+3E7cI&~;pm^?
z^XkN8w_>oQ;x9JeqIiA(v#<+zXZDS{;=Qe)NX-Y5sRQ1`IY-^%ue+kF=>oKLI5%SE
z4Zf?iE;7^p0xZT#A;s?tn#-#Xv(#jLR6ocqHM%J9-S3ywf}Yu8v2_h<8qR|YeihhL
zLy?(KKNTqSFYd-b^6S1XkQAz}_5kL>4KEA_vp+t2>f0*Mv_MEref(NV;|V9#nbw`I
zes5ObDhAt}oPY^QDlH)K6c%~9$=rhlJZCjhx7=S|>7097uh8ND4fMP^&CCWmF>Ej>
zJhku(R(sAPqCuUMw|4Oa?#7!_+`(&JXSXDr9`g-gCtli8%`b13YsmJQ9)nx8FE`Ub
zs9HyBWK!1Ak9oIEnQ^ZpQr%STa$%(103VmY++NJ5f$QxqFJnDV>+BUB;g4Pf8<g?{
zC$9mdWJXl;f>-W0h9493{qs1f^IE{&Qd>>GDgg@AS~j5M4^IZx5S{6YCY-*1tnJMa
zMILhwyU64Bz|+@~jVgZb5+0dIFI7liCqGs<8)WC3xPtKD`y}2>XJV2nd86ote#zEE
z)O4byMbqoXA%jYskK|KAF_e3iE+v)_+|kNs`g(UeQ2~5*Jr>sk{a0Tckrd*SDO);U
zkXi*n>bs%Y(mBuh$p{UkyKl!$MjJD^JAyB}{2ie5b{U1r*_?Q6<~?RPp;ui~{;??N
zaeJLUxr|*76tSy3*);B0TA45`Y#lTlqCEHHdN~_#0>0cit-qY^XL>a*Ip@<nMZ0GS
zL%r-QvgI&67;s6Z>NNvShd!LE0*E-C_Zx5obNw+IPA3Xg?adQauWh=_i5lx#N;X}~
ztJb1Gqe+*~mY0Vo-8`3bY>p&OsjHAj{G+75q@(`C*0Ra-#;jAQls%C&sfftrYZ``1
z5+J?Y?!Vq$q}GaIE645ZN5%G`=cXCeX+3@0PDX{?T|AoSze$t@8!E(1xk(NEqy~s~
zuL(BXH;`ak!yccN8Y%V!eh2-IpgwBRu8~{6UhhYy`Ug53`qoFczqo$=$=1976|MU!
zDk$`^0`qjZDBJz}lQHKaX^HAf)NY{C%CAkPS4Xt(F)yQ+eZD6QB^z;3D&Q$`YI@;6
zA*kk29mIYr=P7}UT_mQ^ueF1I)Uv=Sp4WVo#)|rki3cUyA|~W52F)VV8;GlpR{SVV
zVEJHn0_VI><#mH<T}bi_McS?KrQ=(Xon7eHPM2@F!k2-kn*jr(5SVmNv@n?t0lA_T
zj^-Cb)vFJ}Rq#*`Zy^E}t>!SRW116z7|ZQR_6uDAErAQPb!-K&mTJWpx|{)~6jC{~
zraog45RcQuBjfcn#;*HfdSeW#lJzj~+d6_Kn>szmWHXH{-Cn$I%gY<2u|m!Yw5s?l
z6b=OiyZvSY=>;`&>q04)&1cwTeEojt8=L06+y^63?9o7{d`@yFpeB1a(0ALkzvgz*
zd*^`H3u|ssw+-a#KJVqY=wQO9Nxt{uNH!sUweB(N2Zoy$We2(Xl$!Fb(1^j~iX-Z%
zy1)N|8XdMkQU<wrC<<_@&Au$i#Vm;TcWRrIEJb-$rF$mt?*V494V?n9L!PZ^=D>jK
z3KD3nwdHLBHK>~DOB(eA*`TU|3Jx&#XN?SO=PXdF7XCF-B&8FmQcC_>latx~iq}m+
zqxsV<^$R~a3?-)F?Xv}HC1sx|zK^l+miy-Gx2DSH4P$fkR_MEi0-6{)bizK`^8wn#
zX$m%_<kJhKQocI-*>V|j!}-dNn*3M(#Zm2GXq#u?XPm;tds#*Q*9LU+fUuJT0!T55
z-|A^Qv;{u?43#&AdJ1kYXnyY_UWZ46zg))dH`}%*214Qk2_l#uGN(Sz_8Yu3=(Emy
z)lD%3_%$`qcD@T%y)%?)kAdV-;=iP(D2_ddea{f(04r)cP*h#bGW^u=)XN#q$Yb^U
z81(*Ml-WnFNKhi@%XtPMzpk;ZspY{eDfI9z^DaSuTuu62yh&A#l=x4F#-<0PX=)R3
zWzp;Yv`#7L)^9q4Pr6XfNOOR$VS8L_^OlJp^Mkfv{806>*)aZHI`7nTX2dO&Y{A$9
z!o8qs?qg<J5-YVyFzaE(eh<47Tx1)=v332>aYxEA>NR5Mk!+~n{(OJv3%5>djz|gH
z3O3WV5poFB-CIXm)^NtzvL3wY3oJBxU>C#eBl)SjgP(UDtz1&7fS@C}NyE!G%=!Z?
zT6!bfXoZINXp>^s4EYwRorkt7EFQNs#NQ9;UE2br8Wf}*W5~J@x-t#-ud0AfslBOj
zbG)<3O#AFHV0c>}@cfzr#vRDr4pgORdW>Ylh6ApLu-*a5a=fJ0GY!N2maS3I(_kQe
z((lbxjxJt%+FB=dd{f*e#OC0kxvc$p!YzT-y&tRS*Qyjr{V?t4ZJH{Hw?quT@@`s^
z;SeF5!+i4VLIqfxr;koG!7i+xDn6W1M^26n<)JPTan>(^DSLt&=)tvdVDTl;gl{vY
zd%f5B!RyP=rPmicDj#5j{(GB#wWO2z)Kf28#?S46mZ+z-QO<79q$rtiXyj6A)+f4P
RU|>L?r=tZf*bFMz{{xh$!F>P#

literal 0
HcmV?d00001

diff --git a/charts/telemetry-controller/crds/crds.yaml b/charts/telemetry-controller/crds/crds.yaml
new file mode 100644
index 00000000..8b5da13c
--- /dev/null
+++ b/charts/telemetry-controller/crds/crds.yaml
@@ -0,0 +1,24307 @@
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    controller-gen.kubebuilder.io/version: v0.14.0
+  name: collectors.telemetry.kube-logging.dev
+spec:
+  group: telemetry.kube-logging.dev
+  names:
+    categories:
+      - telemetry-all
+    kind: Collector
+    listKind: CollectorList
+    plural: collectors
+    singular: collector
+  scope: Cluster
+  versions:
+    - additionalPrinterColumns:
+        - jsonPath: .status.tenants
+          name: Tenants
+          type: string
+      name: v1alpha1
+      schema:
+        openAPIV3Schema:
+          description: Collector is the Schema for the collectors API
+          properties:
+            apiVersion:
+              description: |-
+                APIVersion defines the versioned schema of this representation of an object.
+                Servers should convert recognized schemas to the latest internal value, and
+                may reject unrecognized values.
+                More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+              type: string
+            kind:
+              description: |-
+                Kind is a string value representing the REST resource this object represents.
+                Servers may infer this from the endpoint the client submits requests to.
+                Cannot be updated.
+                In CamelCase.
+                More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+              type: string
+            metadata:
+              type: object
+            spec:
+              description: CollectorSpec defines the desired state of Collector
+              properties:
+                controlNamespace:
+                  description: Namespace where OTel collector DaemonSet
+                    is deployed
+                  type: string
+                daemonSet:
+                  description: DaemonSet is a subset of [DaemonSet in
+                    k8s.io/api/apps/v1](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.19/#daemonset-v1-apps),
+                    with [DaemonSetSpec replaced by the local variant](#daemonset-spec).
+                  properties:
+                    metadata:
+                      description: ObjectMeta contains only a [subset
+                        of the fields included in k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.19/#objectmeta-v1-meta).
+                      properties:
+                        annotations:
+                          additionalProperties:
+                            type: string
+                          type: object
+                        labels:
+                          additionalProperties:
+                            type: string
+                          type: object
+                      type: object
+                    spec:
+                      description: "[Local DaemonSet specification](#daemonset-spec)"
+                      properties:
+                        minReadySeconds:
+                          description: |-
+                            The minimum number of seconds for which a newly created DaemonSet pod should
+                            be ready without any of its container crashing, for it to be considered
+                            available. Defaults to 0 (pod will be considered available as soon as it
+                            is ready). (default: 0)
+                          format: int32
+                          type: integer
+                        revisionHistoryLimit:
+                          description: |-
+                            The number of old history to retain to allow rollback.
+                            This is a pointer to distinguish between explicit zero and not specified.
+                            Defaults to 10. (default: 10)
+                          format: int32
+                          type: integer
+                        selector:
+                          description: A label query over pods
+                            that are managed by the daemon
+                            set.
+                          properties:
+                            matchExpressions:
+                              description: matchExpressions
+                                is a list of label selector
+                                requirements. The requirements
+                                are ANDed.
+                              items:
+                                description: |-
+                                  A label selector requirement is a selector that contains values, a key, and an operator that
+                                  relates the key and values.
+                                properties:
+                                  key:
+                                    description: key
+                                      is the label
+                                      key that the
+                                      selector applies
+                                      to.
+                                    type: string
+                                  operator:
+                                    description: |-
+                                      operator represents a key's relationship to a set of values.
+                                      Valid operators are In, NotIn, Exists and DoesNotExist.
+                                    type: string
+                                  values:
+                                    description: |-
+                                      values is an array of string values. If the operator is In or NotIn,
+                                      the values array must be non-empty. If the operator is Exists or DoesNotExist,
+                                      the values array must be empty. This array is replaced during a strategic
+                                      merge patch.
+                                    items:
+                                      type: string
+                                    type: array
+                                    x-kubernetes-list-type: atomic
+                                required:
+                                  - key
+                                  - operator
+                                type: object
+                              type: array
+                              x-kubernetes-list-type: atomic
+                            matchLabels:
+                              additionalProperties:
+                                type: string
+                              description: |-
+                                matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+                                map is equivalent to an element of matchExpressions, whose key field is "key", the
+                                operator is "In", and the values array contains only "value". The requirements are ANDed.
+                              type: object
+                          type: object
+                          x-kubernetes-map-type: atomic
+                        template:
+                          description: An object that describes
+                            the pod that will be created.
+                            Note that this is a [local PodTemplateSpec](#podtemplatespec)
+                          properties:
+                            metadata:
+                              description: ObjectMeta contains
+                                only a [subset of the
+                                fields included in k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.19/#objectmeta-v1-meta).
+                              properties:
+                                annotations:
+                                  additionalProperties:
+                                    type: string
+                                  type: object
+                                labels:
+                                  additionalProperties:
+                                    type: string
+                                  type: object
+                              type: object
+                            spec:
+                              description: PodSpec is a
+                                subset of [PodSpec in
+                                k8s.io/api/corev1](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.19/#podspec-v1-core).
+                                It's the same as the original
+                                PodSpec expect it allows
+                                for containers to be missing.
+                              properties:
+                                activeDeadlineSeconds:
+                                  description: Optional
+                                    duration in seconds
+                                    the pod may be
+                                    active on the
+                                    node relative
+                                    to
+                                  format: int64
+                                  type: integer
+                                affinity:
+                                  description: If specified,
+                                    the pod's scheduling
+                                    constraints
+                                  properties:
+                                    nodeAffinity:
+                                      description: Describes
+                                        node affinity
+                                        scheduling
+                                        rules
+                                        for the
+                                        pod.
+                                      properties:
+                                        ? preferredDuringSchedulingIgnoredDuringExecution
+                                        : description: |-
+                                            The scheduler will prefer to schedule pods to nodes that satisfy
+                                            the affinity expressions specified by this field, but it may choose
+                                            a node that violates one or more of the expressions. The node that is
+                                            most preferred is the one with the greatest sum of weights, i.e.
+                                            for each node that meets all of the scheduling requirements (resource
+                                            request, requiredDuringScheduling affinity expressions, etc.),
+                                            compute a sum by iterating through the elements of this field and adding
+                                            "weight" to the sum if the node matches the corresponding matchExpressions; the
+                                            node(s) with the highest sum are the most preferred.
+                                          items:
+                                            description: |-
+                                              An empty preferred scheduling term matches all objects with implicit weight 0
+                                              (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op).
+                                            properties:
+                                              preference:
+                                                description: A
+                                                  node
+                                                  selector
+                                                  term,
+                                                  associated
+                                                  with
+                                                  the
+                                                  corresponding
+                                                  weight.
+                                                properties:
+                                                  matchExpressions:
+                                                    description: A
+                                                      list
+                                                      of
+                                                      node
+                                                      selector
+                                                      requirements
+                                                      by
+                                                      node's
+                                                      labels.
+                                                    items:
+                                                      description: |-
+                                                        A node selector requirement is a selector that contains values, a key, and an operator
+                                                        that relates the key and values.
+                                                      properties:
+                                                        key:
+                                                          description: The
+                                                            label
+                                                            key
+                                                            that
+                                                            the
+                                                            selector
+                                                            applies
+                                                            to.
+                                                          type: string
+                                                        operator:
+                                                          description: |-
+                                                            Represents a key's relationship to a set of values.
+                                                            Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
+                                                          type: string
+                                                        values:
+                                                          description: |-
+                                                            An array of string values. If the operator is In or NotIn,
+                                                            the values array must be non-empty. If the operator is Exists or DoesNotExist,
+                                                            the values array must be empty. If the operator is Gt or Lt, the values
+                                                            array must have a single element, which will be interpreted as an integer.
+                                                            This array is replaced during a strategic merge patch.
+                                                          items:
+                                                            type: string
+                                                          type: array
+                                                          x-kubernetes-list-type: atomic
+                                                      required:
+                                                        - key
+                                                        - operator
+                                                      type: object
+                                                    type: array
+                                                    x-kubernetes-list-type: atomic
+                                                  matchFields:
+                                                    description: A
+                                                      list
+                                                      of
+                                                      node
+                                                      selector
+                                                      requirements
+                                                      by
+                                                      node's
+                                                      fields.
+                                                    items:
+                                                      description: |-
+                                                        A node selector requirement is a selector that contains values, a key, and an operator
+                                                        that relates the key and values.
+                                                      properties:
+                                                        key:
+                                                          description: The
+                                                            label
+                                                            key
+                                                            that
+                                                            the
+                                                            selector
+                                                            applies
+                                                            to.
+                                                          type: string
+                                                        operator:
+                                                          description: |-
+                                                            Represents a key's relationship to a set of values.
+                                                            Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
+                                                          type: string
+                                                        values:
+                                                          description: |-
+                                                            An array of string values. If the operator is In or NotIn,
+                                                            the values array must be non-empty. If the operator is Exists or DoesNotExist,
+                                                            the values array must be empty. If the operator is Gt or Lt, the values
+                                                            array must have a single element, which will be interpreted as an integer.
+                                                            This array is replaced during a strategic merge patch.
+                                                          items:
+                                                            type: string
+                                                          type: array
+                                                          x-kubernetes-list-type: atomic
+                                                      required:
+                                                        - key
+                                                        - operator
+                                                      type: object
+                                                    type: array
+                                                    x-kubernetes-list-type: atomic
+                                                type: object
+                                                x-kubernetes-map-type: atomic
+                                              weight:
+                                                description: Weight
+                                                  associated
+                                                  with
+                                                  matching
+                                                  the
+                                                  corresponding
+                                                  nodeSelectorTerm,
+                                                  in
+                                                  the
+                                                  range
+                                                  1-100.
+                                                format: int32
+                                                type: integer
+                                            required:
+                                              - preference
+                                              - weight
+                                            type: object
+                                          type: array
+                                          x-kubernetes-list-type: atomic
+                                        ? requiredDuringSchedulingIgnoredDuringExecution
+                                        : description: |-
+                                            If the affinity requirements specified by this field are not met at
+                                            scheduling time, the pod will not be scheduled onto the node.
+                                            If the affinity requirements specified by this field cease to be met
+                                            at some point during pod execution (e.g. due to an update), the system
+                                            may or may not try to eventually evict the pod from its node.
+                                          properties:
+                                            nodeSelectorTerms:
+                                              description: Required.
+                                                A
+                                                list
+                                                of
+                                                node
+                                                selector
+                                                terms.
+                                                The
+                                                terms
+                                                are
+                                                ORed.
+                                              items:
+                                                description: |-
+                                                  A null or empty node selector term matches no objects. The requirements of
+                                                  them are ANDed.
+                                                  The TopologySelectorTerm type implements a subset of the NodeSelectorTerm.
+                                                properties:
+                                                  matchExpressions:
+                                                    description: A
+                                                      list
+                                                      of
+                                                      node
+                                                      selector
+                                                      requirements
+                                                      by
+                                                      node's
+                                                      labels.
+                                                    items:
+                                                      description: |-
+                                                        A node selector requirement is a selector that contains values, a key, and an operator
+                                                        that relates the key and values.
+                                                      properties:
+                                                        key:
+                                                          description: The
+                                                            label
+                                                            key
+                                                            that
+                                                            the
+                                                            selector
+                                                            applies
+                                                            to.
+                                                          type: string
+                                                        operator:
+                                                          description: |-
+                                                            Represents a key's relationship to a set of values.
+                                                            Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
+                                                          type: string
+                                                        values:
+                                                          description: |-
+                                                            An array of string values. If the operator is In or NotIn,
+                                                            the values array must be non-empty. If the operator is Exists or DoesNotExist,
+                                                            the values array must be empty. If the operator is Gt or Lt, the values
+                                                            array must have a single element, which will be interpreted as an integer.
+                                                            This array is replaced during a strategic merge patch.
+                                                          items:
+                                                            type: string
+                                                          type: array
+                                                          x-kubernetes-list-type: atomic
+                                                      required:
+                                                        - key
+                                                        - operator
+                                                      type: object
+                                                    type: array
+                                                    x-kubernetes-list-type: atomic
+                                                  matchFields:
+                                                    description: A
+                                                      list
+                                                      of
+                                                      node
+                                                      selector
+                                                      requirements
+                                                      by
+                                                      node's
+                                                      fields.
+                                                    items:
+                                                      description: |-
+                                                        A node selector requirement is a selector that contains values, a key, and an operator
+                                                        that relates the key and values.
+                                                      properties:
+                                                        key:
+                                                          description: The
+                                                            label
+                                                            key
+                                                            that
+                                                            the
+                                                            selector
+                                                            applies
+                                                            to.
+                                                          type: string
+                                                        operator:
+                                                          description: |-
+                                                            Represents a key's relationship to a set of values.
+                                                            Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
+                                                          type: string
+                                                        values:
+                                                          description: |-
+                                                            An array of string values. If the operator is In or NotIn,
+                                                            the values array must be non-empty. If the operator is Exists or DoesNotExist,
+                                                            the values array must be empty. If the operator is Gt or Lt, the values
+                                                            array must have a single element, which will be interpreted as an integer.
+                                                            This array is replaced during a strategic merge patch.
+                                                          items:
+                                                            type: string
+                                                          type: array
+                                                          x-kubernetes-list-type: atomic
+                                                      required:
+                                                        - key
+                                                        - operator
+                                                      type: object
+                                                    type: array
+                                                    x-kubernetes-list-type: atomic
+                                                type: object
+                                                x-kubernetes-map-type: atomic
+                                              type: array
+                                              x-kubernetes-list-type: atomic
+                                          required:
+                                            - nodeSelectorTerms
+                                          type: object
+                                          x-kubernetes-map-type: atomic
+                                      type: object
+                                    podAffinity:
+                                      description: Describes
+                                        pod affinity
+                                        scheduling
+                                        rules
+                                        (e.g.
+                                        co-locate
+                                        this pod
+                                        in the
+                                        same node,
+                                        zone,
+                                        etc. as
+                                        some other
+                                        pod(s)).
+                                      properties:
+                                        ? preferredDuringSchedulingIgnoredDuringExecution
+                                        : description: |-
+                                            The scheduler will prefer to schedule pods to nodes that satisfy
+                                            the affinity expressions specified by this field, but it may choose
+                                            a node that violates one or more of the expressions. The node that is
+                                            most preferred is the one with the greatest sum of weights, i.e.
+                                            for each node that meets all of the scheduling requirements (resource
+                                            request, requiredDuringScheduling affinity expressions, etc.),
+                                            compute a sum by iterating through the elements of this field and adding
+                                            "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the
+                                            node(s) with the highest sum are the most preferred.
+                                          items:
+                                            description: The
+                                              weights
+                                              of
+                                              all
+                                              of
+                                              the
+                                              matched
+                                              WeightedPodAffinityTerm
+                                              fields
+                                              are
+                                              added
+                                              per-node
+                                              to
+                                              find
+                                              the
+                                              most
+                                              preferred
+                                              node(s)
+                                            properties:
+                                              podAffinityTerm:
+                                                description: Required.
+                                                  A
+                                                  pod
+                                                  affinity
+                                                  term,
+                                                  associated
+                                                  with
+                                                  the
+                                                  corresponding
+                                                  weight.
+                                                properties:
+                                                  labelSelector:
+                                                    description: |-
+                                                      A label query over a set of resources, in this case pods.
+                                                      If it's null, this PodAffinityTerm matches with no Pods.
+                                                    properties:
+                                                      matchExpressions:
+                                                        description:
+                                                          matchExpressions
+                                                          is
+                                                          a
+                                                          list
+                                                          of
+                                                          label
+                                                          selector
+                                                          requirements.
+                                                          The
+                                                          requirements
+                                                          are
+                                                          ANDed.
+                                                        items:
+                                                          description: |-
+                                                            A label selector requirement is a selector that contains values, a key, and an operator that
+                                                            relates the key and values.
+                                                          properties:
+                                                            key:
+                                                              description: key
+                                                                is
+                                                                the
+                                                                label
+                                                                key
+                                                                that
+                                                                the
+                                                                selector
+                                                                applies
+                                                                to.
+                                                              type: string
+                                                            operator:
+                                                              description: |-
+                                                                operator represents a key's relationship to a set of values.
+                                                                Valid operators are In, NotIn, Exists and DoesNotExist.
+                                                              type: string
+                                                            values:
+                                                              description: |-
+                                                                values is an array of string values. If the operator is In or NotIn,
+                                                                the values array must be non-empty. If the operator is Exists or DoesNotExist,
+                                                                the values array must be empty. This array is replaced during a strategic
+                                                                merge patch.
+                                                              items:
+                                                                type: string
+                                                              type: array
+                                                              x-kubernetes-list-type: atomic
+                                                          required:
+                                                            - key
+                                                            - operator
+                                                          type: object
+                                                        type: array
+                                                        x-kubernetes-list-type: atomic
+                                                      matchLabels:
+                                                        additionalProperties:
+                                                          type: string
+                                                        description: |-
+                                                          matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+                                                          map is equivalent to an element of matchExpressions, whose key field is "key", the
+                                                          operator is "In", and the values array contains only "value". The requirements are ANDed.
+                                                        type: object
+                                                    type: object
+                                                    x-kubernetes-map-type: atomic
+                                                  matchLabelKeys:
+                                                    description: |-
+                                                      MatchLabelKeys is a set of pod label keys to select which pods will
+                                                      be taken into consideration. The keys are used to lookup values from the
+                                                      incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`
+                                                      to select the group of existing pods which pods will be taken into consideration
+                                                      for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
+                                                      pod labels will be ignored. The default value is empty.
+                                                      The same key is forbidden to exist in both matchLabelKeys and labelSelector.
+                                                      Also, matchLabelKeys cannot be set when labelSelector isn't set.
+                                                      This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+                                                    items:
+                                                      type: string
+                                                    type: array
+                                                    x-kubernetes-list-type: atomic
+                                                  mismatchLabelKeys:
+                                                    description: |-
+                                                      MismatchLabelKeys is a set of pod label keys to select which pods will
+                                                      be taken into consideration. The keys are used to lookup values from the
+                                                      incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`
+                                                      to select the group of existing pods which pods will be taken into consideration
+                                                      for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
+                                                      pod labels will be ignored. The default value is empty.
+                                                      The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.
+                                                      Also, mismatchLabelKeys cannot be set when labelSelector isn't set.
+                                                      This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+                                                    items:
+                                                      type: string
+                                                    type: array
+                                                    x-kubernetes-list-type: atomic
+                                                  namespaceSelector:
+                                                    description: |-
+                                                      A label query over the set of namespaces that the term applies to.
+                                                      The term is applied to the union of the namespaces selected by this field
+                                                      and the ones listed in the namespaces field.
+                                                      null selector and null or empty namespaces list means "this pod's namespace".
+                                                      An empty selector ({}) matches all namespaces.
+                                                    properties:
+                                                      matchExpressions:
+                                                        description:
+                                                          matchExpressions
+                                                          is
+                                                          a
+                                                          list
+                                                          of
+                                                          label
+                                                          selector
+                                                          requirements.
+                                                          The
+                                                          requirements
+                                                          are
+                                                          ANDed.
+                                                        items:
+                                                          description: |-
+                                                            A label selector requirement is a selector that contains values, a key, and an operator that
+                                                            relates the key and values.
+                                                          properties:
+                                                            key:
+                                                              description: key
+                                                                is
+                                                                the
+                                                                label
+                                                                key
+                                                                that
+                                                                the
+                                                                selector
+                                                                applies
+                                                                to.
+                                                              type: string
+                                                            operator:
+                                                              description: |-
+                                                                operator represents a key's relationship to a set of values.
+                                                                Valid operators are In, NotIn, Exists and DoesNotExist.
+                                                              type: string
+                                                            values:
+                                                              description: |-
+                                                                values is an array of string values. If the operator is In or NotIn,
+                                                                the values array must be non-empty. If the operator is Exists or DoesNotExist,
+                                                                the values array must be empty. This array is replaced during a strategic
+                                                                merge patch.
+                                                              items:
+                                                                type: string
+                                                              type: array
+                                                              x-kubernetes-list-type: atomic
+                                                          required:
+                                                            - key
+                                                            - operator
+                                                          type: object
+                                                        type: array
+                                                        x-kubernetes-list-type: atomic
+                                                      matchLabels:
+                                                        additionalProperties:
+                                                          type: string
+                                                        description: |-
+                                                          matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+                                                          map is equivalent to an element of matchExpressions, whose key field is "key", the
+                                                          operator is "In", and the values array contains only "value". The requirements are ANDed.
+                                                        type: object
+                                                    type: object
+                                                    x-kubernetes-map-type: atomic
+                                                  namespaces:
+                                                    description: |-
+                                                      namespaces specifies a static list of namespace names that the term applies to.
+                                                      The term is applied to the union of the namespaces listed in this field
+                                                      and the ones selected by namespaceSelector.
+                                                      null or empty namespaces list and null namespaceSelector means "this pod's namespace".
+                                                    items:
+                                                      type: string
+                                                    type: array
+                                                    x-kubernetes-list-type: atomic
+                                                  topologyKey:
+                                                    description: |-
+                                                      This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching
+                                                      the labelSelector in the specified namespaces, where co-located is defined as running on a node
+                                                      whose value of the label with key topologyKey matches that of any node on which any of the
+                                                      selected pods is running.
+                                                      Empty topologyKey is not allowed.
+                                                    type: string
+                                                required:
+                                                  - topologyKey
+                                                type: object
+                                              weight:
+                                                description: |-
+                                                  weight associated with matching the corresponding podAffinityTerm,
+                                                  in the range 1-100.
+                                                format: int32
+                                                type: integer
+                                            required:
+                                              - podAffinityTerm
+                                              - weight
+                                            type: object
+                                          type: array
+                                          x-kubernetes-list-type: atomic
+                                        ? requiredDuringSchedulingIgnoredDuringExecution
+                                        : description: |-
+                                            If the affinity requirements specified by this field are not met at
+                                            scheduling time, the pod will not be scheduled onto the node.
+                                            If the affinity requirements specified by this field cease to be met
+                                            at some point during pod execution (e.g. due to a pod label update), the
+                                            system may or may not try to eventually evict the pod from its node.
+                                            When there are multiple elements, the lists of nodes corresponding to each
+                                            podAffinityTerm are intersected, i.e. all terms must be satisfied.
+                                          items:
+                                            description: |-
+                                              Defines a set of pods (namely those matching the labelSelector
+                                              relative to the given namespace(s)) that this pod should be
+                                              co-located (affinity) or not co-located (anti-affinity) with,
+                                              where co-located is defined as running on a node whose value of
+                                              the label with key <topologyKey> matches that of any node on which
+                                              a pod of the set of pods is running
+                                            properties:
+                                              labelSelector:
+                                                description: |-
+                                                  A label query over a set of resources, in this case pods.
+                                                  If it's null, this PodAffinityTerm matches with no Pods.
+                                                properties:
+                                                  matchExpressions:
+                                                    description:
+                                                      matchExpressions
+                                                      is
+                                                      a
+                                                      list
+                                                      of
+                                                      label
+                                                      selector
+                                                      requirements.
+                                                      The
+                                                      requirements
+                                                      are
+                                                      ANDed.
+                                                    items:
+                                                      description: |-
+                                                        A label selector requirement is a selector that contains values, a key, and an operator that
+                                                        relates the key and values.
+                                                      properties:
+                                                        key:
+                                                          description: key
+                                                            is
+                                                            the
+                                                            label
+                                                            key
+                                                            that
+                                                            the
+                                                            selector
+                                                            applies
+                                                            to.
+                                                          type: string
+                                                        operator:
+                                                          description: |-
+                                                            operator represents a key's relationship to a set of values.
+                                                            Valid operators are In, NotIn, Exists and DoesNotExist.
+                                                          type: string
+                                                        values:
+                                                          description: |-
+                                                            values is an array of string values. If the operator is In or NotIn,
+                                                            the values array must be non-empty. If the operator is Exists or DoesNotExist,
+                                                            the values array must be empty. This array is replaced during a strategic
+                                                            merge patch.
+                                                          items:
+                                                            type: string
+                                                          type: array
+                                                          x-kubernetes-list-type: atomic
+                                                      required:
+                                                        - key
+                                                        - operator
+                                                      type: object
+                                                    type: array
+                                                    x-kubernetes-list-type: atomic
+                                                  matchLabels:
+                                                    additionalProperties:
+                                                      type: string
+                                                    description: |-
+                                                      matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+                                                      map is equivalent to an element of matchExpressions, whose key field is "key", the
+                                                      operator is "In", and the values array contains only "value". The requirements are ANDed.
+                                                    type: object
+                                                type: object
+                                                x-kubernetes-map-type: atomic
+                                              matchLabelKeys:
+                                                description: |-
+                                                  MatchLabelKeys is a set of pod label keys to select which pods will
+                                                  be taken into consideration. The keys are used to lookup values from the
+                                                  incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`
+                                                  to select the group of existing pods which pods will be taken into consideration
+                                                  for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
+                                                  pod labels will be ignored. The default value is empty.
+                                                  The same key is forbidden to exist in both matchLabelKeys and labelSelector.
+                                                  Also, matchLabelKeys cannot be set when labelSelector isn't set.
+                                                  This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+                                                items:
+                                                  type: string
+                                                type: array
+                                                x-kubernetes-list-type: atomic
+                                              mismatchLabelKeys:
+                                                description: |-
+                                                  MismatchLabelKeys is a set of pod label keys to select which pods will
+                                                  be taken into consideration. The keys are used to lookup values from the
+                                                  incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`
+                                                  to select the group of existing pods which pods will be taken into consideration
+                                                  for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
+                                                  pod labels will be ignored. The default value is empty.
+                                                  The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.
+                                                  Also, mismatchLabelKeys cannot be set when labelSelector isn't set.
+                                                  This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+                                                items:
+                                                  type: string
+                                                type: array
+                                                x-kubernetes-list-type: atomic
+                                              namespaceSelector:
+                                                description: |-
+                                                  A label query over the set of namespaces that the term applies to.
+                                                  The term is applied to the union of the namespaces selected by this field
+                                                  and the ones listed in the namespaces field.
+                                                  null selector and null or empty namespaces list means "this pod's namespace".
+                                                  An empty selector ({}) matches all namespaces.
+                                                properties:
+                                                  matchExpressions:
+                                                    description:
+                                                      matchExpressions
+                                                      is
+                                                      a
+                                                      list
+                                                      of
+                                                      label
+                                                      selector
+                                                      requirements.
+                                                      The
+                                                      requirements
+                                                      are
+                                                      ANDed.
+                                                    items:
+                                                      description: |-
+                                                        A label selector requirement is a selector that contains values, a key, and an operator that
+                                                        relates the key and values.
+                                                      properties:
+                                                        key:
+                                                          description: key
+                                                            is
+                                                            the
+                                                            label
+                                                            key
+                                                            that
+                                                            the
+                                                            selector
+                                                            applies
+                                                            to.
+                                                          type: string
+                                                        operator:
+                                                          description: |-
+                                                            operator represents a key's relationship to a set of values.
+                                                            Valid operators are In, NotIn, Exists and DoesNotExist.
+                                                          type: string
+                                                        values:
+                                                          description: |-
+                                                            values is an array of string values. If the operator is In or NotIn,
+                                                            the values array must be non-empty. If the operator is Exists or DoesNotExist,
+                                                            the values array must be empty. This array is replaced during a strategic
+                                                            merge patch.
+                                                          items:
+                                                            type: string
+                                                          type: array
+                                                          x-kubernetes-list-type: atomic
+                                                      required:
+                                                        - key
+                                                        - operator
+                                                      type: object
+                                                    type: array
+                                                    x-kubernetes-list-type: atomic
+                                                  matchLabels:
+                                                    additionalProperties:
+                                                      type: string
+                                                    description: |-
+                                                      matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+                                                      map is equivalent to an element of matchExpressions, whose key field is "key", the
+                                                      operator is "In", and the values array contains only "value". The requirements are ANDed.
+                                                    type: object
+                                                type: object
+                                                x-kubernetes-map-type: atomic
+                                              namespaces:
+                                                description: |-
+                                                  namespaces specifies a static list of namespace names that the term applies to.
+                                                  The term is applied to the union of the namespaces listed in this field
+                                                  and the ones selected by namespaceSelector.
+                                                  null or empty namespaces list and null namespaceSelector means "this pod's namespace".
+                                                items:
+                                                  type: string
+                                                type: array
+                                                x-kubernetes-list-type: atomic
+                                              topologyKey:
+                                                description: |-
+                                                  This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching
+                                                  the labelSelector in the specified namespaces, where co-located is defined as running on a node
+                                                  whose value of the label with key topologyKey matches that of any node on which any of the
+                                                  selected pods is running.
+                                                  Empty topologyKey is not allowed.
+                                                type: string
+                                            required:
+                                              - topologyKey
+                                            type: object
+                                          type: array
+                                          x-kubernetes-list-type: atomic
+                                      type: object
+                                    podAntiAffinity:
+                                      description: Describes
+                                        pod anti-affinity
+                                        scheduling
+                                        rules
+                                        (e.g.
+                                        avoid
+                                        putting
+                                        this pod
+                                        in the
+                                        same node,
+                                        zone,
+                                        etc. as
+                                        some other
+                                        pod(s)).
+                                      properties:
+                                        ? preferredDuringSchedulingIgnoredDuringExecution
+                                        : description: |-
+                                            The scheduler will prefer to schedule pods to nodes that satisfy
+                                            the anti-affinity expressions specified by this field, but it may choose
+                                            a node that violates one or more of the expressions. The node that is
+                                            most preferred is the one with the greatest sum of weights, i.e.
+                                            for each node that meets all of the scheduling requirements (resource
+                                            request, requiredDuringScheduling anti-affinity expressions, etc.),
+                                            compute a sum by iterating through the elements of this field and adding
+                                            "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the
+                                            node(s) with the highest sum are the most preferred.
+                                          items:
+                                            description: The
+                                              weights
+                                              of
+                                              all
+                                              of
+                                              the
+                                              matched
+                                              WeightedPodAffinityTerm
+                                              fields
+                                              are
+                                              added
+                                              per-node
+                                              to
+                                              find
+                                              the
+                                              most
+                                              preferred
+                                              node(s)
+                                            properties:
+                                              podAffinityTerm:
+                                                description: Required.
+                                                  A
+                                                  pod
+                                                  affinity
+                                                  term,
+                                                  associated
+                                                  with
+                                                  the
+                                                  corresponding
+                                                  weight.
+                                                properties:
+                                                  labelSelector:
+                                                    description: |-
+                                                      A label query over a set of resources, in this case pods.
+                                                      If it's null, this PodAffinityTerm matches with no Pods.
+                                                    properties:
+                                                      matchExpressions:
+                                                        description:
+                                                          matchExpressions
+                                                          is
+                                                          a
+                                                          list
+                                                          of
+                                                          label
+                                                          selector
+                                                          requirements.
+                                                          The
+                                                          requirements
+                                                          are
+                                                          ANDed.
+                                                        items:
+                                                          description: |-
+                                                            A label selector requirement is a selector that contains values, a key, and an operator that
+                                                            relates the key and values.
+                                                          properties:
+                                                            key:
+                                                              description: key
+                                                                is
+                                                                the
+                                                                label
+                                                                key
+                                                                that
+                                                                the
+                                                                selector
+                                                                applies
+                                                                to.
+                                                              type: string
+                                                            operator:
+                                                              description: |-
+                                                                operator represents a key's relationship to a set of values.
+                                                                Valid operators are In, NotIn, Exists and DoesNotExist.
+                                                              type: string
+                                                            values:
+                                                              description: |-
+                                                                values is an array of string values. If the operator is In or NotIn,
+                                                                the values array must be non-empty. If the operator is Exists or DoesNotExist,
+                                                                the values array must be empty. This array is replaced during a strategic
+                                                                merge patch.
+                                                              items:
+                                                                type: string
+                                                              type: array
+                                                              x-kubernetes-list-type: atomic
+                                                          required:
+                                                            - key
+                                                            - operator
+                                                          type: object
+                                                        type: array
+                                                        x-kubernetes-list-type: atomic
+                                                      matchLabels:
+                                                        additionalProperties:
+                                                          type: string
+                                                        description: |-
+                                                          matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+                                                          map is equivalent to an element of matchExpressions, whose key field is "key", the
+                                                          operator is "In", and the values array contains only "value". The requirements are ANDed.
+                                                        type: object
+                                                    type: object
+                                                    x-kubernetes-map-type: atomic
+                                                  matchLabelKeys:
+                                                    description: |-
+                                                      MatchLabelKeys is a set of pod label keys to select which pods will
+                                                      be taken into consideration. The keys are used to lookup values from the
+                                                      incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`
+                                                      to select the group of existing pods which pods will be taken into consideration
+                                                      for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
+                                                      pod labels will be ignored. The default value is empty.
+                                                      The same key is forbidden to exist in both matchLabelKeys and labelSelector.
+                                                      Also, matchLabelKeys cannot be set when labelSelector isn't set.
+                                                      This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+                                                    items:
+                                                      type: string
+                                                    type: array
+                                                    x-kubernetes-list-type: atomic
+                                                  mismatchLabelKeys:
+                                                    description: |-
+                                                      MismatchLabelKeys is a set of pod label keys to select which pods will
+                                                      be taken into consideration. The keys are used to lookup values from the
+                                                      incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`
+                                                      to select the group of existing pods which pods will be taken into consideration
+                                                      for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
+                                                      pod labels will be ignored. The default value is empty.
+                                                      The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.
+                                                      Also, mismatchLabelKeys cannot be set when labelSelector isn't set.
+                                                      This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+                                                    items:
+                                                      type: string
+                                                    type: array
+                                                    x-kubernetes-list-type: atomic
+                                                  namespaceSelector:
+                                                    description: |-
+                                                      A label query over the set of namespaces that the term applies to.
+                                                      The term is applied to the union of the namespaces selected by this field
+                                                      and the ones listed in the namespaces field.
+                                                      null selector and null or empty namespaces list means "this pod's namespace".
+                                                      An empty selector ({}) matches all namespaces.
+                                                    properties:
+                                                      matchExpressions:
+                                                        description:
+                                                          matchExpressions
+                                                          is
+                                                          a
+                                                          list
+                                                          of
+                                                          label
+                                                          selector
+                                                          requirements.
+                                                          The
+                                                          requirements
+                                                          are
+                                                          ANDed.
+                                                        items:
+                                                          description: |-
+                                                            A label selector requirement is a selector that contains values, a key, and an operator that
+                                                            relates the key and values.
+                                                          properties:
+                                                            key:
+                                                              description: key
+                                                                is
+                                                                the
+                                                                label
+                                                                key
+                                                                that
+                                                                the
+                                                                selector
+                                                                applies
+                                                                to.
+                                                              type: string
+                                                            operator:
+                                                              description: |-
+                                                                operator represents a key's relationship to a set of values.
+                                                                Valid operators are In, NotIn, Exists and DoesNotExist.
+                                                              type: string
+                                                            values:
+                                                              description: |-
+                                                                values is an array of string values. If the operator is In or NotIn,
+                                                                the values array must be non-empty. If the operator is Exists or DoesNotExist,
+                                                                the values array must be empty. This array is replaced during a strategic
+                                                                merge patch.
+                                                              items:
+                                                                type: string
+                                                              type: array
+                                                              x-kubernetes-list-type: atomic
+                                                          required:
+                                                            - key
+                                                            - operator
+                                                          type: object
+                                                        type: array
+                                                        x-kubernetes-list-type: atomic
+                                                      matchLabels:
+                                                        additionalProperties:
+                                                          type: string
+                                                        description: |-
+                                                          matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+                                                          map is equivalent to an element of matchExpressions, whose key field is "key", the
+                                                          operator is "In", and the values array contains only "value". The requirements are ANDed.
+                                                        type: object
+                                                    type: object
+                                                    x-kubernetes-map-type: atomic
+                                                  namespaces:
+                                                    description: |-
+                                                      namespaces specifies a static list of namespace names that the term applies to.
+                                                      The term is applied to the union of the namespaces listed in this field
+                                                      and the ones selected by namespaceSelector.
+                                                      null or empty namespaces list and null namespaceSelector means "this pod's namespace".
+                                                    items:
+                                                      type: string
+                                                    type: array
+                                                    x-kubernetes-list-type: atomic
+                                                  topologyKey:
+                                                    description: |-
+                                                      This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching
+                                                      the labelSelector in the specified namespaces, where co-located is defined as running on a node
+                                                      whose value of the label with key topologyKey matches that of any node on which any of the
+                                                      selected pods is running.
+                                                      Empty topologyKey is not allowed.
+                                                    type: string
+                                                required:
+                                                  - topologyKey
+                                                type: object
+                                              weight:
+                                                description: |-
+                                                  weight associated with matching the corresponding podAffinityTerm,
+                                                  in the range 1-100.
+                                                format: int32
+                                                type: integer
+                                            required:
+                                              - podAffinityTerm
+                                              - weight
+                                            type: object
+                                          type: array
+                                          x-kubernetes-list-type: atomic
+                                        ? requiredDuringSchedulingIgnoredDuringExecution
+                                        : description: |-
+                                            If the anti-affinity requirements specified by this field are not met at
+                                            scheduling time, the pod will not be scheduled onto the node.
+                                            If the anti-affinity requirements specified by this field cease to be met
+                                            at some point during pod execution (e.g. due to a pod label update), the
+                                            system may or may not try to eventually evict the pod from its node.
+                                            When there are multiple elements, the lists of nodes corresponding to each
+                                            podAffinityTerm are intersected, i.e. all terms must be satisfied.
+                                          items:
+                                            description: |-
+                                              Defines a set of pods (namely those matching the labelSelector
+                                              relative to the given namespace(s)) that this pod should be
+                                              co-located (affinity) or not co-located (anti-affinity) with,
+                                              where co-located is defined as running on a node whose value of
+                                              the label with key <topologyKey> matches that of any node on which
+                                              a pod of the set of pods is running
+                                            properties:
+                                              labelSelector:
+                                                description: |-
+                                                  A label query over a set of resources, in this case pods.
+                                                  If it's null, this PodAffinityTerm matches with no Pods.
+                                                properties:
+                                                  matchExpressions:
+                                                    description:
+                                                      matchExpressions
+                                                      is
+                                                      a
+                                                      list
+                                                      of
+                                                      label
+                                                      selector
+                                                      requirements.
+                                                      The
+                                                      requirements
+                                                      are
+                                                      ANDed.
+                                                    items:
+                                                      description: |-
+                                                        A label selector requirement is a selector that contains values, a key, and an operator that
+                                                        relates the key and values.
+                                                      properties:
+                                                        key:
+                                                          description: key
+                                                            is
+                                                            the
+                                                            label
+                                                            key
+                                                            that
+                                                            the
+                                                            selector
+                                                            applies
+                                                            to.
+                                                          type: string
+                                                        operator:
+                                                          description: |-
+                                                            operator represents a key's relationship to a set of values.
+                                                            Valid operators are In, NotIn, Exists and DoesNotExist.
+                                                          type: string
+                                                        values:
+                                                          description: |-
+                                                            values is an array of string values. If the operator is In or NotIn,
+                                                            the values array must be non-empty. If the operator is Exists or DoesNotExist,
+                                                            the values array must be empty. This array is replaced during a strategic
+                                                            merge patch.
+                                                          items:
+                                                            type: string
+                                                          type: array
+                                                          x-kubernetes-list-type: atomic
+                                                      required:
+                                                        - key
+                                                        - operator
+                                                      type: object
+                                                    type: array
+                                                    x-kubernetes-list-type: atomic
+                                                  matchLabels:
+                                                    additionalProperties:
+                                                      type: string
+                                                    description: |-
+                                                      matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+                                                      map is equivalent to an element of matchExpressions, whose key field is "key", the
+                                                      operator is "In", and the values array contains only "value". The requirements are ANDed.
+                                                    type: object
+                                                type: object
+                                                x-kubernetes-map-type: atomic
+                                              matchLabelKeys:
+                                                description: |-
+                                                  MatchLabelKeys is a set of pod label keys to select which pods will
+                                                  be taken into consideration. The keys are used to lookup values from the
+                                                  incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`
+                                                  to select the group of existing pods which pods will be taken into consideration
+                                                  for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
+                                                  pod labels will be ignored. The default value is empty.
+                                                  The same key is forbidden to exist in both matchLabelKeys and labelSelector.
+                                                  Also, matchLabelKeys cannot be set when labelSelector isn't set.
+                                                  This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+                                                items:
+                                                  type: string
+                                                type: array
+                                                x-kubernetes-list-type: atomic
+                                              mismatchLabelKeys:
+                                                description: |-
+                                                  MismatchLabelKeys is a set of pod label keys to select which pods will
+                                                  be taken into consideration. The keys are used to lookup values from the
+                                                  incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`
+                                                  to select the group of existing pods which pods will be taken into consideration
+                                                  for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
+                                                  pod labels will be ignored. The default value is empty.
+                                                  The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.
+                                                  Also, mismatchLabelKeys cannot be set when labelSelector isn't set.
+                                                  This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+                                                items:
+                                                  type: string
+                                                type: array
+                                                x-kubernetes-list-type: atomic
+                                              namespaceSelector:
+                                                description: |-
+                                                  A label query over the set of namespaces that the term applies to.
+                                                  The term is applied to the union of the namespaces selected by this field
+                                                  and the ones listed in the namespaces field.
+                                                  null selector and null or empty namespaces list means "this pod's namespace".
+                                                  An empty selector ({}) matches all namespaces.
+                                                properties:
+                                                  matchExpressions:
+                                                    description:
+                                                      matchExpressions
+                                                      is
+                                                      a
+                                                      list
+                                                      of
+                                                      label
+                                                      selector
+                                                      requirements.
+                                                      The
+                                                      requirements
+                                                      are
+                                                      ANDed.
+                                                    items:
+                                                      description: |-
+                                                        A label selector requirement is a selector that contains values, a key, and an operator that
+                                                        relates the key and values.
+                                                      properties:
+                                                        key:
+                                                          description: key
+                                                            is
+                                                            the
+                                                            label
+                                                            key
+                                                            that
+                                                            the
+                                                            selector
+                                                            applies
+                                                            to.
+                                                          type: string
+                                                        operator:
+                                                          description: |-
+                                                            operator represents a key's relationship to a set of values.
+                                                            Valid operators are In, NotIn, Exists and DoesNotExist.
+                                                          type: string
+                                                        values:
+                                                          description: |-
+                                                            values is an array of string values. If the operator is In or NotIn,
+                                                            the values array must be non-empty. If the operator is Exists or DoesNotExist,
+                                                            the values array must be empty. This array is replaced during a strategic
+                                                            merge patch.
+                                                          items:
+                                                            type: string
+                                                          type: array
+                                                          x-kubernetes-list-type: atomic
+                                                      required:
+                                                        - key
+                                                        - operator
+                                                      type: object
+                                                    type: array
+                                                    x-kubernetes-list-type: atomic
+                                                  matchLabels:
+                                                    additionalProperties:
+                                                      type: string
+                                                    description: |-
+                                                      matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+                                                      map is equivalent to an element of matchExpressions, whose key field is "key", the
+                                                      operator is "In", and the values array contains only "value". The requirements are ANDed.
+                                                    type: object
+                                                type: object
+                                                x-kubernetes-map-type: atomic
+                                              namespaces:
+                                                description: |-
+                                                  namespaces specifies a static list of namespace names that the term applies to.
+                                                  The term is applied to the union of the namespaces listed in this field
+                                                  and the ones selected by namespaceSelector.
+                                                  null or empty namespaces list and null namespaceSelector means "this pod's namespace".
+                                                items:
+                                                  type: string
+                                                type: array
+                                                x-kubernetes-list-type: atomic
+                                              topologyKey:
+                                                description: |-
+                                                  This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching
+                                                  the labelSelector in the specified namespaces, where co-located is defined as running on a node
+                                                  whose value of the label with key topologyKey matches that of any node on which any of the
+                                                  selected pods is running.
+                                                  Empty topologyKey is not allowed.
+                                                type: string
+                                            required:
+                                              - topologyKey
+                                            type: object
+                                          type: array
+                                          x-kubernetes-list-type: atomic
+                                      type: object
+                                  type: object
+                                automountServiceAccountToken:
+                                  description: AutomountServiceAccountToken
+                                    indicates whether
+                                    a service account
+                                    token should be
+                                    automatically
+                                    mounted.
+                                  type: boolean
+                                containers:
+                                  description: List
+                                    of containers
+                                    belonging to the
+                                    pod.
+                                  items:
+                                    description: A
+                                      single application
+                                      container
+                                      that you want
+                                      to run within
+                                      a pod.
+                                    properties:
+                                      args:
+                                        description: |-
+                                          Arguments to the entrypoint.
+                                          The container image's CMD is used if this is not provided.
+                                          Variable references $(VAR_NAME) are expanded using the container's environment. If a variable
+                                          cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced
+                                          to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will
+                                          produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless
+                                          of whether the variable exists or not. Cannot be updated.
+                                          More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell
+                                        items:
+                                          type: string
+                                        type: array
+                                        x-kubernetes-list-type: atomic
+                                      command:
+                                        description: |-
+                                          Entrypoint array. Not executed within a shell.
+                                          The container image's ENTRYPOINT is used if this is not provided.
+                                          Variable references $(VAR_NAME) are expanded using the container's environment. If a variable
+                                          cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced
+                                          to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will
+                                          produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless
+                                          of whether the variable exists or not. Cannot be updated.
+                                          More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell
+                                        items:
+                                          type: string
+                                        type: array
+                                        x-kubernetes-list-type: atomic
+                                      env:
+                                        description: |-
+                                          List of environment variables to set in the container.
+                                          Cannot be updated.
+                                        items:
+                                          description: EnvVar
+                                            represents
+                                            an
+                                            environment
+                                            variable
+                                            present
+                                            in
+                                            a
+                                            Container.
+                                          properties:
+                                            name:
+                                              description: Name
+                                                of
+                                                the
+                                                environment
+                                                variable.
+                                                Must
+                                                be
+                                                a
+                                                C_IDENTIFIER.
+                                              type: string
+                                            value:
+                                              description: |-
+                                                Variable references $(VAR_NAME) are expanded
+                                                using the previously defined environment variables in the container and
+                                                any service environment variables. If a variable cannot be resolved,
+                                                the reference in the input string will be unchanged. Double $$ are reduced
+                                                to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e.
+                                                "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)".
+                                                Escaped references will never be expanded, regardless of whether the variable
+                                                exists or not.
+                                                Defaults to "".
+                                              type: string
+                                            valueFrom:
+                                              description: Source
+                                                for
+                                                the
+                                                environment
+                                                variable's
+                                                value.
+                                                Cannot
+                                                be
+                                                used
+                                                if
+                                                value
+                                                is
+                                                not
+                                                empty.
+                                              properties:
+                                                configMapKeyRef:
+                                                  description: Selects
+                                                    a
+                                                    key
+                                                    of
+                                                    a
+                                                    ConfigMap.
+                                                  properties:
+                                                    key:
+                                                      description: The
+                                                        key
+                                                        to
+                                                        select.
+                                                      type: string
+                                                    name:
+                                                      default: ""
+                                                      description: |-
+                                                        Name of the referent.
+                                                        This field is effectively required, but due to backwards compatibility is
+                                                        allowed to be empty. Instances of this type with an empty value here are
+                                                        almost certainly wrong.
+                                                        TODO: Add other useful fields. apiVersion, kind, uid?
+                                                        More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+                                                        TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
+                                                      type: string
+                                                    optional:
+                                                      description: Specify
+                                                        whether
+                                                        the
+                                                        ConfigMap
+                                                        or
+                                                        its
+                                                        key
+                                                        must
+                                                        be
+                                                        defined
+                                                      type: boolean
+                                                  required:
+                                                    - key
+                                                  type: object
+                                                  x-kubernetes-map-type: atomic
+                                                fieldRef:
+                                                  description: |-
+                                                    Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['<KEY>']`, `metadata.annotations['<KEY>']`,
+                                                    spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.
+                                                  properties:
+                                                    apiVersion:
+                                                      description: Version
+                                                        of
+                                                        the
+                                                        schema
+                                                        the
+                                                        FieldPath
+                                                        is
+                                                        written
+                                                        in
+                                                        terms
+                                                        of,
+                                                        defaults
+                                                        to
+                                                        "v1".
+                                                      type: string
+                                                    fieldPath:
+                                                      description: Path
+                                                        of
+                                                        the
+                                                        field
+                                                        to
+                                                        select
+                                                        in
+                                                        the
+                                                        specified
+                                                        API
+                                                        version.
+                                                      type: string
+                                                  required:
+                                                    - fieldPath
+                                                  type: object
+                                                  x-kubernetes-map-type: atomic
+                                                resourceFieldRef:
+                                                  description: |-
+                                                    Selects a resource of the container: only resources limits and requests
+                                                    (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.
+                                                  properties:
+                                                    containerName:
+                                                      description: "Container
+                                                        name:
+                                                        required
+                                                        for
+                                                        volumes,
+                                                        optional
+                                                        for
+                                                        env
+                                                        vars"
+                                                      type: string
+                                                    divisor:
+                                                      anyOf:
+                                                        - type: integer
+                                                        - type: string
+                                                      description: Specifies
+                                                        the
+                                                        output
+                                                        format
+                                                        of
+                                                        the
+                                                        exposed
+                                                        resources,
+                                                        defaults
+                                                        to
+                                                        "1"
+                                                      pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                                      x-kubernetes-int-or-string: true
+                                                    resource:
+                                                      description: "Required:
+                                                        resource
+                                                        to
+                                                        select"
+                                                      type: string
+                                                  required:
+                                                    - resource
+                                                  type: object
+                                                  x-kubernetes-map-type: atomic
+                                                secretKeyRef:
+                                                  description: Selects
+                                                    a
+                                                    key
+                                                    of
+                                                    a
+                                                    secret
+                                                    in
+                                                    the
+                                                    pod's
+                                                    namespace
+                                                  properties:
+                                                    key:
+                                                      description: The
+                                                        key
+                                                        of
+                                                        the
+                                                        secret
+                                                        to
+                                                        select
+                                                        from.  Must
+                                                        be
+                                                        a
+                                                        valid
+                                                        secret
+                                                        key.
+                                                      type: string
+                                                    name:
+                                                      default: ""
+                                                      description: |-
+                                                        Name of the referent.
+                                                        This field is effectively required, but due to backwards compatibility is
+                                                        allowed to be empty. Instances of this type with an empty value here are
+                                                        almost certainly wrong.
+                                                        TODO: Add other useful fields. apiVersion, kind, uid?
+                                                        More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+                                                        TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
+                                                      type: string
+                                                    optional:
+                                                      description: Specify
+                                                        whether
+                                                        the
+                                                        Secret
+                                                        or
+                                                        its
+                                                        key
+                                                        must
+                                                        be
+                                                        defined
+                                                      type: boolean
+                                                  required:
+                                                    - key
+                                                  type: object
+                                                  x-kubernetes-map-type: atomic
+                                              type: object
+                                          required:
+                                            - name
+                                          type: object
+                                        type: array
+                                        x-kubernetes-list-map-keys:
+                                          - name
+                                        x-kubernetes-list-type: map
+                                      envFrom:
+                                        description: |-
+                                          List of sources to populate environment variables in the container.
+                                          The keys defined within a source must be a C_IDENTIFIER. All invalid keys
+                                          will be reported as an event when the container is starting. When a key exists in multiple
+                                          sources, the value associated with the last source will take precedence.
+                                          Values defined by an Env with a duplicate key will take precedence.
+                                          Cannot be updated.
+                                        items:
+                                          description: EnvFromSource
+                                            represents
+                                            the
+                                            source
+                                            of
+                                            a
+                                            set
+                                            of
+                                            ConfigMaps
+                                          properties:
+                                            configMapRef:
+                                              description: The
+                                                ConfigMap
+                                                to
+                                                select
+                                                from
+                                              properties:
+                                                name:
+                                                  default: ""
+                                                  description: |-
+                                                    Name of the referent.
+                                                    This field is effectively required, but due to backwards compatibility is
+                                                    allowed to be empty. Instances of this type with an empty value here are
+                                                    almost certainly wrong.
+                                                    TODO: Add other useful fields. apiVersion, kind, uid?
+                                                    More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+                                                    TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
+                                                  type: string
+                                                optional:
+                                                  description: Specify
+                                                    whether
+                                                    the
+                                                    ConfigMap
+                                                    must
+                                                    be
+                                                    defined
+                                                  type: boolean
+                                              type: object
+                                              x-kubernetes-map-type: atomic
+                                            prefix:
+                                              description: An
+                                                optional
+                                                identifier
+                                                to
+                                                prepend
+                                                to
+                                                each
+                                                key
+                                                in
+                                                the
+                                                ConfigMap.
+                                                Must
+                                                be
+                                                a
+                                                C_IDENTIFIER.
+                                              type: string
+                                            secretRef:
+                                              description: The
+                                                Secret
+                                                to
+                                                select
+                                                from
+                                              properties:
+                                                name:
+                                                  default: ""
+                                                  description: |-
+                                                    Name of the referent.
+                                                    This field is effectively required, but due to backwards compatibility is
+                                                    allowed to be empty. Instances of this type with an empty value here are
+                                                    almost certainly wrong.
+                                                    TODO: Add other useful fields. apiVersion, kind, uid?
+                                                    More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+                                                    TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
+                                                  type: string
+                                                optional:
+                                                  description: Specify
+                                                    whether
+                                                    the
+                                                    Secret
+                                                    must
+                                                    be
+                                                    defined
+                                                  type: boolean
+                                              type: object
+                                              x-kubernetes-map-type: atomic
+                                          type: object
+                                        type: array
+                                        x-kubernetes-list-type: atomic
+                                      image:
+                                        description: |-
+                                          Container image name.
+                                          More info: https://kubernetes.io/docs/concepts/containers/images
+                                          This field is optional to allow higher level config management to default or override
+                                          container images in workload controllers like Deployments and StatefulSets.
+                                        type: string
+                                      imagePullPolicy:
+                                        description: |-
+                                          Image pull policy.
+                                          One of Always, Never, IfNotPresent.
+                                          Defaults to Always if :latest tag is specified, or IfNotPresent otherwise.
+                                          Cannot be updated.
+                                          More info: https://kubernetes.io/docs/concepts/containers/images#updating-images
+                                        type: string
+                                      lifecycle:
+                                        description: |-
+                                          Actions that the management system should take in response to container lifecycle events.
+                                          Cannot be updated.
+                                        properties:
+                                          postStart:
+                                            description: |-
+                                              PostStart is called immediately after a container is created. If the handler fails,
+                                              the container is terminated and restarted according to its restart policy.
+                                              Other management of the container blocks until the hook completes.
+                                              More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks
+                                            properties:
+                                              exec:
+                                                description: Exec
+                                                  specifies
+                                                  the
+                                                  action
+                                                  to
+                                                  take.
+                                                properties:
+                                                  command:
+                                                    description: |-
+                                                      Command is the command line to execute inside the container, the working directory for the
+                                                      command  is root ('/') in the container's filesystem. The command is simply exec'd, it is
+                                                      not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use
+                                                      a shell, you need to explicitly call out to that shell.
+                                                      Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
+                                                    items:
+                                                      type: string
+                                                    type: array
+                                                    x-kubernetes-list-type: atomic
+                                                type: object
+                                              httpGet:
+                                                description: HTTPGet
+                                                  specifies
+                                                  the
+                                                  http
+                                                  request
+                                                  to
+                                                  perform.
+                                                properties:
+                                                  host:
+                                                    description: |-
+                                                      Host name to connect to, defaults to the pod IP. You probably want to set
+                                                      "Host" in httpHeaders instead.
+                                                    type: string
+                                                  httpHeaders:
+                                                    description: Custom
+                                                      headers
+                                                      to
+                                                      set
+                                                      in
+                                                      the
+                                                      request.
+                                                      HTTP
+                                                      allows
+                                                      repeated
+                                                      headers.
+                                                    items:
+                                                      description: HTTPHeader
+                                                        describes
+                                                        a
+                                                        custom
+                                                        header
+                                                        to
+                                                        be
+                                                        used
+                                                        in
+                                                        HTTP
+                                                        probes
+                                                      properties:
+                                                        name:
+                                                          description: |-
+                                                            The header field name.
+                                                            This will be canonicalized upon output, so case-variant names will be understood as the same header.
+                                                          type: string
+                                                        value:
+                                                          description: The
+                                                            header
+                                                            field
+                                                            value
+                                                          type: string
+                                                      required:
+                                                        - name
+                                                        - value
+                                                      type: object
+                                                    type: array
+                                                    x-kubernetes-list-type: atomic
+                                                  path:
+                                                    description: Path
+                                                      to
+                                                      access
+                                                      on
+                                                      the
+                                                      HTTP
+                                                      server.
+                                                    type: string
+                                                  port:
+                                                    anyOf:
+                                                      - type: integer
+                                                      - type: string
+                                                    description: |-
+                                                      Name or number of the port to access on the container.
+                                                      Number must be in the range 1 to 65535.
+                                                      Name must be an IANA_SVC_NAME.
+                                                    x-kubernetes-int-or-string: true
+                                                  scheme:
+                                                    description: |-
+                                                      Scheme to use for connecting to the host.
+                                                      Defaults to HTTP.
+                                                    type: string
+                                                required:
+                                                  - port
+                                                type: object
+                                              sleep:
+                                                description: Sleep
+                                                  represents
+                                                  the
+                                                  duration
+                                                  that
+                                                  the
+                                                  container
+                                                  should
+                                                  sleep
+                                                  before
+                                                  being
+                                                  terminated.
+                                                properties:
+                                                  seconds:
+                                                    description: Seconds
+                                                      is
+                                                      the
+                                                      number
+                                                      of
+                                                      seconds
+                                                      to
+                                                      sleep.
+                                                    format: int64
+                                                    type: integer
+                                                required:
+                                                  - seconds
+                                                type: object
+                                              tcpSocket:
+                                                description: |-
+                                                  Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept
+                                                  for the backward compatibility. There are no validation of this field and
+                                                  lifecycle hooks will fail in runtime when tcp handler is specified.
+                                                properties:
+                                                  host:
+                                                    description: "Optional:
+                                                      Host
+                                                      name
+                                                      to
+                                                      connect
+                                                      to,
+                                                      defaults
+                                                      to
+                                                      the
+                                                      pod
+                                                      IP."
+                                                    type: string
+                                                  port:
+                                                    anyOf:
+                                                      - type: integer
+                                                      - type: string
+                                                    description: |-
+                                                      Number or name of the port to access on the container.
+                                                      Number must be in the range 1 to 65535.
+                                                      Name must be an IANA_SVC_NAME.
+                                                    x-kubernetes-int-or-string: true
+                                                required:
+                                                  - port
+                                                type: object
+                                            type: object
+                                          preStop:
+                                            description: |-
+                                              PreStop is called immediately before a container is terminated due to an
+                                              API request or management event such as liveness/startup probe failure,
+                                              preemption, resource contention, etc. The handler is not called if the
+                                              container crashes or exits. The Pod's termination grace period countdown begins before the
+                                              PreStop hook is executed. Regardless of the outcome of the handler, the
+                                              container will eventually terminate within the Pod's termination grace
+                                              period (unless delayed by finalizers). Other management of the container blocks until the hook completes
+                                              or until the termination grace period is reached.
+                                              More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks
+                                            properties:
+                                              exec:
+                                                description: Exec
+                                                  specifies
+                                                  the
+                                                  action
+                                                  to
+                                                  take.
+                                                properties:
+                                                  command:
+                                                    description: |-
+                                                      Command is the command line to execute inside the container, the working directory for the
+                                                      command  is root ('/') in the container's filesystem. The command is simply exec'd, it is
+                                                      not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use
+                                                      a shell, you need to explicitly call out to that shell.
+                                                      Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
+                                                    items:
+                                                      type: string
+                                                    type: array
+                                                    x-kubernetes-list-type: atomic
+                                                type: object
+                                              httpGet:
+                                                description: HTTPGet
+                                                  specifies
+                                                  the
+                                                  http
+                                                  request
+                                                  to
+                                                  perform.
+                                                properties:
+                                                  host:
+                                                    description: |-
+                                                      Host name to connect to, defaults to the pod IP. You probably want to set
+                                                      "Host" in httpHeaders instead.
+                                                    type: string
+                                                  httpHeaders:
+                                                    description: Custom
+                                                      headers
+                                                      to
+                                                      set
+                                                      in
+                                                      the
+                                                      request.
+                                                      HTTP
+                                                      allows
+                                                      repeated
+                                                      headers.
+                                                    items:
+                                                      description: HTTPHeader
+                                                        describes
+                                                        a
+                                                        custom
+                                                        header
+                                                        to
+                                                        be
+                                                        used
+                                                        in
+                                                        HTTP
+                                                        probes
+                                                      properties:
+                                                        name:
+                                                          description: |-
+                                                            The header field name.
+                                                            This will be canonicalized upon output, so case-variant names will be understood as the same header.
+                                                          type: string
+                                                        value:
+                                                          description: The
+                                                            header
+                                                            field
+                                                            value
+                                                          type: string
+                                                      required:
+                                                        - name
+                                                        - value
+                                                      type: object
+                                                    type: array
+                                                    x-kubernetes-list-type: atomic
+                                                  path:
+                                                    description: Path
+                                                      to
+                                                      access
+                                                      on
+                                                      the
+                                                      HTTP
+                                                      server.
+                                                    type: string
+                                                  port:
+                                                    anyOf:
+                                                      - type: integer
+                                                      - type: string
+                                                    description: |-
+                                                      Name or number of the port to access on the container.
+                                                      Number must be in the range 1 to 65535.
+                                                      Name must be an IANA_SVC_NAME.
+                                                    x-kubernetes-int-or-string: true
+                                                  scheme:
+                                                    description: |-
+                                                      Scheme to use for connecting to the host.
+                                                      Defaults to HTTP.
+                                                    type: string
+                                                required:
+                                                  - port
+                                                type: object
+                                              sleep:
+                                                description: Sleep
+                                                  represents
+                                                  the
+                                                  duration
+                                                  that
+                                                  the
+                                                  container
+                                                  should
+                                                  sleep
+                                                  before
+                                                  being
+                                                  terminated.
+                                                properties:
+                                                  seconds:
+                                                    description: Seconds
+                                                      is
+                                                      the
+                                                      number
+                                                      of
+                                                      seconds
+                                                      to
+                                                      sleep.
+                                                    format: int64
+                                                    type: integer
+                                                required:
+                                                  - seconds
+                                                type: object
+                                              tcpSocket:
+                                                description: |-
+                                                  Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept
+                                                  for the backward compatibility. There are no validation of this field and
+                                                  lifecycle hooks will fail in runtime when tcp handler is specified.
+                                                properties:
+                                                  host:
+                                                    description: "Optional:
+                                                      Host
+                                                      name
+                                                      to
+                                                      connect
+                                                      to,
+                                                      defaults
+                                                      to
+                                                      the
+                                                      pod
+                                                      IP."
+                                                    type: string
+                                                  port:
+                                                    anyOf:
+                                                      - type: integer
+                                                      - type: string
+                                                    description: |-
+                                                      Number or name of the port to access on the container.
+                                                      Number must be in the range 1 to 65535.
+                                                      Name must be an IANA_SVC_NAME.
+                                                    x-kubernetes-int-or-string: true
+                                                required:
+                                                  - port
+                                                type: object
+                                            type: object
+                                        type: object
+                                      livenessProbe:
+                                        description: |-
+                                          Periodic probe of container liveness.
+                                          Container will be restarted if the probe fails.
+                                          Cannot be updated.
+                                          More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+                                        properties:
+                                          exec:
+                                            description: Exec
+                                              specifies
+                                              the
+                                              action
+                                              to
+                                              take.
+                                            properties:
+                                              command:
+                                                description: |-
+                                                  Command is the command line to execute inside the container, the working directory for the
+                                                  command  is root ('/') in the container's filesystem. The command is simply exec'd, it is
+                                                  not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use
+                                                  a shell, you need to explicitly call out to that shell.
+                                                  Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
+                                                items:
+                                                  type: string
+                                                type: array
+                                                x-kubernetes-list-type: atomic
+                                            type: object
+                                          failureThreshold:
+                                            description: |-
+                                              Minimum consecutive failures for the probe to be considered failed after having succeeded.
+                                              Defaults to 3. Minimum value is 1.
+                                            format: int32
+                                            type: integer
+                                          grpc:
+                                            description: GRPC
+                                              specifies
+                                              an
+                                              action
+                                              involving
+                                              a
+                                              GRPC
+                                              port.
+                                            properties:
+                                              port:
+                                                description: Port
+                                                  number
+                                                  of
+                                                  the
+                                                  gRPC
+                                                  service.
+                                                  Number
+                                                  must
+                                                  be
+                                                  in
+                                                  the
+                                                  range
+                                                  1
+                                                  to
+                                                  65535.
+                                                format: int32
+                                                type: integer
+                                              service:
+                                                description: |-
+                                                  Service is the name of the service to place in the gRPC HealthCheckRequest
+                                                  (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
+
+
+                                                  If this is not specified, the default behavior is defined by gRPC.
+                                                type: string
+                                            required:
+                                              - port
+                                            type: object
+                                          httpGet:
+                                            description: HTTPGet
+                                              specifies
+                                              the
+                                              http
+                                              request
+                                              to
+                                              perform.
+                                            properties:
+                                              host:
+                                                description: |-
+                                                  Host name to connect to, defaults to the pod IP. You probably want to set
+                                                  "Host" in httpHeaders instead.
+                                                type: string
+                                              httpHeaders:
+                                                description: Custom
+                                                  headers
+                                                  to
+                                                  set
+                                                  in
+                                                  the
+                                                  request.
+                                                  HTTP
+                                                  allows
+                                                  repeated
+                                                  headers.
+                                                items:
+                                                  description: HTTPHeader
+                                                    describes
+                                                    a
+                                                    custom
+                                                    header
+                                                    to
+                                                    be
+                                                    used
+                                                    in
+                                                    HTTP
+                                                    probes
+                                                  properties:
+                                                    name:
+                                                      description: |-
+                                                        The header field name.
+                                                        This will be canonicalized upon output, so case-variant names will be understood as the same header.
+                                                      type: string
+                                                    value:
+                                                      description: The
+                                                        header
+                                                        field
+                                                        value
+                                                      type: string
+                                                  required:
+                                                    - name
+                                                    - value
+                                                  type: object
+                                                type: array
+                                                x-kubernetes-list-type: atomic
+                                              path:
+                                                description: Path
+                                                  to
+                                                  access
+                                                  on
+                                                  the
+                                                  HTTP
+                                                  server.
+                                                type: string
+                                              port:
+                                                anyOf:
+                                                  - type: integer
+                                                  - type: string
+                                                description: |-
+                                                  Name or number of the port to access on the container.
+                                                  Number must be in the range 1 to 65535.
+                                                  Name must be an IANA_SVC_NAME.
+                                                x-kubernetes-int-or-string: true
+                                              scheme:
+                                                description: |-
+                                                  Scheme to use for connecting to the host.
+                                                  Defaults to HTTP.
+                                                type: string
+                                            required:
+                                              - port
+                                            type: object
+                                          initialDelaySeconds:
+                                            description: |-
+                                              Number of seconds after the container has started before liveness probes are initiated.
+                                              More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+                                            format: int32
+                                            type: integer
+                                          periodSeconds:
+                                            description: |-
+                                              How often (in seconds) to perform the probe.
+                                              Default to 10 seconds. Minimum value is 1.
+                                            format: int32
+                                            type: integer
+                                          successThreshold:
+                                            description: |-
+                                              Minimum consecutive successes for the probe to be considered successful after having failed.
+                                              Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.
+                                            format: int32
+                                            type: integer
+                                          tcpSocket:
+                                            description: TCPSocket
+                                              specifies
+                                              an
+                                              action
+                                              involving
+                                              a
+                                              TCP
+                                              port.
+                                            properties:
+                                              host:
+                                                description: "Optional:
+                                                  Host
+                                                  name
+                                                  to
+                                                  connect
+                                                  to,
+                                                  defaults
+                                                  to
+                                                  the
+                                                  pod
+                                                  IP."
+                                                type: string
+                                              port:
+                                                anyOf:
+                                                  - type: integer
+                                                  - type: string
+                                                description: |-
+                                                  Number or name of the port to access on the container.
+                                                  Number must be in the range 1 to 65535.
+                                                  Name must be an IANA_SVC_NAME.
+                                                x-kubernetes-int-or-string: true
+                                            required:
+                                              - port
+                                            type: object
+                                          terminationGracePeriodSeconds:
+                                            description: |-
+                                              Optional duration in seconds the pod needs to terminate gracefully upon probe failure.
+                                              The grace period is the duration in seconds after the processes running in the pod are sent
+                                              a termination signal and the time when the processes are forcibly halted with a kill signal.
+                                              Set this value longer than the expected cleanup time for your process.
+                                              If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this
+                                              value overrides the value provided by the pod spec.
+                                              Value must be non-negative integer. The value zero indicates stop immediately via
+                                              the kill signal (no opportunity to shut down).
+                                              This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate.
+                                              Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.
+                                            format: int64
+                                            type: integer
+                                          timeoutSeconds:
+                                            description: |-
+                                              Number of seconds after which the probe times out.
+                                              Defaults to 1 second. Minimum value is 1.
+                                              More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+                                            format: int32
+                                            type: integer
+                                        type: object
+                                      name:
+                                        description: |-
+                                          Name of the container specified as a DNS_LABEL.
+                                          Each container in a pod must have a unique name (DNS_LABEL).
+                                          Cannot be updated.
+                                        type: string
+                                      ports:
+                                        description: |-
+                                          List of ports to expose from the container. Not specifying a port here
+                                          DOES NOT prevent that port from being exposed. Any port which is
+                                          listening on the default "0.0.0.0" address inside a container will be
+                                          accessible from the network.
+                                          Modifying this array with strategic merge patch may corrupt the data.
+                                          For more information See https://github.com/kubernetes/kubernetes/issues/108255.
+                                          Cannot be updated.
+                                        items:
+                                          description: ContainerPort
+                                            represents
+                                            a
+                                            network
+                                            port
+                                            in
+                                            a
+                                            single
+                                            container.
+                                          properties:
+                                            containerPort:
+                                              description: |-
+                                                Number of port to expose on the pod's IP address.
+                                                This must be a valid port number, 0 < x < 65536.
+                                              format: int32
+                                              type: integer
+                                            hostIP:
+                                              description: What
+                                                host
+                                                IP
+                                                to
+                                                bind
+                                                the
+                                                external
+                                                port
+                                                to.
+                                              type: string
+                                            hostPort:
+                                              description: |-
+                                                Number of port to expose on the host.
+                                                If specified, this must be a valid port number, 0 < x < 65536.
+                                                If HostNetwork is specified, this must match ContainerPort.
+                                                Most containers do not need this.
+                                              format: int32
+                                              type: integer
+                                            name:
+                                              description: |-
+                                                If specified, this must be an IANA_SVC_NAME and unique within the pod. Each
+                                                named port in a pod must have a unique name. Name for the port that can be
+                                                referred to by services.
+                                              type: string
+                                            protocol:
+                                              default: TCP
+                                              description: |-
+                                                Protocol for port. Must be UDP, TCP, or SCTP.
+                                                Defaults to "TCP".
+                                              type: string
+                                          required:
+                                            - containerPort
+                                          type: object
+                                        type: array
+                                        x-kubernetes-list-map-keys:
+                                          - containerPort
+                                          - protocol
+                                        x-kubernetes-list-type: map
+                                      readinessProbe:
+                                        description: |-
+                                          Periodic probe of container service readiness.
+                                          Container will be removed from service endpoints if the probe fails.
+                                          Cannot be updated.
+                                          More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+                                        properties:
+                                          exec:
+                                            description: Exec
+                                              specifies
+                                              the
+                                              action
+                                              to
+                                              take.
+                                            properties:
+                                              command:
+                                                description: |-
+                                                  Command is the command line to execute inside the container, the working directory for the
+                                                  command  is root ('/') in the container's filesystem. The command is simply exec'd, it is
+                                                  not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use
+                                                  a shell, you need to explicitly call out to that shell.
+                                                  Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
+                                                items:
+                                                  type: string
+                                                type: array
+                                                x-kubernetes-list-type: atomic
+                                            type: object
+                                          failureThreshold:
+                                            description: |-
+                                              Minimum consecutive failures for the probe to be considered failed after having succeeded.
+                                              Defaults to 3. Minimum value is 1.
+                                            format: int32
+                                            type: integer
+                                          grpc:
+                                            description: GRPC
+                                              specifies
+                                              an
+                                              action
+                                              involving
+                                              a
+                                              GRPC
+                                              port.
+                                            properties:
+                                              port:
+                                                description: Port
+                                                  number
+                                                  of
+                                                  the
+                                                  gRPC
+                                                  service.
+                                                  Number
+                                                  must
+                                                  be
+                                                  in
+                                                  the
+                                                  range
+                                                  1
+                                                  to
+                                                  65535.
+                                                format: int32
+                                                type: integer
+                                              service:
+                                                description: |-
+                                                  Service is the name of the service to place in the gRPC HealthCheckRequest
+                                                  (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
+
+
+                                                  If this is not specified, the default behavior is defined by gRPC.
+                                                type: string
+                                            required:
+                                              - port
+                                            type: object
+                                          httpGet:
+                                            description: HTTPGet
+                                              specifies
+                                              the
+                                              http
+                                              request
+                                              to
+                                              perform.
+                                            properties:
+                                              host:
+                                                description: |-
+                                                  Host name to connect to, defaults to the pod IP. You probably want to set
+                                                  "Host" in httpHeaders instead.
+                                                type: string
+                                              httpHeaders:
+                                                description: Custom
+                                                  headers
+                                                  to
+                                                  set
+                                                  in
+                                                  the
+                                                  request.
+                                                  HTTP
+                                                  allows
+                                                  repeated
+                                                  headers.
+                                                items:
+                                                  description: HTTPHeader
+                                                    describes
+                                                    a
+                                                    custom
+                                                    header
+                                                    to
+                                                    be
+                                                    used
+                                                    in
+                                                    HTTP
+                                                    probes
+                                                  properties:
+                                                    name:
+                                                      description: |-
+                                                        The header field name.
+                                                        This will be canonicalized upon output, so case-variant names will be understood as the same header.
+                                                      type: string
+                                                    value:
+                                                      description: The
+                                                        header
+                                                        field
+                                                        value
+                                                      type: string
+                                                  required:
+                                                    - name
+                                                    - value
+                                                  type: object
+                                                type: array
+                                                x-kubernetes-list-type: atomic
+                                              path:
+                                                description: Path
+                                                  to
+                                                  access
+                                                  on
+                                                  the
+                                                  HTTP
+                                                  server.
+                                                type: string
+                                              port:
+                                                anyOf:
+                                                  - type: integer
+                                                  - type: string
+                                                description: |-
+                                                  Name or number of the port to access on the container.
+                                                  Number must be in the range 1 to 65535.
+                                                  Name must be an IANA_SVC_NAME.
+                                                x-kubernetes-int-or-string: true
+                                              scheme:
+                                                description: |-
+                                                  Scheme to use for connecting to the host.
+                                                  Defaults to HTTP.
+                                                type: string
+                                            required:
+                                              - port
+                                            type: object
+                                          initialDelaySeconds:
+                                            description: |-
+                                              Number of seconds after the container has started before liveness probes are initiated.
+                                              More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+                                            format: int32
+                                            type: integer
+                                          periodSeconds:
+                                            description: |-
+                                              How often (in seconds) to perform the probe.
+                                              Default to 10 seconds. Minimum value is 1.
+                                            format: int32
+                                            type: integer
+                                          successThreshold:
+                                            description: |-
+                                              Minimum consecutive successes for the probe to be considered successful after having failed.
+                                              Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.
+                                            format: int32
+                                            type: integer
+                                          tcpSocket:
+                                            description: TCPSocket
+                                              specifies
+                                              an
+                                              action
+                                              involving
+                                              a
+                                              TCP
+                                              port.
+                                            properties:
+                                              host:
+                                                description: "Optional:
+                                                  Host
+                                                  name
+                                                  to
+                                                  connect
+                                                  to,
+                                                  defaults
+                                                  to
+                                                  the
+                                                  pod
+                                                  IP."
+                                                type: string
+                                              port:
+                                                anyOf:
+                                                  - type: integer
+                                                  - type: string
+                                                description: |-
+                                                  Number or name of the port to access on the container.
+                                                  Number must be in the range 1 to 65535.
+                                                  Name must be an IANA_SVC_NAME.
+                                                x-kubernetes-int-or-string: true
+                                            required:
+                                              - port
+                                            type: object
+                                          terminationGracePeriodSeconds:
+                                            description: |-
+                                              Optional duration in seconds the pod needs to terminate gracefully upon probe failure.
+                                              The grace period is the duration in seconds after the processes running in the pod are sent
+                                              a termination signal and the time when the processes are forcibly halted with a kill signal.
+                                              Set this value longer than the expected cleanup time for your process.
+                                              If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this
+                                              value overrides the value provided by the pod spec.
+                                              Value must be non-negative integer. The value zero indicates stop immediately via
+                                              the kill signal (no opportunity to shut down).
+                                              This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate.
+                                              Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.
+                                            format: int64
+                                            type: integer
+                                          timeoutSeconds:
+                                            description: |-
+                                              Number of seconds after which the probe times out.
+                                              Defaults to 1 second. Minimum value is 1.
+                                              More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+                                            format: int32
+                                            type: integer
+                                        type: object
+                                      resizePolicy:
+                                        description: Resources
+                                          resize
+                                          policy
+                                          for
+                                          the
+                                          container.
+                                        items:
+                                          description: ContainerResizePolicy
+                                            represents
+                                            resource
+                                            resize
+                                            policy
+                                            for
+                                            the
+                                            container.
+                                          properties:
+                                            resourceName:
+                                              description: |-
+                                                Name of the resource to which this resource resize policy applies.
+                                                Supported values: cpu, memory.
+                                              type: string
+                                            restartPolicy:
+                                              description: |-
+                                                Restart policy to apply when specified resource is resized.
+                                                If not specified, it defaults to NotRequired.
+                                              type: string
+                                          required:
+                                            - resourceName
+                                            - restartPolicy
+                                          type: object
+                                        type: array
+                                        x-kubernetes-list-type: atomic
+                                      resources:
+                                        description: |-
+                                          Compute Resources required by this container.
+                                          Cannot be updated.
+                                          More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+                                        properties:
+                                          claims:
+                                            description: |-
+                                              Claims lists the names of resources, defined in spec.resourceClaims,
+                                              that are used by this container.
+
+
+                                              This is an alpha field and requires enabling the
+                                              DynamicResourceAllocation feature gate.
+
+
+                                              This field is immutable. It can only be set for containers.
+                                            items:
+                                              description: ResourceClaim
+                                                references
+                                                one
+                                                entry
+                                                in
+                                                PodSpec.ResourceClaims.
+                                              properties:
+                                                name:
+                                                  description: |-
+                                                    Name must match the name of one entry in pod.spec.resourceClaims of
+                                                    the Pod where this field is used. It makes that resource available
+                                                    inside a container.
+                                                  type: string
+                                              required:
+                                                - name
+                                              type: object
+                                            type: array
+                                            x-kubernetes-list-map-keys:
+                                              - name
+                                            x-kubernetes-list-type: map
+                                          limits:
+                                            additionalProperties:
+                                              anyOf:
+                                                - type: integer
+                                                - type: string
+                                              pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                              x-kubernetes-int-or-string: true
+                                            description: |-
+                                              Limits describes the maximum amount of compute resources allowed.
+                                              More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+                                            type: object
+                                          requests:
+                                            additionalProperties:
+                                              anyOf:
+                                                - type: integer
+                                                - type: string
+                                              pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                              x-kubernetes-int-or-string: true
+                                            description: |-
+                                              Requests describes the minimum amount of compute resources required.
+                                              If Requests is omitted for a container, it defaults to Limits if that is explicitly specified,
+                                              otherwise to an implementation-defined value. Requests cannot exceed Limits.
+                                              More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+                                            type: object
+                                        type: object
+                                      restartPolicy:
+                                        description: |-
+                                          RestartPolicy defines the restart behavior of individual containers in a pod.
+                                          This field may only be set for init containers, and the only allowed value is "Always".
+                                          For non-init containers or when this field is not specified,
+                                          the restart behavior is defined by the Pod's restart policy and the container type.
+                                          Setting the RestartPolicy as "Always" for the init container will have the following effect:
+                                          this init container will be continually restarted on
+                                          exit until all regular containers have terminated. Once all regular
+                                          containers have completed, all init containers with restartPolicy "Always"
+                                          will be shut down. This lifecycle differs from normal init containers and
+                                          is often referred to as a "sidecar" container. Although this init
+                                          container still starts in the init container sequence, it does not wait
+                                          for the container to complete before proceeding to the next init
+                                          container. Instead, the next init container starts immediately after this
+                                          init container is started, or after any startupProbe has successfully
+                                          completed.
+                                        type: string
+                                      securityContext:
+                                        description: |-
+                                          SecurityContext defines the security options the container should be run with.
+                                          If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext.
+                                          More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
+                                        properties:
+                                          allowPrivilegeEscalation:
+                                            description: |-
+                                              AllowPrivilegeEscalation controls whether a process can gain more
+                                              privileges than its parent process. This bool directly controls if
+                                              the no_new_privs flag will be set on the container process.
+                                              AllowPrivilegeEscalation is true always when the container is:
+                                              1) run as Privileged
+                                              2) has CAP_SYS_ADMIN
+                                              Note that this field cannot be set when spec.os.name is windows.
+                                            type: boolean
+                                          appArmorProfile:
+                                            description: |-
+                                              appArmorProfile is the AppArmor options to use by this container. If set, this profile
+                                              overrides the pod's appArmorProfile.
+                                              Note that this field cannot be set when spec.os.name is windows.
+                                            properties:
+                                              localhostProfile:
+                                                description: |-
+                                                  localhostProfile indicates a profile loaded on the node that should be used.
+                                                  The profile must be preconfigured on the node to work.
+                                                  Must match the loaded name of the profile.
+                                                  Must be set if and only if type is "Localhost".
+                                                type: string
+                                              type:
+                                                description: |-
+                                                  type indicates which kind of AppArmor profile will be applied.
+                                                  Valid options are:
+                                                    Localhost - a profile pre-loaded on the node.
+                                                    RuntimeDefault - the container runtime's default profile.
+                                                    Unconfined - no AppArmor enforcement.
+                                                type: string
+                                            required:
+                                              - type
+                                            type: object
+                                          capabilities:
+                                            description: |-
+                                              The capabilities to add/drop when running containers.
+                                              Defaults to the default set of capabilities granted by the container runtime.
+                                              Note that this field cannot be set when spec.os.name is windows.
+                                            properties:
+                                              add:
+                                                description: Added
+                                                  capabilities
+                                                items:
+                                                  description: Capability
+                                                    represent
+                                                    POSIX
+                                                    capabilities
+                                                    type
+                                                  type: string
+                                                type: array
+                                                x-kubernetes-list-type: atomic
+                                              drop:
+                                                description: Removed
+                                                  capabilities
+                                                items:
+                                                  description: Capability
+                                                    represent
+                                                    POSIX
+                                                    capabilities
+                                                    type
+                                                  type: string
+                                                type: array
+                                                x-kubernetes-list-type: atomic
+                                            type: object
+                                          privileged:
+                                            description: |-
+                                              Run container in privileged mode.
+                                              Processes in privileged containers are essentially equivalent to root on the host.
+                                              Defaults to false.
+                                              Note that this field cannot be set when spec.os.name is windows.
+                                            type: boolean
+                                          procMount:
+                                            description: |-
+                                              procMount denotes the type of proc mount to use for the containers.
+                                              The default is DefaultProcMount which uses the container runtime defaults for
+                                              readonly paths and masked paths.
+                                              This requires the ProcMountType feature flag to be enabled.
+                                              Note that this field cannot be set when spec.os.name is windows.
+                                            type: string
+                                          readOnlyRootFilesystem:
+                                            description: |-
+                                              Whether this container has a read-only root filesystem.
+                                              Default is false.
+                                              Note that this field cannot be set when spec.os.name is windows.
+                                            type: boolean
+                                          runAsGroup:
+                                            description: |-
+                                              The GID to run the entrypoint of the container process.
+                                              Uses runtime default if unset.
+                                              May also be set in PodSecurityContext.  If set in both SecurityContext and
+                                              PodSecurityContext, the value specified in SecurityContext takes precedence.
+                                              Note that this field cannot be set when spec.os.name is windows.
+                                            format: int64
+                                            type: integer
+                                          runAsNonRoot:
+                                            description: |-
+                                              Indicates that the container must run as a non-root user.
+                                              If true, the Kubelet will validate the image at runtime to ensure that it
+                                              does not run as UID 0 (root) and fail to start the container if it does.
+                                              If unset or false, no such validation will be performed.
+                                              May also be set in PodSecurityContext.  If set in both SecurityContext and
+                                              PodSecurityContext, the value specified in SecurityContext takes precedence.
+                                            type: boolean
+                                          runAsUser:
+                                            description: |-
+                                              The UID to run the entrypoint of the container process.
+                                              Defaults to user specified in image metadata if unspecified.
+                                              May also be set in PodSecurityContext.  If set in both SecurityContext and
+                                              PodSecurityContext, the value specified in SecurityContext takes precedence.
+                                              Note that this field cannot be set when spec.os.name is windows.
+                                            format: int64
+                                            type: integer
+                                          seLinuxOptions:
+                                            description: |-
+                                              The SELinux context to be applied to the container.
+                                              If unspecified, the container runtime will allocate a random SELinux context for each
+                                              container.  May also be set in PodSecurityContext.  If set in both SecurityContext and
+                                              PodSecurityContext, the value specified in SecurityContext takes precedence.
+                                              Note that this field cannot be set when spec.os.name is windows.
+                                            properties:
+                                              level:
+                                                description: Level
+                                                  is
+                                                  SELinux
+                                                  level
+                                                  label
+                                                  that
+                                                  applies
+                                                  to
+                                                  the
+                                                  container.
+                                                type: string
+                                              role:
+                                                description: Role
+                                                  is
+                                                  a
+                                                  SELinux
+                                                  role
+                                                  label
+                                                  that
+                                                  applies
+                                                  to
+                                                  the
+                                                  container.
+                                                type: string
+                                              type:
+                                                description: Type
+                                                  is
+                                                  a
+                                                  SELinux
+                                                  type
+                                                  label
+                                                  that
+                                                  applies
+                                                  to
+                                                  the
+                                                  container.
+                                                type: string
+                                              user:
+                                                description: User
+                                                  is
+                                                  a
+                                                  SELinux
+                                                  user
+                                                  label
+                                                  that
+                                                  applies
+                                                  to
+                                                  the
+                                                  container.
+                                                type: string
+                                            type: object
+                                          seccompProfile:
+                                            description: |-
+                                              The seccomp options to use by this container. If seccomp options are
+                                              provided at both the pod & container level, the container options
+                                              override the pod options.
+                                              Note that this field cannot be set when spec.os.name is windows.
+                                            properties:
+                                              localhostProfile:
+                                                description: |-
+                                                  localhostProfile indicates a profile defined in a file on the node should be used.
+                                                  The profile must be preconfigured on the node to work.
+                                                  Must be a descending path, relative to the kubelet's configured seccomp profile location.
+                                                  Must be set if type is "Localhost". Must NOT be set for any other type.
+                                                type: string
+                                              type:
+                                                description: |-
+                                                  type indicates which kind of seccomp profile will be applied.
+                                                  Valid options are:
+
+
+                                                  Localhost - a profile defined in a file on the node should be used.
+                                                  RuntimeDefault - the container runtime default profile should be used.
+                                                  Unconfined - no profile should be applied.
+                                                type: string
+                                            required:
+                                              - type
+                                            type: object
+                                          windowsOptions:
+                                            description: |-
+                                              The Windows specific settings applied to all containers.
+                                              If unspecified, the options from the PodSecurityContext will be used.
+                                              If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
+                                              Note that this field cannot be set when spec.os.name is linux.
+                                            properties:
+                                              gmsaCredentialSpec:
+                                                description: |-
+                                                  GMSACredentialSpec is where the GMSA admission webhook
+                                                  (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the
+                                                  GMSA credential spec named by the GMSACredentialSpecName field.
+                                                type: string
+                                              gmsaCredentialSpecName:
+                                                description:
+                                                  GMSACredentialSpecName
+                                                  is
+                                                  the
+                                                  name
+                                                  of
+                                                  the
+                                                  GMSA
+                                                  credential
+                                                  spec
+                                                  to
+                                                  use.
+                                                type: string
+                                              hostProcess:
+                                                description: |-
+                                                  HostProcess determines if a container should be run as a 'Host Process' container.
+                                                  All of a Pod's containers must have the same effective HostProcess value
+                                                  (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers).
+                                                  In addition, if HostProcess is true then HostNetwork must also be set to true.
+                                                type: boolean
+                                              runAsUserName:
+                                                description: |-
+                                                  The UserName in Windows to run the entrypoint of the container process.
+                                                  Defaults to the user specified in image metadata if unspecified.
+                                                  May also be set in PodSecurityContext. If set in both SecurityContext and
+                                                  PodSecurityContext, the value specified in SecurityContext takes precedence.
+                                                type: string
+                                            type: object
+                                        type: object
+                                      startupProbe:
+                                        description: |-
+                                          StartupProbe indicates that the Pod has successfully initialized.
+                                          If specified, no other probes are executed until this completes successfully.
+                                          If this probe fails, the Pod will be restarted, just as if the livenessProbe failed.
+                                          This can be used to provide different probe parameters at the beginning of a Pod's lifecycle,
+                                          when it might take a long time to load data or warm a cache, than during steady-state operation.
+                                          This cannot be updated.
+                                          More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+                                        properties:
+                                          exec:
+                                            description: Exec
+                                              specifies
+                                              the
+                                              action
+                                              to
+                                              take.
+                                            properties:
+                                              command:
+                                                description: |-
+                                                  Command is the command line to execute inside the container, the working directory for the
+                                                  command  is root ('/') in the container's filesystem. The command is simply exec'd, it is
+                                                  not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use
+                                                  a shell, you need to explicitly call out to that shell.
+                                                  Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
+                                                items:
+                                                  type: string
+                                                type: array
+                                                x-kubernetes-list-type: atomic
+                                            type: object
+                                          failureThreshold:
+                                            description: |-
+                                              Minimum consecutive failures for the probe to be considered failed after having succeeded.
+                                              Defaults to 3. Minimum value is 1.
+                                            format: int32
+                                            type: integer
+                                          grpc:
+                                            description: GRPC
+                                              specifies
+                                              an
+                                              action
+                                              involving
+                                              a
+                                              GRPC
+                                              port.
+                                            properties:
+                                              port:
+                                                description: Port
+                                                  number
+                                                  of
+                                                  the
+                                                  gRPC
+                                                  service.
+                                                  Number
+                                                  must
+                                                  be
+                                                  in
+                                                  the
+                                                  range
+                                                  1
+                                                  to
+                                                  65535.
+                                                format: int32
+                                                type: integer
+                                              service:
+                                                description: |-
+                                                  Service is the name of the service to place in the gRPC HealthCheckRequest
+                                                  (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
+
+
+                                                  If this is not specified, the default behavior is defined by gRPC.
+                                                type: string
+                                            required:
+                                              - port
+                                            type: object
+                                          httpGet:
+                                            description: HTTPGet
+                                              specifies
+                                              the
+                                              http
+                                              request
+                                              to
+                                              perform.
+                                            properties:
+                                              host:
+                                                description: |-
+                                                  Host name to connect to, defaults to the pod IP. You probably want to set
+                                                  "Host" in httpHeaders instead.
+                                                type: string
+                                              httpHeaders:
+                                                description: Custom
+                                                  headers
+                                                  to
+                                                  set
+                                                  in
+                                                  the
+                                                  request.
+                                                  HTTP
+                                                  allows
+                                                  repeated
+                                                  headers.
+                                                items:
+                                                  description: HTTPHeader
+                                                    describes
+                                                    a
+                                                    custom
+                                                    header
+                                                    to
+                                                    be
+                                                    used
+                                                    in
+                                                    HTTP
+                                                    probes
+                                                  properties:
+                                                    name:
+                                                      description: |-
+                                                        The header field name.
+                                                        This will be canonicalized upon output, so case-variant names will be understood as the same header.
+                                                      type: string
+                                                    value:
+                                                      description: The
+                                                        header
+                                                        field
+                                                        value
+                                                      type: string
+                                                  required:
+                                                    - name
+                                                    - value
+                                                  type: object
+                                                type: array
+                                                x-kubernetes-list-type: atomic
+                                              path:
+                                                description: Path
+                                                  to
+                                                  access
+                                                  on
+                                                  the
+                                                  HTTP
+                                                  server.
+                                                type: string
+                                              port:
+                                                anyOf:
+                                                  - type: integer
+                                                  - type: string
+                                                description: |-
+                                                  Name or number of the port to access on the container.
+                                                  Number must be in the range 1 to 65535.
+                                                  Name must be an IANA_SVC_NAME.
+                                                x-kubernetes-int-or-string: true
+                                              scheme:
+                                                description: |-
+                                                  Scheme to use for connecting to the host.
+                                                  Defaults to HTTP.
+                                                type: string
+                                            required:
+                                              - port
+                                            type: object
+                                          initialDelaySeconds:
+                                            description: |-
+                                              Number of seconds after the container has started before liveness probes are initiated.
+                                              More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+                                            format: int32
+                                            type: integer
+                                          periodSeconds:
+                                            description: |-
+                                              How often (in seconds) to perform the probe.
+                                              Default to 10 seconds. Minimum value is 1.
+                                            format: int32
+                                            type: integer
+                                          successThreshold:
+                                            description: |-
+                                              Minimum consecutive successes for the probe to be considered successful after having failed.
+                                              Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.
+                                            format: int32
+                                            type: integer
+                                          tcpSocket:
+                                            description: TCPSocket
+                                              specifies
+                                              an
+                                              action
+                                              involving
+                                              a
+                                              TCP
+                                              port.
+                                            properties:
+                                              host:
+                                                description: "Optional:
+                                                  Host
+                                                  name
+                                                  to
+                                                  connect
+                                                  to,
+                                                  defaults
+                                                  to
+                                                  the
+                                                  pod
+                                                  IP."
+                                                type: string
+                                              port:
+                                                anyOf:
+                                                  - type: integer
+                                                  - type: string
+                                                description: |-
+                                                  Number or name of the port to access on the container.
+                                                  Number must be in the range 1 to 65535.
+                                                  Name must be an IANA_SVC_NAME.
+                                                x-kubernetes-int-or-string: true
+                                            required:
+                                              - port
+                                            type: object
+                                          terminationGracePeriodSeconds:
+                                            description: |-
+                                              Optional duration in seconds the pod needs to terminate gracefully upon probe failure.
+                                              The grace period is the duration in seconds after the processes running in the pod are sent
+                                              a termination signal and the time when the processes are forcibly halted with a kill signal.
+                                              Set this value longer than the expected cleanup time for your process.
+                                              If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this
+                                              value overrides the value provided by the pod spec.
+                                              Value must be non-negative integer. The value zero indicates stop immediately via
+                                              the kill signal (no opportunity to shut down).
+                                              This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate.
+                                              Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.
+                                            format: int64
+                                            type: integer
+                                          timeoutSeconds:
+                                            description: |-
+                                              Number of seconds after which the probe times out.
+                                              Defaults to 1 second. Minimum value is 1.
+                                              More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+                                            format: int32
+                                            type: integer
+                                        type: object
+                                      stdin:
+                                        description: |-
+                                          Whether this container should allocate a buffer for stdin in the container runtime. If this
+                                          is not set, reads from stdin in the container will always result in EOF.
+                                          Default is false.
+                                        type: boolean
+                                      stdinOnce:
+                                        description: |-
+                                          Whether the container runtime should close the stdin channel after it has been opened by
+                                          a single attach. When stdin is true the stdin stream will remain open across multiple attach
+                                          sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the
+                                          first client attaches to stdin, and then remains open and accepts data until the client disconnects,
+                                          at which time stdin is closed and remains closed until the container is restarted. If this
+                                          flag is false, a container processes that reads from stdin will never receive an EOF.
+                                          Default is false
+                                        type: boolean
+                                      terminationMessagePath:
+                                        description: |-
+                                          Optional: Path at which the file to which the container's termination message
+                                          will be written is mounted into the container's filesystem.
+                                          Message written is intended to be brief final status, such as an assertion failure message.
+                                          Will be truncated by the node if greater than 4096 bytes. The total message length across
+                                          all containers will be limited to 12kb.
+                                          Defaults to /dev/termination-log.
+                                          Cannot be updated.
+                                        type: string
+                                      terminationMessagePolicy:
+                                        description: |-
+                                          Indicate how the termination message should be populated. File will use the contents of
+                                          terminationMessagePath to populate the container status message on both success and failure.
+                                          FallbackToLogsOnError will use the last chunk of container log output if the termination
+                                          message file is empty and the container exited with an error.
+                                          The log output is limited to 2048 bytes or 80 lines, whichever is smaller.
+                                          Defaults to File.
+                                          Cannot be updated.
+                                        type: string
+                                      tty:
+                                        description: |-
+                                          Whether this container should allocate a TTY for itself, also requires 'stdin' to be true.
+                                          Default is false.
+                                        type: boolean
+                                      volumeDevices:
+                                        description: volumeDevices
+                                          is
+                                          the
+                                          list
+                                          of
+                                          block
+                                          devices
+                                          to
+                                          be
+                                          used
+                                          by
+                                          the
+                                          container.
+                                        items:
+                                          description: volumeDevice
+                                            describes
+                                            a
+                                            mapping
+                                            of
+                                            a
+                                            raw
+                                            block
+                                            device
+                                            within
+                                            a
+                                            container.
+                                          properties:
+                                            devicePath:
+                                              description: devicePath
+                                                is
+                                                the
+                                                path
+                                                inside
+                                                of
+                                                the
+                                                container
+                                                that
+                                                the
+                                                device
+                                                will
+                                                be
+                                                mapped
+                                                to.
+                                              type: string
+                                            name:
+                                              description: name
+                                                must
+                                                match
+                                                the
+                                                name
+                                                of
+                                                a
+                                                persistentVolumeClaim
+                                                in
+                                                the
+                                                pod
+                                              type: string
+                                          required:
+                                            - devicePath
+                                            - name
+                                          type: object
+                                        type: array
+                                        x-kubernetes-list-map-keys:
+                                          - devicePath
+                                        x-kubernetes-list-type: map
+                                      volumeMounts:
+                                        description: |-
+                                          Pod volumes to mount into the container's filesystem.
+                                          Cannot be updated.
+                                        items:
+                                          description: VolumeMount
+                                            describes
+                                            a
+                                            mounting
+                                            of
+                                            a
+                                            Volume
+                                            within
+                                            a
+                                            container.
+                                          properties:
+                                            mountPath:
+                                              description: |-
+                                                Path within the container at which the volume should be mounted.  Must
+                                                not contain ':'.
+                                              type: string
+                                            mountPropagation:
+                                              description: |-
+                                                mountPropagation determines how mounts are propagated from the host
+                                                to container and the other way around.
+                                                When not set, MountPropagationNone is used.
+                                                This field is beta in 1.10.
+                                                When RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified
+                                                (which defaults to None).
+                                              type: string
+                                            name:
+                                              description: This
+                                                must
+                                                match
+                                                the
+                                                Name
+                                                of
+                                                a
+                                                Volume.
+                                              type: string
+                                            readOnly:
+                                              description: |-
+                                                Mounted read-only if true, read-write otherwise (false or unspecified).
+                                                Defaults to false.
+                                              type: boolean
+                                            recursiveReadOnly:
+                                              description: |-
+                                                RecursiveReadOnly specifies whether read-only mounts should be handled
+                                                recursively.
+
+
+                                                If ReadOnly is false, this field has no meaning and must be unspecified.
+
+
+                                                If ReadOnly is true, and this field is set to Disabled, the mount is not made
+                                                recursively read-only.  If this field is set to IfPossible, the mount is made
+                                                recursively read-only, if it is supported by the container runtime.  If this
+                                                field is set to Enabled, the mount is made recursively read-only if it is
+                                                supported by the container runtime, otherwise the pod will not be started and
+                                                an error will be generated to indicate the reason.
+
+
+                                                If this field is set to IfPossible or Enabled, MountPropagation must be set to
+                                                None (or be unspecified, which defaults to None).
+
+
+                                                If this field is not specified, it is treated as an equivalent of Disabled.
+                                              type: string
+                                            subPath:
+                                              description: |-
+                                                Path within the volume from which the container's volume should be mounted.
+                                                Defaults to "" (volume's root).
+                                              type: string
+                                            subPathExpr:
+                                              description: |-
+                                                Expanded path within the volume from which the container's volume should be mounted.
+                                                Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment.
+                                                Defaults to "" (volume's root).
+                                                SubPathExpr and SubPath are mutually exclusive.
+                                              type: string
+                                          required:
+                                            - mountPath
+                                            - name
+                                          type: object
+                                        type: array
+                                        x-kubernetes-list-map-keys:
+                                          - mountPath
+                                        x-kubernetes-list-type: map
+                                      workingDir:
+                                        description: |-
+                                          Container's working directory.
+                                          If not specified, the container runtime's default will be used, which
+                                          might be configured in the container image.
+                                          Cannot be updated.
+                                        type: string
+                                    required:
+                                      - name
+                                    type: object
+                                  type: array
+                                dnsConfig:
+                                  description: Specifies
+                                    the DNS parameters
+                                    of a pod.
+                                  properties:
+                                    nameservers:
+                                      description: |-
+                                        A list of DNS name server IP addresses.
+                                        This will be appended to the base nameservers generated from DNSPolicy.
+                                        Duplicated nameservers will be removed.
+                                      items:
+                                        type: string
+                                      type: array
+                                      x-kubernetes-list-type: atomic
+                                    options:
+                                      description: |-
+                                        A list of DNS resolver options.
+                                        This will be merged with the base options generated from DNSPolicy.
+                                        Duplicated entries will be removed. Resolution options given in Options
+                                        will override those that appear in the base DNSPolicy.
+                                      items:
+                                        description: PodDNSConfigOption
+                                          defines
+                                          DNS
+                                          resolver
+                                          options
+                                          of
+                                          a
+                                          pod.
+                                        properties:
+                                          name:
+                                            description: Required.
+                                            type: string
+                                          value:
+                                            type: string
+                                        type: object
+                                      type: array
+                                      x-kubernetes-list-type: atomic
+                                    searches:
+                                      description: |-
+                                        A list of DNS search domains for host-name lookup.
+                                        This will be appended to the base search paths generated from DNSPolicy.
+                                        Duplicated search paths will be removed.
+                                      items:
+                                        type: string
+                                      type: array
+                                      x-kubernetes-list-type: atomic
+                                  type: object
+                                dnsPolicy:
+                                  description: |-
+                                    Set DNS policy for the pod.
+                                    Defaults to "ClusterFirst". (default: ClusterFirst)
+                                    Valid values are 'ClusterFirstWithHostNet', 'ClusterFirst', 'Default' or 'None'.
+                                  type: string
+                                enableServiceLinks:
+                                  description: |-
+                                    EnableServiceLinks indicates whether information about services should be injected into pod's
+                                    environment variables, matching the syntax of Docker links.
+                                    Optional: Defaults to true. (default: true)
+                                  type: boolean
+                                ephemeralContainers:
+                                  description: List
+                                    of ephemeral containers
+                                    run in this pod.
+                                  items:
+                                    description: |-
+                                      An EphemeralContainer is a temporary container that you may add to an existing Pod for
+                                      user-initiated activities such as debugging. Ephemeral containers have no resource or
+                                      scheduling guarantees, and they will not be restarted when they exit or when a Pod is
+                                      removed or restarted. The kubelet may evict a Pod if an ephemeral container causes the
+                                      Pod to exceed its resource allocation.
+
+
+                                      To add an ephemeral container, use the ephemeralcontainers subresource of an existing
+                                      Pod. Ephemeral containers may not be removed or restarted.
+                                    properties:
+                                      args:
+                                        description: |-
+                                          Arguments to the entrypoint.
+                                          The image's CMD is used if this is not provided.
+                                          Variable references $(VAR_NAME) are expanded using the container's environment. If a variable
+                                          cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced
+                                          to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will
+                                          produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless
+                                          of whether the variable exists or not. Cannot be updated.
+                                          More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell
+                                        items:
+                                          type: string
+                                        type: array
+                                        x-kubernetes-list-type: atomic
+                                      command:
+                                        description: |-
+                                          Entrypoint array. Not executed within a shell.
+                                          The image's ENTRYPOINT is used if this is not provided.
+                                          Variable references $(VAR_NAME) are expanded using the container's environment. If a variable
+                                          cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced
+                                          to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will
+                                          produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless
+                                          of whether the variable exists or not. Cannot be updated.
+                                          More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell
+                                        items:
+                                          type: string
+                                        type: array
+                                        x-kubernetes-list-type: atomic
+                                      env:
+                                        description: |-
+                                          List of environment variables to set in the container.
+                                          Cannot be updated.
+                                        items:
+                                          description: EnvVar
+                                            represents
+                                            an
+                                            environment
+                                            variable
+                                            present
+                                            in
+                                            a
+                                            Container.
+                                          properties:
+                                            name:
+                                              description: Name
+                                                of
+                                                the
+                                                environment
+                                                variable.
+                                                Must
+                                                be
+                                                a
+                                                C_IDENTIFIER.
+                                              type: string
+                                            value:
+                                              description: |-
+                                                Variable references $(VAR_NAME) are expanded
+                                                using the previously defined environment variables in the container and
+                                                any service environment variables. If a variable cannot be resolved,
+                                                the reference in the input string will be unchanged. Double $$ are reduced
+                                                to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e.
+                                                "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)".
+                                                Escaped references will never be expanded, regardless of whether the variable
+                                                exists or not.
+                                                Defaults to "".
+                                              type: string
+                                            valueFrom:
+                                              description: Source
+                                                for
+                                                the
+                                                environment
+                                                variable's
+                                                value.
+                                                Cannot
+                                                be
+                                                used
+                                                if
+                                                value
+                                                is
+                                                not
+                                                empty.
+                                              properties:
+                                                configMapKeyRef:
+                                                  description: Selects
+                                                    a
+                                                    key
+                                                    of
+                                                    a
+                                                    ConfigMap.
+                                                  properties:
+                                                    key:
+                                                      description: The
+                                                        key
+                                                        to
+                                                        select.
+                                                      type: string
+                                                    name:
+                                                      default: ""
+                                                      description: |-
+                                                        Name of the referent.
+                                                        This field is effectively required, but due to backwards compatibility is
+                                                        allowed to be empty. Instances of this type with an empty value here are
+                                                        almost certainly wrong.
+                                                        TODO: Add other useful fields. apiVersion, kind, uid?
+                                                        More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+                                                        TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
+                                                      type: string
+                                                    optional:
+                                                      description: Specify
+                                                        whether
+                                                        the
+                                                        ConfigMap
+                                                        or
+                                                        its
+                                                        key
+                                                        must
+                                                        be
+                                                        defined
+                                                      type: boolean
+                                                  required:
+                                                    - key
+                                                  type: object
+                                                  x-kubernetes-map-type: atomic
+                                                fieldRef:
+                                                  description: |-
+                                                    Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['<KEY>']`, `metadata.annotations['<KEY>']`,
+                                                    spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.
+                                                  properties:
+                                                    apiVersion:
+                                                      description: Version
+                                                        of
+                                                        the
+                                                        schema
+                                                        the
+                                                        FieldPath
+                                                        is
+                                                        written
+                                                        in
+                                                        terms
+                                                        of,
+                                                        defaults
+                                                        to
+                                                        "v1".
+                                                      type: string
+                                                    fieldPath:
+                                                      description: Path
+                                                        of
+                                                        the
+                                                        field
+                                                        to
+                                                        select
+                                                        in
+                                                        the
+                                                        specified
+                                                        API
+                                                        version.
+                                                      type: string
+                                                  required:
+                                                    - fieldPath
+                                                  type: object
+                                                  x-kubernetes-map-type: atomic
+                                                resourceFieldRef:
+                                                  description: |-
+                                                    Selects a resource of the container: only resources limits and requests
+                                                    (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.
+                                                  properties:
+                                                    containerName:
+                                                      description: "Container
+                                                        name:
+                                                        required
+                                                        for
+                                                        volumes,
+                                                        optional
+                                                        for
+                                                        env
+                                                        vars"
+                                                      type: string
+                                                    divisor:
+                                                      anyOf:
+                                                        - type: integer
+                                                        - type: string
+                                                      description: Specifies
+                                                        the
+                                                        output
+                                                        format
+                                                        of
+                                                        the
+                                                        exposed
+                                                        resources,
+                                                        defaults
+                                                        to
+                                                        "1"
+                                                      pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                                      x-kubernetes-int-or-string: true
+                                                    resource:
+                                                      description: "Required:
+                                                        resource
+                                                        to
+                                                        select"
+                                                      type: string
+                                                  required:
+                                                    - resource
+                                                  type: object
+                                                  x-kubernetes-map-type: atomic
+                                                secretKeyRef:
+                                                  description: Selects
+                                                    a
+                                                    key
+                                                    of
+                                                    a
+                                                    secret
+                                                    in
+                                                    the
+                                                    pod's
+                                                    namespace
+                                                  properties:
+                                                    key:
+                                                      description: The
+                                                        key
+                                                        of
+                                                        the
+                                                        secret
+                                                        to
+                                                        select
+                                                        from.  Must
+                                                        be
+                                                        a
+                                                        valid
+                                                        secret
+                                                        key.
+                                                      type: string
+                                                    name:
+                                                      default: ""
+                                                      description: |-
+                                                        Name of the referent.
+                                                        This field is effectively required, but due to backwards compatibility is
+                                                        allowed to be empty. Instances of this type with an empty value here are
+                                                        almost certainly wrong.
+                                                        TODO: Add other useful fields. apiVersion, kind, uid?
+                                                        More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+                                                        TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
+                                                      type: string
+                                                    optional:
+                                                      description: Specify
+                                                        whether
+                                                        the
+                                                        Secret
+                                                        or
+                                                        its
+                                                        key
+                                                        must
+                                                        be
+                                                        defined
+                                                      type: boolean
+                                                  required:
+                                                    - key
+                                                  type: object
+                                                  x-kubernetes-map-type: atomic
+                                              type: object
+                                          required:
+                                            - name
+                                          type: object
+                                        type: array
+                                        x-kubernetes-list-map-keys:
+                                          - name
+                                        x-kubernetes-list-type: map
+                                      envFrom:
+                                        description: |-
+                                          List of sources to populate environment variables in the container.
+                                          The keys defined within a source must be a C_IDENTIFIER. All invalid keys
+                                          will be reported as an event when the container is starting. When a key exists in multiple
+                                          sources, the value associated with the last source will take precedence.
+                                          Values defined by an Env with a duplicate key will take precedence.
+                                          Cannot be updated.
+                                        items:
+                                          description: EnvFromSource
+                                            represents
+                                            the
+                                            source
+                                            of
+                                            a
+                                            set
+                                            of
+                                            ConfigMaps
+                                          properties:
+                                            configMapRef:
+                                              description: The
+                                                ConfigMap
+                                                to
+                                                select
+                                                from
+                                              properties:
+                                                name:
+                                                  default: ""
+                                                  description: |-
+                                                    Name of the referent.
+                                                    This field is effectively required, but due to backwards compatibility is
+                                                    allowed to be empty. Instances of this type with an empty value here are
+                                                    almost certainly wrong.
+                                                    TODO: Add other useful fields. apiVersion, kind, uid?
+                                                    More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+                                                    TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
+                                                  type: string
+                                                optional:
+                                                  description: Specify
+                                                    whether
+                                                    the
+                                                    ConfigMap
+                                                    must
+                                                    be
+                                                    defined
+                                                  type: boolean
+                                              type: object
+                                              x-kubernetes-map-type: atomic
+                                            prefix:
+                                              description: An
+                                                optional
+                                                identifier
+                                                to
+                                                prepend
+                                                to
+                                                each
+                                                key
+                                                in
+                                                the
+                                                ConfigMap.
+                                                Must
+                                                be
+                                                a
+                                                C_IDENTIFIER.
+                                              type: string
+                                            secretRef:
+                                              description: The
+                                                Secret
+                                                to
+                                                select
+                                                from
+                                              properties:
+                                                name:
+                                                  default: ""
+                                                  description: |-
+                                                    Name of the referent.
+                                                    This field is effectively required, but due to backwards compatibility is
+                                                    allowed to be empty. Instances of this type with an empty value here are
+                                                    almost certainly wrong.
+                                                    TODO: Add other useful fields. apiVersion, kind, uid?
+                                                    More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+                                                    TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
+                                                  type: string
+                                                optional:
+                                                  description: Specify
+                                                    whether
+                                                    the
+                                                    Secret
+                                                    must
+                                                    be
+                                                    defined
+                                                  type: boolean
+                                              type: object
+                                              x-kubernetes-map-type: atomic
+                                          type: object
+                                        type: array
+                                        x-kubernetes-list-type: atomic
+                                      image:
+                                        description: |-
+                                          Container image name.
+                                          More info: https://kubernetes.io/docs/concepts/containers/images
+                                        type: string
+                                      imagePullPolicy:
+                                        description: |-
+                                          Image pull policy.
+                                          One of Always, Never, IfNotPresent.
+                                          Defaults to Always if :latest tag is specified, or IfNotPresent otherwise.
+                                          Cannot be updated.
+                                          More info: https://kubernetes.io/docs/concepts/containers/images#updating-images
+                                        type: string
+                                      lifecycle:
+                                        description: Lifecycle
+                                          is
+                                          not
+                                          allowed
+                                          for
+                                          ephemeral
+                                          containers.
+                                        properties:
+                                          postStart:
+                                            description: |-
+                                              PostStart is called immediately after a container is created. If the handler fails,
+                                              the container is terminated and restarted according to its restart policy.
+                                              Other management of the container blocks until the hook completes.
+                                              More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks
+                                            properties:
+                                              exec:
+                                                description: Exec
+                                                  specifies
+                                                  the
+                                                  action
+                                                  to
+                                                  take.
+                                                properties:
+                                                  command:
+                                                    description: |-
+                                                      Command is the command line to execute inside the container, the working directory for the
+                                                      command  is root ('/') in the container's filesystem. The command is simply exec'd, it is
+                                                      not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use
+                                                      a shell, you need to explicitly call out to that shell.
+                                                      Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
+                                                    items:
+                                                      type: string
+                                                    type: array
+                                                    x-kubernetes-list-type: atomic
+                                                type: object
+                                              httpGet:
+                                                description: HTTPGet
+                                                  specifies
+                                                  the
+                                                  http
+                                                  request
+                                                  to
+                                                  perform.
+                                                properties:
+                                                  host:
+                                                    description: |-
+                                                      Host name to connect to, defaults to the pod IP. You probably want to set
+                                                      "Host" in httpHeaders instead.
+                                                    type: string
+                                                  httpHeaders:
+                                                    description: Custom
+                                                      headers
+                                                      to
+                                                      set
+                                                      in
+                                                      the
+                                                      request.
+                                                      HTTP
+                                                      allows
+                                                      repeated
+                                                      headers.
+                                                    items:
+                                                      description: HTTPHeader
+                                                        describes
+                                                        a
+                                                        custom
+                                                        header
+                                                        to
+                                                        be
+                                                        used
+                                                        in
+                                                        HTTP
+                                                        probes
+                                                      properties:
+                                                        name:
+                                                          description: |-
+                                                            The header field name.
+                                                            This will be canonicalized upon output, so case-variant names will be understood as the same header.
+                                                          type: string
+                                                        value:
+                                                          description: The
+                                                            header
+                                                            field
+                                                            value
+                                                          type: string
+                                                      required:
+                                                        - name
+                                                        - value
+                                                      type: object
+                                                    type: array
+                                                    x-kubernetes-list-type: atomic
+                                                  path:
+                                                    description: Path
+                                                      to
+                                                      access
+                                                      on
+                                                      the
+                                                      HTTP
+                                                      server.
+                                                    type: string
+                                                  port:
+                                                    anyOf:
+                                                      - type: integer
+                                                      - type: string
+                                                    description: |-
+                                                      Name or number of the port to access on the container.
+                                                      Number must be in the range 1 to 65535.
+                                                      Name must be an IANA_SVC_NAME.
+                                                    x-kubernetes-int-or-string: true
+                                                  scheme:
+                                                    description: |-
+                                                      Scheme to use for connecting to the host.
+                                                      Defaults to HTTP.
+                                                    type: string
+                                                required:
+                                                  - port
+                                                type: object
+                                              sleep:
+                                                description: Sleep
+                                                  represents
+                                                  the
+                                                  duration
+                                                  that
+                                                  the
+                                                  container
+                                                  should
+                                                  sleep
+                                                  before
+                                                  being
+                                                  terminated.
+                                                properties:
+                                                  seconds:
+                                                    description: Seconds
+                                                      is
+                                                      the
+                                                      number
+                                                      of
+                                                      seconds
+                                                      to
+                                                      sleep.
+                                                    format: int64
+                                                    type: integer
+                                                required:
+                                                  - seconds
+                                                type: object
+                                              tcpSocket:
+                                                description: |-
+                                                  Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept
+                                                  for the backward compatibility. There are no validation of this field and
+                                                  lifecycle hooks will fail in runtime when tcp handler is specified.
+                                                properties:
+                                                  host:
+                                                    description: "Optional:
+                                                      Host
+                                                      name
+                                                      to
+                                                      connect
+                                                      to,
+                                                      defaults
+                                                      to
+                                                      the
+                                                      pod
+                                                      IP."
+                                                    type: string
+                                                  port:
+                                                    anyOf:
+                                                      - type: integer
+                                                      - type: string
+                                                    description: |-
+                                                      Number or name of the port to access on the container.
+                                                      Number must be in the range 1 to 65535.
+                                                      Name must be an IANA_SVC_NAME.
+                                                    x-kubernetes-int-or-string: true
+                                                required:
+                                                  - port
+                                                type: object
+                                            type: object
+                                          preStop:
+                                            description: |-
+                                              PreStop is called immediately before a container is terminated due to an
+                                              API request or management event such as liveness/startup probe failure,
+                                              preemption, resource contention, etc. The handler is not called if the
+                                              container crashes or exits. The Pod's termination grace period countdown begins before the
+                                              PreStop hook is executed. Regardless of the outcome of the handler, the
+                                              container will eventually terminate within the Pod's termination grace
+                                              period (unless delayed by finalizers). Other management of the container blocks until the hook completes
+                                              or until the termination grace period is reached.
+                                              More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks
+                                            properties:
+                                              exec:
+                                                description: Exec
+                                                  specifies
+                                                  the
+                                                  action
+                                                  to
+                                                  take.
+                                                properties:
+                                                  command:
+                                                    description: |-
+                                                      Command is the command line to execute inside the container, the working directory for the
+                                                      command  is root ('/') in the container's filesystem. The command is simply exec'd, it is
+                                                      not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use
+                                                      a shell, you need to explicitly call out to that shell.
+                                                      Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
+                                                    items:
+                                                      type: string
+                                                    type: array
+                                                    x-kubernetes-list-type: atomic
+                                                type: object
+                                              httpGet:
+                                                description: HTTPGet
+                                                  specifies
+                                                  the
+                                                  http
+                                                  request
+                                                  to
+                                                  perform.
+                                                properties:
+                                                  host:
+                                                    description: |-
+                                                      Host name to connect to, defaults to the pod IP. You probably want to set
+                                                      "Host" in httpHeaders instead.
+                                                    type: string
+                                                  httpHeaders:
+                                                    description: Custom
+                                                      headers
+                                                      to
+                                                      set
+                                                      in
+                                                      the
+                                                      request.
+                                                      HTTP
+                                                      allows
+                                                      repeated
+                                                      headers.
+                                                    items:
+                                                      description: HTTPHeader
+                                                        describes
+                                                        a
+                                                        custom
+                                                        header
+                                                        to
+                                                        be
+                                                        used
+                                                        in
+                                                        HTTP
+                                                        probes
+                                                      properties:
+                                                        name:
+                                                          description: |-
+                                                            The header field name.
+                                                            This will be canonicalized upon output, so case-variant names will be understood as the same header.
+                                                          type: string
+                                                        value:
+                                                          description: The
+                                                            header
+                                                            field
+                                                            value
+                                                          type: string
+                                                      required:
+                                                        - name
+                                                        - value
+                                                      type: object
+                                                    type: array
+                                                    x-kubernetes-list-type: atomic
+                                                  path:
+                                                    description: Path
+                                                      to
+                                                      access
+                                                      on
+                                                      the
+                                                      HTTP
+                                                      server.
+                                                    type: string
+                                                  port:
+                                                    anyOf:
+                                                      - type: integer
+                                                      - type: string
+                                                    description: |-
+                                                      Name or number of the port to access on the container.
+                                                      Number must be in the range 1 to 65535.
+                                                      Name must be an IANA_SVC_NAME.
+                                                    x-kubernetes-int-or-string: true
+                                                  scheme:
+                                                    description: |-
+                                                      Scheme to use for connecting to the host.
+                                                      Defaults to HTTP.
+                                                    type: string
+                                                required:
+                                                  - port
+                                                type: object
+                                              sleep:
+                                                description: Sleep
+                                                  represents
+                                                  the
+                                                  duration
+                                                  that
+                                                  the
+                                                  container
+                                                  should
+                                                  sleep
+                                                  before
+                                                  being
+                                                  terminated.
+                                                properties:
+                                                  seconds:
+                                                    description: Seconds
+                                                      is
+                                                      the
+                                                      number
+                                                      of
+                                                      seconds
+                                                      to
+                                                      sleep.
+                                                    format: int64
+                                                    type: integer
+                                                required:
+                                                  - seconds
+                                                type: object
+                                              tcpSocket:
+                                                description: |-
+                                                  Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept
+                                                  for the backward compatibility. There are no validation of this field and
+                                                  lifecycle hooks will fail in runtime when tcp handler is specified.
+                                                properties:
+                                                  host:
+                                                    description: "Optional:
+                                                      Host
+                                                      name
+                                                      to
+                                                      connect
+                                                      to,
+                                                      defaults
+                                                      to
+                                                      the
+                                                      pod
+                                                      IP."
+                                                    type: string
+                                                  port:
+                                                    anyOf:
+                                                      - type: integer
+                                                      - type: string
+                                                    description: |-
+                                                      Number or name of the port to access on the container.
+                                                      Number must be in the range 1 to 65535.
+                                                      Name must be an IANA_SVC_NAME.
+                                                    x-kubernetes-int-or-string: true
+                                                required:
+                                                  - port
+                                                type: object
+                                            type: object
+                                        type: object
+                                      livenessProbe:
+                                        description: Probes
+                                          are
+                                          not
+                                          allowed
+                                          for
+                                          ephemeral
+                                          containers.
+                                        properties:
+                                          exec:
+                                            description: Exec
+                                              specifies
+                                              the
+                                              action
+                                              to
+                                              take.
+                                            properties:
+                                              command:
+                                                description: |-
+                                                  Command is the command line to execute inside the container, the working directory for the
+                                                  command  is root ('/') in the container's filesystem. The command is simply exec'd, it is
+                                                  not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use
+                                                  a shell, you need to explicitly call out to that shell.
+                                                  Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
+                                                items:
+                                                  type: string
+                                                type: array
+                                                x-kubernetes-list-type: atomic
+                                            type: object
+                                          failureThreshold:
+                                            description: |-
+                                              Minimum consecutive failures for the probe to be considered failed after having succeeded.
+                                              Defaults to 3. Minimum value is 1.
+                                            format: int32
+                                            type: integer
+                                          grpc:
+                                            description: GRPC
+                                              specifies
+                                              an
+                                              action
+                                              involving
+                                              a
+                                              GRPC
+                                              port.
+                                            properties:
+                                              port:
+                                                description: Port
+                                                  number
+                                                  of
+                                                  the
+                                                  gRPC
+                                                  service.
+                                                  Number
+                                                  must
+                                                  be
+                                                  in
+                                                  the
+                                                  range
+                                                  1
+                                                  to
+                                                  65535.
+                                                format: int32
+                                                type: integer
+                                              service:
+                                                description: |-
+                                                  Service is the name of the service to place in the gRPC HealthCheckRequest
+                                                  (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
+
+
+                                                  If this is not specified, the default behavior is defined by gRPC.
+                                                type: string
+                                            required:
+                                              - port
+                                            type: object
+                                          httpGet:
+                                            description: HTTPGet
+                                              specifies
+                                              the
+                                              http
+                                              request
+                                              to
+                                              perform.
+                                            properties:
+                                              host:
+                                                description: |-
+                                                  Host name to connect to, defaults to the pod IP. You probably want to set
+                                                  "Host" in httpHeaders instead.
+                                                type: string
+                                              httpHeaders:
+                                                description: Custom
+                                                  headers
+                                                  to
+                                                  set
+                                                  in
+                                                  the
+                                                  request.
+                                                  HTTP
+                                                  allows
+                                                  repeated
+                                                  headers.
+                                                items:
+                                                  description: HTTPHeader
+                                                    describes
+                                                    a
+                                                    custom
+                                                    header
+                                                    to
+                                                    be
+                                                    used
+                                                    in
+                                                    HTTP
+                                                    probes
+                                                  properties:
+                                                    name:
+                                                      description: |-
+                                                        The header field name.
+                                                        This will be canonicalized upon output, so case-variant names will be understood as the same header.
+                                                      type: string
+                                                    value:
+                                                      description: The
+                                                        header
+                                                        field
+                                                        value
+                                                      type: string
+                                                  required:
+                                                    - name
+                                                    - value
+                                                  type: object
+                                                type: array
+                                                x-kubernetes-list-type: atomic
+                                              path:
+                                                description: Path
+                                                  to
+                                                  access
+                                                  on
+                                                  the
+                                                  HTTP
+                                                  server.
+                                                type: string
+                                              port:
+                                                anyOf:
+                                                  - type: integer
+                                                  - type: string
+                                                description: |-
+                                                  Name or number of the port to access on the container.
+                                                  Number must be in the range 1 to 65535.
+                                                  Name must be an IANA_SVC_NAME.
+                                                x-kubernetes-int-or-string: true
+                                              scheme:
+                                                description: |-
+                                                  Scheme to use for connecting to the host.
+                                                  Defaults to HTTP.
+                                                type: string
+                                            required:
+                                              - port
+                                            type: object
+                                          initialDelaySeconds:
+                                            description: |-
+                                              Number of seconds after the container has started before liveness probes are initiated.
+                                              More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+                                            format: int32
+                                            type: integer
+                                          periodSeconds:
+                                            description: |-
+                                              How often (in seconds) to perform the probe.
+                                              Default to 10 seconds. Minimum value is 1.
+                                            format: int32
+                                            type: integer
+                                          successThreshold:
+                                            description: |-
+                                              Minimum consecutive successes for the probe to be considered successful after having failed.
+                                              Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.
+                                            format: int32
+                                            type: integer
+                                          tcpSocket:
+                                            description: TCPSocket
+                                              specifies
+                                              an
+                                              action
+                                              involving
+                                              a
+                                              TCP
+                                              port.
+                                            properties:
+                                              host:
+                                                description: "Optional:
+                                                  Host
+                                                  name
+                                                  to
+                                                  connect
+                                                  to,
+                                                  defaults
+                                                  to
+                                                  the
+                                                  pod
+                                                  IP."
+                                                type: string
+                                              port:
+                                                anyOf:
+                                                  - type: integer
+                                                  - type: string
+                                                description: |-
+                                                  Number or name of the port to access on the container.
+                                                  Number must be in the range 1 to 65535.
+                                                  Name must be an IANA_SVC_NAME.
+                                                x-kubernetes-int-or-string: true
+                                            required:
+                                              - port
+                                            type: object
+                                          terminationGracePeriodSeconds:
+                                            description: |-
+                                              Optional duration in seconds the pod needs to terminate gracefully upon probe failure.
+                                              The grace period is the duration in seconds after the processes running in the pod are sent
+                                              a termination signal and the time when the processes are forcibly halted with a kill signal.
+                                              Set this value longer than the expected cleanup time for your process.
+                                              If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this
+                                              value overrides the value provided by the pod spec.
+                                              Value must be non-negative integer. The value zero indicates stop immediately via
+                                              the kill signal (no opportunity to shut down).
+                                              This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate.
+                                              Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.
+                                            format: int64
+                                            type: integer
+                                          timeoutSeconds:
+                                            description: |-
+                                              Number of seconds after which the probe times out.
+                                              Defaults to 1 second. Minimum value is 1.
+                                              More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+                                            format: int32
+                                            type: integer
+                                        type: object
+                                      name:
+                                        description: |-
+                                          Name of the ephemeral container specified as a DNS_LABEL.
+                                          This name must be unique among all containers, init containers and ephemeral containers.
+                                        type: string
+                                      ports:
+                                        description: Ports
+                                          are
+                                          not
+                                          allowed
+                                          for
+                                          ephemeral
+                                          containers.
+                                        items:
+                                          description: ContainerPort
+                                            represents
+                                            a
+                                            network
+                                            port
+                                            in
+                                            a
+                                            single
+                                            container.
+                                          properties:
+                                            containerPort:
+                                              description: |-
+                                                Number of port to expose on the pod's IP address.
+                                                This must be a valid port number, 0 < x < 65536.
+                                              format: int32
+                                              type: integer
+                                            hostIP:
+                                              description: What
+                                                host
+                                                IP
+                                                to
+                                                bind
+                                                the
+                                                external
+                                                port
+                                                to.
+                                              type: string
+                                            hostPort:
+                                              description: |-
+                                                Number of port to expose on the host.
+                                                If specified, this must be a valid port number, 0 < x < 65536.
+                                                If HostNetwork is specified, this must match ContainerPort.
+                                                Most containers do not need this.
+                                              format: int32
+                                              type: integer
+                                            name:
+                                              description: |-
+                                                If specified, this must be an IANA_SVC_NAME and unique within the pod. Each
+                                                named port in a pod must have a unique name. Name for the port that can be
+                                                referred to by services.
+                                              type: string
+                                            protocol:
+                                              default: TCP
+                                              description: |-
+                                                Protocol for port. Must be UDP, TCP, or SCTP.
+                                                Defaults to "TCP".
+                                              type: string
+                                          required:
+                                            - containerPort
+                                          type: object
+                                        type: array
+                                        x-kubernetes-list-map-keys:
+                                          - containerPort
+                                          - protocol
+                                        x-kubernetes-list-type: map
+                                      readinessProbe:
+                                        description: Probes
+                                          are
+                                          not
+                                          allowed
+                                          for
+                                          ephemeral
+                                          containers.
+                                        properties:
+                                          exec:
+                                            description: Exec
+                                              specifies
+                                              the
+                                              action
+                                              to
+                                              take.
+                                            properties:
+                                              command:
+                                                description: |-
+                                                  Command is the command line to execute inside the container, the working directory for the
+                                                  command  is root ('/') in the container's filesystem. The command is simply exec'd, it is
+                                                  not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use
+                                                  a shell, you need to explicitly call out to that shell.
+                                                  Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
+                                                items:
+                                                  type: string
+                                                type: array
+                                                x-kubernetes-list-type: atomic
+                                            type: object
+                                          failureThreshold:
+                                            description: |-
+                                              Minimum consecutive failures for the probe to be considered failed after having succeeded.
+                                              Defaults to 3. Minimum value is 1.
+                                            format: int32
+                                            type: integer
+                                          grpc:
+                                            description: GRPC
+                                              specifies
+                                              an
+                                              action
+                                              involving
+                                              a
+                                              GRPC
+                                              port.
+                                            properties:
+                                              port:
+                                                description: Port
+                                                  number
+                                                  of
+                                                  the
+                                                  gRPC
+                                                  service.
+                                                  Number
+                                                  must
+                                                  be
+                                                  in
+                                                  the
+                                                  range
+                                                  1
+                                                  to
+                                                  65535.
+                                                format: int32
+                                                type: integer
+                                              service:
+                                                description: |-
+                                                  Service is the name of the service to place in the gRPC HealthCheckRequest
+                                                  (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
+
+
+                                                  If this is not specified, the default behavior is defined by gRPC.
+                                                type: string
+                                            required:
+                                              - port
+                                            type: object
+                                          httpGet:
+                                            description: HTTPGet
+                                              specifies
+                                              the
+                                              http
+                                              request
+                                              to
+                                              perform.
+                                            properties:
+                                              host:
+                                                description: |-
+                                                  Host name to connect to, defaults to the pod IP. You probably want to set
+                                                  "Host" in httpHeaders instead.
+                                                type: string
+                                              httpHeaders:
+                                                description: Custom
+                                                  headers
+                                                  to
+                                                  set
+                                                  in
+                                                  the
+                                                  request.
+                                                  HTTP
+                                                  allows
+                                                  repeated
+                                                  headers.
+                                                items:
+                                                  description: HTTPHeader
+                                                    describes
+                                                    a
+                                                    custom
+                                                    header
+                                                    to
+                                                    be
+                                                    used
+                                                    in
+                                                    HTTP
+                                                    probes
+                                                  properties:
+                                                    name:
+                                                      description: |-
+                                                        The header field name.
+                                                        This will be canonicalized upon output, so case-variant names will be understood as the same header.
+                                                      type: string
+                                                    value:
+                                                      description: The
+                                                        header
+                                                        field
+                                                        value
+                                                      type: string
+                                                  required:
+                                                    - name
+                                                    - value
+                                                  type: object
+                                                type: array
+                                                x-kubernetes-list-type: atomic
+                                              path:
+                                                description: Path
+                                                  to
+                                                  access
+                                                  on
+                                                  the
+                                                  HTTP
+                                                  server.
+                                                type: string
+                                              port:
+                                                anyOf:
+                                                  - type: integer
+                                                  - type: string
+                                                description: |-
+                                                  Name or number of the port to access on the container.
+                                                  Number must be in the range 1 to 65535.
+                                                  Name must be an IANA_SVC_NAME.
+                                                x-kubernetes-int-or-string: true
+                                              scheme:
+                                                description: |-
+                                                  Scheme to use for connecting to the host.
+                                                  Defaults to HTTP.
+                                                type: string
+                                            required:
+                                              - port
+                                            type: object
+                                          initialDelaySeconds:
+                                            description: |-
+                                              Number of seconds after the container has started before liveness probes are initiated.
+                                              More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+                                            format: int32
+                                            type: integer
+                                          periodSeconds:
+                                            description: |-
+                                              How often (in seconds) to perform the probe.
+                                              Default to 10 seconds. Minimum value is 1.
+                                            format: int32
+                                            type: integer
+                                          successThreshold:
+                                            description: |-
+                                              Minimum consecutive successes for the probe to be considered successful after having failed.
+                                              Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.
+                                            format: int32
+                                            type: integer
+                                          tcpSocket:
+                                            description: TCPSocket
+                                              specifies
+                                              an
+                                              action
+                                              involving
+                                              a
+                                              TCP
+                                              port.
+                                            properties:
+                                              host:
+                                                description: "Optional:
+                                                  Host
+                                                  name
+                                                  to
+                                                  connect
+                                                  to,
+                                                  defaults
+                                                  to
+                                                  the
+                                                  pod
+                                                  IP."
+                                                type: string
+                                              port:
+                                                anyOf:
+                                                  - type: integer
+                                                  - type: string
+                                                description: |-
+                                                  Number or name of the port to access on the container.
+                                                  Number must be in the range 1 to 65535.
+                                                  Name must be an IANA_SVC_NAME.
+                                                x-kubernetes-int-or-string: true
+                                            required:
+                                              - port
+                                            type: object
+                                          terminationGracePeriodSeconds:
+                                            description: |-
+                                              Optional duration in seconds the pod needs to terminate gracefully upon probe failure.
+                                              The grace period is the duration in seconds after the processes running in the pod are sent
+                                              a termination signal and the time when the processes are forcibly halted with a kill signal.
+                                              Set this value longer than the expected cleanup time for your process.
+                                              If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this
+                                              value overrides the value provided by the pod spec.
+                                              Value must be non-negative integer. The value zero indicates stop immediately via
+                                              the kill signal (no opportunity to shut down).
+                                              This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate.
+                                              Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.
+                                            format: int64
+                                            type: integer
+                                          timeoutSeconds:
+                                            description: |-
+                                              Number of seconds after which the probe times out.
+                                              Defaults to 1 second. Minimum value is 1.
+                                              More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+                                            format: int32
+                                            type: integer
+                                        type: object
+                                      resizePolicy:
+                                        description: Resources
+                                          resize
+                                          policy
+                                          for
+                                          the
+                                          container.
+                                        items:
+                                          description: ContainerResizePolicy
+                                            represents
+                                            resource
+                                            resize
+                                            policy
+                                            for
+                                            the
+                                            container.
+                                          properties:
+                                            resourceName:
+                                              description: |-
+                                                Name of the resource to which this resource resize policy applies.
+                                                Supported values: cpu, memory.
+                                              type: string
+                                            restartPolicy:
+                                              description: |-
+                                                Restart policy to apply when specified resource is resized.
+                                                If not specified, it defaults to NotRequired.
+                                              type: string
+                                          required:
+                                            - resourceName
+                                            - restartPolicy
+                                          type: object
+                                        type: array
+                                        x-kubernetes-list-type: atomic
+                                      resources:
+                                        description: |-
+                                          Resources are not allowed for ephemeral containers. Ephemeral containers use spare resources
+                                          already allocated to the pod.
+                                        properties:
+                                          claims:
+                                            description: |-
+                                              Claims lists the names of resources, defined in spec.resourceClaims,
+                                              that are used by this container.
+
+
+                                              This is an alpha field and requires enabling the
+                                              DynamicResourceAllocation feature gate.
+
+
+                                              This field is immutable. It can only be set for containers.
+                                            items:
+                                              description: ResourceClaim
+                                                references
+                                                one
+                                                entry
+                                                in
+                                                PodSpec.ResourceClaims.
+                                              properties:
+                                                name:
+                                                  description: |-
+                                                    Name must match the name of one entry in pod.spec.resourceClaims of
+                                                    the Pod where this field is used. It makes that resource available
+                                                    inside a container.
+                                                  type: string
+                                              required:
+                                                - name
+                                              type: object
+                                            type: array
+                                            x-kubernetes-list-map-keys:
+                                              - name
+                                            x-kubernetes-list-type: map
+                                          limits:
+                                            additionalProperties:
+                                              anyOf:
+                                                - type: integer
+                                                - type: string
+                                              pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                              x-kubernetes-int-or-string: true
+                                            description: |-
+                                              Limits describes the maximum amount of compute resources allowed.
+                                              More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+                                            type: object
+                                          requests:
+                                            additionalProperties:
+                                              anyOf:
+                                                - type: integer
+                                                - type: string
+                                              pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                              x-kubernetes-int-or-string: true
+                                            description: |-
+                                              Requests describes the minimum amount of compute resources required.
+                                              If Requests is omitted for a container, it defaults to Limits if that is explicitly specified,
+                                              otherwise to an implementation-defined value. Requests cannot exceed Limits.
+                                              More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+                                            type: object
+                                        type: object
+                                      restartPolicy:
+                                        description: |-
+                                          Restart policy for the container to manage the restart behavior of each
+                                          container within a pod.
+                                          This may only be set for init containers. You cannot set this field on
+                                          ephemeral containers.
+                                        type: string
+                                      securityContext:
+                                        description: |-
+                                          Optional: SecurityContext defines the security options the ephemeral container should be run with.
+                                          If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext.
+                                        properties:
+                                          allowPrivilegeEscalation:
+                                            description: |-
+                                              AllowPrivilegeEscalation controls whether a process can gain more
+                                              privileges than its parent process. This bool directly controls if
+                                              the no_new_privs flag will be set on the container process.
+                                              AllowPrivilegeEscalation is true always when the container is:
+                                              1) run as Privileged
+                                              2) has CAP_SYS_ADMIN
+                                              Note that this field cannot be set when spec.os.name is windows.
+                                            type: boolean
+                                          appArmorProfile:
+                                            description: |-
+                                              appArmorProfile is the AppArmor options to use by this container. If set, this profile
+                                              overrides the pod's appArmorProfile.
+                                              Note that this field cannot be set when spec.os.name is windows.
+                                            properties:
+                                              localhostProfile:
+                                                description: |-
+                                                  localhostProfile indicates a profile loaded on the node that should be used.
+                                                  The profile must be preconfigured on the node to work.
+                                                  Must match the loaded name of the profile.
+                                                  Must be set if and only if type is "Localhost".
+                                                type: string
+                                              type:
+                                                description: |-
+                                                  type indicates which kind of AppArmor profile will be applied.
+                                                  Valid options are:
+                                                    Localhost - a profile pre-loaded on the node.
+                                                    RuntimeDefault - the container runtime's default profile.
+                                                    Unconfined - no AppArmor enforcement.
+                                                type: string
+                                            required:
+                                              - type
+                                            type: object
+                                          capabilities:
+                                            description: |-
+                                              The capabilities to add/drop when running containers.
+                                              Defaults to the default set of capabilities granted by the container runtime.
+                                              Note that this field cannot be set when spec.os.name is windows.
+                                            properties:
+                                              add:
+                                                description: Added
+                                                  capabilities
+                                                items:
+                                                  description: Capability
+                                                    represent
+                                                    POSIX
+                                                    capabilities
+                                                    type
+                                                  type: string
+                                                type: array
+                                                x-kubernetes-list-type: atomic
+                                              drop:
+                                                description: Removed
+                                                  capabilities
+                                                items:
+                                                  description: Capability
+                                                    represent
+                                                    POSIX
+                                                    capabilities
+                                                    type
+                                                  type: string
+                                                type: array
+                                                x-kubernetes-list-type: atomic
+                                            type: object
+                                          privileged:
+                                            description: |-
+                                              Run container in privileged mode.
+                                              Processes in privileged containers are essentially equivalent to root on the host.
+                                              Defaults to false.
+                                              Note that this field cannot be set when spec.os.name is windows.
+                                            type: boolean
+                                          procMount:
+                                            description: |-
+                                              procMount denotes the type of proc mount to use for the containers.
+                                              The default is DefaultProcMount which uses the container runtime defaults for
+                                              readonly paths and masked paths.
+                                              This requires the ProcMountType feature flag to be enabled.
+                                              Note that this field cannot be set when spec.os.name is windows.
+                                            type: string
+                                          readOnlyRootFilesystem:
+                                            description: |-
+                                              Whether this container has a read-only root filesystem.
+                                              Default is false.
+                                              Note that this field cannot be set when spec.os.name is windows.
+                                            type: boolean
+                                          runAsGroup:
+                                            description: |-
+                                              The GID to run the entrypoint of the container process.
+                                              Uses runtime default if unset.
+                                              May also be set in PodSecurityContext.  If set in both SecurityContext and
+                                              PodSecurityContext, the value specified in SecurityContext takes precedence.
+                                              Note that this field cannot be set when spec.os.name is windows.
+                                            format: int64
+                                            type: integer
+                                          runAsNonRoot:
+                                            description: |-
+                                              Indicates that the container must run as a non-root user.
+                                              If true, the Kubelet will validate the image at runtime to ensure that it
+                                              does not run as UID 0 (root) and fail to start the container if it does.
+                                              If unset or false, no such validation will be performed.
+                                              May also be set in PodSecurityContext.  If set in both SecurityContext and
+                                              PodSecurityContext, the value specified in SecurityContext takes precedence.
+                                            type: boolean
+                                          runAsUser:
+                                            description: |-
+                                              The UID to run the entrypoint of the container process.
+                                              Defaults to user specified in image metadata if unspecified.
+                                              May also be set in PodSecurityContext.  If set in both SecurityContext and
+                                              PodSecurityContext, the value specified in SecurityContext takes precedence.
+                                              Note that this field cannot be set when spec.os.name is windows.
+                                            format: int64
+                                            type: integer
+                                          seLinuxOptions:
+                                            description: |-
+                                              The SELinux context to be applied to the container.
+                                              If unspecified, the container runtime will allocate a random SELinux context for each
+                                              container.  May also be set in PodSecurityContext.  If set in both SecurityContext and
+                                              PodSecurityContext, the value specified in SecurityContext takes precedence.
+                                              Note that this field cannot be set when spec.os.name is windows.
+                                            properties:
+                                              level:
+                                                description: Level
+                                                  is
+                                                  SELinux
+                                                  level
+                                                  label
+                                                  that
+                                                  applies
+                                                  to
+                                                  the
+                                                  container.
+                                                type: string
+                                              role:
+                                                description: Role
+                                                  is
+                                                  a
+                                                  SELinux
+                                                  role
+                                                  label
+                                                  that
+                                                  applies
+                                                  to
+                                                  the
+                                                  container.
+                                                type: string
+                                              type:
+                                                description: Type
+                                                  is
+                                                  a
+                                                  SELinux
+                                                  type
+                                                  label
+                                                  that
+                                                  applies
+                                                  to
+                                                  the
+                                                  container.
+                                                type: string
+                                              user:
+                                                description: User
+                                                  is
+                                                  a
+                                                  SELinux
+                                                  user
+                                                  label
+                                                  that
+                                                  applies
+                                                  to
+                                                  the
+                                                  container.
+                                                type: string
+                                            type: object
+                                          seccompProfile:
+                                            description: |-
+                                              The seccomp options to use by this container. If seccomp options are
+                                              provided at both the pod & container level, the container options
+                                              override the pod options.
+                                              Note that this field cannot be set when spec.os.name is windows.
+                                            properties:
+                                              localhostProfile:
+                                                description: |-
+                                                  localhostProfile indicates a profile defined in a file on the node should be used.
+                                                  The profile must be preconfigured on the node to work.
+                                                  Must be a descending path, relative to the kubelet's configured seccomp profile location.
+                                                  Must be set if type is "Localhost". Must NOT be set for any other type.
+                                                type: string
+                                              type:
+                                                description: |-
+                                                  type indicates which kind of seccomp profile will be applied.
+                                                  Valid options are:
+
+
+                                                  Localhost - a profile defined in a file on the node should be used.
+                                                  RuntimeDefault - the container runtime default profile should be used.
+                                                  Unconfined - no profile should be applied.
+                                                type: string
+                                            required:
+                                              - type
+                                            type: object
+                                          windowsOptions:
+                                            description: |-
+                                              The Windows specific settings applied to all containers.
+                                              If unspecified, the options from the PodSecurityContext will be used.
+                                              If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
+                                              Note that this field cannot be set when spec.os.name is linux.
+                                            properties:
+                                              gmsaCredentialSpec:
+                                                description: |-
+                                                  GMSACredentialSpec is where the GMSA admission webhook
+                                                  (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the
+                                                  GMSA credential spec named by the GMSACredentialSpecName field.
+                                                type: string
+                                              gmsaCredentialSpecName:
+                                                description:
+                                                  GMSACredentialSpecName
+                                                  is
+                                                  the
+                                                  name
+                                                  of
+                                                  the
+                                                  GMSA
+                                                  credential
+                                                  spec
+                                                  to
+                                                  use.
+                                                type: string
+                                              hostProcess:
+                                                description: |-
+                                                  HostProcess determines if a container should be run as a 'Host Process' container.
+                                                  All of a Pod's containers must have the same effective HostProcess value
+                                                  (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers).
+                                                  In addition, if HostProcess is true then HostNetwork must also be set to true.
+                                                type: boolean
+                                              runAsUserName:
+                                                description: |-
+                                                  The UserName in Windows to run the entrypoint of the container process.
+                                                  Defaults to the user specified in image metadata if unspecified.
+                                                  May also be set in PodSecurityContext. If set in both SecurityContext and
+                                                  PodSecurityContext, the value specified in SecurityContext takes precedence.
+                                                type: string
+                                            type: object
+                                        type: object
+                                      startupProbe:
+                                        description: Probes
+                                          are
+                                          not
+                                          allowed
+                                          for
+                                          ephemeral
+                                          containers.
+                                        properties:
+                                          exec:
+                                            description: Exec
+                                              specifies
+                                              the
+                                              action
+                                              to
+                                              take.
+                                            properties:
+                                              command:
+                                                description: |-
+                                                  Command is the command line to execute inside the container, the working directory for the
+                                                  command  is root ('/') in the container's filesystem. The command is simply exec'd, it is
+                                                  not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use
+                                                  a shell, you need to explicitly call out to that shell.
+                                                  Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
+                                                items:
+                                                  type: string
+                                                type: array
+                                                x-kubernetes-list-type: atomic
+                                            type: object
+                                          failureThreshold:
+                                            description: |-
+                                              Minimum consecutive failures for the probe to be considered failed after having succeeded.
+                                              Defaults to 3. Minimum value is 1.
+                                            format: int32
+                                            type: integer
+                                          grpc:
+                                            description: GRPC
+                                              specifies
+                                              an
+                                              action
+                                              involving
+                                              a
+                                              GRPC
+                                              port.
+                                            properties:
+                                              port:
+                                                description: Port
+                                                  number
+                                                  of
+                                                  the
+                                                  gRPC
+                                                  service.
+                                                  Number
+                                                  must
+                                                  be
+                                                  in
+                                                  the
+                                                  range
+                                                  1
+                                                  to
+                                                  65535.
+                                                format: int32
+                                                type: integer
+                                              service:
+                                                description: |-
+                                                  Service is the name of the service to place in the gRPC HealthCheckRequest
+                                                  (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
+
+
+                                                  If this is not specified, the default behavior is defined by gRPC.
+                                                type: string
+                                            required:
+                                              - port
+                                            type: object
+                                          httpGet:
+                                            description: HTTPGet
+                                              specifies
+                                              the
+                                              http
+                                              request
+                                              to
+                                              perform.
+                                            properties:
+                                              host:
+                                                description: |-
+                                                  Host name to connect to, defaults to the pod IP. You probably want to set
+                                                  "Host" in httpHeaders instead.
+                                                type: string
+                                              httpHeaders:
+                                                description: Custom
+                                                  headers
+                                                  to
+                                                  set
+                                                  in
+                                                  the
+                                                  request.
+                                                  HTTP
+                                                  allows
+                                                  repeated
+                                                  headers.
+                                                items:
+                                                  description: HTTPHeader
+                                                    describes
+                                                    a
+                                                    custom
+                                                    header
+                                                    to
+                                                    be
+                                                    used
+                                                    in
+                                                    HTTP
+                                                    probes
+                                                  properties:
+                                                    name:
+                                                      description: |-
+                                                        The header field name.
+                                                        This will be canonicalized upon output, so case-variant names will be understood as the same header.
+                                                      type: string
+                                                    value:
+                                                      description: The
+                                                        header
+                                                        field
+                                                        value
+                                                      type: string
+                                                  required:
+                                                    - name
+                                                    - value
+                                                  type: object
+                                                type: array
+                                                x-kubernetes-list-type: atomic
+                                              path:
+                                                description: Path
+                                                  to
+                                                  access
+                                                  on
+                                                  the
+                                                  HTTP
+                                                  server.
+                                                type: string
+                                              port:
+                                                anyOf:
+                                                  - type: integer
+                                                  - type: string
+                                                description: |-
+                                                  Name or number of the port to access on the container.
+                                                  Number must be in the range 1 to 65535.
+                                                  Name must be an IANA_SVC_NAME.
+                                                x-kubernetes-int-or-string: true
+                                              scheme:
+                                                description: |-
+                                                  Scheme to use for connecting to the host.
+                                                  Defaults to HTTP.
+                                                type: string
+                                            required:
+                                              - port
+                                            type: object
+                                          initialDelaySeconds:
+                                            description: |-
+                                              Number of seconds after the container has started before liveness probes are initiated.
+                                              More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+                                            format: int32
+                                            type: integer
+                                          periodSeconds:
+                                            description: |-
+                                              How often (in seconds) to perform the probe.
+                                              Default to 10 seconds. Minimum value is 1.
+                                            format: int32
+                                            type: integer
+                                          successThreshold:
+                                            description: |-
+                                              Minimum consecutive successes for the probe to be considered successful after having failed.
+                                              Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.
+                                            format: int32
+                                            type: integer
+                                          tcpSocket:
+                                            description: TCPSocket
+                                              specifies
+                                              an
+                                              action
+                                              involving
+                                              a
+                                              TCP
+                                              port.
+                                            properties:
+                                              host:
+                                                description: "Optional:
+                                                  Host
+                                                  name
+                                                  to
+                                                  connect
+                                                  to,
+                                                  defaults
+                                                  to
+                                                  the
+                                                  pod
+                                                  IP."
+                                                type: string
+                                              port:
+                                                anyOf:
+                                                  - type: integer
+                                                  - type: string
+                                                description: |-
+                                                  Number or name of the port to access on the container.
+                                                  Number must be in the range 1 to 65535.
+                                                  Name must be an IANA_SVC_NAME.
+                                                x-kubernetes-int-or-string: true
+                                            required:
+                                              - port
+                                            type: object
+                                          terminationGracePeriodSeconds:
+                                            description: |-
+                                              Optional duration in seconds the pod needs to terminate gracefully upon probe failure.
+                                              The grace period is the duration in seconds after the processes running in the pod are sent
+                                              a termination signal and the time when the processes are forcibly halted with a kill signal.
+                                              Set this value longer than the expected cleanup time for your process.
+                                              If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this
+                                              value overrides the value provided by the pod spec.
+                                              Value must be non-negative integer. The value zero indicates stop immediately via
+                                              the kill signal (no opportunity to shut down).
+                                              This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate.
+                                              Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.
+                                            format: int64
+                                            type: integer
+                                          timeoutSeconds:
+                                            description: |-
+                                              Number of seconds after which the probe times out.
+                                              Defaults to 1 second. Minimum value is 1.
+                                              More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+                                            format: int32
+                                            type: integer
+                                        type: object
+                                      stdin:
+                                        description: |-
+                                          Whether this container should allocate a buffer for stdin in the container runtime. If this
+                                          is not set, reads from stdin in the container will always result in EOF.
+                                          Default is false.
+                                        type: boolean
+                                      stdinOnce:
+                                        description: |-
+                                          Whether the container runtime should close the stdin channel after it has been opened by
+                                          a single attach. When stdin is true the stdin stream will remain open across multiple attach
+                                          sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the
+                                          first client attaches to stdin, and then remains open and accepts data until the client disconnects,
+                                          at which time stdin is closed and remains closed until the container is restarted. If this
+                                          flag is false, a container processes that reads from stdin will never receive an EOF.
+                                          Default is false
+                                        type: boolean
+                                      targetContainerName:
+                                        description: |-
+                                          If set, the name of the container from PodSpec that this ephemeral container targets.
+                                          The ephemeral container will be run in the namespaces (IPC, PID, etc) of this container.
+                                          If not set then the ephemeral container uses the namespaces configured in the Pod spec.
+
+
+                                          The container runtime must implement support for this feature. If the runtime does not
+                                          support namespace targeting then the result of setting this field is undefined.
+                                        type: string
+                                      terminationMessagePath:
+                                        description: |-
+                                          Optional: Path at which the file to which the container's termination message
+                                          will be written is mounted into the container's filesystem.
+                                          Message written is intended to be brief final status, such as an assertion failure message.
+                                          Will be truncated by the node if greater than 4096 bytes. The total message length across
+                                          all containers will be limited to 12kb.
+                                          Defaults to /dev/termination-log.
+                                          Cannot be updated.
+                                        type: string
+                                      terminationMessagePolicy:
+                                        description: |-
+                                          Indicate how the termination message should be populated. File will use the contents of
+                                          terminationMessagePath to populate the container status message on both success and failure.
+                                          FallbackToLogsOnError will use the last chunk of container log output if the termination
+                                          message file is empty and the container exited with an error.
+                                          The log output is limited to 2048 bytes or 80 lines, whichever is smaller.
+                                          Defaults to File.
+                                          Cannot be updated.
+                                        type: string
+                                      tty:
+                                        description: |-
+                                          Whether this container should allocate a TTY for itself, also requires 'stdin' to be true.
+                                          Default is false.
+                                        type: boolean
+                                      volumeDevices:
+                                        description: volumeDevices
+                                          is
+                                          the
+                                          list
+                                          of
+                                          block
+                                          devices
+                                          to
+                                          be
+                                          used
+                                          by
+                                          the
+                                          container.
+                                        items:
+                                          description: volumeDevice
+                                            describes
+                                            a
+                                            mapping
+                                            of
+                                            a
+                                            raw
+                                            block
+                                            device
+                                            within
+                                            a
+                                            container.
+                                          properties:
+                                            devicePath:
+                                              description: devicePath
+                                                is
+                                                the
+                                                path
+                                                inside
+                                                of
+                                                the
+                                                container
+                                                that
+                                                the
+                                                device
+                                                will
+                                                be
+                                                mapped
+                                                to.
+                                              type: string
+                                            name:
+                                              description: name
+                                                must
+                                                match
+                                                the
+                                                name
+                                                of
+                                                a
+                                                persistentVolumeClaim
+                                                in
+                                                the
+                                                pod
+                                              type: string
+                                          required:
+                                            - devicePath
+                                            - name
+                                          type: object
+                                        type: array
+                                        x-kubernetes-list-map-keys:
+                                          - devicePath
+                                        x-kubernetes-list-type: map
+                                      volumeMounts:
+                                        description: |-
+                                          Pod volumes to mount into the container's filesystem. Subpath mounts are not allowed for ephemeral containers.
+                                          Cannot be updated.
+                                        items:
+                                          description: VolumeMount
+                                            describes
+                                            a
+                                            mounting
+                                            of
+                                            a
+                                            Volume
+                                            within
+                                            a
+                                            container.
+                                          properties:
+                                            mountPath:
+                                              description: |-
+                                                Path within the container at which the volume should be mounted.  Must
+                                                not contain ':'.
+                                              type: string
+                                            mountPropagation:
+                                              description: |-
+                                                mountPropagation determines how mounts are propagated from the host
+                                                to container and the other way around.
+                                                When not set, MountPropagationNone is used.
+                                                This field is beta in 1.10.
+                                                When RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified
+                                                (which defaults to None).
+                                              type: string
+                                            name:
+                                              description: This
+                                                must
+                                                match
+                                                the
+                                                Name
+                                                of
+                                                a
+                                                Volume.
+                                              type: string
+                                            readOnly:
+                                              description: |-
+                                                Mounted read-only if true, read-write otherwise (false or unspecified).
+                                                Defaults to false.
+                                              type: boolean
+                                            recursiveReadOnly:
+                                              description: |-
+                                                RecursiveReadOnly specifies whether read-only mounts should be handled
+                                                recursively.
+
+
+                                                If ReadOnly is false, this field has no meaning and must be unspecified.
+
+
+                                                If ReadOnly is true, and this field is set to Disabled, the mount is not made
+                                                recursively read-only.  If this field is set to IfPossible, the mount is made
+                                                recursively read-only, if it is supported by the container runtime.  If this
+                                                field is set to Enabled, the mount is made recursively read-only if it is
+                                                supported by the container runtime, otherwise the pod will not be started and
+                                                an error will be generated to indicate the reason.
+
+
+                                                If this field is set to IfPossible or Enabled, MountPropagation must be set to
+                                                None (or be unspecified, which defaults to None).
+
+
+                                                If this field is not specified, it is treated as an equivalent of Disabled.
+                                              type: string
+                                            subPath:
+                                              description: |-
+                                                Path within the volume from which the container's volume should be mounted.
+                                                Defaults to "" (volume's root).
+                                              type: string
+                                            subPathExpr:
+                                              description: |-
+                                                Expanded path within the volume from which the container's volume should be mounted.
+                                                Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment.
+                                                Defaults to "" (volume's root).
+                                                SubPathExpr and SubPath are mutually exclusive.
+                                              type: string
+                                          required:
+                                            - mountPath
+                                            - name
+                                          type: object
+                                        type: array
+                                        x-kubernetes-list-map-keys:
+                                          - mountPath
+                                        x-kubernetes-list-type: map
+                                      workingDir:
+                                        description: |-
+                                          Container's working directory.
+                                          If not specified, the container runtime's default will be used, which
+                                          might be configured in the container image.
+                                          Cannot be updated.
+                                        type: string
+                                    required:
+                                      - name
+                                    type: object
+                                  type: array
+                                hostAliases:
+                                  description: |-
+                                    HostAliases is an optional list of hosts and IPs that will be injected into the pod's hosts
+                                    file if specified. This is only valid for non-hostNetwork pods.
+                                  items:
+                                    description: |-
+                                      HostAlias holds the mapping between IP and hostnames that will be injected as an entry in the
+                                      pod's hosts file.
+                                    properties:
+                                      hostnames:
+                                        description: Hostnames
+                                          for
+                                          the
+                                          above
+                                          IP
+                                          address.
+                                        items:
+                                          type: string
+                                        type: array
+                                        x-kubernetes-list-type: atomic
+                                      ip:
+                                        description: IP
+                                          address
+                                          of
+                                          the
+                                          host
+                                          file
+                                          entry.
+                                        type: string
+                                    required:
+                                      - ip
+                                    type: object
+                                  type: array
+                                hostIPC:
+                                  description: |-
+                                    Use the host's ipc namespace.
+                                    Optional: Default to false. (default: false)
+                                  type: boolean
+                                hostNetwork:
+                                  description: |-
+                                    Host networking requested for this pod. Use the host's network namespace.
+                                    If this option is set, the ports that will be used must be specified.
+                                    Default to false. (default: false)
+                                  type: boolean
+                                hostPID:
+                                  description: |-
+                                    Use the host's pid namespace.
+                                    Optional: Default to false. (default: false)
+                                  type: boolean
+                                hostname:
+                                  description: |-
+                                    Specifies the hostname of the Pod
+                                    If not specified, the pod's hostname will be set to a system-defined value.
+                                  type: string
+                                imagePullSecrets:
+                                  description: ImagePullSecrets
+                                    is an optional
+                                    list of references
+                                    to secrets in
+                                    the same namespace
+                                    to use for pulling
+                                    any of the images
+                                    used by this PodSpec.
+                                  items:
+                                    description: |-
+                                      LocalObjectReference contains enough information to let you locate the
+                                      referenced object inside the same namespace.
+                                    properties:
+                                      name:
+                                        default: ""
+                                        description: |-
+                                          Name of the referent.
+                                          This field is effectively required, but due to backwards compatibility is
+                                          allowed to be empty. Instances of this type with an empty value here are
+                                          almost certainly wrong.
+                                          TODO: Add other useful fields. apiVersion, kind, uid?
+                                          More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+                                          TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
+                                        type: string
+                                    type: object
+                                    x-kubernetes-map-type: atomic
+                                  type: array
+                                initContainers:
+                                  description: List
+                                    of initialization
+                                    containers belonging
+                                    to the pod.
+                                  items:
+                                    description: A
+                                      single application
+                                      container
+                                      that you want
+                                      to run within
+                                      a pod.
+                                    properties:
+                                      args:
+                                        description: |-
+                                          Arguments to the entrypoint.
+                                          The container image's CMD is used if this is not provided.
+                                          Variable references $(VAR_NAME) are expanded using the container's environment. If a variable
+                                          cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced
+                                          to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will
+                                          produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless
+                                          of whether the variable exists or not. Cannot be updated.
+                                          More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell
+                                        items:
+                                          type: string
+                                        type: array
+                                        x-kubernetes-list-type: atomic
+                                      command:
+                                        description: |-
+                                          Entrypoint array. Not executed within a shell.
+                                          The container image's ENTRYPOINT is used if this is not provided.
+                                          Variable references $(VAR_NAME) are expanded using the container's environment. If a variable
+                                          cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced
+                                          to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will
+                                          produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless
+                                          of whether the variable exists or not. Cannot be updated.
+                                          More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell
+                                        items:
+                                          type: string
+                                        type: array
+                                        x-kubernetes-list-type: atomic
+                                      env:
+                                        description: |-
+                                          List of environment variables to set in the container.
+                                          Cannot be updated.
+                                        items:
+                                          description: EnvVar
+                                            represents
+                                            an
+                                            environment
+                                            variable
+                                            present
+                                            in
+                                            a
+                                            Container.
+                                          properties:
+                                            name:
+                                              description: Name
+                                                of
+                                                the
+                                                environment
+                                                variable.
+                                                Must
+                                                be
+                                                a
+                                                C_IDENTIFIER.
+                                              type: string
+                                            value:
+                                              description: |-
+                                                Variable references $(VAR_NAME) are expanded
+                                                using the previously defined environment variables in the container and
+                                                any service environment variables. If a variable cannot be resolved,
+                                                the reference in the input string will be unchanged. Double $$ are reduced
+                                                to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e.
+                                                "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)".
+                                                Escaped references will never be expanded, regardless of whether the variable
+                                                exists or not.
+                                                Defaults to "".
+                                              type: string
+                                            valueFrom:
+                                              description: Source
+                                                for
+                                                the
+                                                environment
+                                                variable's
+                                                value.
+                                                Cannot
+                                                be
+                                                used
+                                                if
+                                                value
+                                                is
+                                                not
+                                                empty.
+                                              properties:
+                                                configMapKeyRef:
+                                                  description: Selects
+                                                    a
+                                                    key
+                                                    of
+                                                    a
+                                                    ConfigMap.
+                                                  properties:
+                                                    key:
+                                                      description: The
+                                                        key
+                                                        to
+                                                        select.
+                                                      type: string
+                                                    name:
+                                                      default: ""
+                                                      description: |-
+                                                        Name of the referent.
+                                                        This field is effectively required, but due to backwards compatibility is
+                                                        allowed to be empty. Instances of this type with an empty value here are
+                                                        almost certainly wrong.
+                                                        TODO: Add other useful fields. apiVersion, kind, uid?
+                                                        More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+                                                        TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
+                                                      type: string
+                                                    optional:
+                                                      description: Specify
+                                                        whether
+                                                        the
+                                                        ConfigMap
+                                                        or
+                                                        its
+                                                        key
+                                                        must
+                                                        be
+                                                        defined
+                                                      type: boolean
+                                                  required:
+                                                    - key
+                                                  type: object
+                                                  x-kubernetes-map-type: atomic
+                                                fieldRef:
+                                                  description: |-
+                                                    Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['<KEY>']`, `metadata.annotations['<KEY>']`,
+                                                    spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.
+                                                  properties:
+                                                    apiVersion:
+                                                      description: Version
+                                                        of
+                                                        the
+                                                        schema
+                                                        the
+                                                        FieldPath
+                                                        is
+                                                        written
+                                                        in
+                                                        terms
+                                                        of,
+                                                        defaults
+                                                        to
+                                                        "v1".
+                                                      type: string
+                                                    fieldPath:
+                                                      description: Path
+                                                        of
+                                                        the
+                                                        field
+                                                        to
+                                                        select
+                                                        in
+                                                        the
+                                                        specified
+                                                        API
+                                                        version.
+                                                      type: string
+                                                  required:
+                                                    - fieldPath
+                                                  type: object
+                                                  x-kubernetes-map-type: atomic
+                                                resourceFieldRef:
+                                                  description: |-
+                                                    Selects a resource of the container: only resources limits and requests
+                                                    (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.
+                                                  properties:
+                                                    containerName:
+                                                      description: "Container
+                                                        name:
+                                                        required
+                                                        for
+                                                        volumes,
+                                                        optional
+                                                        for
+                                                        env
+                                                        vars"
+                                                      type: string
+                                                    divisor:
+                                                      anyOf:
+                                                        - type: integer
+                                                        - type: string
+                                                      description: Specifies
+                                                        the
+                                                        output
+                                                        format
+                                                        of
+                                                        the
+                                                        exposed
+                                                        resources,
+                                                        defaults
+                                                        to
+                                                        "1"
+                                                      pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                                      x-kubernetes-int-or-string: true
+                                                    resource:
+                                                      description: "Required:
+                                                        resource
+                                                        to
+                                                        select"
+                                                      type: string
+                                                  required:
+                                                    - resource
+                                                  type: object
+                                                  x-kubernetes-map-type: atomic
+                                                secretKeyRef:
+                                                  description: Selects
+                                                    a
+                                                    key
+                                                    of
+                                                    a
+                                                    secret
+                                                    in
+                                                    the
+                                                    pod's
+                                                    namespace
+                                                  properties:
+                                                    key:
+                                                      description: The
+                                                        key
+                                                        of
+                                                        the
+                                                        secret
+                                                        to
+                                                        select
+                                                        from.  Must
+                                                        be
+                                                        a
+                                                        valid
+                                                        secret
+                                                        key.
+                                                      type: string
+                                                    name:
+                                                      default: ""
+                                                      description: |-
+                                                        Name of the referent.
+                                                        This field is effectively required, but due to backwards compatibility is
+                                                        allowed to be empty. Instances of this type with an empty value here are
+                                                        almost certainly wrong.
+                                                        TODO: Add other useful fields. apiVersion, kind, uid?
+                                                        More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+                                                        TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
+                                                      type: string
+                                                    optional:
+                                                      description: Specify
+                                                        whether
+                                                        the
+                                                        Secret
+                                                        or
+                                                        its
+                                                        key
+                                                        must
+                                                        be
+                                                        defined
+                                                      type: boolean
+                                                  required:
+                                                    - key
+                                                  type: object
+                                                  x-kubernetes-map-type: atomic
+                                              type: object
+                                          required:
+                                            - name
+                                          type: object
+                                        type: array
+                                        x-kubernetes-list-map-keys:
+                                          - name
+                                        x-kubernetes-list-type: map
+                                      envFrom:
+                                        description: |-
+                                          List of sources to populate environment variables in the container.
+                                          The keys defined within a source must be a C_IDENTIFIER. All invalid keys
+                                          will be reported as an event when the container is starting. When a key exists in multiple
+                                          sources, the value associated with the last source will take precedence.
+                                          Values defined by an Env with a duplicate key will take precedence.
+                                          Cannot be updated.
+                                        items:
+                                          description: EnvFromSource
+                                            represents
+                                            the
+                                            source
+                                            of
+                                            a
+                                            set
+                                            of
+                                            ConfigMaps
+                                          properties:
+                                            configMapRef:
+                                              description: The
+                                                ConfigMap
+                                                to
+                                                select
+                                                from
+                                              properties:
+                                                name:
+                                                  default: ""
+                                                  description: |-
+                                                    Name of the referent.
+                                                    This field is effectively required, but due to backwards compatibility is
+                                                    allowed to be empty. Instances of this type with an empty value here are
+                                                    almost certainly wrong.
+                                                    TODO: Add other useful fields. apiVersion, kind, uid?
+                                                    More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+                                                    TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
+                                                  type: string
+                                                optional:
+                                                  description: Specify
+                                                    whether
+                                                    the
+                                                    ConfigMap
+                                                    must
+                                                    be
+                                                    defined
+                                                  type: boolean
+                                              type: object
+                                              x-kubernetes-map-type: atomic
+                                            prefix:
+                                              description: An
+                                                optional
+                                                identifier
+                                                to
+                                                prepend
+                                                to
+                                                each
+                                                key
+                                                in
+                                                the
+                                                ConfigMap.
+                                                Must
+                                                be
+                                                a
+                                                C_IDENTIFIER.
+                                              type: string
+                                            secretRef:
+                                              description: The
+                                                Secret
+                                                to
+                                                select
+                                                from
+                                              properties:
+                                                name:
+                                                  default: ""
+                                                  description: |-
+                                                    Name of the referent.
+                                                    This field is effectively required, but due to backwards compatibility is
+                                                    allowed to be empty. Instances of this type with an empty value here are
+                                                    almost certainly wrong.
+                                                    TODO: Add other useful fields. apiVersion, kind, uid?
+                                                    More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+                                                    TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
+                                                  type: string
+                                                optional:
+                                                  description: Specify
+                                                    whether
+                                                    the
+                                                    Secret
+                                                    must
+                                                    be
+                                                    defined
+                                                  type: boolean
+                                              type: object
+                                              x-kubernetes-map-type: atomic
+                                          type: object
+                                        type: array
+                                        x-kubernetes-list-type: atomic
+                                      image:
+                                        description: |-
+                                          Container image name.
+                                          More info: https://kubernetes.io/docs/concepts/containers/images
+                                          This field is optional to allow higher level config management to default or override
+                                          container images in workload controllers like Deployments and StatefulSets.
+                                        type: string
+                                      imagePullPolicy:
+                                        description: |-
+                                          Image pull policy.
+                                          One of Always, Never, IfNotPresent.
+                                          Defaults to Always if :latest tag is specified, or IfNotPresent otherwise.
+                                          Cannot be updated.
+                                          More info: https://kubernetes.io/docs/concepts/containers/images#updating-images
+                                        type: string
+                                      lifecycle:
+                                        description: |-
+                                          Actions that the management system should take in response to container lifecycle events.
+                                          Cannot be updated.
+                                        properties:
+                                          postStart:
+                                            description: |-
+                                              PostStart is called immediately after a container is created. If the handler fails,
+                                              the container is terminated and restarted according to its restart policy.
+                                              Other management of the container blocks until the hook completes.
+                                              More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks
+                                            properties:
+                                              exec:
+                                                description: Exec
+                                                  specifies
+                                                  the
+                                                  action
+                                                  to
+                                                  take.
+                                                properties:
+                                                  command:
+                                                    description: |-
+                                                      Command is the command line to execute inside the container, the working directory for the
+                                                      command  is root ('/') in the container's filesystem. The command is simply exec'd, it is
+                                                      not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use
+                                                      a shell, you need to explicitly call out to that shell.
+                                                      Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
+                                                    items:
+                                                      type: string
+                                                    type: array
+                                                    x-kubernetes-list-type: atomic
+                                                type: object
+                                              httpGet:
+                                                description: HTTPGet
+                                                  specifies
+                                                  the
+                                                  http
+                                                  request
+                                                  to
+                                                  perform.
+                                                properties:
+                                                  host:
+                                                    description: |-
+                                                      Host name to connect to, defaults to the pod IP. You probably want to set
+                                                      "Host" in httpHeaders instead.
+                                                    type: string
+                                                  httpHeaders:
+                                                    description: Custom
+                                                      headers
+                                                      to
+                                                      set
+                                                      in
+                                                      the
+                                                      request.
+                                                      HTTP
+                                                      allows
+                                                      repeated
+                                                      headers.
+                                                    items:
+                                                      description: HTTPHeader
+                                                        describes
+                                                        a
+                                                        custom
+                                                        header
+                                                        to
+                                                        be
+                                                        used
+                                                        in
+                                                        HTTP
+                                                        probes
+                                                      properties:
+                                                        name:
+                                                          description: |-
+                                                            The header field name.
+                                                            This will be canonicalized upon output, so case-variant names will be understood as the same header.
+                                                          type: string
+                                                        value:
+                                                          description: The
+                                                            header
+                                                            field
+                                                            value
+                                                          type: string
+                                                      required:
+                                                        - name
+                                                        - value
+                                                      type: object
+                                                    type: array
+                                                    x-kubernetes-list-type: atomic
+                                                  path:
+                                                    description: Path
+                                                      to
+                                                      access
+                                                      on
+                                                      the
+                                                      HTTP
+                                                      server.
+                                                    type: string
+                                                  port:
+                                                    anyOf:
+                                                      - type: integer
+                                                      - type: string
+                                                    description: |-
+                                                      Name or number of the port to access on the container.
+                                                      Number must be in the range 1 to 65535.
+                                                      Name must be an IANA_SVC_NAME.
+                                                    x-kubernetes-int-or-string: true
+                                                  scheme:
+                                                    description: |-
+                                                      Scheme to use for connecting to the host.
+                                                      Defaults to HTTP.
+                                                    type: string
+                                                required:
+                                                  - port
+                                                type: object
+                                              sleep:
+                                                description: Sleep
+                                                  represents
+                                                  the
+                                                  duration
+                                                  that
+                                                  the
+                                                  container
+                                                  should
+                                                  sleep
+                                                  before
+                                                  being
+                                                  terminated.
+                                                properties:
+                                                  seconds:
+                                                    description: Seconds
+                                                      is
+                                                      the
+                                                      number
+                                                      of
+                                                      seconds
+                                                      to
+                                                      sleep.
+                                                    format: int64
+                                                    type: integer
+                                                required:
+                                                  - seconds
+                                                type: object
+                                              tcpSocket:
+                                                description: |-
+                                                  Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept
+                                                  for the backward compatibility. There are no validation of this field and
+                                                  lifecycle hooks will fail in runtime when tcp handler is specified.
+                                                properties:
+                                                  host:
+                                                    description: "Optional:
+                                                      Host
+                                                      name
+                                                      to
+                                                      connect
+                                                      to,
+                                                      defaults
+                                                      to
+                                                      the
+                                                      pod
+                                                      IP."
+                                                    type: string
+                                                  port:
+                                                    anyOf:
+                                                      - type: integer
+                                                      - type: string
+                                                    description: |-
+                                                      Number or name of the port to access on the container.
+                                                      Number must be in the range 1 to 65535.
+                                                      Name must be an IANA_SVC_NAME.
+                                                    x-kubernetes-int-or-string: true
+                                                required:
+                                                  - port
+                                                type: object
+                                            type: object
+                                          preStop:
+                                            description: |-
+                                              PreStop is called immediately before a container is terminated due to an
+                                              API request or management event such as liveness/startup probe failure,
+                                              preemption, resource contention, etc. The handler is not called if the
+                                              container crashes or exits. The Pod's termination grace period countdown begins before the
+                                              PreStop hook is executed. Regardless of the outcome of the handler, the
+                                              container will eventually terminate within the Pod's termination grace
+                                              period (unless delayed by finalizers). Other management of the container blocks until the hook completes
+                                              or until the termination grace period is reached.
+                                              More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks
+                                            properties:
+                                              exec:
+                                                description: Exec
+                                                  specifies
+                                                  the
+                                                  action
+                                                  to
+                                                  take.
+                                                properties:
+                                                  command:
+                                                    description: |-
+                                                      Command is the command line to execute inside the container, the working directory for the
+                                                      command  is root ('/') in the container's filesystem. The command is simply exec'd, it is
+                                                      not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use
+                                                      a shell, you need to explicitly call out to that shell.
+                                                      Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
+                                                    items:
+                                                      type: string
+                                                    type: array
+                                                    x-kubernetes-list-type: atomic
+                                                type: object
+                                              httpGet:
+                                                description: HTTPGet
+                                                  specifies
+                                                  the
+                                                  http
+                                                  request
+                                                  to
+                                                  perform.
+                                                properties:
+                                                  host:
+                                                    description: |-
+                                                      Host name to connect to, defaults to the pod IP. You probably want to set
+                                                      "Host" in httpHeaders instead.
+                                                    type: string
+                                                  httpHeaders:
+                                                    description: Custom
+                                                      headers
+                                                      to
+                                                      set
+                                                      in
+                                                      the
+                                                      request.
+                                                      HTTP
+                                                      allows
+                                                      repeated
+                                                      headers.
+                                                    items:
+                                                      description: HTTPHeader
+                                                        describes
+                                                        a
+                                                        custom
+                                                        header
+                                                        to
+                                                        be
+                                                        used
+                                                        in
+                                                        HTTP
+                                                        probes
+                                                      properties:
+                                                        name:
+                                                          description: |-
+                                                            The header field name.
+                                                            This will be canonicalized upon output, so case-variant names will be understood as the same header.
+                                                          type: string
+                                                        value:
+                                                          description: The
+                                                            header
+                                                            field
+                                                            value
+                                                          type: string
+                                                      required:
+                                                        - name
+                                                        - value
+                                                      type: object
+                                                    type: array
+                                                    x-kubernetes-list-type: atomic
+                                                  path:
+                                                    description: Path
+                                                      to
+                                                      access
+                                                      on
+                                                      the
+                                                      HTTP
+                                                      server.
+                                                    type: string
+                                                  port:
+                                                    anyOf:
+                                                      - type: integer
+                                                      - type: string
+                                                    description: |-
+                                                      Name or number of the port to access on the container.
+                                                      Number must be in the range 1 to 65535.
+                                                      Name must be an IANA_SVC_NAME.
+                                                    x-kubernetes-int-or-string: true
+                                                  scheme:
+                                                    description: |-
+                                                      Scheme to use for connecting to the host.
+                                                      Defaults to HTTP.
+                                                    type: string
+                                                required:
+                                                  - port
+                                                type: object
+                                              sleep:
+                                                description: Sleep
+                                                  represents
+                                                  the
+                                                  duration
+                                                  that
+                                                  the
+                                                  container
+                                                  should
+                                                  sleep
+                                                  before
+                                                  being
+                                                  terminated.
+                                                properties:
+                                                  seconds:
+                                                    description: Seconds
+                                                      is
+                                                      the
+                                                      number
+                                                      of
+                                                      seconds
+                                                      to
+                                                      sleep.
+                                                    format: int64
+                                                    type: integer
+                                                required:
+                                                  - seconds
+                                                type: object
+                                              tcpSocket:
+                                                description: |-
+                                                  Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept
+                                                  for the backward compatibility. There are no validation of this field and
+                                                  lifecycle hooks will fail in runtime when tcp handler is specified.
+                                                properties:
+                                                  host:
+                                                    description: "Optional:
+                                                      Host
+                                                      name
+                                                      to
+                                                      connect
+                                                      to,
+                                                      defaults
+                                                      to
+                                                      the
+                                                      pod
+                                                      IP."
+                                                    type: string
+                                                  port:
+                                                    anyOf:
+                                                      - type: integer
+                                                      - type: string
+                                                    description: |-
+                                                      Number or name of the port to access on the container.
+                                                      Number must be in the range 1 to 65535.
+                                                      Name must be an IANA_SVC_NAME.
+                                                    x-kubernetes-int-or-string: true
+                                                required:
+                                                  - port
+                                                type: object
+                                            type: object
+                                        type: object
+                                      livenessProbe:
+                                        description: |-
+                                          Periodic probe of container liveness.
+                                          Container will be restarted if the probe fails.
+                                          Cannot be updated.
+                                          More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+                                        properties:
+                                          exec:
+                                            description: Exec
+                                              specifies
+                                              the
+                                              action
+                                              to
+                                              take.
+                                            properties:
+                                              command:
+                                                description: |-
+                                                  Command is the command line to execute inside the container, the working directory for the
+                                                  command  is root ('/') in the container's filesystem. The command is simply exec'd, it is
+                                                  not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use
+                                                  a shell, you need to explicitly call out to that shell.
+                                                  Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
+                                                items:
+                                                  type: string
+                                                type: array
+                                                x-kubernetes-list-type: atomic
+                                            type: object
+                                          failureThreshold:
+                                            description: |-
+                                              Minimum consecutive failures for the probe to be considered failed after having succeeded.
+                                              Defaults to 3. Minimum value is 1.
+                                            format: int32
+                                            type: integer
+                                          grpc:
+                                            description: GRPC
+                                              specifies
+                                              an
+                                              action
+                                              involving
+                                              a
+                                              GRPC
+                                              port.
+                                            properties:
+                                              port:
+                                                description: Port
+                                                  number
+                                                  of
+                                                  the
+                                                  gRPC
+                                                  service.
+                                                  Number
+                                                  must
+                                                  be
+                                                  in
+                                                  the
+                                                  range
+                                                  1
+                                                  to
+                                                  65535.
+                                                format: int32
+                                                type: integer
+                                              service:
+                                                description: |-
+                                                  Service is the name of the service to place in the gRPC HealthCheckRequest
+                                                  (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
+
+
+                                                  If this is not specified, the default behavior is defined by gRPC.
+                                                type: string
+                                            required:
+                                              - port
+                                            type: object
+                                          httpGet:
+                                            description: HTTPGet
+                                              specifies
+                                              the
+                                              http
+                                              request
+                                              to
+                                              perform.
+                                            properties:
+                                              host:
+                                                description: |-
+                                                  Host name to connect to, defaults to the pod IP. You probably want to set
+                                                  "Host" in httpHeaders instead.
+                                                type: string
+                                              httpHeaders:
+                                                description: Custom
+                                                  headers
+                                                  to
+                                                  set
+                                                  in
+                                                  the
+                                                  request.
+                                                  HTTP
+                                                  allows
+                                                  repeated
+                                                  headers.
+                                                items:
+                                                  description: HTTPHeader
+                                                    describes
+                                                    a
+                                                    custom
+                                                    header
+                                                    to
+                                                    be
+                                                    used
+                                                    in
+                                                    HTTP
+                                                    probes
+                                                  properties:
+                                                    name:
+                                                      description: |-
+                                                        The header field name.
+                                                        This will be canonicalized upon output, so case-variant names will be understood as the same header.
+                                                      type: string
+                                                    value:
+                                                      description: The
+                                                        header
+                                                        field
+                                                        value
+                                                      type: string
+                                                  required:
+                                                    - name
+                                                    - value
+                                                  type: object
+                                                type: array
+                                                x-kubernetes-list-type: atomic
+                                              path:
+                                                description: Path
+                                                  to
+                                                  access
+                                                  on
+                                                  the
+                                                  HTTP
+                                                  server.
+                                                type: string
+                                              port:
+                                                anyOf:
+                                                  - type: integer
+                                                  - type: string
+                                                description: |-
+                                                  Name or number of the port to access on the container.
+                                                  Number must be in the range 1 to 65535.
+                                                  Name must be an IANA_SVC_NAME.
+                                                x-kubernetes-int-or-string: true
+                                              scheme:
+                                                description: |-
+                                                  Scheme to use for connecting to the host.
+                                                  Defaults to HTTP.
+                                                type: string
+                                            required:
+                                              - port
+                                            type: object
+                                          initialDelaySeconds:
+                                            description: |-
+                                              Number of seconds after the container has started before liveness probes are initiated.
+                                              More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+                                            format: int32
+                                            type: integer
+                                          periodSeconds:
+                                            description: |-
+                                              How often (in seconds) to perform the probe.
+                                              Default to 10 seconds. Minimum value is 1.
+                                            format: int32
+                                            type: integer
+                                          successThreshold:
+                                            description: |-
+                                              Minimum consecutive successes for the probe to be considered successful after having failed.
+                                              Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.
+                                            format: int32
+                                            type: integer
+                                          tcpSocket:
+                                            description: TCPSocket
+                                              specifies
+                                              an
+                                              action
+                                              involving
+                                              a
+                                              TCP
+                                              port.
+                                            properties:
+                                              host:
+                                                description: "Optional:
+                                                  Host
+                                                  name
+                                                  to
+                                                  connect
+                                                  to,
+                                                  defaults
+                                                  to
+                                                  the
+                                                  pod
+                                                  IP."
+                                                type: string
+                                              port:
+                                                anyOf:
+                                                  - type: integer
+                                                  - type: string
+                                                description: |-
+                                                  Number or name of the port to access on the container.
+                                                  Number must be in the range 1 to 65535.
+                                                  Name must be an IANA_SVC_NAME.
+                                                x-kubernetes-int-or-string: true
+                                            required:
+                                              - port
+                                            type: object
+                                          terminationGracePeriodSeconds:
+                                            description: |-
+                                              Optional duration in seconds the pod needs to terminate gracefully upon probe failure.
+                                              The grace period is the duration in seconds after the processes running in the pod are sent
+                                              a termination signal and the time when the processes are forcibly halted with a kill signal.
+                                              Set this value longer than the expected cleanup time for your process.
+                                              If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this
+                                              value overrides the value provided by the pod spec.
+                                              Value must be non-negative integer. The value zero indicates stop immediately via
+                                              the kill signal (no opportunity to shut down).
+                                              This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate.
+                                              Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.
+                                            format: int64
+                                            type: integer
+                                          timeoutSeconds:
+                                            description: |-
+                                              Number of seconds after which the probe times out.
+                                              Defaults to 1 second. Minimum value is 1.
+                                              More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+                                            format: int32
+                                            type: integer
+                                        type: object
+                                      name:
+                                        description: |-
+                                          Name of the container specified as a DNS_LABEL.
+                                          Each container in a pod must have a unique name (DNS_LABEL).
+                                          Cannot be updated.
+                                        type: string
+                                      ports:
+                                        description: |-
+                                          List of ports to expose from the container. Not specifying a port here
+                                          DOES NOT prevent that port from being exposed. Any port which is
+                                          listening on the default "0.0.0.0" address inside a container will be
+                                          accessible from the network.
+                                          Modifying this array with strategic merge patch may corrupt the data.
+                                          For more information See https://github.com/kubernetes/kubernetes/issues/108255.
+                                          Cannot be updated.
+                                        items:
+                                          description: ContainerPort
+                                            represents
+                                            a
+                                            network
+                                            port
+                                            in
+                                            a
+                                            single
+                                            container.
+                                          properties:
+                                            containerPort:
+                                              description: |-
+                                                Number of port to expose on the pod's IP address.
+                                                This must be a valid port number, 0 < x < 65536.
+                                              format: int32
+                                              type: integer
+                                            hostIP:
+                                              description: What
+                                                host
+                                                IP
+                                                to
+                                                bind
+                                                the
+                                                external
+                                                port
+                                                to.
+                                              type: string
+                                            hostPort:
+                                              description: |-
+                                                Number of port to expose on the host.
+                                                If specified, this must be a valid port number, 0 < x < 65536.
+                                                If HostNetwork is specified, this must match ContainerPort.
+                                                Most containers do not need this.
+                                              format: int32
+                                              type: integer
+                                            name:
+                                              description: |-
+                                                If specified, this must be an IANA_SVC_NAME and unique within the pod. Each
+                                                named port in a pod must have a unique name. Name for the port that can be
+                                                referred to by services.
+                                              type: string
+                                            protocol:
+                                              default: TCP
+                                              description: |-
+                                                Protocol for port. Must be UDP, TCP, or SCTP.
+                                                Defaults to "TCP".
+                                              type: string
+                                          required:
+                                            - containerPort
+                                          type: object
+                                        type: array
+                                        x-kubernetes-list-map-keys:
+                                          - containerPort
+                                          - protocol
+                                        x-kubernetes-list-type: map
+                                      readinessProbe:
+                                        description: |-
+                                          Periodic probe of container service readiness.
+                                          Container will be removed from service endpoints if the probe fails.
+                                          Cannot be updated.
+                                          More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+                                        properties:
+                                          exec:
+                                            description: Exec
+                                              specifies
+                                              the
+                                              action
+                                              to
+                                              take.
+                                            properties:
+                                              command:
+                                                description: |-
+                                                  Command is the command line to execute inside the container, the working directory for the
+                                                  command  is root ('/') in the container's filesystem. The command is simply exec'd, it is
+                                                  not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use
+                                                  a shell, you need to explicitly call out to that shell.
+                                                  Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
+                                                items:
+                                                  type: string
+                                                type: array
+                                                x-kubernetes-list-type: atomic
+                                            type: object
+                                          failureThreshold:
+                                            description: |-
+                                              Minimum consecutive failures for the probe to be considered failed after having succeeded.
+                                              Defaults to 3. Minimum value is 1.
+                                            format: int32
+                                            type: integer
+                                          grpc:
+                                            description: GRPC
+                                              specifies
+                                              an
+                                              action
+                                              involving
+                                              a
+                                              GRPC
+                                              port.
+                                            properties:
+                                              port:
+                                                description: Port
+                                                  number
+                                                  of
+                                                  the
+                                                  gRPC
+                                                  service.
+                                                  Number
+                                                  must
+                                                  be
+                                                  in
+                                                  the
+                                                  range
+                                                  1
+                                                  to
+                                                  65535.
+                                                format: int32
+                                                type: integer
+                                              service:
+                                                description: |-
+                                                  Service is the name of the service to place in the gRPC HealthCheckRequest
+                                                  (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
+
+
+                                                  If this is not specified, the default behavior is defined by gRPC.
+                                                type: string
+                                            required:
+                                              - port
+                                            type: object
+                                          httpGet:
+                                            description: HTTPGet
+                                              specifies
+                                              the
+                                              http
+                                              request
+                                              to
+                                              perform.
+                                            properties:
+                                              host:
+                                                description: |-
+                                                  Host name to connect to, defaults to the pod IP. You probably want to set
+                                                  "Host" in httpHeaders instead.
+                                                type: string
+                                              httpHeaders:
+                                                description: Custom
+                                                  headers
+                                                  to
+                                                  set
+                                                  in
+                                                  the
+                                                  request.
+                                                  HTTP
+                                                  allows
+                                                  repeated
+                                                  headers.
+                                                items:
+                                                  description: HTTPHeader
+                                                    describes
+                                                    a
+                                                    custom
+                                                    header
+                                                    to
+                                                    be
+                                                    used
+                                                    in
+                                                    HTTP
+                                                    probes
+                                                  properties:
+                                                    name:
+                                                      description: |-
+                                                        The header field name.
+                                                        This will be canonicalized upon output, so case-variant names will be understood as the same header.
+                                                      type: string
+                                                    value:
+                                                      description: The
+                                                        header
+                                                        field
+                                                        value
+                                                      type: string
+                                                  required:
+                                                    - name
+                                                    - value
+                                                  type: object
+                                                type: array
+                                                x-kubernetes-list-type: atomic
+                                              path:
+                                                description: Path
+                                                  to
+                                                  access
+                                                  on
+                                                  the
+                                                  HTTP
+                                                  server.
+                                                type: string
+                                              port:
+                                                anyOf:
+                                                  - type: integer
+                                                  - type: string
+                                                description: |-
+                                                  Name or number of the port to access on the container.
+                                                  Number must be in the range 1 to 65535.
+                                                  Name must be an IANA_SVC_NAME.
+                                                x-kubernetes-int-or-string: true
+                                              scheme:
+                                                description: |-
+                                                  Scheme to use for connecting to the host.
+                                                  Defaults to HTTP.
+                                                type: string
+                                            required:
+                                              - port
+                                            type: object
+                                          initialDelaySeconds:
+                                            description: |-
+                                              Number of seconds after the container has started before liveness probes are initiated.
+                                              More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+                                            format: int32
+                                            type: integer
+                                          periodSeconds:
+                                            description: |-
+                                              How often (in seconds) to perform the probe.
+                                              Default to 10 seconds. Minimum value is 1.
+                                            format: int32
+                                            type: integer
+                                          successThreshold:
+                                            description: |-
+                                              Minimum consecutive successes for the probe to be considered successful after having failed.
+                                              Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.
+                                            format: int32
+                                            type: integer
+                                          tcpSocket:
+                                            description: TCPSocket
+                                              specifies
+                                              an
+                                              action
+                                              involving
+                                              a
+                                              TCP
+                                              port.
+                                            properties:
+                                              host:
+                                                description: "Optional:
+                                                  Host
+                                                  name
+                                                  to
+                                                  connect
+                                                  to,
+                                                  defaults
+                                                  to
+                                                  the
+                                                  pod
+                                                  IP."
+                                                type: string
+                                              port:
+                                                anyOf:
+                                                  - type: integer
+                                                  - type: string
+                                                description: |-
+                                                  Number or name of the port to access on the container.
+                                                  Number must be in the range 1 to 65535.
+                                                  Name must be an IANA_SVC_NAME.
+                                                x-kubernetes-int-or-string: true
+                                            required:
+                                              - port
+                                            type: object
+                                          terminationGracePeriodSeconds:
+                                            description: |-
+                                              Optional duration in seconds the pod needs to terminate gracefully upon probe failure.
+                                              The grace period is the duration in seconds after the processes running in the pod are sent
+                                              a termination signal and the time when the processes are forcibly halted with a kill signal.
+                                              Set this value longer than the expected cleanup time for your process.
+                                              If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this
+                                              value overrides the value provided by the pod spec.
+                                              Value must be non-negative integer. The value zero indicates stop immediately via
+                                              the kill signal (no opportunity to shut down).
+                                              This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate.
+                                              Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.
+                                            format: int64
+                                            type: integer
+                                          timeoutSeconds:
+                                            description: |-
+                                              Number of seconds after which the probe times out.
+                                              Defaults to 1 second. Minimum value is 1.
+                                              More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+                                            format: int32
+                                            type: integer
+                                        type: object
+                                      resizePolicy:
+                                        description: Resources
+                                          resize
+                                          policy
+                                          for
+                                          the
+                                          container.
+                                        items:
+                                          description: ContainerResizePolicy
+                                            represents
+                                            resource
+                                            resize
+                                            policy
+                                            for
+                                            the
+                                            container.
+                                          properties:
+                                            resourceName:
+                                              description: |-
+                                                Name of the resource to which this resource resize policy applies.
+                                                Supported values: cpu, memory.
+                                              type: string
+                                            restartPolicy:
+                                              description: |-
+                                                Restart policy to apply when specified resource is resized.
+                                                If not specified, it defaults to NotRequired.
+                                              type: string
+                                          required:
+                                            - resourceName
+                                            - restartPolicy
+                                          type: object
+                                        type: array
+                                        x-kubernetes-list-type: atomic
+                                      resources:
+                                        description: |-
+                                          Compute Resources required by this container.
+                                          Cannot be updated.
+                                          More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+                                        properties:
+                                          claims:
+                                            description: |-
+                                              Claims lists the names of resources, defined in spec.resourceClaims,
+                                              that are used by this container.
+
+
+                                              This is an alpha field and requires enabling the
+                                              DynamicResourceAllocation feature gate.
+
+
+                                              This field is immutable. It can only be set for containers.
+                                            items:
+                                              description: ResourceClaim
+                                                references
+                                                one
+                                                entry
+                                                in
+                                                PodSpec.ResourceClaims.
+                                              properties:
+                                                name:
+                                                  description: |-
+                                                    Name must match the name of one entry in pod.spec.resourceClaims of
+                                                    the Pod where this field is used. It makes that resource available
+                                                    inside a container.
+                                                  type: string
+                                              required:
+                                                - name
+                                              type: object
+                                            type: array
+                                            x-kubernetes-list-map-keys:
+                                              - name
+                                            x-kubernetes-list-type: map
+                                          limits:
+                                            additionalProperties:
+                                              anyOf:
+                                                - type: integer
+                                                - type: string
+                                              pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                              x-kubernetes-int-or-string: true
+                                            description: |-
+                                              Limits describes the maximum amount of compute resources allowed.
+                                              More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+                                            type: object
+                                          requests:
+                                            additionalProperties:
+                                              anyOf:
+                                                - type: integer
+                                                - type: string
+                                              pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                              x-kubernetes-int-or-string: true
+                                            description: |-
+                                              Requests describes the minimum amount of compute resources required.
+                                              If Requests is omitted for a container, it defaults to Limits if that is explicitly specified,
+                                              otherwise to an implementation-defined value. Requests cannot exceed Limits.
+                                              More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+                                            type: object
+                                        type: object
+                                      restartPolicy:
+                                        description: |-
+                                          RestartPolicy defines the restart behavior of individual containers in a pod.
+                                          This field may only be set for init containers, and the only allowed value is "Always".
+                                          For non-init containers or when this field is not specified,
+                                          the restart behavior is defined by the Pod's restart policy and the container type.
+                                          Setting the RestartPolicy as "Always" for the init container will have the following effect:
+                                          this init container will be continually restarted on
+                                          exit until all regular containers have terminated. Once all regular
+                                          containers have completed, all init containers with restartPolicy "Always"
+                                          will be shut down. This lifecycle differs from normal init containers and
+                                          is often referred to as a "sidecar" container. Although this init
+                                          container still starts in the init container sequence, it does not wait
+                                          for the container to complete before proceeding to the next init
+                                          container. Instead, the next init container starts immediately after this
+                                          init container is started, or after any startupProbe has successfully
+                                          completed.
+                                        type: string
+                                      securityContext:
+                                        description: |-
+                                          SecurityContext defines the security options the container should be run with.
+                                          If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext.
+                                          More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
+                                        properties:
+                                          allowPrivilegeEscalation:
+                                            description: |-
+                                              AllowPrivilegeEscalation controls whether a process can gain more
+                                              privileges than its parent process. This bool directly controls if
+                                              the no_new_privs flag will be set on the container process.
+                                              AllowPrivilegeEscalation is true always when the container is:
+                                              1) run as Privileged
+                                              2) has CAP_SYS_ADMIN
+                                              Note that this field cannot be set when spec.os.name is windows.
+                                            type: boolean
+                                          appArmorProfile:
+                                            description: |-
+                                              appArmorProfile is the AppArmor options to use by this container. If set, this profile
+                                              overrides the pod's appArmorProfile.
+                                              Note that this field cannot be set when spec.os.name is windows.
+                                            properties:
+                                              localhostProfile:
+                                                description: |-
+                                                  localhostProfile indicates a profile loaded on the node that should be used.
+                                                  The profile must be preconfigured on the node to work.
+                                                  Must match the loaded name of the profile.
+                                                  Must be set if and only if type is "Localhost".
+                                                type: string
+                                              type:
+                                                description: |-
+                                                  type indicates which kind of AppArmor profile will be applied.
+                                                  Valid options are:
+                                                    Localhost - a profile pre-loaded on the node.
+                                                    RuntimeDefault - the container runtime's default profile.
+                                                    Unconfined - no AppArmor enforcement.
+                                                type: string
+                                            required:
+                                              - type
+                                            type: object
+                                          capabilities:
+                                            description: |-
+                                              The capabilities to add/drop when running containers.
+                                              Defaults to the default set of capabilities granted by the container runtime.
+                                              Note that this field cannot be set when spec.os.name is windows.
+                                            properties:
+                                              add:
+                                                description: Added
+                                                  capabilities
+                                                items:
+                                                  description: Capability
+                                                    represent
+                                                    POSIX
+                                                    capabilities
+                                                    type
+                                                  type: string
+                                                type: array
+                                                x-kubernetes-list-type: atomic
+                                              drop:
+                                                description: Removed
+                                                  capabilities
+                                                items:
+                                                  description: Capability
+                                                    represent
+                                                    POSIX
+                                                    capabilities
+                                                    type
+                                                  type: string
+                                                type: array
+                                                x-kubernetes-list-type: atomic
+                                            type: object
+                                          privileged:
+                                            description: |-
+                                              Run container in privileged mode.
+                                              Processes in privileged containers are essentially equivalent to root on the host.
+                                              Defaults to false.
+                                              Note that this field cannot be set when spec.os.name is windows.
+                                            type: boolean
+                                          procMount:
+                                            description: |-
+                                              procMount denotes the type of proc mount to use for the containers.
+                                              The default is DefaultProcMount which uses the container runtime defaults for
+                                              readonly paths and masked paths.
+                                              This requires the ProcMountType feature flag to be enabled.
+                                              Note that this field cannot be set when spec.os.name is windows.
+                                            type: string
+                                          readOnlyRootFilesystem:
+                                            description: |-
+                                              Whether this container has a read-only root filesystem.
+                                              Default is false.
+                                              Note that this field cannot be set when spec.os.name is windows.
+                                            type: boolean
+                                          runAsGroup:
+                                            description: |-
+                                              The GID to run the entrypoint of the container process.
+                                              Uses runtime default if unset.
+                                              May also be set in PodSecurityContext.  If set in both SecurityContext and
+                                              PodSecurityContext, the value specified in SecurityContext takes precedence.
+                                              Note that this field cannot be set when spec.os.name is windows.
+                                            format: int64
+                                            type: integer
+                                          runAsNonRoot:
+                                            description: |-
+                                              Indicates that the container must run as a non-root user.
+                                              If true, the Kubelet will validate the image at runtime to ensure that it
+                                              does not run as UID 0 (root) and fail to start the container if it does.
+                                              If unset or false, no such validation will be performed.
+                                              May also be set in PodSecurityContext.  If set in both SecurityContext and
+                                              PodSecurityContext, the value specified in SecurityContext takes precedence.
+                                            type: boolean
+                                          runAsUser:
+                                            description: |-
+                                              The UID to run the entrypoint of the container process.
+                                              Defaults to user specified in image metadata if unspecified.
+                                              May also be set in PodSecurityContext.  If set in both SecurityContext and
+                                              PodSecurityContext, the value specified in SecurityContext takes precedence.
+                                              Note that this field cannot be set when spec.os.name is windows.
+                                            format: int64
+                                            type: integer
+                                          seLinuxOptions:
+                                            description: |-
+                                              The SELinux context to be applied to the container.
+                                              If unspecified, the container runtime will allocate a random SELinux context for each
+                                              container.  May also be set in PodSecurityContext.  If set in both SecurityContext and
+                                              PodSecurityContext, the value specified in SecurityContext takes precedence.
+                                              Note that this field cannot be set when spec.os.name is windows.
+                                            properties:
+                                              level:
+                                                description: Level
+                                                  is
+                                                  SELinux
+                                                  level
+                                                  label
+                                                  that
+                                                  applies
+                                                  to
+                                                  the
+                                                  container.
+                                                type: string
+                                              role:
+                                                description: Role
+                                                  is
+                                                  a
+                                                  SELinux
+                                                  role
+                                                  label
+                                                  that
+                                                  applies
+                                                  to
+                                                  the
+                                                  container.
+                                                type: string
+                                              type:
+                                                description: Type
+                                                  is
+                                                  a
+                                                  SELinux
+                                                  type
+                                                  label
+                                                  that
+                                                  applies
+                                                  to
+                                                  the
+                                                  container.
+                                                type: string
+                                              user:
+                                                description: User
+                                                  is
+                                                  a
+                                                  SELinux
+                                                  user
+                                                  label
+                                                  that
+                                                  applies
+                                                  to
+                                                  the
+                                                  container.
+                                                type: string
+                                            type: object
+                                          seccompProfile:
+                                            description: |-
+                                              The seccomp options to use by this container. If seccomp options are
+                                              provided at both the pod & container level, the container options
+                                              override the pod options.
+                                              Note that this field cannot be set when spec.os.name is windows.
+                                            properties:
+                                              localhostProfile:
+                                                description: |-
+                                                  localhostProfile indicates a profile defined in a file on the node should be used.
+                                                  The profile must be preconfigured on the node to work.
+                                                  Must be a descending path, relative to the kubelet's configured seccomp profile location.
+                                                  Must be set if type is "Localhost". Must NOT be set for any other type.
+                                                type: string
+                                              type:
+                                                description: |-
+                                                  type indicates which kind of seccomp profile will be applied.
+                                                  Valid options are:
+
+
+                                                  Localhost - a profile defined in a file on the node should be used.
+                                                  RuntimeDefault - the container runtime default profile should be used.
+                                                  Unconfined - no profile should be applied.
+                                                type: string
+                                            required:
+                                              - type
+                                            type: object
+                                          windowsOptions:
+                                            description: |-
+                                              The Windows specific settings applied to all containers.
+                                              If unspecified, the options from the PodSecurityContext will be used.
+                                              If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
+                                              Note that this field cannot be set when spec.os.name is linux.
+                                            properties:
+                                              gmsaCredentialSpec:
+                                                description: |-
+                                                  GMSACredentialSpec is where the GMSA admission webhook
+                                                  (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the
+                                                  GMSA credential spec named by the GMSACredentialSpecName field.
+                                                type: string
+                                              gmsaCredentialSpecName:
+                                                description:
+                                                  GMSACredentialSpecName
+                                                  is
+                                                  the
+                                                  name
+                                                  of
+                                                  the
+                                                  GMSA
+                                                  credential
+                                                  spec
+                                                  to
+                                                  use.
+                                                type: string
+                                              hostProcess:
+                                                description: |-
+                                                  HostProcess determines if a container should be run as a 'Host Process' container.
+                                                  All of a Pod's containers must have the same effective HostProcess value
+                                                  (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers).
+                                                  In addition, if HostProcess is true then HostNetwork must also be set to true.
+                                                type: boolean
+                                              runAsUserName:
+                                                description: |-
+                                                  The UserName in Windows to run the entrypoint of the container process.
+                                                  Defaults to the user specified in image metadata if unspecified.
+                                                  May also be set in PodSecurityContext. If set in both SecurityContext and
+                                                  PodSecurityContext, the value specified in SecurityContext takes precedence.
+                                                type: string
+                                            type: object
+                                        type: object
+                                      startupProbe:
+                                        description: |-
+                                          StartupProbe indicates that the Pod has successfully initialized.
+                                          If specified, no other probes are executed until this completes successfully.
+                                          If this probe fails, the Pod will be restarted, just as if the livenessProbe failed.
+                                          This can be used to provide different probe parameters at the beginning of a Pod's lifecycle,
+                                          when it might take a long time to load data or warm a cache, than during steady-state operation.
+                                          This cannot be updated.
+                                          More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+                                        properties:
+                                          exec:
+                                            description: Exec
+                                              specifies
+                                              the
+                                              action
+                                              to
+                                              take.
+                                            properties:
+                                              command:
+                                                description: |-
+                                                  Command is the command line to execute inside the container, the working directory for the
+                                                  command  is root ('/') in the container's filesystem. The command is simply exec'd, it is
+                                                  not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use
+                                                  a shell, you need to explicitly call out to that shell.
+                                                  Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
+                                                items:
+                                                  type: string
+                                                type: array
+                                                x-kubernetes-list-type: atomic
+                                            type: object
+                                          failureThreshold:
+                                            description: |-
+                                              Minimum consecutive failures for the probe to be considered failed after having succeeded.
+                                              Defaults to 3. Minimum value is 1.
+                                            format: int32
+                                            type: integer
+                                          grpc:
+                                            description: GRPC
+                                              specifies
+                                              an
+                                              action
+                                              involving
+                                              a
+                                              GRPC
+                                              port.
+                                            properties:
+                                              port:
+                                                description: Port
+                                                  number
+                                                  of
+                                                  the
+                                                  gRPC
+                                                  service.
+                                                  Number
+                                                  must
+                                                  be
+                                                  in
+                                                  the
+                                                  range
+                                                  1
+                                                  to
+                                                  65535.
+                                                format: int32
+                                                type: integer
+                                              service:
+                                                description: |-
+                                                  Service is the name of the service to place in the gRPC HealthCheckRequest
+                                                  (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
+
+
+                                                  If this is not specified, the default behavior is defined by gRPC.
+                                                type: string
+                                            required:
+                                              - port
+                                            type: object
+                                          httpGet:
+                                            description: HTTPGet
+                                              specifies
+                                              the
+                                              http
+                                              request
+                                              to
+                                              perform.
+                                            properties:
+                                              host:
+                                                description: |-
+                                                  Host name to connect to, defaults to the pod IP. You probably want to set
+                                                  "Host" in httpHeaders instead.
+                                                type: string
+                                              httpHeaders:
+                                                description: Custom
+                                                  headers
+                                                  to
+                                                  set
+                                                  in
+                                                  the
+                                                  request.
+                                                  HTTP
+                                                  allows
+                                                  repeated
+                                                  headers.
+                                                items:
+                                                  description: HTTPHeader
+                                                    describes
+                                                    a
+                                                    custom
+                                                    header
+                                                    to
+                                                    be
+                                                    used
+                                                    in
+                                                    HTTP
+                                                    probes
+                                                  properties:
+                                                    name:
+                                                      description: |-
+                                                        The header field name.
+                                                        This will be canonicalized upon output, so case-variant names will be understood as the same header.
+                                                      type: string
+                                                    value:
+                                                      description: The
+                                                        header
+                                                        field
+                                                        value
+                                                      type: string
+                                                  required:
+                                                    - name
+                                                    - value
+                                                  type: object
+                                                type: array
+                                                x-kubernetes-list-type: atomic
+                                              path:
+                                                description: Path
+                                                  to
+                                                  access
+                                                  on
+                                                  the
+                                                  HTTP
+                                                  server.
+                                                type: string
+                                              port:
+                                                anyOf:
+                                                  - type: integer
+                                                  - type: string
+                                                description: |-
+                                                  Name or number of the port to access on the container.
+                                                  Number must be in the range 1 to 65535.
+                                                  Name must be an IANA_SVC_NAME.
+                                                x-kubernetes-int-or-string: true
+                                              scheme:
+                                                description: |-
+                                                  Scheme to use for connecting to the host.
+                                                  Defaults to HTTP.
+                                                type: string
+                                            required:
+                                              - port
+                                            type: object
+                                          initialDelaySeconds:
+                                            description: |-
+                                              Number of seconds after the container has started before liveness probes are initiated.
+                                              More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+                                            format: int32
+                                            type: integer
+                                          periodSeconds:
+                                            description: |-
+                                              How often (in seconds) to perform the probe.
+                                              Default to 10 seconds. Minimum value is 1.
+                                            format: int32
+                                            type: integer
+                                          successThreshold:
+                                            description: |-
+                                              Minimum consecutive successes for the probe to be considered successful after having failed.
+                                              Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.
+                                            format: int32
+                                            type: integer
+                                          tcpSocket:
+                                            description: TCPSocket
+                                              specifies
+                                              an
+                                              action
+                                              involving
+                                              a
+                                              TCP
+                                              port.
+                                            properties:
+                                              host:
+                                                description: "Optional:
+                                                  Host
+                                                  name
+                                                  to
+                                                  connect
+                                                  to,
+                                                  defaults
+                                                  to
+                                                  the
+                                                  pod
+                                                  IP."
+                                                type: string
+                                              port:
+                                                anyOf:
+                                                  - type: integer
+                                                  - type: string
+                                                description: |-
+                                                  Number or name of the port to access on the container.
+                                                  Number must be in the range 1 to 65535.
+                                                  Name must be an IANA_SVC_NAME.
+                                                x-kubernetes-int-or-string: true
+                                            required:
+                                              - port
+                                            type: object
+                                          terminationGracePeriodSeconds:
+                                            description: |-
+                                              Optional duration in seconds the pod needs to terminate gracefully upon probe failure.
+                                              The grace period is the duration in seconds after the processes running in the pod are sent
+                                              a termination signal and the time when the processes are forcibly halted with a kill signal.
+                                              Set this value longer than the expected cleanup time for your process.
+                                              If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this
+                                              value overrides the value provided by the pod spec.
+                                              Value must be non-negative integer. The value zero indicates stop immediately via
+                                              the kill signal (no opportunity to shut down).
+                                              This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate.
+                                              Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.
+                                            format: int64
+                                            type: integer
+                                          timeoutSeconds:
+                                            description: |-
+                                              Number of seconds after which the probe times out.
+                                              Defaults to 1 second. Minimum value is 1.
+                                              More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+                                            format: int32
+                                            type: integer
+                                        type: object
+                                      stdin:
+                                        description: |-
+                                          Whether this container should allocate a buffer for stdin in the container runtime. If this
+                                          is not set, reads from stdin in the container will always result in EOF.
+                                          Default is false.
+                                        type: boolean
+                                      stdinOnce:
+                                        description: |-
+                                          Whether the container runtime should close the stdin channel after it has been opened by
+                                          a single attach. When stdin is true the stdin stream will remain open across multiple attach
+                                          sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the
+                                          first client attaches to stdin, and then remains open and accepts data until the client disconnects,
+                                          at which time stdin is closed and remains closed until the container is restarted. If this
+                                          flag is false, a container processes that reads from stdin will never receive an EOF.
+                                          Default is false
+                                        type: boolean
+                                      terminationMessagePath:
+                                        description: |-
+                                          Optional: Path at which the file to which the container's termination message
+                                          will be written is mounted into the container's filesystem.
+                                          Message written is intended to be brief final status, such as an assertion failure message.
+                                          Will be truncated by the node if greater than 4096 bytes. The total message length across
+                                          all containers will be limited to 12kb.
+                                          Defaults to /dev/termination-log.
+                                          Cannot be updated.
+                                        type: string
+                                      terminationMessagePolicy:
+                                        description: |-
+                                          Indicate how the termination message should be populated. File will use the contents of
+                                          terminationMessagePath to populate the container status message on both success and failure.
+                                          FallbackToLogsOnError will use the last chunk of container log output if the termination
+                                          message file is empty and the container exited with an error.
+                                          The log output is limited to 2048 bytes or 80 lines, whichever is smaller.
+                                          Defaults to File.
+                                          Cannot be updated.
+                                        type: string
+                                      tty:
+                                        description: |-
+                                          Whether this container should allocate a TTY for itself, also requires 'stdin' to be true.
+                                          Default is false.
+                                        type: boolean
+                                      volumeDevices:
+                                        description: volumeDevices
+                                          is
+                                          the
+                                          list
+                                          of
+                                          block
+                                          devices
+                                          to
+                                          be
+                                          used
+                                          by
+                                          the
+                                          container.
+                                        items:
+                                          description: volumeDevice
+                                            describes
+                                            a
+                                            mapping
+                                            of
+                                            a
+                                            raw
+                                            block
+                                            device
+                                            within
+                                            a
+                                            container.
+                                          properties:
+                                            devicePath:
+                                              description: devicePath
+                                                is
+                                                the
+                                                path
+                                                inside
+                                                of
+                                                the
+                                                container
+                                                that
+                                                the
+                                                device
+                                                will
+                                                be
+                                                mapped
+                                                to.
+                                              type: string
+                                            name:
+                                              description: name
+                                                must
+                                                match
+                                                the
+                                                name
+                                                of
+                                                a
+                                                persistentVolumeClaim
+                                                in
+                                                the
+                                                pod
+                                              type: string
+                                          required:
+                                            - devicePath
+                                            - name
+                                          type: object
+                                        type: array
+                                        x-kubernetes-list-map-keys:
+                                          - devicePath
+                                        x-kubernetes-list-type: map
+                                      volumeMounts:
+                                        description: |-
+                                          Pod volumes to mount into the container's filesystem.
+                                          Cannot be updated.
+                                        items:
+                                          description: VolumeMount
+                                            describes
+                                            a
+                                            mounting
+                                            of
+                                            a
+                                            Volume
+                                            within
+                                            a
+                                            container.
+                                          properties:
+                                            mountPath:
+                                              description: |-
+                                                Path within the container at which the volume should be mounted.  Must
+                                                not contain ':'.
+                                              type: string
+                                            mountPropagation:
+                                              description: |-
+                                                mountPropagation determines how mounts are propagated from the host
+                                                to container and the other way around.
+                                                When not set, MountPropagationNone is used.
+                                                This field is beta in 1.10.
+                                                When RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified
+                                                (which defaults to None).
+                                              type: string
+                                            name:
+                                              description: This
+                                                must
+                                                match
+                                                the
+                                                Name
+                                                of
+                                                a
+                                                Volume.
+                                              type: string
+                                            readOnly:
+                                              description: |-
+                                                Mounted read-only if true, read-write otherwise (false or unspecified).
+                                                Defaults to false.
+                                              type: boolean
+                                            recursiveReadOnly:
+                                              description: |-
+                                                RecursiveReadOnly specifies whether read-only mounts should be handled
+                                                recursively.
+
+
+                                                If ReadOnly is false, this field has no meaning and must be unspecified.
+
+
+                                                If ReadOnly is true, and this field is set to Disabled, the mount is not made
+                                                recursively read-only.  If this field is set to IfPossible, the mount is made
+                                                recursively read-only, if it is supported by the container runtime.  If this
+                                                field is set to Enabled, the mount is made recursively read-only if it is
+                                                supported by the container runtime, otherwise the pod will not be started and
+                                                an error will be generated to indicate the reason.
+
+
+                                                If this field is set to IfPossible or Enabled, MountPropagation must be set to
+                                                None (or be unspecified, which defaults to None).
+
+
+                                                If this field is not specified, it is treated as an equivalent of Disabled.
+                                              type: string
+                                            subPath:
+                                              description: |-
+                                                Path within the volume from which the container's volume should be mounted.
+                                                Defaults to "" (volume's root).
+                                              type: string
+                                            subPathExpr:
+                                              description: |-
+                                                Expanded path within the volume from which the container's volume should be mounted.
+                                                Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment.
+                                                Defaults to "" (volume's root).
+                                                SubPathExpr and SubPath are mutually exclusive.
+                                              type: string
+                                          required:
+                                            - mountPath
+                                            - name
+                                          type: object
+                                        type: array
+                                        x-kubernetes-list-map-keys:
+                                          - mountPath
+                                        x-kubernetes-list-type: map
+                                      workingDir:
+                                        description: |-
+                                          Container's working directory.
+                                          If not specified, the container runtime's default will be used, which
+                                          might be configured in the container image.
+                                          Cannot be updated.
+                                        type: string
+                                    required:
+                                      - name
+                                    type: object
+                                  type: array
+                                nodeName:
+                                  description: NodeName
+                                    is a request to
+                                    schedule this
+                                    pod onto a specific
+                                    node.
+                                  type: string
+                                nodeSelector:
+                                  additionalProperties:
+                                    type: string
+                                  description: NodeSelector
+                                    is a selector
+                                    which must be
+                                    true for the pod
+                                    to fit on a node.
+                                  type: object
+                                overhead:
+                                  additionalProperties:
+                                    anyOf:
+                                      - type: integer
+                                      - type: string
+                                    pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                    x-kubernetes-int-or-string: true
+                                  description: Overhead
+                                    represents the
+                                    resource overhead
+                                    associated with
+                                    running a pod
+                                    for a given RuntimeClass.
+                                  type: object
+                                preemptionPolicy:
+                                  description: |-
+                                    PreemptionPolicy is the Policy for preempting pods with lower priority.
+                                    One of Never, PreemptLowerPriority.
+                                    Defaults to PreemptLowerPriority if unset. (default: PreemptLowerPriority)
+                                  type: string
+                                priority:
+                                  description: |-
+                                    The priority value. Various system components use this field to find the
+                                    priority of the pod.
+                                  format: int32
+                                  type: integer
+                                priorityClassName:
+                                  description: If specified,
+                                    indicates the
+                                    pod's priority.
+                                  type: string
+                                readinessGates:
+                                  description: If specified,
+                                    all readiness
+                                    gates will be
+                                    evaluated for
+                                    pod readiness.
+                                  items:
+                                    description: PodReadinessGate
+                                      contains the
+                                      reference
+                                      to a pod condition
+                                    properties:
+                                      conditionType:
+                                        description: ConditionType
+                                          refers
+                                          to
+                                          a
+                                          condition
+                                          in
+                                          the
+                                          pod's
+                                          condition
+                                          list
+                                          with
+                                          matching
+                                          type.
+                                        type: string
+                                    required:
+                                      - conditionType
+                                    type: object
+                                  type: array
+                                restartPolicy:
+                                  description: |-
+                                    Restart policy for all containers within the pod.
+                                    One of Always, OnFailure, Never.
+                                    Default to Always. (default: Always)
+                                  type: string
+                                runtimeClassName:
+                                  description: |-
+                                    RuntimeClassName refers to a RuntimeClass object in the node.k8s.io group, which should be used
+                                    to run this pod.
+                                  type: string
+                                schedulerName:
+                                  description: |-
+                                    If specified, the pod will be dispatched by specified scheduler.
+                                    If not specified, the pod will be dispatched by default scheduler.
+                                  type: string
+                                securityContext:
+                                  description: |-
+                                    SecurityContext holds pod-level security attributes and common container settings.
+                                    Optional: Defaults to empty.  See type description for default values of each field.
+                                  properties:
+                                    appArmorProfile:
+                                      description: |-
+                                        appArmorProfile is the AppArmor options to use by the containers in this pod.
+                                        Note that this field cannot be set when spec.os.name is windows.
+                                      properties:
+                                        localhostProfile:
+                                          description: |-
+                                            localhostProfile indicates a profile loaded on the node that should be used.
+                                            The profile must be preconfigured on the node to work.
+                                            Must match the loaded name of the profile.
+                                            Must be set if and only if type is "Localhost".
+                                          type: string
+                                        type:
+                                          description: |-
+                                            type indicates which kind of AppArmor profile will be applied.
+                                            Valid options are:
+                                              Localhost - a profile pre-loaded on the node.
+                                              RuntimeDefault - the container runtime's default profile.
+                                              Unconfined - no AppArmor enforcement.
+                                          type: string
+                                      required:
+                                        - type
+                                      type: object
+                                    fsGroup:
+                                      description: |-
+                                        A special supplemental group that applies to all containers in a pod.
+                                        Some volume types allow the Kubelet to change the ownership of that volume
+                                        to be owned by the pod:
+
+
+                                        1. The owning GID will be the FSGroup
+                                        2. The setgid bit is set (new files created in the volume will be owned by FSGroup)
+                                        3. The permission bits are OR'd with rw-rw----
+
+
+                                        If unset, the Kubelet will not modify the ownership and permissions of any volume.
+                                        Note that this field cannot be set when spec.os.name is windows.
+                                      format: int64
+                                      type: integer
+                                    fsGroupChangePolicy:
+                                      description: |-
+                                        fsGroupChangePolicy defines behavior of changing ownership and permission of the volume
+                                        before being exposed inside Pod. This field will only apply to
+                                        volume types which support fsGroup based ownership(and permissions).
+                                        It will have no effect on ephemeral volume types such as: secret, configmaps
+                                        and emptydir.
+                                        Valid values are "OnRootMismatch" and "Always". If not specified, "Always" is used.
+                                        Note that this field cannot be set when spec.os.name is windows.
+                                      type: string
+                                    runAsGroup:
+                                      description: |-
+                                        The GID to run the entrypoint of the container process.
+                                        Uses runtime default if unset.
+                                        May also be set in SecurityContext.  If set in both SecurityContext and
+                                        PodSecurityContext, the value specified in SecurityContext takes precedence
+                                        for that container.
+                                        Note that this field cannot be set when spec.os.name is windows.
+                                      format: int64
+                                      type: integer
+                                    runAsNonRoot:
+                                      description: |-
+                                        Indicates that the container must run as a non-root user.
+                                        If true, the Kubelet will validate the image at runtime to ensure that it
+                                        does not run as UID 0 (root) and fail to start the container if it does.
+                                        If unset or false, no such validation will be performed.
+                                        May also be set in SecurityContext.  If set in both SecurityContext and
+                                        PodSecurityContext, the value specified in SecurityContext takes precedence.
+                                      type: boolean
+                                    runAsUser:
+                                      description: |-
+                                        The UID to run the entrypoint of the container process.
+                                        Defaults to user specified in image metadata if unspecified.
+                                        May also be set in SecurityContext.  If set in both SecurityContext and
+                                        PodSecurityContext, the value specified in SecurityContext takes precedence
+                                        for that container.
+                                        Note that this field cannot be set when spec.os.name is windows.
+                                      format: int64
+                                      type: integer
+                                    seLinuxOptions:
+                                      description: |-
+                                        The SELinux context to be applied to all containers.
+                                        If unspecified, the container runtime will allocate a random SELinux context for each
+                                        container.  May also be set in SecurityContext.  If set in
+                                        both SecurityContext and PodSecurityContext, the value specified in SecurityContext
+                                        takes precedence for that container.
+                                        Note that this field cannot be set when spec.os.name is windows.
+                                      properties:
+                                        level:
+                                          description: Level
+                                            is
+                                            SELinux
+                                            level
+                                            label
+                                            that
+                                            applies
+                                            to
+                                            the
+                                            container.
+                                          type: string
+                                        role:
+                                          description: Role
+                                            is
+                                            a
+                                            SELinux
+                                            role
+                                            label
+                                            that
+                                            applies
+                                            to
+                                            the
+                                            container.
+                                          type: string
+                                        type:
+                                          description: Type
+                                            is
+                                            a
+                                            SELinux
+                                            type
+                                            label
+                                            that
+                                            applies
+                                            to
+                                            the
+                                            container.
+                                          type: string
+                                        user:
+                                          description: User
+                                            is
+                                            a
+                                            SELinux
+                                            user
+                                            label
+                                            that
+                                            applies
+                                            to
+                                            the
+                                            container.
+                                          type: string
+                                      type: object
+                                    seccompProfile:
+                                      description: |-
+                                        The seccomp options to use by the containers in this pod.
+                                        Note that this field cannot be set when spec.os.name is windows.
+                                      properties:
+                                        localhostProfile:
+                                          description: |-
+                                            localhostProfile indicates a profile defined in a file on the node should be used.
+                                            The profile must be preconfigured on the node to work.
+                                            Must be a descending path, relative to the kubelet's configured seccomp profile location.
+                                            Must be set if type is "Localhost". Must NOT be set for any other type.
+                                          type: string
+                                        type:
+                                          description: |-
+                                            type indicates which kind of seccomp profile will be applied.
+                                            Valid options are:
+
+
+                                            Localhost - a profile defined in a file on the node should be used.
+                                            RuntimeDefault - the container runtime default profile should be used.
+                                            Unconfined - no profile should be applied.
+                                          type: string
+                                      required:
+                                        - type
+                                      type: object
+                                    supplementalGroups:
+                                      description: |-
+                                        A list of groups applied to the first process run in each container, in addition
+                                        to the container's primary GID, the fsGroup (if specified), and group memberships
+                                        defined in the container image for the uid of the container process. If unspecified,
+                                        no additional groups are added to any container. Note that group memberships
+                                        defined in the container image for the uid of the container process are still effective,
+                                        even if they are not included in this list.
+                                        Note that this field cannot be set when spec.os.name is windows.
+                                      items:
+                                        format: int64
+                                        type: integer
+                                      type: array
+                                      x-kubernetes-list-type: atomic
+                                    sysctls:
+                                      description: |-
+                                        Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported
+                                        sysctls (by the container runtime) might fail to launch.
+                                        Note that this field cannot be set when spec.os.name is windows.
+                                      items:
+                                        description: Sysctl
+                                          defines
+                                          a
+                                          kernel
+                                          parameter
+                                          to
+                                          be
+                                          set
+                                        properties:
+                                          name:
+                                            description: Name
+                                              of
+                                              a
+                                              property
+                                              to
+                                              set
+                                            type: string
+                                          value:
+                                            description: Value
+                                              of
+                                              a
+                                              property
+                                              to
+                                              set
+                                            type: string
+                                        required:
+                                          - name
+                                          - value
+                                        type: object
+                                      type: array
+                                      x-kubernetes-list-type: atomic
+                                    windowsOptions:
+                                      description: |-
+                                        The Windows specific settings applied to all containers.
+                                        If unspecified, the options within a container's SecurityContext will be used.
+                                        If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
+                                        Note that this field cannot be set when spec.os.name is linux.
+                                      properties:
+                                        gmsaCredentialSpec:
+                                          description: |-
+                                            GMSACredentialSpec is where the GMSA admission webhook
+                                            (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the
+                                            GMSA credential spec named by the GMSACredentialSpecName field.
+                                          type: string
+                                        gmsaCredentialSpecName:
+                                          description: GMSACredentialSpecName
+                                            is
+                                            the
+                                            name
+                                            of
+                                            the
+                                            GMSA
+                                            credential
+                                            spec
+                                            to
+                                            use.
+                                          type: string
+                                        hostProcess:
+                                          description: |-
+                                            HostProcess determines if a container should be run as a 'Host Process' container.
+                                            All of a Pod's containers must have the same effective HostProcess value
+                                            (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers).
+                                            In addition, if HostProcess is true then HostNetwork must also be set to true.
+                                          type: boolean
+                                        runAsUserName:
+                                          description: |-
+                                            The UserName in Windows to run the entrypoint of the container process.
+                                            Defaults to the user specified in image metadata if unspecified.
+                                            May also be set in PodSecurityContext. If set in both SecurityContext and
+                                            PodSecurityContext, the value specified in SecurityContext takes precedence.
+                                          type: string
+                                      type: object
+                                  type: object
+                                serviceAccountName:
+                                  description: ServiceAccountName
+                                    is the name of
+                                    the ServiceAccount
+                                    to use to run
+                                    this pod.
+                                  type: string
+                                setHostnameAsFQDN:
+                                  description: |-
+                                    If true the pod's hostname will be configured as the pod's FQDN, rather than the leaf name (the default).
+                                    Default to false. (default: false)
+                                  type: boolean
+                                shareProcessNamespace:
+                                  description: |-
+                                    Share a single process namespace between all of the containers in a pod.
+                                    HostPID and ShareProcessNamespace cannot both be set.
+                                    Optional: Default to false. (default: false)
+                                  type: boolean
+                                subdomain:
+                                  description: |-
+                                    If specified, the fully qualified Pod hostname will be "<hostname>.<subdomain>.<pod namespace>.svc.<cluster domain>".
+                                    If not specified, the pod will not have a domainname at all.
+                                  type: string
+                                terminationGracePeriodSeconds:
+                                  description: |-
+                                    Optional duration in seconds the pod needs to terminate gracefully.
+                                    Defaults to 30 seconds. (default: 30)
+                                  format: int64
+                                  type: integer
+                                tolerations:
+                                  description: If specified,
+                                    the pod's tolerations.
+                                  items:
+                                    description: |-
+                                      The pod this Toleration is attached to tolerates any taint that matches
+                                      the triple <key,value,effect> using the matching operator <operator>.
+                                    properties:
+                                      effect:
+                                        description: |-
+                                          Effect indicates the taint effect to match. Empty means match all taint effects.
+                                          When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.
+                                        type: string
+                                      key:
+                                        description: |-
+                                          Key is the taint key that the toleration applies to. Empty means match all taint keys.
+                                          If the key is empty, operator must be Exists; this combination means to match all values and all keys.
+                                        type: string
+                                      operator:
+                                        description: |-
+                                          Operator represents a key's relationship to the value.
+                                          Valid operators are Exists and Equal. Defaults to Equal.
+                                          Exists is equivalent to wildcard for value, so that a pod can
+                                          tolerate all taints of a particular category.
+                                        type: string
+                                      tolerationSeconds:
+                                        description: |-
+                                          TolerationSeconds represents the period of time the toleration (which must be
+                                          of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default,
+                                          it is not set, which means tolerate the taint forever (do not evict). Zero and
+                                          negative values will be treated as 0 (evict immediately) by the system.
+                                        format: int64
+                                        type: integer
+                                      value:
+                                        description: |-
+                                          Value is the taint value the toleration matches to.
+                                          If the operator is Exists, the value should be empty, otherwise just a regular string.
+                                        type: string
+                                    type: object
+                                  type: array
+                                topologySpreadConstraints:
+                                  description: |-
+                                    TopologySpreadConstraints describes how a group of pods ought to spread across topology
+                                    domains.
+                                  items:
+                                    description: TopologySpreadConstraint
+                                      specifies
+                                      how to spread
+                                      matching pods
+                                      among the
+                                      given topology.
+                                    properties:
+                                      labelSelector:
+                                        description: |-
+                                          LabelSelector is used to find matching pods.
+                                          Pods that match this label selector are counted to determine the number of pods
+                                          in their corresponding topology domain.
+                                        properties:
+                                          matchExpressions:
+                                            description: matchExpressions
+                                              is
+                                              a
+                                              list
+                                              of
+                                              label
+                                              selector
+                                              requirements.
+                                              The
+                                              requirements
+                                              are
+                                              ANDed.
+                                            items:
+                                              description: |-
+                                                A label selector requirement is a selector that contains values, a key, and an operator that
+                                                relates the key and values.
+                                              properties:
+                                                key:
+                                                  description: key
+                                                    is
+                                                    the
+                                                    label
+                                                    key
+                                                    that
+                                                    the
+                                                    selector
+                                                    applies
+                                                    to.
+                                                  type: string
+                                                operator:
+                                                  description: |-
+                                                    operator represents a key's relationship to a set of values.
+                                                    Valid operators are In, NotIn, Exists and DoesNotExist.
+                                                  type: string
+                                                values:
+                                                  description: |-
+                                                    values is an array of string values. If the operator is In or NotIn,
+                                                    the values array must be non-empty. If the operator is Exists or DoesNotExist,
+                                                    the values array must be empty. This array is replaced during a strategic
+                                                    merge patch.
+                                                  items:
+                                                    type: string
+                                                  type: array
+                                                  x-kubernetes-list-type: atomic
+                                              required:
+                                                - key
+                                                - operator
+                                              type: object
+                                            type: array
+                                            x-kubernetes-list-type: atomic
+                                          matchLabels:
+                                            additionalProperties:
+                                              type: string
+                                            description: |-
+                                              matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+                                              map is equivalent to an element of matchExpressions, whose key field is "key", the
+                                              operator is "In", and the values array contains only "value". The requirements are ANDed.
+                                            type: object
+                                        type: object
+                                        x-kubernetes-map-type: atomic
+                                      matchLabelKeys:
+                                        description: |-
+                                          MatchLabelKeys is a set of pod label keys to select the pods over which
+                                          spreading will be calculated. The keys are used to lookup values from the
+                                          incoming pod labels, those key-value labels are ANDed with labelSelector
+                                          to select the group of existing pods over which spreading will be calculated
+                                          for the incoming pod. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.
+                                          MatchLabelKeys cannot be set when LabelSelector isn't set.
+                                          Keys that don't exist in the incoming pod labels will
+                                          be ignored. A null or empty list means only match against labelSelector.
+
+
+                                          This is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default).
+                                        items:
+                                          type: string
+                                        type: array
+                                        x-kubernetes-list-type: atomic
+                                      maxSkew:
+                                        description: |-
+                                          MaxSkew describes the degree to which pods may be unevenly distributed.
+                                          When `whenUnsatisfiable=DoNotSchedule`, it is the maximum permitted difference
+                                          between the number of matching pods in the target topology and the global minimum.
+                                          The global minimum is the minimum number of matching pods in an eligible domain
+                                          or zero if the number of eligible domains is less than MinDomains.
+                                          For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same
+                                          labelSelector spread as 2/2/1:
+                                          In this case, the global minimum is 1.
+                                          | zone1 | zone2 | zone3 |
+                                          |  P P  |  P P  |   P   |
+                                          - if MaxSkew is 1, incoming pod can only be scheduled to zone3 to become 2/2/2;
+                                          scheduling it onto zone1(zone2) would make the ActualSkew(3-1) on zone1(zone2)
+                                          violate MaxSkew(1).
+                                          - if MaxSkew is 2, incoming pod can be scheduled onto any zone.
+                                          When `whenUnsatisfiable=ScheduleAnyway`, it is used to give higher precedence
+                                          to topologies that satisfy it.
+                                          It's a required field. Default value is 1 and 0 is not allowed.
+                                        format: int32
+                                        type: integer
+                                      minDomains:
+                                        description: |-
+                                          MinDomains indicates a minimum number of eligible domains.
+                                          When the number of eligible domains with matching topology keys is less than minDomains,
+                                          Pod Topology Spread treats "global minimum" as 0, and then the calculation of Skew is performed.
+                                          And when the number of eligible domains with matching topology keys equals or greater than minDomains,
+                                          this value has no effect on scheduling.
+                                          As a result, when the number of eligible domains is less than minDomains,
+                                          scheduler won't schedule more than maxSkew Pods to those domains.
+                                          If value is nil, the constraint behaves as if MinDomains is equal to 1.
+                                          Valid values are integers greater than 0.
+                                          When value is not nil, WhenUnsatisfiable must be DoNotSchedule.
+
+
+                                          For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same
+                                          labelSelector spread as 2/2/2:
+                                          | zone1 | zone2 | zone3 |
+                                          |  P P  |  P P  |  P P  |
+                                          The number of domains is less than 5(MinDomains), so "global minimum" is treated as 0.
+                                          In this situation, new pod with the same labelSelector cannot be scheduled,
+                                          because computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones,
+                                          it will violate MaxSkew.
+                                        format: int32
+                                        type: integer
+                                      nodeAffinityPolicy:
+                                        description: |-
+                                          NodeAffinityPolicy indicates how we will treat Pod's nodeAffinity/nodeSelector
+                                          when calculating pod topology spread skew. Options are:
+                                          - Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations.
+                                          - Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations.
+
+
+                                          If this value is nil, the behavior is equivalent to the Honor policy.
+                                          This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag.
+                                        type: string
+                                      nodeTaintsPolicy:
+                                        description: |-
+                                          NodeTaintsPolicy indicates how we will treat node taints when calculating
+                                          pod topology spread skew. Options are:
+                                          - Honor: nodes without taints, along with tainted nodes for which the incoming pod
+                                          has a toleration, are included.
+                                          - Ignore: node taints are ignored. All nodes are included.
+
+
+                                          If this value is nil, the behavior is equivalent to the Ignore policy.
+                                          This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag.
+                                        type: string
+                                      topologyKey:
+                                        description: |-
+                                          TopologyKey is the key of node labels. Nodes that have a label with this key
+                                          and identical values are considered to be in the same topology.
+                                          We consider each <key, value> as a "bucket", and try to put balanced number
+                                          of pods into each bucket.
+                                          We define a domain as a particular instance of a topology.
+                                          Also, we define an eligible domain as a domain whose nodes meet the requirements of
+                                          nodeAffinityPolicy and nodeTaintsPolicy.
+                                          e.g. If TopologyKey is "kubernetes.io/hostname", each Node is a domain of that topology.
+                                          And, if TopologyKey is "topology.kubernetes.io/zone", each zone is a domain of that topology.
+                                          It's a required field.
+                                        type: string
+                                      whenUnsatisfiable:
+                                        description: |-
+                                          WhenUnsatisfiable indicates how to deal with a pod if it doesn't satisfy
+                                          the spread constraint.
+                                          - DoNotSchedule (default) tells the scheduler not to schedule it.
+                                          - ScheduleAnyway tells the scheduler to schedule the pod in any location,
+                                            but giving higher precedence to topologies that would help reduce the
+                                            skew.
+                                          A constraint is considered "Unsatisfiable" for an incoming pod
+                                          if and only if every possible node assignment for that pod would violate
+                                          "MaxSkew" on some topology.
+                                          For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same
+                                          labelSelector spread as 3/1/1:
+                                          | zone1 | zone2 | zone3 |
+                                          | P P P |   P   |   P   |
+                                          If WhenUnsatisfiable is set to DoNotSchedule, incoming pod can only be scheduled
+                                          to zone2(zone3) to become 3/2/1(3/1/2) as ActualSkew(2-1) on zone2(zone3) satisfies
+                                          MaxSkew(1). In other words, the cluster can still be imbalanced, but scheduler
+                                          won't make it *more* imbalanced.
+                                          It's a required field.
+                                        type: string
+                                    required:
+                                      - maxSkew
+                                      - topologyKey
+                                      - whenUnsatisfiable
+                                    type: object
+                                  type: array
+                                  x-kubernetes-list-map-keys:
+                                    - topologyKey
+                                    - whenUnsatisfiable
+                                  x-kubernetes-list-type: map
+                                volumes:
+                                  description: List
+                                    of volumes that
+                                    can be mounted
+                                    by containers
+                                    belonging to the
+                                    pod.
+                                  items:
+                                    description: Volume
+                                      represents
+                                      a named volume
+                                      in a pod that
+                                      may be accessed
+                                      by any container
+                                      in the pod.
+                                    properties:
+                                      awsElasticBlockStore:
+                                        description: |-
+                                          awsElasticBlockStore represents an AWS Disk resource that is attached to a
+                                          kubelet's host machine and then exposed to the pod.
+                                          More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
+                                        properties:
+                                          fsType:
+                                            description: |-
+                                              fsType is the filesystem type of the volume that you want to mount.
+                                              Tip: Ensure that the filesystem type is supported by the host operating system.
+                                              Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
+                                              More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
+                                              TODO: how do we prevent errors in the filesystem from compromising the machine
+                                            type: string
+                                          partition:
+                                            description: |-
+                                              partition is the partition in the volume that you want to mount.
+                                              If omitted, the default is to mount by volume name.
+                                              Examples: For volume /dev/sda1, you specify the partition as "1".
+                                              Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty).
+                                            format: int32
+                                            type: integer
+                                          readOnly:
+                                            description: |-
+                                              readOnly value true will force the readOnly setting in VolumeMounts.
+                                              More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
+                                            type: boolean
+                                          volumeID:
+                                            description: |-
+                                              volumeID is unique ID of the persistent disk resource in AWS (Amazon EBS volume).
+                                              More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
+                                            type: string
+                                        required:
+                                          - volumeID
+                                        type: object
+                                      azureDisk:
+                                        description: azureDisk
+                                          represents
+                                          an
+                                          Azure
+                                          Data
+                                          Disk
+                                          mount
+                                          on
+                                          the
+                                          host
+                                          and
+                                          bind
+                                          mount
+                                          to
+                                          the
+                                          pod.
+                                        properties:
+                                          cachingMode:
+                                            description: "cachingMode
+                                              is
+                                              the
+                                              Host
+                                              Caching
+                                              mode:
+                                              None,
+                                              Read
+                                              Only,
+                                              Read
+                                              Write."
+                                            type: string
+                                          diskName:
+                                            description: diskName
+                                              is
+                                              the
+                                              Name
+                                              of
+                                              the
+                                              data
+                                              disk
+                                              in
+                                              the
+                                              blob
+                                              storage
+                                            type: string
+                                          diskURI:
+                                            description: diskURI
+                                              is
+                                              the
+                                              URI
+                                              of
+                                              data
+                                              disk
+                                              in
+                                              the
+                                              blob
+                                              storage
+                                            type: string
+                                          fsType:
+                                            description: |-
+                                              fsType is Filesystem type to mount.
+                                              Must be a filesystem type supported by the host operating system.
+                                              Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
+                                            type: string
+                                          kind:
+                                            description: "kind
+                                              expected
+                                              values
+                                              are
+                                              Shared:
+                                              multiple
+                                              blob
+                                              disks
+                                              per
+                                              storage
+                                              account  Dedicated:
+                                              single
+                                              blob
+                                              disk
+                                              per
+                                              storage
+                                              account  Managed:
+                                              azure
+                                              managed
+                                              data
+                                              disk
+                                              (only
+                                              in
+                                              managed
+                                              availability
+                                              set).
+                                              defaults
+                                              to
+                                              shared"
+                                            type: string
+                                          readOnly:
+                                            description: |-
+                                              readOnly Defaults to false (read/write). ReadOnly here will force
+                                              the ReadOnly setting in VolumeMounts.
+                                            type: boolean
+                                        required:
+                                          - diskName
+                                          - diskURI
+                                        type: object
+                                      azureFile:
+                                        description: azureFile
+                                          represents
+                                          an
+                                          Azure
+                                          File
+                                          Service
+                                          mount
+                                          on
+                                          the
+                                          host
+                                          and
+                                          bind
+                                          mount
+                                          to
+                                          the
+                                          pod.
+                                        properties:
+                                          readOnly:
+                                            description: |-
+                                              readOnly defaults to false (read/write). ReadOnly here will force
+                                              the ReadOnly setting in VolumeMounts.
+                                            type: boolean
+                                          secretName:
+                                            description: secretName
+                                              is
+                                              the  name
+                                              of
+                                              secret
+                                              that
+                                              contains
+                                              Azure
+                                              Storage
+                                              Account
+                                              Name
+                                              and
+                                              Key
+                                            type: string
+                                          shareName:
+                                            description: shareName
+                                              is
+                                              the
+                                              azure
+                                              share
+                                              Name
+                                            type: string
+                                        required:
+                                          - secretName
+                                          - shareName
+                                        type: object
+                                      cephfs:
+                                        description: cephFS
+                                          represents
+                                          a
+                                          Ceph
+                                          FS
+                                          mount
+                                          on
+                                          the
+                                          host
+                                          that
+                                          shares
+                                          a
+                                          pod's
+                                          lifetime
+                                        properties:
+                                          monitors:
+                                            description: |-
+                                              monitors is Required: Monitors is a collection of Ceph monitors
+                                              More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
+                                            items:
+                                              type: string
+                                            type: array
+                                            x-kubernetes-list-type: atomic
+                                          path:
+                                            description: "path
+                                              is
+                                              Optional:
+                                              Used
+                                              as
+                                              the
+                                              mounted
+                                              root,
+                                              rather
+                                              than
+                                              the
+                                              full
+                                              Ceph
+                                              tree,
+                                              default
+                                              is
+                                              /"
+                                            type: string
+                                          readOnly:
+                                            description: |-
+                                              readOnly is Optional: Defaults to false (read/write). ReadOnly here will force
+                                              the ReadOnly setting in VolumeMounts.
+                                              More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
+                                            type: boolean
+                                          secretFile:
+                                            description: |-
+                                              secretFile is Optional: SecretFile is the path to key ring for User, default is /etc/ceph/user.secret
+                                              More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
+                                            type: string
+                                          secretRef:
+                                            description: |-
+                                              secretRef is Optional: SecretRef is reference to the authentication secret for User, default is empty.
+                                              More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
+                                            properties:
+                                              name:
+                                                default: ""
+                                                description: |-
+                                                  Name of the referent.
+                                                  This field is effectively required, but due to backwards compatibility is
+                                                  allowed to be empty. Instances of this type with an empty value here are
+                                                  almost certainly wrong.
+                                                  TODO: Add other useful fields. apiVersion, kind, uid?
+                                                  More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+                                                  TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
+                                                type: string
+                                            type: object
+                                            x-kubernetes-map-type: atomic
+                                          user:
+                                            description: |-
+                                              user is optional: User is the rados user name, default is admin
+                                              More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
+                                            type: string
+                                        required:
+                                          - monitors
+                                        type: object
+                                      cinder:
+                                        description: |-
+                                          cinder represents a cinder volume attached and mounted on kubelets host machine.
+                                          More info: https://examples.k8s.io/mysql-cinder-pd/README.md
+                                        properties:
+                                          fsType:
+                                            description: |-
+                                              fsType is the filesystem type to mount.
+                                              Must be a filesystem type supported by the host operating system.
+                                              Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
+                                              More info: https://examples.k8s.io/mysql-cinder-pd/README.md
+                                            type: string
+                                          readOnly:
+                                            description: |-
+                                              readOnly defaults to false (read/write). ReadOnly here will force
+                                              the ReadOnly setting in VolumeMounts.
+                                              More info: https://examples.k8s.io/mysql-cinder-pd/README.md
+                                            type: boolean
+                                          secretRef:
+                                            description: |-
+                                              secretRef is optional: points to a secret object containing parameters used to connect
+                                              to OpenStack.
+                                            properties:
+                                              name:
+                                                default: ""
+                                                description: |-
+                                                  Name of the referent.
+                                                  This field is effectively required, but due to backwards compatibility is
+                                                  allowed to be empty. Instances of this type with an empty value here are
+                                                  almost certainly wrong.
+                                                  TODO: Add other useful fields. apiVersion, kind, uid?
+                                                  More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+                                                  TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
+                                                type: string
+                                            type: object
+                                            x-kubernetes-map-type: atomic
+                                          volumeID:
+                                            description: |-
+                                              volumeID used to identify the volume in cinder.
+                                              More info: https://examples.k8s.io/mysql-cinder-pd/README.md
+                                            type: string
+                                        required:
+                                          - volumeID
+                                        type: object
+                                      configMap:
+                                        description: configMap
+                                          represents
+                                          a
+                                          configMap
+                                          that
+                                          should
+                                          populate
+                                          this
+                                          volume
+                                        properties:
+                                          defaultMode:
+                                            description: |-
+                                              defaultMode is optional: mode bits used to set permissions on created files by default.
+                                              Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.
+                                              YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.
+                                              Defaults to 0644.
+                                              Directories within the path are not affected by this setting.
+                                              This might be in conflict with other options that affect the file
+                                              mode, like fsGroup, and the result can be other mode bits set.
+                                            format: int32
+                                            type: integer
+                                          items:
+                                            description: |-
+                                              items if unspecified, each key-value pair in the Data field of the referenced
+                                              ConfigMap will be projected into the volume as a file whose name is the
+                                              key and content is the value. If specified, the listed keys will be
+                                              projected into the specified paths, and unlisted keys will not be
+                                              present. If a key is specified which is not present in the ConfigMap,
+                                              the volume setup will error unless it is marked optional. Paths must be
+                                              relative and may not contain the '..' path or start with '..'.
+                                            items:
+                                              description: Maps
+                                                a
+                                                string
+                                                key
+                                                to
+                                                a
+                                                path
+                                                within
+                                                a
+                                                volume.
+                                              properties:
+                                                key:
+                                                  description: key
+                                                    is
+                                                    the
+                                                    key
+                                                    to
+                                                    project.
+                                                  type: string
+                                                mode:
+                                                  description: |-
+                                                    mode is Optional: mode bits used to set permissions on this file.
+                                                    Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.
+                                                    YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.
+                                                    If not specified, the volume defaultMode will be used.
+                                                    This might be in conflict with other options that affect the file
+                                                    mode, like fsGroup, and the result can be other mode bits set.
+                                                  format: int32
+                                                  type: integer
+                                                path:
+                                                  description: |-
+                                                    path is the relative path of the file to map the key to.
+                                                    May not be an absolute path.
+                                                    May not contain the path element '..'.
+                                                    May not start with the string '..'.
+                                                  type: string
+                                              required:
+                                                - key
+                                                - path
+                                              type: object
+                                            type: array
+                                            x-kubernetes-list-type: atomic
+                                          name:
+                                            default: ""
+                                            description: |-
+                                              Name of the referent.
+                                              This field is effectively required, but due to backwards compatibility is
+                                              allowed to be empty. Instances of this type with an empty value here are
+                                              almost certainly wrong.
+                                              TODO: Add other useful fields. apiVersion, kind, uid?
+                                              More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+                                              TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
+                                            type: string
+                                          optional:
+                                            description: optional
+                                              specify
+                                              whether
+                                              the
+                                              ConfigMap
+                                              or
+                                              its
+                                              keys
+                                              must
+                                              be
+                                              defined
+                                            type: boolean
+                                        type: object
+                                        x-kubernetes-map-type: atomic
+                                      csi:
+                                        description: csi
+                                          (Container
+                                          Storage
+                                          Interface)
+                                          represents
+                                          ephemeral
+                                          storage
+                                          that
+                                          is
+                                          handled
+                                          by
+                                          certain
+                                          external
+                                          CSI
+                                          drivers
+                                          (Beta
+                                          feature).
+                                        properties:
+                                          driver:
+                                            description: |-
+                                              driver is the name of the CSI driver that handles this volume.
+                                              Consult with your admin for the correct name as registered in the cluster.
+                                            type: string
+                                          fsType:
+                                            description: |-
+                                              fsType to mount. Ex. "ext4", "xfs", "ntfs".
+                                              If not provided, the empty value is passed to the associated CSI driver
+                                              which will determine the default filesystem to apply.
+                                            type: string
+                                          nodePublishSecretRef:
+                                            description: |-
+                                              nodePublishSecretRef is a reference to the secret object containing
+                                              sensitive information to pass to the CSI driver to complete the CSI
+                                              NodePublishVolume and NodeUnpublishVolume calls.
+                                              This field is optional, and  may be empty if no secret is required. If the
+                                              secret object contains more than one secret, all secret references are passed.
+                                            properties:
+                                              name:
+                                                default: ""
+                                                description: |-
+                                                  Name of the referent.
+                                                  This field is effectively required, but due to backwards compatibility is
+                                                  allowed to be empty. Instances of this type with an empty value here are
+                                                  almost certainly wrong.
+                                                  TODO: Add other useful fields. apiVersion, kind, uid?
+                                                  More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+                                                  TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
+                                                type: string
+                                            type: object
+                                            x-kubernetes-map-type: atomic
+                                          readOnly:
+                                            description: |-
+                                              readOnly specifies a read-only configuration for the volume.
+                                              Defaults to false (read/write).
+                                            type: boolean
+                                          volumeAttributes:
+                                            additionalProperties:
+                                              type: string
+                                            description: |-
+                                              volumeAttributes stores driver-specific properties that are passed to the CSI
+                                              driver. Consult your driver's documentation for supported values.
+                                            type: object
+                                        required:
+                                          - driver
+                                        type: object
+                                      downwardAPI:
+                                        description: downwardAPI
+                                          represents
+                                          downward
+                                          API
+                                          about
+                                          the
+                                          pod
+                                          that
+                                          should
+                                          populate
+                                          this
+                                          volume
+                                        properties:
+                                          defaultMode:
+                                            description: |-
+                                              Optional: mode bits to use on created files by default. Must be a
+                                              Optional: mode bits used to set permissions on created files by default.
+                                              Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.
+                                              YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.
+                                              Defaults to 0644.
+                                              Directories within the path are not affected by this setting.
+                                              This might be in conflict with other options that affect the file
+                                              mode, like fsGroup, and the result can be other mode bits set.
+                                            format: int32
+                                            type: integer
+                                          items:
+                                            description: Items
+                                              is
+                                              a
+                                              list
+                                              of
+                                              downward
+                                              API
+                                              volume
+                                              file
+                                            items:
+                                              description: DownwardAPIVolumeFile
+                                                represents
+                                                information
+                                                to
+                                                create
+                                                the
+                                                file
+                                                containing
+                                                the
+                                                pod
+                                                field
+                                              properties:
+                                                fieldRef:
+                                                  description: "Required:
+                                                    Selects
+                                                    a
+                                                    field
+                                                    of
+                                                    the
+                                                    pod:
+                                                    only
+                                                    annotations,
+                                                    labels,
+                                                    name,
+                                                    namespace
+                                                    and
+                                                    uid
+                                                    are
+                                                    supported."
+                                                  properties:
+                                                    apiVersion:
+                                                      description: Version
+                                                        of
+                                                        the
+                                                        schema
+                                                        the
+                                                        FieldPath
+                                                        is
+                                                        written
+                                                        in
+                                                        terms
+                                                        of,
+                                                        defaults
+                                                        to
+                                                        "v1".
+                                                      type: string
+                                                    fieldPath:
+                                                      description: Path
+                                                        of
+                                                        the
+                                                        field
+                                                        to
+                                                        select
+                                                        in
+                                                        the
+                                                        specified
+                                                        API
+                                                        version.
+                                                      type: string
+                                                  required:
+                                                    - fieldPath
+                                                  type: object
+                                                  x-kubernetes-map-type: atomic
+                                                mode:
+                                                  description: |-
+                                                    Optional: mode bits used to set permissions on this file, must be an octal value
+                                                    between 0000 and 0777 or a decimal value between 0 and 511.
+                                                    YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.
+                                                    If not specified, the volume defaultMode will be used.
+                                                    This might be in conflict with other options that affect the file
+                                                    mode, like fsGroup, and the result can be other mode bits set.
+                                                  format: int32
+                                                  type: integer
+                                                path:
+                                                  description: "Required:
+                                                    Path
+                                                    is  the
+                                                    relative
+                                                    path
+                                                    name
+                                                    of
+                                                    the
+                                                    file
+                                                    to
+                                                    be
+                                                    created.
+                                                    Must
+                                                    not
+                                                    be
+                                                    absolute
+                                                    or
+                                                    contain
+                                                    the
+                                                    '..'
+                                                    path.
+                                                    Must
+                                                    be
+                                                    utf-8
+                                                    encoded.
+                                                    The
+                                                    first
+                                                    item
+                                                    of
+                                                    the
+                                                    relative
+                                                    path
+                                                    must
+                                                    not
+                                                    start
+                                                    with
+                                                    '..'"
+                                                  type: string
+                                                resourceFieldRef:
+                                                  description: |-
+                                                    Selects a resource of the container: only resources limits and requests
+                                                    (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported.
+                                                  properties:
+                                                    containerName:
+                                                      description: "Container
+                                                        name:
+                                                        required
+                                                        for
+                                                        volumes,
+                                                        optional
+                                                        for
+                                                        env
+                                                        vars"
+                                                      type: string
+                                                    divisor:
+                                                      anyOf:
+                                                        - type: integer
+                                                        - type: string
+                                                      description: Specifies
+                                                        the
+                                                        output
+                                                        format
+                                                        of
+                                                        the
+                                                        exposed
+                                                        resources,
+                                                        defaults
+                                                        to
+                                                        "1"
+                                                      pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                                      x-kubernetes-int-or-string: true
+                                                    resource:
+                                                      description: "Required:
+                                                        resource
+                                                        to
+                                                        select"
+                                                      type: string
+                                                  required:
+                                                    - resource
+                                                  type: object
+                                                  x-kubernetes-map-type: atomic
+                                              required:
+                                                - path
+                                              type: object
+                                            type: array
+                                            x-kubernetes-list-type: atomic
+                                        type: object
+                                      emptyDir:
+                                        description: |-
+                                          emptyDir represents a temporary directory that shares a pod's lifetime.
+                                          More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir
+                                        properties:
+                                          medium:
+                                            description: |-
+                                              medium represents what type of storage medium should back this directory.
+                                              The default is "" which means to use the node's default medium.
+                                              Must be an empty string (default) or Memory.
+                                              More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir
+                                            type: string
+                                          sizeLimit:
+                                            anyOf:
+                                              - type: integer
+                                              - type: string
+                                            description: |-
+                                              sizeLimit is the total amount of local storage required for this EmptyDir volume.
+                                              The size limit is also applicable for memory medium.
+                                              The maximum usage on memory medium EmptyDir would be the minimum value between
+                                              the SizeLimit specified here and the sum of memory limits of all containers in a pod.
+                                              The default is nil which means that the limit is undefined.
+                                              More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir
+                                            pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                            x-kubernetes-int-or-string: true
+                                        type: object
+                                      ephemeral:
+                                        description: |-
+                                          ephemeral represents a volume that is handled by a cluster storage driver.
+                                          The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts,
+                                          and deleted when the pod is removed.
+
+
+                                          Use this if:
+                                          a) the volume is only needed while the pod runs,
+                                          b) features of normal volumes like restoring from snapshot or capacity
+                                             tracking are needed,
+                                          c) the storage driver is specified through a storage class, and
+                                          d) the storage driver supports dynamic volume provisioning through
+                                             a PersistentVolumeClaim (see EphemeralVolumeSource for more
+                                             information on the connection between this volume type
+                                             and PersistentVolumeClaim).
+
+
+                                          Use PersistentVolumeClaim or one of the vendor-specific
+                                          APIs for volumes that persist for longer than the lifecycle
+                                          of an individual pod.
+
+
+                                          Use CSI for light-weight local ephemeral volumes if the CSI driver is meant to
+                                          be used that way - see the documentation of the driver for
+                                          more information.
+
+
+                                          A pod can use both types of ephemeral volumes and
+                                          persistent volumes at the same time.
+                                        properties:
+                                          volumeClaimTemplate:
+                                            description: |-
+                                              Will be used to create a stand-alone PVC to provision the volume.
+                                              The pod in which this EphemeralVolumeSource is embedded will be the
+                                              owner of the PVC, i.e. the PVC will be deleted together with the
+                                              pod.  The name of the PVC will be `<pod name>-<volume name>` where
+                                              `<volume name>` is the name from the `PodSpec.Volumes` array
+                                              entry. Pod validation will reject the pod if the concatenated name
+                                              is not valid for a PVC (for example, too long).
+
+
+                                              An existing PVC with that name that is not owned by the pod
+                                              will *not* be used for the pod to avoid using an unrelated
+                                              volume by mistake. Starting the pod is then blocked until
+                                              the unrelated PVC is removed. If such a pre-created PVC is
+                                              meant to be used by the pod, the PVC has to updated with an
+                                              owner reference to the pod once the pod exists. Normally
+                                              this should not be necessary, but it may be useful when
+                                              manually reconstructing a broken cluster.
+
+
+                                              This field is read-only and no changes will be made by Kubernetes
+                                              to the PVC after it has been created.
+
+
+                                              Required, must not be nil.
+                                            properties:
+                                              metadata:
+                                                description: |-
+                                                  May contain labels and annotations that will be copied into the PVC
+                                                  when creating it. No other fields are allowed and will be rejected during
+                                                  validation.
+                                                type: object
+                                              spec:
+                                                description: |-
+                                                  The specification for the PersistentVolumeClaim. The entire content is
+                                                  copied unchanged into the PVC that gets created from this
+                                                  template. The same fields as in a PersistentVolumeClaim
+                                                  are also valid here.
+                                                properties:
+                                                  accessModes:
+                                                    description: |-
+                                                      accessModes contains the desired access modes the volume should have.
+                                                      More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1
+                                                    items:
+                                                      type: string
+                                                    type: array
+                                                    x-kubernetes-list-type: atomic
+                                                  dataSource:
+                                                    description: |-
+                                                      dataSource field can be used to specify either:
+                                                      * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot)
+                                                      * An existing PVC (PersistentVolumeClaim)
+                                                      If the provisioner or an external controller can support the specified data source,
+                                                      it will create a new volume based on the contents of the specified data source.
+                                                      When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef,
+                                                      and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified.
+                                                      If the namespace is specified, then dataSourceRef will not be copied to dataSource.
+                                                    properties:
+                                                      apiGroup:
+                                                        description: |-
+                                                          APIGroup is the group for the resource being referenced.
+                                                          If APIGroup is not specified, the specified Kind must be in the core API group.
+                                                          For any other third-party types, APIGroup is required.
+                                                        type: string
+                                                      kind:
+                                                        description: Kind
+                                                          is
+                                                          the
+                                                          type
+                                                          of
+                                                          resource
+                                                          being
+                                                          referenced
+                                                        type: string
+                                                      name:
+                                                        description: Name
+                                                          is
+                                                          the
+                                                          name
+                                                          of
+                                                          resource
+                                                          being
+                                                          referenced
+                                                        type: string
+                                                    required:
+                                                      - kind
+                                                      - name
+                                                    type: object
+                                                    x-kubernetes-map-type: atomic
+                                                  dataSourceRef:
+                                                    description: |-
+                                                      dataSourceRef specifies the object from which to populate the volume with data, if a non-empty
+                                                      volume is desired. This may be any object from a non-empty API group (non
+                                                      core object) or a PersistentVolumeClaim object.
+                                                      When this field is specified, volume binding will only succeed if the type of
+                                                      the specified object matches some installed volume populator or dynamic
+                                                      provisioner.
+                                                      This field will replace the functionality of the dataSource field and as such
+                                                      if both fields are non-empty, they must have the same value. For backwards
+                                                      compatibility, when namespace isn't specified in dataSourceRef,
+                                                      both fields (dataSource and dataSourceRef) will be set to the same
+                                                      value automatically if one of them is empty and the other is non-empty.
+                                                      When namespace is specified in dataSourceRef,
+                                                      dataSource isn't set to the same value and must be empty.
+                                                      There are three important differences between dataSource and dataSourceRef:
+                                                      * While dataSource only allows two specific types of objects, dataSourceRef
+                                                        allows any non-core object, as well as PersistentVolumeClaim objects.
+                                                      * While dataSource ignores disallowed values (dropping them), dataSourceRef
+                                                        preserves all values, and generates an error if a disallowed value is
+                                                        specified.
+                                                      * While dataSource only allows local objects, dataSourceRef allows objects
+                                                        in any namespaces.
+                                                      (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled.
+                                                      (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled.
+                                                    properties:
+                                                      apiGroup:
+                                                        description: |-
+                                                          APIGroup is the group for the resource being referenced.
+                                                          If APIGroup is not specified, the specified Kind must be in the core API group.
+                                                          For any other third-party types, APIGroup is required.
+                                                        type: string
+                                                      kind:
+                                                        description: Kind
+                                                          is
+                                                          the
+                                                          type
+                                                          of
+                                                          resource
+                                                          being
+                                                          referenced
+                                                        type: string
+                                                      name:
+                                                        description: Name
+                                                          is
+                                                          the
+                                                          name
+                                                          of
+                                                          resource
+                                                          being
+                                                          referenced
+                                                        type: string
+                                                      namespace:
+                                                        description: |-
+                                                          Namespace is the namespace of resource being referenced
+                                                          Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details.
+                                                          (Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled.
+                                                        type: string
+                                                    required:
+                                                      - kind
+                                                      - name
+                                                    type: object
+                                                  resources:
+                                                    description: |-
+                                                      resources represents the minimum resources the volume should have.
+                                                      If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements
+                                                      that are lower than previous value but must still be higher than capacity recorded in the
+                                                      status field of the claim.
+                                                      More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources
+                                                    properties:
+                                                      limits:
+                                                        additionalProperties:
+                                                          anyOf:
+                                                            - type: integer
+                                                            - type: string
+                                                          pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                                          x-kubernetes-int-or-string: true
+                                                        description: |-
+                                                          Limits describes the maximum amount of compute resources allowed.
+                                                          More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+                                                        type: object
+                                                      requests:
+                                                        additionalProperties:
+                                                          anyOf:
+                                                            - type: integer
+                                                            - type: string
+                                                          pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                                          x-kubernetes-int-or-string: true
+                                                        description: |-
+                                                          Requests describes the minimum amount of compute resources required.
+                                                          If Requests is omitted for a container, it defaults to Limits if that is explicitly specified,
+                                                          otherwise to an implementation-defined value. Requests cannot exceed Limits.
+                                                          More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+                                                        type: object
+                                                    type: object
+                                                  selector:
+                                                    description: selector
+                                                      is
+                                                      a
+                                                      label
+                                                      query
+                                                      over
+                                                      volumes
+                                                      to
+                                                      consider
+                                                      for
+                                                      binding.
+                                                    properties:
+                                                      matchExpressions:
+                                                        description:
+                                                          matchExpressions
+                                                          is
+                                                          a
+                                                          list
+                                                          of
+                                                          label
+                                                          selector
+                                                          requirements.
+                                                          The
+                                                          requirements
+                                                          are
+                                                          ANDed.
+                                                        items:
+                                                          description: |-
+                                                            A label selector requirement is a selector that contains values, a key, and an operator that
+                                                            relates the key and values.
+                                                          properties:
+                                                            key:
+                                                              description: key
+                                                                is
+                                                                the
+                                                                label
+                                                                key
+                                                                that
+                                                                the
+                                                                selector
+                                                                applies
+                                                                to.
+                                                              type: string
+                                                            operator:
+                                                              description: |-
+                                                                operator represents a key's relationship to a set of values.
+                                                                Valid operators are In, NotIn, Exists and DoesNotExist.
+                                                              type: string
+                                                            values:
+                                                              description: |-
+                                                                values is an array of string values. If the operator is In or NotIn,
+                                                                the values array must be non-empty. If the operator is Exists or DoesNotExist,
+                                                                the values array must be empty. This array is replaced during a strategic
+                                                                merge patch.
+                                                              items:
+                                                                type: string
+                                                              type: array
+                                                              x-kubernetes-list-type: atomic
+                                                          required:
+                                                            - key
+                                                            - operator
+                                                          type: object
+                                                        type: array
+                                                        x-kubernetes-list-type: atomic
+                                                      matchLabels:
+                                                        additionalProperties:
+                                                          type: string
+                                                        description: |-
+                                                          matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+                                                          map is equivalent to an element of matchExpressions, whose key field is "key", the
+                                                          operator is "In", and the values array contains only "value". The requirements are ANDed.
+                                                        type: object
+                                                    type: object
+                                                    x-kubernetes-map-type: atomic
+                                                  storageClassName:
+                                                    description: |-
+                                                      storageClassName is the name of the StorageClass required by the claim.
+                                                      More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1
+                                                    type: string
+                                                  volumeAttributesClassName:
+                                                    description: |-
+                                                      volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.
+                                                      If specified, the CSI driver will create or update the volume with the attributes defined
+                                                      in the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,
+                                                      it can be changed after the claim is created. An empty string value means that no VolumeAttributesClass
+                                                      will be applied to the claim but it's not allowed to reset this field to empty string once it is set.
+                                                      If unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass
+                                                      will be set by the persistentvolume controller if it exists.
+                                                      If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be
+                                                      set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource
+                                                      exists.
+                                                      More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/
+                                                      (Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled.
+                                                    type: string
+                                                  volumeMode:
+                                                    description: |-
+                                                      volumeMode defines what type of volume is required by the claim.
+                                                      Value of Filesystem is implied when not included in claim spec.
+                                                    type: string
+                                                  volumeName:
+                                                    description: volumeName
+                                                      is
+                                                      the
+                                                      binding
+                                                      reference
+                                                      to
+                                                      the
+                                                      PersistentVolume
+                                                      backing
+                                                      this
+                                                      claim.
+                                                    type: string
+                                                type: object
+                                            required:
+                                              - spec
+                                            type: object
+                                        type: object
+                                      fc:
+                                        description: fc
+                                          represents
+                                          a
+                                          Fibre
+                                          Channel
+                                          resource
+                                          that
+                                          is
+                                          attached
+                                          to
+                                          a
+                                          kubelet's
+                                          host
+                                          machine
+                                          and
+                                          then
+                                          exposed
+                                          to
+                                          the
+                                          pod.
+                                        properties:
+                                          fsType:
+                                            description: |-
+                                              fsType is the filesystem type to mount.
+                                              Must be a filesystem type supported by the host operating system.
+                                              Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
+                                              TODO: how do we prevent errors in the filesystem from compromising the machine
+                                            type: string
+                                          lun:
+                                            description: "lun
+                                              is
+                                              Optional:
+                                              FC
+                                              target
+                                              lun
+                                              number"
+                                            format: int32
+                                            type: integer
+                                          readOnly:
+                                            description: |-
+                                              readOnly is Optional: Defaults to false (read/write). ReadOnly here will force
+                                              the ReadOnly setting in VolumeMounts.
+                                            type: boolean
+                                          targetWWNs:
+                                            description: "targetWWNs
+                                              is
+                                              Optional:
+                                              FC
+                                              target
+                                              worldwide
+                                              names
+                                              (WWNs)"
+                                            items:
+                                              type: string
+                                            type: array
+                                            x-kubernetes-list-type: atomic
+                                          wwids:
+                                            description: |-
+                                              wwids Optional: FC volume world wide identifiers (wwids)
+                                              Either wwids or combination of targetWWNs and lun must be set, but not both simultaneously.
+                                            items:
+                                              type: string
+                                            type: array
+                                            x-kubernetes-list-type: atomic
+                                        type: object
+                                      flexVolume:
+                                        description: |-
+                                          flexVolume represents a generic volume resource that is
+                                          provisioned/attached using an exec based plugin.
+                                        properties:
+                                          driver:
+                                            description: driver
+                                              is
+                                              the
+                                              name
+                                              of
+                                              the
+                                              driver
+                                              to
+                                              use
+                                              for
+                                              this
+                                              volume.
+                                            type: string
+                                          fsType:
+                                            description: |-
+                                              fsType is the filesystem type to mount.
+                                              Must be a filesystem type supported by the host operating system.
+                                              Ex. "ext4", "xfs", "ntfs". The default filesystem depends on FlexVolume script.
+                                            type: string
+                                          options:
+                                            additionalProperties:
+                                              type: string
+                                            description: "options
+                                              is
+                                              Optional:
+                                              this
+                                              field
+                                              holds
+                                              extra
+                                              command
+                                              options
+                                              if
+                                              any."
+                                            type: object
+                                          readOnly:
+                                            description: |-
+                                              readOnly is Optional: defaults to false (read/write). ReadOnly here will force
+                                              the ReadOnly setting in VolumeMounts.
+                                            type: boolean
+                                          secretRef:
+                                            description: |-
+                                              secretRef is Optional: secretRef is reference to the secret object containing
+                                              sensitive information to pass to the plugin scripts. This may be
+                                              empty if no secret object is specified. If the secret object
+                                              contains more than one secret, all secrets are passed to the plugin
+                                              scripts.
+                                            properties:
+                                              name:
+                                                default: ""
+                                                description: |-
+                                                  Name of the referent.
+                                                  This field is effectively required, but due to backwards compatibility is
+                                                  allowed to be empty. Instances of this type with an empty value here are
+                                                  almost certainly wrong.
+                                                  TODO: Add other useful fields. apiVersion, kind, uid?
+                                                  More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+                                                  TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
+                                                type: string
+                                            type: object
+                                            x-kubernetes-map-type: atomic
+                                        required:
+                                          - driver
+                                        type: object
+                                      flocker:
+                                        description: flocker
+                                          represents
+                                          a
+                                          Flocker
+                                          volume
+                                          attached
+                                          to
+                                          a
+                                          kubelet's
+                                          host
+                                          machine.
+                                          This
+                                          depends
+                                          on
+                                          the
+                                          Flocker
+                                          control
+                                          service
+                                          being
+                                          running
+                                        properties:
+                                          datasetName:
+                                            description: |-
+                                              datasetName is Name of the dataset stored as metadata -> name on the dataset for Flocker
+                                              should be considered as deprecated
+                                            type: string
+                                          datasetUUID:
+                                            description: datasetUUID
+                                              is
+                                              the
+                                              UUID
+                                              of
+                                              the
+                                              dataset.
+                                              This
+                                              is
+                                              unique
+                                              identifier
+                                              of
+                                              a
+                                              Flocker
+                                              dataset
+                                            type: string
+                                        type: object
+                                      gcePersistentDisk:
+                                        description: |-
+                                          gcePersistentDisk represents a GCE Disk resource that is attached to a
+                                          kubelet's host machine and then exposed to the pod.
+                                          More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
+                                        properties:
+                                          fsType:
+                                            description: |-
+                                              fsType is filesystem type of the volume that you want to mount.
+                                              Tip: Ensure that the filesystem type is supported by the host operating system.
+                                              Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
+                                              More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
+                                              TODO: how do we prevent errors in the filesystem from compromising the machine
+                                            type: string
+                                          partition:
+                                            description: |-
+                                              partition is the partition in the volume that you want to mount.
+                                              If omitted, the default is to mount by volume name.
+                                              Examples: For volume /dev/sda1, you specify the partition as "1".
+                                              Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty).
+                                              More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
+                                            format: int32
+                                            type: integer
+                                          pdName:
+                                            description: |-
+                                              pdName is unique name of the PD resource in GCE. Used to identify the disk in GCE.
+                                              More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
+                                            type: string
+                                          readOnly:
+                                            description: |-
+                                              readOnly here will force the ReadOnly setting in VolumeMounts.
+                                              Defaults to false.
+                                              More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
+                                            type: boolean
+                                        required:
+                                          - pdName
+                                        type: object
+                                      gitRepo:
+                                        description: |-
+                                          gitRepo represents a git repository at a particular revision.
+                                          DEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an
+                                          EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir
+                                          into the Pod's container.
+                                        properties:
+                                          directory:
+                                            description: |-
+                                              directory is the target directory name.
+                                              Must not contain or start with '..'.  If '.' is supplied, the volume directory will be the
+                                              git repository.  Otherwise, if specified, the volume will contain the git repository in
+                                              the subdirectory with the given name.
+                                            type: string
+                                          repository:
+                                            description: repository
+                                              is
+                                              the
+                                              URL
+                                            type: string
+                                          revision:
+                                            description: revision
+                                              is
+                                              the
+                                              commit
+                                              hash
+                                              for
+                                              the
+                                              specified
+                                              revision.
+                                            type: string
+                                        required:
+                                          - repository
+                                        type: object
+                                      glusterfs:
+                                        description: |-
+                                          glusterfs represents a Glusterfs mount on the host that shares a pod's lifetime.
+                                          More info: https://examples.k8s.io/volumes/glusterfs/README.md
+                                        properties:
+                                          endpoints:
+                                            description: |-
+                                              endpoints is the endpoint name that details Glusterfs topology.
+                                              More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod
+                                            type: string
+                                          path:
+                                            description: |-
+                                              path is the Glusterfs volume path.
+                                              More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod
+                                            type: string
+                                          readOnly:
+                                            description: |-
+                                              readOnly here will force the Glusterfs volume to be mounted with read-only permissions.
+                                              Defaults to false.
+                                              More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod
+                                            type: boolean
+                                        required:
+                                          - endpoints
+                                          - path
+                                        type: object
+                                      hostPath:
+                                        description: |-
+                                          hostPath represents a pre-existing file or directory on the host
+                                          machine that is directly exposed to the container. This is generally
+                                          used for system agents or other privileged things that are allowed
+                                          to see the host machine. Most containers will NOT need this.
+                                          More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath
+                                          ---
+                                          TODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not
+                                          mount host directories as read/write.
+                                        properties:
+                                          path:
+                                            description: |-
+                                              path of the directory on the host.
+                                              If the path is a symlink, it will follow the link to the real path.
+                                              More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath
+                                            type: string
+                                          type:
+                                            description: |-
+                                              type for HostPath Volume
+                                              Defaults to ""
+                                              More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath
+                                            type: string
+                                        required:
+                                          - path
+                                        type: object
+                                      iscsi:
+                                        description: |-
+                                          iscsi represents an ISCSI Disk resource that is attached to a
+                                          kubelet's host machine and then exposed to the pod.
+                                          More info: https://examples.k8s.io/volumes/iscsi/README.md
+                                        properties:
+                                          chapAuthDiscovery:
+                                            description: chapAuthDiscovery
+                                              defines
+                                              whether
+                                              support
+                                              iSCSI
+                                              Discovery
+                                              CHAP
+                                              authentication
+                                            type: boolean
+                                          chapAuthSession:
+                                            description: chapAuthSession
+                                              defines
+                                              whether
+                                              support
+                                              iSCSI
+                                              Session
+                                              CHAP
+                                              authentication
+                                            type: boolean
+                                          fsType:
+                                            description: |-
+                                              fsType is the filesystem type of the volume that you want to mount.
+                                              Tip: Ensure that the filesystem type is supported by the host operating system.
+                                              Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
+                                              More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi
+                                              TODO: how do we prevent errors in the filesystem from compromising the machine
+                                            type: string
+                                          initiatorName:
+                                            description: |-
+                                              initiatorName is the custom iSCSI Initiator Name.
+                                              If initiatorName is specified with iscsiInterface simultaneously, new iSCSI interface
+                                              <target portal>:<volume name> will be created for the connection.
+                                            type: string
+                                          iqn:
+                                            description: iqn
+                                              is
+                                              the
+                                              target
+                                              iSCSI
+                                              Qualified
+                                              Name.
+                                            type: string
+                                          iscsiInterface:
+                                            description: |-
+                                              iscsiInterface is the interface Name that uses an iSCSI transport.
+                                              Defaults to 'default' (tcp).
+                                            type: string
+                                          lun:
+                                            description: lun
+                                              represents
+                                              iSCSI
+                                              Target
+                                              Lun
+                                              number.
+                                            format: int32
+                                            type: integer
+                                          portals:
+                                            description: |-
+                                              portals is the iSCSI Target Portal List. The portal is either an IP or ip_addr:port if the port
+                                              is other than default (typically TCP ports 860 and 3260).
+                                            items:
+                                              type: string
+                                            type: array
+                                            x-kubernetes-list-type: atomic
+                                          readOnly:
+                                            description: |-
+                                              readOnly here will force the ReadOnly setting in VolumeMounts.
+                                              Defaults to false.
+                                            type: boolean
+                                          secretRef:
+                                            description: secretRef
+                                              is
+                                              the
+                                              CHAP
+                                              Secret
+                                              for
+                                              iSCSI
+                                              target
+                                              and
+                                              initiator
+                                              authentication
+                                            properties:
+                                              name:
+                                                default: ""
+                                                description: |-
+                                                  Name of the referent.
+                                                  This field is effectively required, but due to backwards compatibility is
+                                                  allowed to be empty. Instances of this type with an empty value here are
+                                                  almost certainly wrong.
+                                                  TODO: Add other useful fields. apiVersion, kind, uid?
+                                                  More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+                                                  TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
+                                                type: string
+                                            type: object
+                                            x-kubernetes-map-type: atomic
+                                          targetPortal:
+                                            description: |-
+                                              targetPortal is iSCSI Target Portal. The Portal is either an IP or ip_addr:port if the port
+                                              is other than default (typically TCP ports 860 and 3260).
+                                            type: string
+                                        required:
+                                          - iqn
+                                          - lun
+                                          - targetPortal
+                                        type: object
+                                      name:
+                                        description: |-
+                                          name of the volume.
+                                          Must be a DNS_LABEL and unique within the pod.
+                                          More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+                                        type: string
+                                      nfs:
+                                        description: |-
+                                          nfs represents an NFS mount on the host that shares a pod's lifetime
+                                          More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs
+                                        properties:
+                                          path:
+                                            description: |-
+                                              path that is exported by the NFS server.
+                                              More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs
+                                            type: string
+                                          readOnly:
+                                            description: |-
+                                              readOnly here will force the NFS export to be mounted with read-only permissions.
+                                              Defaults to false.
+                                              More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs
+                                            type: boolean
+                                          server:
+                                            description: |-
+                                              server is the hostname or IP address of the NFS server.
+                                              More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs
+                                            type: string
+                                        required:
+                                          - path
+                                          - server
+                                        type: object
+                                      persistentVolumeClaim:
+                                        description: |-
+                                          persistentVolumeClaimVolumeSource represents a reference to a
+                                          PersistentVolumeClaim in the same namespace.
+                                          More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims
+                                        properties:
+                                          claimName:
+                                            description: |-
+                                              claimName is the name of a PersistentVolumeClaim in the same namespace as the pod using this volume.
+                                              More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims
+                                            type: string
+                                          readOnly:
+                                            description: |-
+                                              readOnly Will force the ReadOnly setting in VolumeMounts.
+                                              Default false.
+                                            type: boolean
+                                        required:
+                                          - claimName
+                                        type: object
+                                      photonPersistentDisk:
+                                        description: photonPersistentDisk
+                                          represents
+                                          a
+                                          PhotonController
+                                          persistent
+                                          disk
+                                          attached
+                                          and
+                                          mounted
+                                          on
+                                          kubelets
+                                          host
+                                          machine
+                                        properties:
+                                          fsType:
+                                            description: |-
+                                              fsType is the filesystem type to mount.
+                                              Must be a filesystem type supported by the host operating system.
+                                              Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
+                                            type: string
+                                          pdID:
+                                            description: pdID
+                                              is
+                                              the
+                                              ID
+                                              that
+                                              identifies
+                                              Photon
+                                              Controller
+                                              persistent
+                                              disk
+                                            type: string
+                                        required:
+                                          - pdID
+                                        type: object
+                                      portworxVolume:
+                                        description: portworxVolume
+                                          represents
+                                          a
+                                          portworx
+                                          volume
+                                          attached
+                                          and
+                                          mounted
+                                          on
+                                          kubelets
+                                          host
+                                          machine
+                                        properties:
+                                          fsType:
+                                            description: |-
+                                              fSType represents the filesystem type to mount
+                                              Must be a filesystem type supported by the host operating system.
+                                              Ex. "ext4", "xfs". Implicitly inferred to be "ext4" if unspecified.
+                                            type: string
+                                          readOnly:
+                                            description: |-
+                                              readOnly defaults to false (read/write). ReadOnly here will force
+                                              the ReadOnly setting in VolumeMounts.
+                                            type: boolean
+                                          volumeID:
+                                            description: volumeID
+                                              uniquely
+                                              identifies
+                                              a
+                                              Portworx
+                                              volume
+                                            type: string
+                                        required:
+                                          - volumeID
+                                        type: object
+                                      projected:
+                                        description: projected
+                                          items
+                                          for
+                                          all
+                                          in
+                                          one
+                                          resources
+                                          secrets,
+                                          configmaps,
+                                          and
+                                          downward
+                                          API
+                                        properties:
+                                          defaultMode:
+                                            description: |-
+                                              defaultMode are the mode bits used to set permissions on created files by default.
+                                              Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.
+                                              YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.
+                                              Directories within the path are not affected by this setting.
+                                              This might be in conflict with other options that affect the file
+                                              mode, like fsGroup, and the result can be other mode bits set.
+                                            format: int32
+                                            type: integer
+                                          sources:
+                                            description: sources
+                                              is
+                                              the
+                                              list
+                                              of
+                                              volume
+                                              projections
+                                            items:
+                                              description: Projection
+                                                that
+                                                may
+                                                be
+                                                projected
+                                                along
+                                                with
+                                                other
+                                                supported
+                                                volume
+                                                types
+                                              properties:
+                                                clusterTrustBundle:
+                                                  description: |-
+                                                    ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field
+                                                    of ClusterTrustBundle objects in an auto-updating file.
+
+
+                                                    Alpha, gated by the ClusterTrustBundleProjection feature gate.
+
+
+                                                    ClusterTrustBundle objects can either be selected by name, or by the
+                                                    combination of signer name and a label selector.
+
+
+                                                    Kubelet performs aggressive normalization of the PEM contents written
+                                                    into the pod filesystem.  Esoteric PEM features such as inter-block
+                                                    comments and block headers are stripped.  Certificates are deduplicated.
+                                                    The ordering of certificates within the file is arbitrary, and Kubelet
+                                                    may change the order over time.
+                                                  properties:
+                                                    labelSelector:
+                                                      description: |-
+                                                        Select all ClusterTrustBundles that match this label selector.  Only has
+                                                        effect if signerName is set.  Mutually-exclusive with name.  If unset,
+                                                        interpreted as "match nothing".  If set but empty, interpreted as "match
+                                                        everything".
+                                                      properties:
+                                                        matchExpressions:
+                                                          description:
+                                                            matchExpressions
+                                                            is
+                                                            a
+                                                            list
+                                                            of
+                                                            label
+                                                            selector
+                                                            requirements.
+                                                            The
+                                                            requirements
+                                                            are
+                                                            ANDed.
+                                                          items:
+                                                            description: |-
+                                                              A label selector requirement is a selector that contains values, a key, and an operator that
+                                                              relates the key and values.
+                                                            properties:
+                                                              key:
+                                                                description: key
+                                                                  is
+                                                                  the
+                                                                  label
+                                                                  key
+                                                                  that
+                                                                  the
+                                                                  selector
+                                                                  applies
+                                                                  to.
+                                                                type: string
+                                                              operator:
+                                                                description: |-
+                                                                  operator represents a key's relationship to a set of values.
+                                                                  Valid operators are In, NotIn, Exists and DoesNotExist.
+                                                                type: string
+                                                              values:
+                                                                description: |-
+                                                                  values is an array of string values. If the operator is In or NotIn,
+                                                                  the values array must be non-empty. If the operator is Exists or DoesNotExist,
+                                                                  the values array must be empty. This array is replaced during a strategic
+                                                                  merge patch.
+                                                                items:
+                                                                  type: string
+                                                                type: array
+                                                                x-kubernetes-list-type: atomic
+                                                            required:
+                                                              - key
+                                                              - operator
+                                                            type: object
+                                                          type: array
+                                                          x-kubernetes-list-type: atomic
+                                                        matchLabels:
+                                                          additionalProperties:
+                                                            type: string
+                                                          description: |-
+                                                            matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+                                                            map is equivalent to an element of matchExpressions, whose key field is "key", the
+                                                            operator is "In", and the values array contains only "value". The requirements are ANDed.
+                                                          type: object
+                                                      type: object
+                                                      x-kubernetes-map-type: atomic
+                                                    name:
+                                                      description: |-
+                                                        Select a single ClusterTrustBundle by object name.  Mutually-exclusive
+                                                        with signerName and labelSelector.
+                                                      type: string
+                                                    optional:
+                                                      description: |-
+                                                        If true, don't block pod startup if the referenced ClusterTrustBundle(s)
+                                                        aren't available.  If using name, then the named ClusterTrustBundle is
+                                                        allowed not to exist.  If using signerName, then the combination of
+                                                        signerName and labelSelector is allowed to match zero
+                                                        ClusterTrustBundles.
+                                                      type: boolean
+                                                    path:
+                                                      description: Relative
+                                                        path
+                                                        from
+                                                        the
+                                                        volume
+                                                        root
+                                                        to
+                                                        write
+                                                        the
+                                                        bundle.
+                                                      type: string
+                                                    signerName:
+                                                      description: |-
+                                                        Select all ClusterTrustBundles that match this signer name.
+                                                        Mutually-exclusive with name.  The contents of all selected
+                                                        ClusterTrustBundles will be unified and deduplicated.
+                                                      type: string
+                                                  required:
+                                                    - path
+                                                  type: object
+                                                configMap:
+                                                  description: configMap
+                                                    information
+                                                    about
+                                                    the
+                                                    configMap
+                                                    data
+                                                    to
+                                                    project
+                                                  properties:
+                                                    items:
+                                                      description: |-
+                                                        items if unspecified, each key-value pair in the Data field of the referenced
+                                                        ConfigMap will be projected into the volume as a file whose name is the
+                                                        key and content is the value. If specified, the listed keys will be
+                                                        projected into the specified paths, and unlisted keys will not be
+                                                        present. If a key is specified which is not present in the ConfigMap,
+                                                        the volume setup will error unless it is marked optional. Paths must be
+                                                        relative and may not contain the '..' path or start with '..'.
+                                                      items:
+                                                        description: Maps
+                                                          a
+                                                          string
+                                                          key
+                                                          to
+                                                          a
+                                                          path
+                                                          within
+                                                          a
+                                                          volume.
+                                                        properties:
+                                                          key:
+                                                            description: key
+                                                              is
+                                                              the
+                                                              key
+                                                              to
+                                                              project.
+                                                            type: string
+                                                          mode:
+                                                            description: |-
+                                                              mode is Optional: mode bits used to set permissions on this file.
+                                                              Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.
+                                                              YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.
+                                                              If not specified, the volume defaultMode will be used.
+                                                              This might be in conflict with other options that affect the file
+                                                              mode, like fsGroup, and the result can be other mode bits set.
+                                                            format: int32
+                                                            type: integer
+                                                          path:
+                                                            description: |-
+                                                              path is the relative path of the file to map the key to.
+                                                              May not be an absolute path.
+                                                              May not contain the path element '..'.
+                                                              May not start with the string '..'.
+                                                            type: string
+                                                        required:
+                                                          - key
+                                                          - path
+                                                        type: object
+                                                      type: array
+                                                      x-kubernetes-list-type: atomic
+                                                    name:
+                                                      default: ""
+                                                      description: |-
+                                                        Name of the referent.
+                                                        This field is effectively required, but due to backwards compatibility is
+                                                        allowed to be empty. Instances of this type with an empty value here are
+                                                        almost certainly wrong.
+                                                        TODO: Add other useful fields. apiVersion, kind, uid?
+                                                        More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+                                                        TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
+                                                      type: string
+                                                    optional:
+                                                      description: optional
+                                                        specify
+                                                        whether
+                                                        the
+                                                        ConfigMap
+                                                        or
+                                                        its
+                                                        keys
+                                                        must
+                                                        be
+                                                        defined
+                                                      type: boolean
+                                                  type: object
+                                                  x-kubernetes-map-type: atomic
+                                                downwardAPI:
+                                                  description: downwardAPI
+                                                    information
+                                                    about
+                                                    the
+                                                    downwardAPI
+                                                    data
+                                                    to
+                                                    project
+                                                  properties:
+                                                    items:
+                                                      description: Items
+                                                        is
+                                                        a
+                                                        list
+                                                        of
+                                                        DownwardAPIVolume
+                                                        file
+                                                      items:
+                                                        description:
+                                                          DownwardAPIVolumeFile
+                                                          represents
+                                                          information
+                                                          to
+                                                          create
+                                                          the
+                                                          file
+                                                          containing
+                                                          the
+                                                          pod
+                                                          field
+                                                        properties:
+                                                          fieldRef:
+                                                            description:
+                                                              "Required:
+                                                              Selects
+                                                              a
+                                                              field
+                                                              of
+                                                              the
+                                                              pod:
+                                                              only
+                                                              annotations,
+                                                              labels,
+                                                              name,
+                                                              namespace
+                                                              and
+                                                              uid
+                                                              are
+                                                              supported."
+                                                            properties:
+                                                              apiVersion:
+                                                                description:
+                                                                  Version
+                                                                  of
+                                                                  the
+                                                                  schema
+                                                                  the
+                                                                  FieldPath
+                                                                  is
+                                                                  written
+                                                                  in
+                                                                  terms
+                                                                  of,
+                                                                  defaults
+                                                                  to
+                                                                  "v1".
+                                                                type: string
+                                                              fieldPath:
+                                                                description:
+                                                                  Path
+                                                                  of
+                                                                  the
+                                                                  field
+                                                                  to
+                                                                  select
+                                                                  in
+                                                                  the
+                                                                  specified
+                                                                  API
+                                                                  version.
+                                                                type: string
+                                                            required:
+                                                              - fieldPath
+                                                            type: object
+                                                            x-kubernetes-map-type: atomic
+                                                          mode:
+                                                            description: |-
+                                                              Optional: mode bits used to set permissions on this file, must be an octal value
+                                                              between 0000 and 0777 or a decimal value between 0 and 511.
+                                                              YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.
+                                                              If not specified, the volume defaultMode will be used.
+                                                              This might be in conflict with other options that affect the file
+                                                              mode, like fsGroup, and the result can be other mode bits set.
+                                                            format: int32
+                                                            type: integer
+                                                          path:
+                                                            description:
+                                                              "Required:
+                                                              Path
+                                                              is  the
+                                                              relative
+                                                              path
+                                                              name
+                                                              of
+                                                              the
+                                                              file
+                                                              to
+                                                              be
+                                                              created.
+                                                              Must
+                                                              not
+                                                              be
+                                                              absolute
+                                                              or
+                                                              contain
+                                                              the
+                                                              '..'
+                                                              path.
+                                                              Must
+                                                              be
+                                                              utf-8
+                                                              encoded.
+                                                              The
+                                                              first
+                                                              item
+                                                              of
+                                                              the
+                                                              relative
+                                                              path
+                                                              must
+                                                              not
+                                                              start
+                                                              with
+                                                              '..'"
+                                                            type: string
+                                                          resourceFieldRef:
+                                                            description: |-
+                                                              Selects a resource of the container: only resources limits and requests
+                                                              (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported.
+                                                            properties:
+                                                              containerName:
+                                                                description:
+                                                                  "Container
+                                                                  name:
+                                                                  required
+                                                                  for
+                                                                  volumes,
+                                                                  optional
+                                                                  for
+                                                                  env
+                                                                  vars"
+                                                                type: string
+                                                              divisor:
+                                                                anyOf:
+                                                                  - type: integer
+                                                                  - type: string
+                                                                description:
+                                                                  Specifies
+                                                                  the
+                                                                  output
+                                                                  format
+                                                                  of
+                                                                  the
+                                                                  exposed
+                                                                  resources,
+                                                                  defaults
+                                                                  to
+                                                                  "1"
+                                                                pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                                                x-kubernetes-int-or-string: true
+                                                              resource:
+                                                                description:
+                                                                  "Required:
+                                                                  resource
+                                                                  to
+                                                                  select"
+                                                                type: string
+                                                            required:
+                                                              - resource
+                                                            type: object
+                                                            x-kubernetes-map-type: atomic
+                                                        required:
+                                                          - path
+                                                        type: object
+                                                      type: array
+                                                      x-kubernetes-list-type: atomic
+                                                  type: object
+                                                secret:
+                                                  description: secret
+                                                    information
+                                                    about
+                                                    the
+                                                    secret
+                                                    data
+                                                    to
+                                                    project
+                                                  properties:
+                                                    items:
+                                                      description: |-
+                                                        items if unspecified, each key-value pair in the Data field of the referenced
+                                                        Secret will be projected into the volume as a file whose name is the
+                                                        key and content is the value. If specified, the listed keys will be
+                                                        projected into the specified paths, and unlisted keys will not be
+                                                        present. If a key is specified which is not present in the Secret,
+                                                        the volume setup will error unless it is marked optional. Paths must be
+                                                        relative and may not contain the '..' path or start with '..'.
+                                                      items:
+                                                        description: Maps
+                                                          a
+                                                          string
+                                                          key
+                                                          to
+                                                          a
+                                                          path
+                                                          within
+                                                          a
+                                                          volume.
+                                                        properties:
+                                                          key:
+                                                            description: key
+                                                              is
+                                                              the
+                                                              key
+                                                              to
+                                                              project.
+                                                            type: string
+                                                          mode:
+                                                            description: |-
+                                                              mode is Optional: mode bits used to set permissions on this file.
+                                                              Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.
+                                                              YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.
+                                                              If not specified, the volume defaultMode will be used.
+                                                              This might be in conflict with other options that affect the file
+                                                              mode, like fsGroup, and the result can be other mode bits set.
+                                                            format: int32
+                                                            type: integer
+                                                          path:
+                                                            description: |-
+                                                              path is the relative path of the file to map the key to.
+                                                              May not be an absolute path.
+                                                              May not contain the path element '..'.
+                                                              May not start with the string '..'.
+                                                            type: string
+                                                        required:
+                                                          - key
+                                                          - path
+                                                        type: object
+                                                      type: array
+                                                      x-kubernetes-list-type: atomic
+                                                    name:
+                                                      default: ""
+                                                      description: |-
+                                                        Name of the referent.
+                                                        This field is effectively required, but due to backwards compatibility is
+                                                        allowed to be empty. Instances of this type with an empty value here are
+                                                        almost certainly wrong.
+                                                        TODO: Add other useful fields. apiVersion, kind, uid?
+                                                        More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+                                                        TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
+                                                      type: string
+                                                    optional:
+                                                      description: optional
+                                                        field
+                                                        specify
+                                                        whether
+                                                        the
+                                                        Secret
+                                                        or
+                                                        its
+                                                        key
+                                                        must
+                                                        be
+                                                        defined
+                                                      type: boolean
+                                                  type: object
+                                                  x-kubernetes-map-type: atomic
+                                                serviceAccountToken:
+                                                  description:
+                                                    serviceAccountToken
+                                                    is
+                                                    information
+                                                    about
+                                                    the
+                                                    serviceAccountToken
+                                                    data
+                                                    to
+                                                    project
+                                                  properties:
+                                                    audience:
+                                                      description: |-
+                                                        audience is the intended audience of the token. A recipient of a token
+                                                        must identify itself with an identifier specified in the audience of the
+                                                        token, and otherwise should reject the token. The audience defaults to the
+                                                        identifier of the apiserver.
+                                                      type: string
+                                                    expirationSeconds:
+                                                      description: |-
+                                                        expirationSeconds is the requested duration of validity of the service
+                                                        account token. As the token approaches expiration, the kubelet volume
+                                                        plugin will proactively rotate the service account token. The kubelet will
+                                                        start trying to rotate the token if the token is older than 80 percent of
+                                                        its time to live or if the token is older than 24 hours.Defaults to 1 hour
+                                                        and must be at least 10 minutes.
+                                                      format: int64
+                                                      type: integer
+                                                    path:
+                                                      description: |-
+                                                        path is the path relative to the mount point of the file to project the
+                                                        token into.
+                                                      type: string
+                                                  required:
+                                                    - path
+                                                  type: object
+                                              type: object
+                                            type: array
+                                            x-kubernetes-list-type: atomic
+                                        type: object
+                                      quobyte:
+                                        description: quobyte
+                                          represents
+                                          a
+                                          Quobyte
+                                          mount
+                                          on
+                                          the
+                                          host
+                                          that
+                                          shares
+                                          a
+                                          pod's
+                                          lifetime
+                                        properties:
+                                          group:
+                                            description: |-
+                                              group to map volume access to
+                                              Default is no group
+                                            type: string
+                                          readOnly:
+                                            description: |-
+                                              readOnly here will force the Quobyte volume to be mounted with read-only permissions.
+                                              Defaults to false.
+                                            type: boolean
+                                          registry:
+                                            description: |-
+                                              registry represents a single or multiple Quobyte Registry services
+                                              specified as a string as host:port pair (multiple entries are separated with commas)
+                                              which acts as the central registry for volumes
+                                            type: string
+                                          tenant:
+                                            description: |-
+                                              tenant owning the given Quobyte volume in the Backend
+                                              Used with dynamically provisioned Quobyte volumes, value is set by the plugin
+                                            type: string
+                                          user:
+                                            description: |-
+                                              user to map volume access to
+                                              Defaults to serivceaccount user
+                                            type: string
+                                          volume:
+                                            description: volume
+                                              is
+                                              a
+                                              string
+                                              that
+                                              references
+                                              an
+                                              already
+                                              created
+                                              Quobyte
+                                              volume
+                                              by
+                                              name.
+                                            type: string
+                                        required:
+                                          - registry
+                                          - volume
+                                        type: object
+                                      rbd:
+                                        description: |-
+                                          rbd represents a Rados Block Device mount on the host that shares a pod's lifetime.
+                                          More info: https://examples.k8s.io/volumes/rbd/README.md
+                                        properties:
+                                          fsType:
+                                            description: |-
+                                              fsType is the filesystem type of the volume that you want to mount.
+                                              Tip: Ensure that the filesystem type is supported by the host operating system.
+                                              Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
+                                              More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd
+                                              TODO: how do we prevent errors in the filesystem from compromising the machine
+                                            type: string
+                                          image:
+                                            description: |-
+                                              image is the rados image name.
+                                              More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
+                                            type: string
+                                          keyring:
+                                            description: |-
+                                              keyring is the path to key ring for RBDUser.
+                                              Default is /etc/ceph/keyring.
+                                              More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
+                                            type: string
+                                          monitors:
+                                            description: |-
+                                              monitors is a collection of Ceph monitors.
+                                              More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
+                                            items:
+                                              type: string
+                                            type: array
+                                            x-kubernetes-list-type: atomic
+                                          pool:
+                                            description: |-
+                                              pool is the rados pool name.
+                                              Default is rbd.
+                                              More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
+                                            type: string
+                                          readOnly:
+                                            description: |-
+                                              readOnly here will force the ReadOnly setting in VolumeMounts.
+                                              Defaults to false.
+                                              More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
+                                            type: boolean
+                                          secretRef:
+                                            description: |-
+                                              secretRef is name of the authentication secret for RBDUser. If provided
+                                              overrides keyring.
+                                              Default is nil.
+                                              More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
+                                            properties:
+                                              name:
+                                                default: ""
+                                                description: |-
+                                                  Name of the referent.
+                                                  This field is effectively required, but due to backwards compatibility is
+                                                  allowed to be empty. Instances of this type with an empty value here are
+                                                  almost certainly wrong.
+                                                  TODO: Add other useful fields. apiVersion, kind, uid?
+                                                  More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+                                                  TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
+                                                type: string
+                                            type: object
+                                            x-kubernetes-map-type: atomic
+                                          user:
+                                            description: |-
+                                              user is the rados user name.
+                                              Default is admin.
+                                              More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
+                                            type: string
+                                        required:
+                                          - image
+                                          - monitors
+                                        type: object
+                                      scaleIO:
+                                        description: scaleIO
+                                          represents
+                                          a
+                                          ScaleIO
+                                          persistent
+                                          volume
+                                          attached
+                                          and
+                                          mounted
+                                          on
+                                          Kubernetes
+                                          nodes.
+                                        properties:
+                                          fsType:
+                                            description: |-
+                                              fsType is the filesystem type to mount.
+                                              Must be a filesystem type supported by the host operating system.
+                                              Ex. "ext4", "xfs", "ntfs".
+                                              Default is "xfs".
+                                            type: string
+                                          gateway:
+                                            description: gateway
+                                              is
+                                              the
+                                              host
+                                              address
+                                              of
+                                              the
+                                              ScaleIO
+                                              API
+                                              Gateway.
+                                            type: string
+                                          protectionDomain:
+                                            description: protectionDomain
+                                              is
+                                              the
+                                              name
+                                              of
+                                              the
+                                              ScaleIO
+                                              Protection
+                                              Domain
+                                              for
+                                              the
+                                              configured
+                                              storage.
+                                            type: string
+                                          readOnly:
+                                            description: |-
+                                              readOnly Defaults to false (read/write). ReadOnly here will force
+                                              the ReadOnly setting in VolumeMounts.
+                                            type: boolean
+                                          secretRef:
+                                            description: |-
+                                              secretRef references to the secret for ScaleIO user and other
+                                              sensitive information. If this is not provided, Login operation will fail.
+                                            properties:
+                                              name:
+                                                default: ""
+                                                description: |-
+                                                  Name of the referent.
+                                                  This field is effectively required, but due to backwards compatibility is
+                                                  allowed to be empty. Instances of this type with an empty value here are
+                                                  almost certainly wrong.
+                                                  TODO: Add other useful fields. apiVersion, kind, uid?
+                                                  More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+                                                  TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
+                                                type: string
+                                            type: object
+                                            x-kubernetes-map-type: atomic
+                                          sslEnabled:
+                                            description: sslEnabled
+                                              Flag
+                                              enable/disable
+                                              SSL
+                                              communication
+                                              with
+                                              Gateway,
+                                              default
+                                              false
+                                            type: boolean
+                                          storageMode:
+                                            description: |-
+                                              storageMode indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned.
+                                              Default is ThinProvisioned.
+                                            type: string
+                                          storagePool:
+                                            description: storagePool
+                                              is
+                                              the
+                                              ScaleIO
+                                              Storage
+                                              Pool
+                                              associated
+                                              with
+                                              the
+                                              protection
+                                              domain.
+                                            type: string
+                                          system:
+                                            description: system
+                                              is
+                                              the
+                                              name
+                                              of
+                                              the
+                                              storage
+                                              system
+                                              as
+                                              configured
+                                              in
+                                              ScaleIO.
+                                            type: string
+                                          volumeName:
+                                            description: |-
+                                              volumeName is the name of a volume already created in the ScaleIO system
+                                              that is associated with this volume source.
+                                            type: string
+                                        required:
+                                          - gateway
+                                          - secretRef
+                                          - system
+                                        type: object
+                                      secret:
+                                        description: |-
+                                          secret represents a secret that should populate this volume.
+                                          More info: https://kubernetes.io/docs/concepts/storage/volumes#secret
+                                        properties:
+                                          defaultMode:
+                                            description: |-
+                                              defaultMode is Optional: mode bits used to set permissions on created files by default.
+                                              Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.
+                                              YAML accepts both octal and decimal values, JSON requires decimal values
+                                              for mode bits. Defaults to 0644.
+                                              Directories within the path are not affected by this setting.
+                                              This might be in conflict with other options that affect the file
+                                              mode, like fsGroup, and the result can be other mode bits set.
+                                            format: int32
+                                            type: integer
+                                          items:
+                                            description: |-
+                                              items If unspecified, each key-value pair in the Data field of the referenced
+                                              Secret will be projected into the volume as a file whose name is the
+                                              key and content is the value. If specified, the listed keys will be
+                                              projected into the specified paths, and unlisted keys will not be
+                                              present. If a key is specified which is not present in the Secret,
+                                              the volume setup will error unless it is marked optional. Paths must be
+                                              relative and may not contain the '..' path or start with '..'.
+                                            items:
+                                              description: Maps
+                                                a
+                                                string
+                                                key
+                                                to
+                                                a
+                                                path
+                                                within
+                                                a
+                                                volume.
+                                              properties:
+                                                key:
+                                                  description: key
+                                                    is
+                                                    the
+                                                    key
+                                                    to
+                                                    project.
+                                                  type: string
+                                                mode:
+                                                  description: |-
+                                                    mode is Optional: mode bits used to set permissions on this file.
+                                                    Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.
+                                                    YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.
+                                                    If not specified, the volume defaultMode will be used.
+                                                    This might be in conflict with other options that affect the file
+                                                    mode, like fsGroup, and the result can be other mode bits set.
+                                                  format: int32
+                                                  type: integer
+                                                path:
+                                                  description: |-
+                                                    path is the relative path of the file to map the key to.
+                                                    May not be an absolute path.
+                                                    May not contain the path element '..'.
+                                                    May not start with the string '..'.
+                                                  type: string
+                                              required:
+                                                - key
+                                                - path
+                                              type: object
+                                            type: array
+                                            x-kubernetes-list-type: atomic
+                                          optional:
+                                            description: optional
+                                              field
+                                              specify
+                                              whether
+                                              the
+                                              Secret
+                                              or
+                                              its
+                                              keys
+                                              must
+                                              be
+                                              defined
+                                            type: boolean
+                                          secretName:
+                                            description: |-
+                                              secretName is the name of the secret in the pod's namespace to use.
+                                              More info: https://kubernetes.io/docs/concepts/storage/volumes#secret
+                                            type: string
+                                        type: object
+                                      storageos:
+                                        description: storageOS
+                                          represents
+                                          a
+                                          StorageOS
+                                          volume
+                                          attached
+                                          and
+                                          mounted
+                                          on
+                                          Kubernetes
+                                          nodes.
+                                        properties:
+                                          fsType:
+                                            description: |-
+                                              fsType is the filesystem type to mount.
+                                              Must be a filesystem type supported by the host operating system.
+                                              Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
+                                            type: string
+                                          readOnly:
+                                            description: |-
+                                              readOnly defaults to false (read/write). ReadOnly here will force
+                                              the ReadOnly setting in VolumeMounts.
+                                            type: boolean
+                                          secretRef:
+                                            description: |-
+                                              secretRef specifies the secret to use for obtaining the StorageOS API
+                                              credentials.  If not specified, default values will be attempted.
+                                            properties:
+                                              name:
+                                                default: ""
+                                                description: |-
+                                                  Name of the referent.
+                                                  This field is effectively required, but due to backwards compatibility is
+                                                  allowed to be empty. Instances of this type with an empty value here are
+                                                  almost certainly wrong.
+                                                  TODO: Add other useful fields. apiVersion, kind, uid?
+                                                  More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+                                                  TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
+                                                type: string
+                                            type: object
+                                            x-kubernetes-map-type: atomic
+                                          volumeName:
+                                            description: |-
+                                              volumeName is the human-readable name of the StorageOS volume.  Volume
+                                              names are only unique within a namespace.
+                                            type: string
+                                          volumeNamespace:
+                                            description: |-
+                                              volumeNamespace specifies the scope of the volume within StorageOS.  If no
+                                              namespace is specified then the Pod's namespace will be used.  This allows the
+                                              Kubernetes name scoping to be mirrored within StorageOS for tighter integration.
+                                              Set VolumeName to any name to override the default behaviour.
+                                              Set to "default" if you are not using namespaces within StorageOS.
+                                              Namespaces that do not pre-exist within StorageOS will be created.
+                                            type: string
+                                        type: object
+                                      vsphereVolume:
+                                        description: vsphereVolume
+                                          represents
+                                          a
+                                          vSphere
+                                          volume
+                                          attached
+                                          and
+                                          mounted
+                                          on
+                                          kubelets
+                                          host
+                                          machine
+                                        properties:
+                                          fsType:
+                                            description: |-
+                                              fsType is filesystem type to mount.
+                                              Must be a filesystem type supported by the host operating system.
+                                              Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
+                                            type: string
+                                          storagePolicyID:
+                                            description: storagePolicyID
+                                              is
+                                              the
+                                              storage
+                                              Policy
+                                              Based
+                                              Management
+                                              (SPBM)
+                                              profile
+                                              ID
+                                              associated
+                                              with
+                                              the
+                                              StoragePolicyName.
+                                            type: string
+                                          storagePolicyName:
+                                            description: storagePolicyName
+                                              is
+                                              the
+                                              storage
+                                              Policy
+                                              Based
+                                              Management
+                                              (SPBM)
+                                              profile
+                                              name.
+                                            type: string
+                                          volumePath:
+                                            description: volumePath
+                                              is
+                                              the
+                                              path
+                                              that
+                                              identifies
+                                              vSphere
+                                              volume
+                                              vmdk
+                                            type: string
+                                        required:
+                                          - volumePath
+                                        type: object
+                                    required:
+                                      - name
+                                    type: object
+                                  type: array
+                              type: object
+                          type: object
+                        updateStrategy:
+                          description: An update strategy to
+                            replace existing DaemonSet pods
+                            with new pods.
+                          properties:
+                            rollingUpdate:
+                              description: |-
+                                Rolling update config params. Present only if type = "RollingUpdate".
+                                ---
+                                TODO: Update this to follow our convention for oneOf, whatever we decide it
+                                to be. Same as Deployment `strategy.rollingUpdate`.
+                                See https://github.com/kubernetes/kubernetes/issues/35345
+                              properties:
+                                maxSurge:
+                                  anyOf:
+                                    - type: integer
+                                    - type: string
+                                  description: |-
+                                    The maximum number of nodes with an existing available DaemonSet pod that
+                                    can have an updated DaemonSet pod during during an update.
+                                    Value can be an absolute number (ex: 5) or a percentage of desired pods (ex: 10%).
+                                    This can not be 0 if MaxUnavailable is 0.
+                                    Absolute number is calculated from percentage by rounding up to a minimum of 1.
+                                    Default value is 0.
+                                    Example: when this is set to 30%, at most 30% of the total number of nodes
+                                    that should be running the daemon pod (i.e. status.desiredNumberScheduled)
+                                    can have their a new pod created before the old pod is marked as deleted.
+                                    The update starts by launching new pods on 30% of nodes. Once an updated
+                                    pod is available (Ready for at least minReadySeconds) the old DaemonSet pod
+                                    on that node is marked deleted. If the old pod becomes unavailable for any
+                                    reason (Ready transitions to false, is evicted, or is drained) an updated
+                                    pod is immediatedly created on that node without considering surge limits.
+                                    Allowing surge implies the possibility that the resources consumed by the
+                                    daemonset on any given node can double if the readiness check fails, and
+                                    so resource intensive daemonsets should take into account that they may
+                                    cause evictions during disruption.
+                                  x-kubernetes-int-or-string: true
+                                maxUnavailable:
+                                  anyOf:
+                                    - type: integer
+                                    - type: string
+                                  description: |-
+                                    The maximum number of DaemonSet pods that can be unavailable during the
+                                    update. Value can be an absolute number (ex: 5) or a percentage of total
+                                    number of DaemonSet pods at the start of the update (ex: 10%). Absolute
+                                    number is calculated from percentage by rounding up.
+                                    This cannot be 0 if MaxSurge is 0
+                                    Default value is 1.
+                                    Example: when this is set to 30%, at most 30% of the total number of nodes
+                                    that should be running the daemon pod (i.e. status.desiredNumberScheduled)
+                                    can have their pods stopped for an update at any given time. The update
+                                    starts by stopping at most 30% of those DaemonSet pods and then brings
+                                    up new DaemonSet pods in their place. Once the new pods are available,
+                                    it then proceeds onto other DaemonSet pods, thus ensuring that at least
+                                    70% of original number of DaemonSet pods are available at all times during
+                                    the update.
+                                  x-kubernetes-int-or-string: true
+                              type: object
+                            type:
+                              description: Type of daemon
+                                set update. Can be "RollingUpdate"
+                                or "OnDelete". Default
+                                is RollingUpdate.
+                              type: string
+                          type: object
+                      type: object
+                  type: object
+                debug:
+                  description: Enables debug logging for the collector
+                  type: boolean
+                memoryLimiter:
+                  description: Setting memory limits for the Collector
+                  properties:
+                    check_interval:
+                      description: |-
+                        CheckInterval is the time between measurements of memory usage for the
+                        purposes of avoiding going over the limits. Defaults to zero, so no
+                        checks will be performed.
+                      format: int64
+                      type: integer
+                    limit_mib:
+                      description: |-
+                        MemoryLimitMiB is the maximum amount of memory, in MiB, targeted to be
+                        allocated by the process.
+                      format: int32
+                      type: integer
+                    limit_percentage:
+                      description: |-
+                        MemoryLimitPercentage is the maximum amount of memory, in %, targeted to be
+                        allocated by the process. The fixed memory settings MemoryLimitMiB has a higher precedence.
+                      format: int32
+                      type: integer
+                    spike_limit_mib:
+                      description: |-
+                        MemorySpikeLimitMiB is the maximum, in MiB, spike expected between the
+                        measurements of memory usage.
+                      format: int32
+                      type: integer
+                    spike_limit_percentage:
+                      description: |-
+                        MemorySpikePercentage is the maximum, in percents against the total memory,
+                        spike expected between the measurements of memory usage.
+                      format: int32
+                      type: integer
+                  required:
+                    - check_interval
+                    - limit_mib
+                    - limit_percentage
+                    - spike_limit_mib
+                    - spike_limit_percentage
+                  type: object
+                tenantSelector:
+                  description: |-
+                    A label selector is a label query over a set of resources. The result of matchLabels and
+                    matchExpressions are ANDed. An empty label selector matches all objects. A null
+                    label selector matches no objects.
+                  properties:
+                    matchExpressions:
+                      description: matchExpressions is a list of
+                        label selector requirements. The requirements
+                        are ANDed.
+                      items:
+                        description: |-
+                          A label selector requirement is a selector that contains values, a key, and an operator that
+                          relates the key and values.
+                        properties:
+                          key:
+                            description: key is the label
+                              key that the selector applies
+                              to.
+                            type: string
+                          operator:
+                            description: |-
+                              operator represents a key's relationship to a set of values.
+                              Valid operators are In, NotIn, Exists and DoesNotExist.
+                            type: string
+                          values:
+                            description: |-
+                              values is an array of string values. If the operator is In or NotIn,
+                              the values array must be non-empty. If the operator is Exists or DoesNotExist,
+                              the values array must be empty. This array is replaced during a strategic
+                              merge patch.
+                            items:
+                              type: string
+                            type: array
+                            x-kubernetes-list-type: atomic
+                        required:
+                          - key
+                          - operator
+                        type: object
+                      type: array
+                      x-kubernetes-list-type: atomic
+                    matchLabels:
+                      additionalProperties:
+                        type: string
+                      description: |-
+                        matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+                        map is equivalent to an element of matchExpressions, whose key field is "key", the
+                        operator is "In", and the values array contains only "value". The requirements are ANDed.
+                      type: object
+                  type: object
+                  x-kubernetes-map-type: atomic
+              required:
+                - controlNamespace
+              type: object
+            status:
+              description: CollectorStatus defines the observed state of
+                Collector
+              properties:
+                tenants:
+                  items:
+                    type: string
+                  type: array
+              type: object
+          type: object
+      served: true
+      storage: true
+      subresources:
+        status: {}
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    controller-gen.kubebuilder.io/version: v0.14.0
+  name: outputs.telemetry.kube-logging.dev
+spec:
+  group: telemetry.kube-logging.dev
+  names:
+    categories:
+      - telemetry-all
+    kind: Output
+    listKind: OutputList
+    plural: outputs
+    singular: output
+  scope: Namespaced
+  versions:
+    - name: v1alpha1
+      schema:
+        openAPIV3Schema:
+          description: Output is the Schema for the outputs API
+          properties:
+            apiVersion:
+              description: |-
+                APIVersion defines the versioned schema of this representation of an object.
+                Servers should convert recognized schemas to the latest internal value, and
+                may reject unrecognized values.
+                More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+              type: string
+            kind:
+              description: |-
+                Kind is a string value representing the REST resource this object represents.
+                Servers may infer this from the endpoint the client submits requests to.
+                Cannot be updated.
+                In CamelCase.
+                More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+              type: string
+            metadata:
+              type: object
+            spec:
+              description: OutputSpec defines the desired state of Output
+              properties:
+                fluentforward:
+                  properties:
+                    compress_gzip:
+                      description: CompressGzip enables gzip compression
+                        for the payload.
+                      type: boolean
+                    connection_timeout:
+                      description: Connection Timeout parameter
+                        configures `net.Dialer`.
+                      format: int64
+                      type: integer
+                    default_labels_enabled:
+                      additionalProperties:
+                        type: boolean
+                      description: DefaultLabelsEnabled is a map
+                        of default attributes to be added to each
+                        log record.
+                      type: object
+                    endpoint:
+                      description: "The target endpoint URI to send
+                        data to (e.g.: some.url:24224)."
+                      type: string
+                    kubernetes_metadata:
+                      properties:
+                        include_pod_labels:
+                          type: boolean
+                        key:
+                          type: string
+                      required:
+                        - include_pod_labels
+                        - key
+                      type: object
+                    require_ack:
+                      description: RequireAck enables the acknowledgement
+                        feature.
+                      type: boolean
+                    retry_on_failure:
+                      description: |-
+                        BackOffConfig defines configuration for retrying batches in case of export failure.
+                        The current supported strategy is exponential backoff.
+                      properties:
+                        enabled:
+                          description: Enabled indicates whether
+                            to not retry sending batches in
+                            case of export failure.
+                          type: boolean
+                        initial_interval:
+                          description: InitialInterval the time
+                            to wait after the first failure
+                            before retrying.
+                          format: int64
+                          type: integer
+                        max_elapsed_time:
+                          description: |-
+                            MaxElapsedTime is the maximum amount of time (including retries) spent trying to send a request/batch.
+                            Once this value is reached, the data is discarded. If set to 0, the retries are never stopped.
+                          format: int64
+                          type: integer
+                        max_interval:
+                          description: |-
+                            MaxInterval is the upper bound on backoff interval. Once this value is reached the delay between
+                            consecutive retries will always be `MaxInterval`.
+                          format: int64
+                          type: integer
+                        multiplier:
+                          description: Multiplier is the value
+                            multiplied by the backoff interval
+                            bounds
+                          type: string
+                        randomization_factor:
+                          description: |-
+                            RandomizationFactor is a random factor used to calculate next backoffs
+                            Randomized interval = RetryInterval * (1 ± RandomizationFactor)
+                          type: string
+                      type: object
+                    sending_queue:
+                      description: QueueSettings defines configuration
+                        for queueing batches before sending to
+                        the consumerSender.
+                      properties:
+                        enabled:
+                          description: Enabled indicates whether
+                            to not enqueue batches before
+                            sending to the consumerSender.
+                          type: boolean
+                        num_consumers:
+                          description: NumConsumers is the number
+                            of consumers from the queue.
+                          type: integer
+                        queue_size:
+                          description: QueueSize is the maximum
+                            number of batches allowed in queue
+                            at a given time.
+                          type: integer
+                        storage:
+                          description: |-
+                            StorageID if not empty, enables the persistent storage and uses the component specified
+                            as a storage extension for the persistent queue
+                          type: string
+                      type: object
+                    shared_key:
+                      description: SharedKey is used for authorization
+                        with the server that knows it.
+                      type: string
+                    tag:
+                      description: The Fluent tag parameter used
+                        for routing
+                      type: string
+                    tls:
+                      description: TLSSetting struct exposes TLS
+                        client configuration.
+                      properties:
+                        ca_file:
+                          description: |-
+                            Path to the CA cert. For a client this verifies the server certificate.
+                            For a server this verifies client certificates. If empty uses system root CA.
+                            (optional)
+                          type: string
+                        ca_pem:
+                          description: In memory PEM encoded
+                            cert. (optional)
+                          type: string
+                        cert_file:
+                          description: Path to the TLS cert
+                            to use for TLS required connections.
+                            (optional)
+                          type: string
+                        cert_pem:
+                          description: In memory PEM encoded
+                            TLS cert to use for TLS required
+                            connections. (optional)
+                          type: string
+                        insecure:
+                          description: |-
+                            In gRPC when set to true, this is used to disable the client transport security.
+                            See https://godoc.org/google.golang.org/grpc#WithInsecure.
+                            In HTTP, this disables verifying the server's certificate chain and host name
+                            (InsecureSkipVerify in the tls Config). Please refer to
+                            https://godoc.org/crypto/tls#Config for more information.
+                            (optional, default false)
+                          type: boolean
+                        insecure_skip_verify:
+                          description: InsecureSkipVerify will
+                            enable TLS but not verify the
+                            certificate.
+                          type: boolean
+                        key_file:
+                          description: Path to the TLS key to
+                            use for TLS required connections.
+                            (optional)
+                          type: string
+                        key_pem:
+                          description: In memory PEM encoded
+                            TLS key to use for TLS required
+                            connections. (optional)
+                          type: string
+                        max_version:
+                          description: |-
+                            MaxVersion sets the maximum TLS version that is acceptable.
+                            If not set, refer to crypto/tls for defaults. (optional)
+                          type: string
+                        min_version:
+                          description: |-
+                            MinVersion sets the minimum TLS version that is acceptable.
+                            If not set, TLS 1.2 will be used. (optional)
+                          type: string
+                        reload_interval:
+                          description: |-
+                            ReloadInterval specifies the duration after which the certificate will be reloaded
+                            If not set, it will never be reloaded (optional)
+                          format: int64
+                          type: integer
+                        server_name_override:
+                          description: |-
+                            ServerName requested by client for virtual hosting.
+                            This sets the ServerName in the TLSConfig. Please refer to
+                            https://godoc.org/crypto/tls#Config for more information. (optional)
+                          type: string
+                      type: object
+                  type: object
+                loki:
+                  properties:
+                    auth:
+                      description: Auth configuration for outgoing
+                        HTTP calls.
+                      type: string
+                    compression:
+                      description: The compression key for supported
+                        compression types within collector.
+                      type: string
+                    disable_keep_alives:
+                      description: |-
+                        DisableKeepAlives, if true, disables HTTP keep-alives and will only use the connection to the server
+                        for a single HTTP request.
+
+
+                        WARNING: enabling this option can result in significant overhead establishing a new HTTP(S)
+                        connection for every request. Before enabling this option please consider whether changes
+                        to idle connection settings can achieve your goal.
+                      type: boolean
+                    endpoint:
+                      description: "The target URL to send data
+                        to (e.g.: http://some.url:9411/v1/traces)."
+                      type: string
+                    headers:
+                      additionalProperties:
+                        description: |-
+                          String alias that is marshaled and printed in an opaque way.
+                          To recover the original value, cast it to a string.
+                        type: string
+                      description: |-
+                        Additional headers attached to each HTTP request sent by the client.
+                        Existing header values are overwritten if collision happens.
+                        Header values are opaque since they may be sensitive.
+                      type: object
+                    http2_ping_timeout:
+                      description: |-
+                        HTTP2PingTimeout if there's no response to the ping within the configured value, the connection will be closed.
+                        If not set or set to 0, it defaults to 15s.
+                      format: int64
+                      type: integer
+                    http2_read_idle_timeout:
+                      description: |-
+                        This is needed in case you run into
+                        https://github.com/golang/go/issues/59690
+                        https://github.com/golang/go/issues/36026
+                        HTTP2ReadIdleTimeout if the connection has been idle for the configured value send a ping frame for health check
+                        0s means no health check will be performed.
+                      format: int64
+                      type: integer
+                    idle_conn_timeout:
+                      description: |-
+                        IdleConnTimeout is the maximum amount of time a connection will remain open before closing itself.
+                        There's an already set value, and we want to override it only if an explicit value provided
+                      format: int64
+                      type: integer
+                    max_conns_per_host:
+                      description: |-
+                        MaxConnsPerHost limits the total number of connections per host, including connections in the dialing,
+                        active, and idle states.
+                        There's an already set value, and we want to override it only if an explicit value provided
+                      type: integer
+                    max_idle_conns:
+                      description: |-
+                        MaxIdleConns is used to set a limit to the maximum idle HTTP connections the client can keep open.
+                        There's an already set value, and we want to override it only if an explicit value provided
+                      type: integer
+                    max_idle_conns_per_host:
+                      description: |-
+                        MaxIdleConnsPerHost is used to set a limit to the maximum idle HTTP connections the host can keep open.
+                        There's an already set value, and we want to override it only if an explicit value provided
+                      type: integer
+                    proxy_url:
+                      description: ProxyURL setting for the collector
+                      type: string
+                    read_buffer_size:
+                      description: ReadBufferSize for HTTP client.
+                        See http.Transport.ReadBufferSize.
+                      type: integer
+                    retry_on_failure:
+                      description: |-
+                        BackOffConfig defines configuration for retrying batches in case of export failure.
+                        The current supported strategy is exponential backoff.
+                      properties:
+                        enabled:
+                          description: Enabled indicates whether
+                            to not retry sending batches in
+                            case of export failure.
+                          type: boolean
+                        initial_interval:
+                          description: InitialInterval the time
+                            to wait after the first failure
+                            before retrying.
+                          format: int64
+                          type: integer
+                        max_elapsed_time:
+                          description: |-
+                            MaxElapsedTime is the maximum amount of time (including retries) spent trying to send a request/batch.
+                            Once this value is reached, the data is discarded. If set to 0, the retries are never stopped.
+                          format: int64
+                          type: integer
+                        max_interval:
+                          description: |-
+                            MaxInterval is the upper bound on backoff interval. Once this value is reached the delay between
+                            consecutive retries will always be `MaxInterval`.
+                          format: int64
+                          type: integer
+                        multiplier:
+                          description: Multiplier is the value
+                            multiplied by the backoff interval
+                            bounds
+                          type: string
+                        randomization_factor:
+                          description: |-
+                            RandomizationFactor is a random factor used to calculate next backoffs
+                            Randomized interval = RetryInterval * (1 ± RandomizationFactor)
+                          type: string
+                      type: object
+                    sending_queue:
+                      description: QueueSettings defines configuration
+                        for queueing batches before sending to
+                        the consumerSender.
+                      properties:
+                        enabled:
+                          description: Enabled indicates whether
+                            to not enqueue batches before
+                            sending to the consumerSender.
+                          type: boolean
+                        num_consumers:
+                          description: NumConsumers is the number
+                            of consumers from the queue.
+                          type: integer
+                        queue_size:
+                          description: QueueSize is the maximum
+                            number of batches allowed in queue
+                            at a given time.
+                          type: integer
+                        storage:
+                          description: |-
+                            StorageID if not empty, enables the persistent storage and uses the component specified
+                            as a storage extension for the persistent queue
+                          type: string
+                      type: object
+                    timeout:
+                      description: Timeout parameter configures
+                        `http.Client.Timeout`.
+                      format: int64
+                      type: integer
+                    tls:
+                      description: TLSSetting struct exposes TLS
+                        client configuration.
+                      properties:
+                        ca_file:
+                          description: |-
+                            Path to the CA cert. For a client this verifies the server certificate.
+                            For a server this verifies client certificates. If empty uses system root CA.
+                            (optional)
+                          type: string
+                        ca_pem:
+                          description: In memory PEM encoded
+                            cert. (optional)
+                          type: string
+                        cert_file:
+                          description: Path to the TLS cert
+                            to use for TLS required connections.
+                            (optional)
+                          type: string
+                        cert_pem:
+                          description: In memory PEM encoded
+                            TLS cert to use for TLS required
+                            connections. (optional)
+                          type: string
+                        insecure:
+                          description: |-
+                            In gRPC when set to true, this is used to disable the client transport security.
+                            See https://godoc.org/google.golang.org/grpc#WithInsecure.
+                            In HTTP, this disables verifying the server's certificate chain and host name
+                            (InsecureSkipVerify in the tls Config). Please refer to
+                            https://godoc.org/crypto/tls#Config for more information.
+                            (optional, default false)
+                          type: boolean
+                        insecure_skip_verify:
+                          description: InsecureSkipVerify will
+                            enable TLS but not verify the
+                            certificate.
+                          type: boolean
+                        key_file:
+                          description: Path to the TLS key to
+                            use for TLS required connections.
+                            (optional)
+                          type: string
+                        key_pem:
+                          description: In memory PEM encoded
+                            TLS key to use for TLS required
+                            connections. (optional)
+                          type: string
+                        max_version:
+                          description: |-
+                            MaxVersion sets the maximum TLS version that is acceptable.
+                            If not set, refer to crypto/tls for defaults. (optional)
+                          type: string
+                        min_version:
+                          description: |-
+                            MinVersion sets the minimum TLS version that is acceptable.
+                            If not set, TLS 1.2 will be used. (optional)
+                          type: string
+                        reload_interval:
+                          description: |-
+                            ReloadInterval specifies the duration after which the certificate will be reloaded
+                            If not set, it will never be reloaded (optional)
+                          format: int64
+                          type: integer
+                        server_name_override:
+                          description: |-
+                            ServerName requested by client for virtual hosting.
+                            This sets the ServerName in the TLSConfig. Please refer to
+                            https://godoc.org/crypto/tls#Config for more information. (optional)
+                          type: string
+                      type: object
+                    write_buffer_size:
+                      description: WriteBufferSize for HTTP client.
+                        See http.Transport.WriteBufferSize.
+                      type: integer
+                  type: object
+                otlp:
+                  description: "OTLP grpc exporter config ref: https://github.com/open-telemetry/opentelemetry-collector/blob/main/exporter/otlpexporter/config.go"
+                  properties:
+                    auth:
+                      description: Auth configuration for outgoing
+                        RPCs.
+                      type: string
+                    authority:
+                      description: |-
+                        WithAuthority parameter configures client to rewrite ":authority" header
+                        (godoc.org/google.golang.org/grpc#WithAuthority)
+                      type: string
+                    balancer_name:
+                      description: |-
+                        Sets the balancer in grpclb_policy to discover the servers. Default is pick_first.
+                        https://github.com/grpc/grpc-go/blob/master/examples/features/load_balancing/README.md
+                      type: string
+                    compression:
+                      description: The compression key for supported
+                        compression types within collector.
+                      type: string
+                    endpoint:
+                      description: |-
+                        The target to which the exporter is going to send traces or metrics,
+                        using the gRPC protocol. The valid syntax is described at
+                        https://github.com/grpc/grpc/blob/master/doc/naming.md.
+                      type: string
+                    headers:
+                      additionalProperties:
+                        type: string
+                      description: The headers associated with gRPC
+                        requests.
+                      type: object
+                    keepalive:
+                      description: |-
+                        The keepalive parameters for gRPC client. See grpc.WithKeepaliveParams.
+                        (https://godoc.org/google.golang.org/grpc#WithKeepaliveParams).
+                      properties:
+                        permit_without_stream:
+                          type: boolean
+                        time:
+                          description: |-
+                            A Duration represents the elapsed time between two instants
+                            as an int64 nanosecond count. The representation limits the
+                            largest representable duration to approximately 290 years.
+                          format: int64
+                          type: integer
+                        timeout:
+                          description: |-
+                            A Duration represents the elapsed time between two instants
+                            as an int64 nanosecond count. The representation limits the
+                            largest representable duration to approximately 290 years.
+                          format: int64
+                          type: integer
+                      type: object
+                    read_buffer_size:
+                      description: |-
+                        ReadBufferSize for gRPC client. See grpc.WithReadBufferSize.
+                        (https://godoc.org/google.golang.org/grpc#WithReadBufferSize).
+                      type: integer
+                    retry_on_failure:
+                      description: |-
+                        BackOffConfig defines configuration for retrying batches in case of export failure.
+                        The current supported strategy is exponential backoff.
+                      properties:
+                        enabled:
+                          description: Enabled indicates whether
+                            to not retry sending batches in
+                            case of export failure.
+                          type: boolean
+                        initial_interval:
+                          description: InitialInterval the time
+                            to wait after the first failure
+                            before retrying.
+                          format: int64
+                          type: integer
+                        max_elapsed_time:
+                          description: |-
+                            MaxElapsedTime is the maximum amount of time (including retries) spent trying to send a request/batch.
+                            Once this value is reached, the data is discarded. If set to 0, the retries are never stopped.
+                          format: int64
+                          type: integer
+                        max_interval:
+                          description: |-
+                            MaxInterval is the upper bound on backoff interval. Once this value is reached the delay between
+                            consecutive retries will always be `MaxInterval`.
+                          format: int64
+                          type: integer
+                        multiplier:
+                          description: Multiplier is the value
+                            multiplied by the backoff interval
+                            bounds
+                          type: string
+                        randomization_factor:
+                          description: |-
+                            RandomizationFactor is a random factor used to calculate next backoffs
+                            Randomized interval = RetryInterval * (1 ± RandomizationFactor)
+                          type: string
+                      type: object
+                    sending_queue:
+                      description: QueueSettings defines configuration
+                        for queueing batches before sending to
+                        the consumerSender.
+                      properties:
+                        enabled:
+                          description: Enabled indicates whether
+                            to not enqueue batches before
+                            sending to the consumerSender.
+                          type: boolean
+                        num_consumers:
+                          description: NumConsumers is the number
+                            of consumers from the queue.
+                          type: integer
+                        queue_size:
+                          description: QueueSize is the maximum
+                            number of batches allowed in queue
+                            at a given time.
+                          type: integer
+                        storage:
+                          description: |-
+                            StorageID if not empty, enables the persistent storage and uses the component specified
+                            as a storage extension for the persistent queue
+                          type: string
+                      type: object
+                    timeout:
+                      description: |-
+                        Timeout is the timeout for every attempt to send data to the backend.
+                        A zero timeout means no timeout.
+                      format: int64
+                      type: integer
+                    tls:
+                      description: TLSSetting struct exposes TLS
+                        client configuration.
+                      properties:
+                        ca_file:
+                          description: |-
+                            Path to the CA cert. For a client this verifies the server certificate.
+                            For a server this verifies client certificates. If empty uses system root CA.
+                            (optional)
+                          type: string
+                        ca_pem:
+                          description: In memory PEM encoded
+                            cert. (optional)
+                          type: string
+                        cert_file:
+                          description: Path to the TLS cert
+                            to use for TLS required connections.
+                            (optional)
+                          type: string
+                        cert_pem:
+                          description: In memory PEM encoded
+                            TLS cert to use for TLS required
+                            connections. (optional)
+                          type: string
+                        insecure:
+                          description: |-
+                            In gRPC when set to true, this is used to disable the client transport security.
+                            See https://godoc.org/google.golang.org/grpc#WithInsecure.
+                            In HTTP, this disables verifying the server's certificate chain and host name
+                            (InsecureSkipVerify in the tls Config). Please refer to
+                            https://godoc.org/crypto/tls#Config for more information.
+                            (optional, default false)
+                          type: boolean
+                        insecure_skip_verify:
+                          description: InsecureSkipVerify will
+                            enable TLS but not verify the
+                            certificate.
+                          type: boolean
+                        key_file:
+                          description: Path to the TLS key to
+                            use for TLS required connections.
+                            (optional)
+                          type: string
+                        key_pem:
+                          description: In memory PEM encoded
+                            TLS key to use for TLS required
+                            connections. (optional)
+                          type: string
+                        max_version:
+                          description: |-
+                            MaxVersion sets the maximum TLS version that is acceptable.
+                            If not set, refer to crypto/tls for defaults. (optional)
+                          type: string
+                        min_version:
+                          description: |-
+                            MinVersion sets the minimum TLS version that is acceptable.
+                            If not set, TLS 1.2 will be used. (optional)
+                          type: string
+                        reload_interval:
+                          description: |-
+                            ReloadInterval specifies the duration after which the certificate will be reloaded
+                            If not set, it will never be reloaded (optional)
+                          format: int64
+                          type: integer
+                        server_name_override:
+                          description: |-
+                            ServerName requested by client for virtual hosting.
+                            This sets the ServerName in the TLSConfig. Please refer to
+                            https://godoc.org/crypto/tls#Config for more information. (optional)
+                          type: string
+                      type: object
+                    wait_for_ready:
+                      description: |-
+                        WaitForReady parameter configures client to wait for ready state before sending data.
+                        (https://github.com/grpc/grpc/blob/master/doc/wait-for-ready.md)
+                      type: boolean
+                    write_buffer_size:
+                      description: |-
+                        WriteBufferSize for gRPC gRPC. See grpc.WithWriteBufferSize.
+                        (https://godoc.org/google.golang.org/grpc#WithWriteBufferSize).
+                      type: integer
+                  required:
+                    - endpoint
+                  type: object
+              type: object
+            status:
+              description: OutputStatus defines the observed state of Output
+              type: object
+          type: object
+      served: true
+      storage: true
+      subresources:
+        status: {}
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    controller-gen.kubebuilder.io/version: v0.14.0
+  name: subscriptions.telemetry.kube-logging.dev
+spec:
+  group: telemetry.kube-logging.dev
+  names:
+    categories:
+      - telemetry-all
+    kind: Subscription
+    listKind: SubscriptionList
+    plural: subscriptions
+    singular: subscription
+  scope: Namespaced
+  versions:
+    - additionalPrinterColumns:
+        - jsonPath: .status.tenant
+          name: Tenant
+          type: string
+        - jsonPath: .status.outputs
+          name: Outputs
+          type: string
+      name: v1alpha1
+      schema:
+        openAPIV3Schema:
+          description: Subscription is the Schema for the subscriptions API
+          properties:
+            apiVersion:
+              description: |-
+                APIVersion defines the versioned schema of this representation of an object.
+                Servers should convert recognized schemas to the latest internal value, and
+                may reject unrecognized values.
+                More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+              type: string
+            kind:
+              description: |-
+                Kind is a string value representing the REST resource this object represents.
+                Servers may infer this from the endpoint the client submits requests to.
+                Cannot be updated.
+                In CamelCase.
+                More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+              type: string
+            metadata:
+              type: object
+            spec:
+              description: SubscriptionSpec defines the desired state of
+                Subscription
+              properties:
+                debug:
+                  type: boolean
+                ottl:
+                  type: string
+                outputs:
+                  items:
+                    properties:
+                      name:
+                        type: string
+                      namespace:
+                        type: string
+                    required:
+                      - name
+                      - namespace
+                    type: object
+                  type: array
+              type: object
+            status:
+              description: SubscriptionStatus defines the observed state
+                of Subscription
+              properties:
+                outputs:
+                  items:
+                    properties:
+                      name:
+                        type: string
+                      namespace:
+                        type: string
+                    required:
+                      - name
+                      - namespace
+                    type: object
+                  type: array
+                tenant:
+                  type: string
+              type: object
+          type: object
+      served: true
+      storage: true
+      subresources:
+        status: {}
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    controller-gen.kubebuilder.io/version: v0.14.0
+  name: tenants.telemetry.kube-logging.dev
+spec:
+  group: telemetry.kube-logging.dev
+  names:
+    categories:
+      - telemetry-all
+    kind: Tenant
+    listKind: TenantList
+    plural: tenants
+    singular: tenant
+  scope: Cluster
+  versions:
+    - additionalPrinterColumns:
+        - jsonPath: .status.subscriptions
+          name: Subscriptions
+          type: string
+        - jsonPath: .status.logSourceNamespaces
+          name: Logsource namespaces
+          type: string
+        - jsonPath: .status.state
+          name: State
+          type: string
+      name: v1alpha1
+      schema:
+        openAPIV3Schema:
+          description: Tenant is the Schema for the tenants API
+          properties:
+            apiVersion:
+              description: |-
+                APIVersion defines the versioned schema of this representation of an object.
+                Servers should convert recognized schemas to the latest internal value, and
+                may reject unrecognized values.
+                More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+              type: string
+            kind:
+              description: |-
+                Kind is a string value representing the REST resource this object represents.
+                Servers may infer this from the endpoint the client submits requests to.
+                Cannot be updated.
+                In CamelCase.
+                More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+              type: string
+            metadata:
+              type: object
+            spec:
+              description: TenantSpec defines the desired state of Tenant
+              properties:
+                logSourceNamespaceSelectors:
+                  items:
+                    description: |-
+                      A label selector is a label query over a set of resources. The result of matchLabels and
+                      matchExpressions are ANDed. An empty label selector matches all objects. A null
+                      label selector matches no objects.
+                    properties:
+                      matchExpressions:
+                        description: matchExpressions is a list
+                          of label selector requirements. The
+                          requirements are ANDed.
+                        items:
+                          description: |-
+                            A label selector requirement is a selector that contains values, a key, and an operator that
+                            relates the key and values.
+                          properties:
+                            key:
+                              description: key is the label
+                                key that the selector
+                                applies to.
+                              type: string
+                            operator:
+                              description: |-
+                                operator represents a key's relationship to a set of values.
+                                Valid operators are In, NotIn, Exists and DoesNotExist.
+                              type: string
+                            values:
+                              description: |-
+                                values is an array of string values. If the operator is In or NotIn,
+                                the values array must be non-empty. If the operator is Exists or DoesNotExist,
+                                the values array must be empty. This array is replaced during a strategic
+                                merge patch.
+                              items:
+                                type: string
+                              type: array
+                              x-kubernetes-list-type: atomic
+                          required:
+                            - key
+                            - operator
+                          type: object
+                        type: array
+                        x-kubernetes-list-type: atomic
+                      matchLabels:
+                        additionalProperties:
+                          type: string
+                        description: |-
+                          matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+                          map is equivalent to an element of matchExpressions, whose key field is "key", the
+                          operator is "In", and the values array contains only "value". The requirements are ANDed.
+                        type: object
+                    type: object
+                    x-kubernetes-map-type: atomic
+                  type: array
+                subscriptionNamespaceSelectors:
+                  items:
+                    description: |-
+                      A label selector is a label query over a set of resources. The result of matchLabels and
+                      matchExpressions are ANDed. An empty label selector matches all objects. A null
+                      label selector matches no objects.
+                    properties:
+                      matchExpressions:
+                        description: matchExpressions is a list
+                          of label selector requirements. The
+                          requirements are ANDed.
+                        items:
+                          description: |-
+                            A label selector requirement is a selector that contains values, a key, and an operator that
+                            relates the key and values.
+                          properties:
+                            key:
+                              description: key is the label
+                                key that the selector
+                                applies to.
+                              type: string
+                            operator:
+                              description: |-
+                                operator represents a key's relationship to a set of values.
+                                Valid operators are In, NotIn, Exists and DoesNotExist.
+                              type: string
+                            values:
+                              description: |-
+                                values is an array of string values. If the operator is In or NotIn,
+                                the values array must be non-empty. If the operator is Exists or DoesNotExist,
+                                the values array must be empty. This array is replaced during a strategic
+                                merge patch.
+                              items:
+                                type: string
+                              type: array
+                              x-kubernetes-list-type: atomic
+                          required:
+                            - key
+                            - operator
+                          type: object
+                        type: array
+                        x-kubernetes-list-type: atomic
+                      matchLabels:
+                        additionalProperties:
+                          type: string
+                        description: |-
+                          matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+                          map is equivalent to an element of matchExpressions, whose key field is "key", the
+                          operator is "In", and the values array contains only "value". The requirements are ANDed.
+                        type: object
+                    type: object
+                    x-kubernetes-map-type: atomic
+                  type: array
+              type: object
+            status:
+              description: TenantStatus defines the observed state of Tenant
+              properties:
+                logSourceNamespaces:
+                  items:
+                    type: string
+                  type: array
+                state:
+                  type: string
+                subscriptions:
+                  items:
+                    properties:
+                      name:
+                        type: string
+                      namespace:
+                        type: string
+                    required:
+                      - name
+                      - namespace
+                    type: object
+                  type: array
+              type: object
+          type: object
+      served: true
+      storage: true
+      subresources:
+        status: {}
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    controller-gen.kubebuilder.io/version: v0.14.0
+  name: collectors.telemetry.kube-logging.dev
+spec:
+  group: telemetry.kube-logging.dev
+  names:
+    categories:
+      - telemetry-all
+    kind: Collector
+    listKind: CollectorList
+    plural: collectors
+    singular: collector
+  scope: Cluster
+  versions:
+    - additionalPrinterColumns:
+        - jsonPath: .status.tenants
+          name: Tenants
+          type: string
+      name: v1alpha1
+      schema:
+        openAPIV3Schema:
+          description: Collector is the Schema for the collectors API
+          properties:
+            apiVersion:
+              description: |-
+                APIVersion defines the versioned schema of this representation of an object.
+                Servers should convert recognized schemas to the latest internal value, and
+                may reject unrecognized values.
+                More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+              type: string
+            kind:
+              description: |-
+                Kind is a string value representing the REST resource this object represents.
+                Servers may infer this from the endpoint the client submits requests to.
+                Cannot be updated.
+                In CamelCase.
+                More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+              type: string
+            metadata:
+              type: object
+            spec:
+              description: CollectorSpec defines the desired state of Collector
+              properties:
+                controlNamespace:
+                  description: Namespace where OTel collector DaemonSet
+                    is deployed
+                  type: string
+                daemonSet:
+                  description: DaemonSet is a subset of [DaemonSet in
+                    k8s.io/api/apps/v1](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.19/#daemonset-v1-apps),
+                    with [DaemonSetSpec replaced by the local variant](#daemonset-spec).
+                  properties:
+                    metadata:
+                      description: ObjectMeta contains only a [subset
+                        of the fields included in k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.19/#objectmeta-v1-meta).
+                      properties:
+                        annotations:
+                          additionalProperties:
+                            type: string
+                          type: object
+                        labels:
+                          additionalProperties:
+                            type: string
+                          type: object
+                      type: object
+                    spec:
+                      description: "[Local DaemonSet specification](#daemonset-spec)"
+                      properties:
+                        minReadySeconds:
+                          description: |-
+                            The minimum number of seconds for which a newly created DaemonSet pod should
+                            be ready without any of its container crashing, for it to be considered
+                            available. Defaults to 0 (pod will be considered available as soon as it
+                            is ready). (default: 0)
+                          format: int32
+                          type: integer
+                        revisionHistoryLimit:
+                          description: |-
+                            The number of old history to retain to allow rollback.
+                            This is a pointer to distinguish between explicit zero and not specified.
+                            Defaults to 10. (default: 10)
+                          format: int32
+                          type: integer
+                        selector:
+                          description: A label query over pods
+                            that are managed by the daemon
+                            set.
+                          properties:
+                            matchExpressions:
+                              description: matchExpressions
+                                is a list of label selector
+                                requirements. The requirements
+                                are ANDed.
+                              items:
+                                description: |-
+                                  A label selector requirement is a selector that contains values, a key, and an operator that
+                                  relates the key and values.
+                                properties:
+                                  key:
+                                    description: key
+                                      is the label
+                                      key that the
+                                      selector applies
+                                      to.
+                                    type: string
+                                  operator:
+                                    description: |-
+                                      operator represents a key's relationship to a set of values.
+                                      Valid operators are In, NotIn, Exists and DoesNotExist.
+                                    type: string
+                                  values:
+                                    description: |-
+                                      values is an array of string values. If the operator is In or NotIn,
+                                      the values array must be non-empty. If the operator is Exists or DoesNotExist,
+                                      the values array must be empty. This array is replaced during a strategic
+                                      merge patch.
+                                    items:
+                                      type: string
+                                    type: array
+                                    x-kubernetes-list-type: atomic
+                                required:
+                                  - key
+                                  - operator
+                                type: object
+                              type: array
+                              x-kubernetes-list-type: atomic
+                            matchLabels:
+                              additionalProperties:
+                                type: string
+                              description: |-
+                                matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+                                map is equivalent to an element of matchExpressions, whose key field is "key", the
+                                operator is "In", and the values array contains only "value". The requirements are ANDed.
+                              type: object
+                          type: object
+                          x-kubernetes-map-type: atomic
+                        template:
+                          description: An object that describes
+                            the pod that will be created.
+                            Note that this is a [local PodTemplateSpec](#podtemplatespec)
+                          properties:
+                            metadata:
+                              description: ObjectMeta contains
+                                only a [subset of the
+                                fields included in k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.19/#objectmeta-v1-meta).
+                              properties:
+                                annotations:
+                                  additionalProperties:
+                                    type: string
+                                  type: object
+                                labels:
+                                  additionalProperties:
+                                    type: string
+                                  type: object
+                              type: object
+                            spec:
+                              description: PodSpec is a
+                                subset of [PodSpec in
+                                k8s.io/api/corev1](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.19/#podspec-v1-core).
+                                It's the same as the original
+                                PodSpec expect it allows
+                                for containers to be missing.
+                              properties:
+                                activeDeadlineSeconds:
+                                  description: Optional
+                                    duration in seconds
+                                    the pod may be
+                                    active on the
+                                    node relative
+                                    to
+                                  format: int64
+                                  type: integer
+                                affinity:
+                                  description: If specified,
+                                    the pod's scheduling
+                                    constraints
+                                  properties:
+                                    nodeAffinity:
+                                      description: Describes
+                                        node affinity
+                                        scheduling
+                                        rules
+                                        for the
+                                        pod.
+                                      properties:
+                                        ? preferredDuringSchedulingIgnoredDuringExecution
+                                        : description: |-
+                                            The scheduler will prefer to schedule pods to nodes that satisfy
+                                            the affinity expressions specified by this field, but it may choose
+                                            a node that violates one or more of the expressions. The node that is
+                                            most preferred is the one with the greatest sum of weights, i.e.
+                                            for each node that meets all of the scheduling requirements (resource
+                                            request, requiredDuringScheduling affinity expressions, etc.),
+                                            compute a sum by iterating through the elements of this field and adding
+                                            "weight" to the sum if the node matches the corresponding matchExpressions; the
+                                            node(s) with the highest sum are the most preferred.
+                                          items:
+                                            description: |-
+                                              An empty preferred scheduling term matches all objects with implicit weight 0
+                                              (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op).
+                                            properties:
+                                              preference:
+                                                description: A
+                                                  node
+                                                  selector
+                                                  term,
+                                                  associated
+                                                  with
+                                                  the
+                                                  corresponding
+                                                  weight.
+                                                properties:
+                                                  matchExpressions:
+                                                    description: A
+                                                      list
+                                                      of
+                                                      node
+                                                      selector
+                                                      requirements
+                                                      by
+                                                      node's
+                                                      labels.
+                                                    items:
+                                                      description: |-
+                                                        A node selector requirement is a selector that contains values, a key, and an operator
+                                                        that relates the key and values.
+                                                      properties:
+                                                        key:
+                                                          description: The
+                                                            label
+                                                            key
+                                                            that
+                                                            the
+                                                            selector
+                                                            applies
+                                                            to.
+                                                          type: string
+                                                        operator:
+                                                          description: |-
+                                                            Represents a key's relationship to a set of values.
+                                                            Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
+                                                          type: string
+                                                        values:
+                                                          description: |-
+                                                            An array of string values. If the operator is In or NotIn,
+                                                            the values array must be non-empty. If the operator is Exists or DoesNotExist,
+                                                            the values array must be empty. If the operator is Gt or Lt, the values
+                                                            array must have a single element, which will be interpreted as an integer.
+                                                            This array is replaced during a strategic merge patch.
+                                                          items:
+                                                            type: string
+                                                          type: array
+                                                          x-kubernetes-list-type: atomic
+                                                      required:
+                                                        - key
+                                                        - operator
+                                                      type: object
+                                                    type: array
+                                                    x-kubernetes-list-type: atomic
+                                                  matchFields:
+                                                    description: A
+                                                      list
+                                                      of
+                                                      node
+                                                      selector
+                                                      requirements
+                                                      by
+                                                      node's
+                                                      fields.
+                                                    items:
+                                                      description: |-
+                                                        A node selector requirement is a selector that contains values, a key, and an operator
+                                                        that relates the key and values.
+                                                      properties:
+                                                        key:
+                                                          description: The
+                                                            label
+                                                            key
+                                                            that
+                                                            the
+                                                            selector
+                                                            applies
+                                                            to.
+                                                          type: string
+                                                        operator:
+                                                          description: |-
+                                                            Represents a key's relationship to a set of values.
+                                                            Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
+                                                          type: string
+                                                        values:
+                                                          description: |-
+                                                            An array of string values. If the operator is In or NotIn,
+                                                            the values array must be non-empty. If the operator is Exists or DoesNotExist,
+                                                            the values array must be empty. If the operator is Gt or Lt, the values
+                                                            array must have a single element, which will be interpreted as an integer.
+                                                            This array is replaced during a strategic merge patch.
+                                                          items:
+                                                            type: string
+                                                          type: array
+                                                          x-kubernetes-list-type: atomic
+                                                      required:
+                                                        - key
+                                                        - operator
+                                                      type: object
+                                                    type: array
+                                                    x-kubernetes-list-type: atomic
+                                                type: object
+                                                x-kubernetes-map-type: atomic
+                                              weight:
+                                                description: Weight
+                                                  associated
+                                                  with
+                                                  matching
+                                                  the
+                                                  corresponding
+                                                  nodeSelectorTerm,
+                                                  in
+                                                  the
+                                                  range
+                                                  1-100.
+                                                format: int32
+                                                type: integer
+                                            required:
+                                              - preference
+                                              - weight
+                                            type: object
+                                          type: array
+                                          x-kubernetes-list-type: atomic
+                                        ? requiredDuringSchedulingIgnoredDuringExecution
+                                        : description: |-
+                                            If the affinity requirements specified by this field are not met at
+                                            scheduling time, the pod will not be scheduled onto the node.
+                                            If the affinity requirements specified by this field cease to be met
+                                            at some point during pod execution (e.g. due to an update), the system
+                                            may or may not try to eventually evict the pod from its node.
+                                          properties:
+                                            nodeSelectorTerms:
+                                              description: Required.
+                                                A
+                                                list
+                                                of
+                                                node
+                                                selector
+                                                terms.
+                                                The
+                                                terms
+                                                are
+                                                ORed.
+                                              items:
+                                                description: |-
+                                                  A null or empty node selector term matches no objects. The requirements of
+                                                  them are ANDed.
+                                                  The TopologySelectorTerm type implements a subset of the NodeSelectorTerm.
+                                                properties:
+                                                  matchExpressions:
+                                                    description: A
+                                                      list
+                                                      of
+                                                      node
+                                                      selector
+                                                      requirements
+                                                      by
+                                                      node's
+                                                      labels.
+                                                    items:
+                                                      description: |-
+                                                        A node selector requirement is a selector that contains values, a key, and an operator
+                                                        that relates the key and values.
+                                                      properties:
+                                                        key:
+                                                          description: The
+                                                            label
+                                                            key
+                                                            that
+                                                            the
+                                                            selector
+                                                            applies
+                                                            to.
+                                                          type: string
+                                                        operator:
+                                                          description: |-
+                                                            Represents a key's relationship to a set of values.
+                                                            Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
+                                                          type: string
+                                                        values:
+                                                          description: |-
+                                                            An array of string values. If the operator is In or NotIn,
+                                                            the values array must be non-empty. If the operator is Exists or DoesNotExist,
+                                                            the values array must be empty. If the operator is Gt or Lt, the values
+                                                            array must have a single element, which will be interpreted as an integer.
+                                                            This array is replaced during a strategic merge patch.
+                                                          items:
+                                                            type: string
+                                                          type: array
+                                                          x-kubernetes-list-type: atomic
+                                                      required:
+                                                        - key
+                                                        - operator
+                                                      type: object
+                                                    type: array
+                                                    x-kubernetes-list-type: atomic
+                                                  matchFields:
+                                                    description: A
+                                                      list
+                                                      of
+                                                      node
+                                                      selector
+                                                      requirements
+                                                      by
+                                                      node's
+                                                      fields.
+                                                    items:
+                                                      description: |-
+                                                        A node selector requirement is a selector that contains values, a key, and an operator
+                                                        that relates the key and values.
+                                                      properties:
+                                                        key:
+                                                          description: The
+                                                            label
+                                                            key
+                                                            that
+                                                            the
+                                                            selector
+                                                            applies
+                                                            to.
+                                                          type: string
+                                                        operator:
+                                                          description: |-
+                                                            Represents a key's relationship to a set of values.
+                                                            Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
+                                                          type: string
+                                                        values:
+                                                          description: |-
+                                                            An array of string values. If the operator is In or NotIn,
+                                                            the values array must be non-empty. If the operator is Exists or DoesNotExist,
+                                                            the values array must be empty. If the operator is Gt or Lt, the values
+                                                            array must have a single element, which will be interpreted as an integer.
+                                                            This array is replaced during a strategic merge patch.
+                                                          items:
+                                                            type: string
+                                                          type: array
+                                                          x-kubernetes-list-type: atomic
+                                                      required:
+                                                        - key
+                                                        - operator
+                                                      type: object
+                                                    type: array
+                                                    x-kubernetes-list-type: atomic
+                                                type: object
+                                                x-kubernetes-map-type: atomic
+                                              type: array
+                                              x-kubernetes-list-type: atomic
+                                          required:
+                                            - nodeSelectorTerms
+                                          type: object
+                                          x-kubernetes-map-type: atomic
+                                      type: object
+                                    podAffinity:
+                                      description: Describes
+                                        pod affinity
+                                        scheduling
+                                        rules
+                                        (e.g.
+                                        co-locate
+                                        this pod
+                                        in the
+                                        same node,
+                                        zone,
+                                        etc. as
+                                        some other
+                                        pod(s)).
+                                      properties:
+                                        ? preferredDuringSchedulingIgnoredDuringExecution
+                                        : description: |-
+                                            The scheduler will prefer to schedule pods to nodes that satisfy
+                                            the affinity expressions specified by this field, but it may choose
+                                            a node that violates one or more of the expressions. The node that is
+                                            most preferred is the one with the greatest sum of weights, i.e.
+                                            for each node that meets all of the scheduling requirements (resource
+                                            request, requiredDuringScheduling affinity expressions, etc.),
+                                            compute a sum by iterating through the elements of this field and adding
+                                            "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the
+                                            node(s) with the highest sum are the most preferred.
+                                          items:
+                                            description: The
+                                              weights
+                                              of
+                                              all
+                                              of
+                                              the
+                                              matched
+                                              WeightedPodAffinityTerm
+                                              fields
+                                              are
+                                              added
+                                              per-node
+                                              to
+                                              find
+                                              the
+                                              most
+                                              preferred
+                                              node(s)
+                                            properties:
+                                              podAffinityTerm:
+                                                description: Required.
+                                                  A
+                                                  pod
+                                                  affinity
+                                                  term,
+                                                  associated
+                                                  with
+                                                  the
+                                                  corresponding
+                                                  weight.
+                                                properties:
+                                                  labelSelector:
+                                                    description: |-
+                                                      A label query over a set of resources, in this case pods.
+                                                      If it's null, this PodAffinityTerm matches with no Pods.
+                                                    properties:
+                                                      matchExpressions:
+                                                        description:
+                                                          matchExpressions
+                                                          is
+                                                          a
+                                                          list
+                                                          of
+                                                          label
+                                                          selector
+                                                          requirements.
+                                                          The
+                                                          requirements
+                                                          are
+                                                          ANDed.
+                                                        items:
+                                                          description: |-
+                                                            A label selector requirement is a selector that contains values, a key, and an operator that
+                                                            relates the key and values.
+                                                          properties:
+                                                            key:
+                                                              description: key
+                                                                is
+                                                                the
+                                                                label
+                                                                key
+                                                                that
+                                                                the
+                                                                selector
+                                                                applies
+                                                                to.
+                                                              type: string
+                                                            operator:
+                                                              description: |-
+                                                                operator represents a key's relationship to a set of values.
+                                                                Valid operators are In, NotIn, Exists and DoesNotExist.
+                                                              type: string
+                                                            values:
+                                                              description: |-
+                                                                values is an array of string values. If the operator is In or NotIn,
+                                                                the values array must be non-empty. If the operator is Exists or DoesNotExist,
+                                                                the values array must be empty. This array is replaced during a strategic
+                                                                merge patch.
+                                                              items:
+                                                                type: string
+                                                              type: array
+                                                              x-kubernetes-list-type: atomic
+                                                          required:
+                                                            - key
+                                                            - operator
+                                                          type: object
+                                                        type: array
+                                                        x-kubernetes-list-type: atomic
+                                                      matchLabels:
+                                                        additionalProperties:
+                                                          type: string
+                                                        description: |-
+                                                          matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+                                                          map is equivalent to an element of matchExpressions, whose key field is "key", the
+                                                          operator is "In", and the values array contains only "value". The requirements are ANDed.
+                                                        type: object
+                                                    type: object
+                                                    x-kubernetes-map-type: atomic
+                                                  matchLabelKeys:
+                                                    description: |-
+                                                      MatchLabelKeys is a set of pod label keys to select which pods will
+                                                      be taken into consideration. The keys are used to lookup values from the
+                                                      incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`
+                                                      to select the group of existing pods which pods will be taken into consideration
+                                                      for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
+                                                      pod labels will be ignored. The default value is empty.
+                                                      The same key is forbidden to exist in both matchLabelKeys and labelSelector.
+                                                      Also, matchLabelKeys cannot be set when labelSelector isn't set.
+                                                      This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+                                                    items:
+                                                      type: string
+                                                    type: array
+                                                    x-kubernetes-list-type: atomic
+                                                  mismatchLabelKeys:
+                                                    description: |-
+                                                      MismatchLabelKeys is a set of pod label keys to select which pods will
+                                                      be taken into consideration. The keys are used to lookup values from the
+                                                      incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`
+                                                      to select the group of existing pods which pods will be taken into consideration
+                                                      for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
+                                                      pod labels will be ignored. The default value is empty.
+                                                      The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.
+                                                      Also, mismatchLabelKeys cannot be set when labelSelector isn't set.
+                                                      This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+                                                    items:
+                                                      type: string
+                                                    type: array
+                                                    x-kubernetes-list-type: atomic
+                                                  namespaceSelector:
+                                                    description: |-
+                                                      A label query over the set of namespaces that the term applies to.
+                                                      The term is applied to the union of the namespaces selected by this field
+                                                      and the ones listed in the namespaces field.
+                                                      null selector and null or empty namespaces list means "this pod's namespace".
+                                                      An empty selector ({}) matches all namespaces.
+                                                    properties:
+                                                      matchExpressions:
+                                                        description:
+                                                          matchExpressions
+                                                          is
+                                                          a
+                                                          list
+                                                          of
+                                                          label
+                                                          selector
+                                                          requirements.
+                                                          The
+                                                          requirements
+                                                          are
+                                                          ANDed.
+                                                        items:
+                                                          description: |-
+                                                            A label selector requirement is a selector that contains values, a key, and an operator that
+                                                            relates the key and values.
+                                                          properties:
+                                                            key:
+                                                              description: key
+                                                                is
+                                                                the
+                                                                label
+                                                                key
+                                                                that
+                                                                the
+                                                                selector
+                                                                applies
+                                                                to.
+                                                              type: string
+                                                            operator:
+                                                              description: |-
+                                                                operator represents a key's relationship to a set of values.
+                                                                Valid operators are In, NotIn, Exists and DoesNotExist.
+                                                              type: string
+                                                            values:
+                                                              description: |-
+                                                                values is an array of string values. If the operator is In or NotIn,
+                                                                the values array must be non-empty. If the operator is Exists or DoesNotExist,
+                                                                the values array must be empty. This array is replaced during a strategic
+                                                                merge patch.
+                                                              items:
+                                                                type: string
+                                                              type: array
+                                                              x-kubernetes-list-type: atomic
+                                                          required:
+                                                            - key
+                                                            - operator
+                                                          type: object
+                                                        type: array
+                                                        x-kubernetes-list-type: atomic
+                                                      matchLabels:
+                                                        additionalProperties:
+                                                          type: string
+                                                        description: |-
+                                                          matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+                                                          map is equivalent to an element of matchExpressions, whose key field is "key", the
+                                                          operator is "In", and the values array contains only "value". The requirements are ANDed.
+                                                        type: object
+                                                    type: object
+                                                    x-kubernetes-map-type: atomic
+                                                  namespaces:
+                                                    description: |-
+                                                      namespaces specifies a static list of namespace names that the term applies to.
+                                                      The term is applied to the union of the namespaces listed in this field
+                                                      and the ones selected by namespaceSelector.
+                                                      null or empty namespaces list and null namespaceSelector means "this pod's namespace".
+                                                    items:
+                                                      type: string
+                                                    type: array
+                                                    x-kubernetes-list-type: atomic
+                                                  topologyKey:
+                                                    description: |-
+                                                      This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching
+                                                      the labelSelector in the specified namespaces, where co-located is defined as running on a node
+                                                      whose value of the label with key topologyKey matches that of any node on which any of the
+                                                      selected pods is running.
+                                                      Empty topologyKey is not allowed.
+                                                    type: string
+                                                required:
+                                                  - topologyKey
+                                                type: object
+                                              weight:
+                                                description: |-
+                                                  weight associated with matching the corresponding podAffinityTerm,
+                                                  in the range 1-100.
+                                                format: int32
+                                                type: integer
+                                            required:
+                                              - podAffinityTerm
+                                              - weight
+                                            type: object
+                                          type: array
+                                          x-kubernetes-list-type: atomic
+                                        ? requiredDuringSchedulingIgnoredDuringExecution
+                                        : description: |-
+                                            If the affinity requirements specified by this field are not met at
+                                            scheduling time, the pod will not be scheduled onto the node.
+                                            If the affinity requirements specified by this field cease to be met
+                                            at some point during pod execution (e.g. due to a pod label update), the
+                                            system may or may not try to eventually evict the pod from its node.
+                                            When there are multiple elements, the lists of nodes corresponding to each
+                                            podAffinityTerm are intersected, i.e. all terms must be satisfied.
+                                          items:
+                                            description: |-
+                                              Defines a set of pods (namely those matching the labelSelector
+                                              relative to the given namespace(s)) that this pod should be
+                                              co-located (affinity) or not co-located (anti-affinity) with,
+                                              where co-located is defined as running on a node whose value of
+                                              the label with key <topologyKey> matches that of any node on which
+                                              a pod of the set of pods is running
+                                            properties:
+                                              labelSelector:
+                                                description: |-
+                                                  A label query over a set of resources, in this case pods.
+                                                  If it's null, this PodAffinityTerm matches with no Pods.
+                                                properties:
+                                                  matchExpressions:
+                                                    description:
+                                                      matchExpressions
+                                                      is
+                                                      a
+                                                      list
+                                                      of
+                                                      label
+                                                      selector
+                                                      requirements.
+                                                      The
+                                                      requirements
+                                                      are
+                                                      ANDed.
+                                                    items:
+                                                      description: |-
+                                                        A label selector requirement is a selector that contains values, a key, and an operator that
+                                                        relates the key and values.
+                                                      properties:
+                                                        key:
+                                                          description: key
+                                                            is
+                                                            the
+                                                            label
+                                                            key
+                                                            that
+                                                            the
+                                                            selector
+                                                            applies
+                                                            to.
+                                                          type: string
+                                                        operator:
+                                                          description: |-
+                                                            operator represents a key's relationship to a set of values.
+                                                            Valid operators are In, NotIn, Exists and DoesNotExist.
+                                                          type: string
+                                                        values:
+                                                          description: |-
+                                                            values is an array of string values. If the operator is In or NotIn,
+                                                            the values array must be non-empty. If the operator is Exists or DoesNotExist,
+                                                            the values array must be empty. This array is replaced during a strategic
+                                                            merge patch.
+                                                          items:
+                                                            type: string
+                                                          type: array
+                                                          x-kubernetes-list-type: atomic
+                                                      required:
+                                                        - key
+                                                        - operator
+                                                      type: object
+                                                    type: array
+                                                    x-kubernetes-list-type: atomic
+                                                  matchLabels:
+                                                    additionalProperties:
+                                                      type: string
+                                                    description: |-
+                                                      matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+                                                      map is equivalent to an element of matchExpressions, whose key field is "key", the
+                                                      operator is "In", and the values array contains only "value". The requirements are ANDed.
+                                                    type: object
+                                                type: object
+                                                x-kubernetes-map-type: atomic
+                                              matchLabelKeys:
+                                                description: |-
+                                                  MatchLabelKeys is a set of pod label keys to select which pods will
+                                                  be taken into consideration. The keys are used to lookup values from the
+                                                  incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`
+                                                  to select the group of existing pods which pods will be taken into consideration
+                                                  for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
+                                                  pod labels will be ignored. The default value is empty.
+                                                  The same key is forbidden to exist in both matchLabelKeys and labelSelector.
+                                                  Also, matchLabelKeys cannot be set when labelSelector isn't set.
+                                                  This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+                                                items:
+                                                  type: string
+                                                type: array
+                                                x-kubernetes-list-type: atomic
+                                              mismatchLabelKeys:
+                                                description: |-
+                                                  MismatchLabelKeys is a set of pod label keys to select which pods will
+                                                  be taken into consideration. The keys are used to lookup values from the
+                                                  incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`
+                                                  to select the group of existing pods which pods will be taken into consideration
+                                                  for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
+                                                  pod labels will be ignored. The default value is empty.
+                                                  The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.
+                                                  Also, mismatchLabelKeys cannot be set when labelSelector isn't set.
+                                                  This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+                                                items:
+                                                  type: string
+                                                type: array
+                                                x-kubernetes-list-type: atomic
+                                              namespaceSelector:
+                                                description: |-
+                                                  A label query over the set of namespaces that the term applies to.
+                                                  The term is applied to the union of the namespaces selected by this field
+                                                  and the ones listed in the namespaces field.
+                                                  null selector and null or empty namespaces list means "this pod's namespace".
+                                                  An empty selector ({}) matches all namespaces.
+                                                properties:
+                                                  matchExpressions:
+                                                    description:
+                                                      matchExpressions
+                                                      is
+                                                      a
+                                                      list
+                                                      of
+                                                      label
+                                                      selector
+                                                      requirements.
+                                                      The
+                                                      requirements
+                                                      are
+                                                      ANDed.
+                                                    items:
+                                                      description: |-
+                                                        A label selector requirement is a selector that contains values, a key, and an operator that
+                                                        relates the key and values.
+                                                      properties:
+                                                        key:
+                                                          description: key
+                                                            is
+                                                            the
+                                                            label
+                                                            key
+                                                            that
+                                                            the
+                                                            selector
+                                                            applies
+                                                            to.
+                                                          type: string
+                                                        operator:
+                                                          description: |-
+                                                            operator represents a key's relationship to a set of values.
+                                                            Valid operators are In, NotIn, Exists and DoesNotExist.
+                                                          type: string
+                                                        values:
+                                                          description: |-
+                                                            values is an array of string values. If the operator is In or NotIn,
+                                                            the values array must be non-empty. If the operator is Exists or DoesNotExist,
+                                                            the values array must be empty. This array is replaced during a strategic
+                                                            merge patch.
+                                                          items:
+                                                            type: string
+                                                          type: array
+                                                          x-kubernetes-list-type: atomic
+                                                      required:
+                                                        - key
+                                                        - operator
+                                                      type: object
+                                                    type: array
+                                                    x-kubernetes-list-type: atomic
+                                                  matchLabels:
+                                                    additionalProperties:
+                                                      type: string
+                                                    description: |-
+                                                      matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+                                                      map is equivalent to an element of matchExpressions, whose key field is "key", the
+                                                      operator is "In", and the values array contains only "value". The requirements are ANDed.
+                                                    type: object
+                                                type: object
+                                                x-kubernetes-map-type: atomic
+                                              namespaces:
+                                                description: |-
+                                                  namespaces specifies a static list of namespace names that the term applies to.
+                                                  The term is applied to the union of the namespaces listed in this field
+                                                  and the ones selected by namespaceSelector.
+                                                  null or empty namespaces list and null namespaceSelector means "this pod's namespace".
+                                                items:
+                                                  type: string
+                                                type: array
+                                                x-kubernetes-list-type: atomic
+                                              topologyKey:
+                                                description: |-
+                                                  This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching
+                                                  the labelSelector in the specified namespaces, where co-located is defined as running on a node
+                                                  whose value of the label with key topologyKey matches that of any node on which any of the
+                                                  selected pods is running.
+                                                  Empty topologyKey is not allowed.
+                                                type: string
+                                            required:
+                                              - topologyKey
+                                            type: object
+                                          type: array
+                                          x-kubernetes-list-type: atomic
+                                      type: object
+                                    podAntiAffinity:
+                                      description: Describes
+                                        pod anti-affinity
+                                        scheduling
+                                        rules
+                                        (e.g.
+                                        avoid
+                                        putting
+                                        this pod
+                                        in the
+                                        same node,
+                                        zone,
+                                        etc. as
+                                        some other
+                                        pod(s)).
+                                      properties:
+                                        ? preferredDuringSchedulingIgnoredDuringExecution
+                                        : description: |-
+                                            The scheduler will prefer to schedule pods to nodes that satisfy
+                                            the anti-affinity expressions specified by this field, but it may choose
+                                            a node that violates one or more of the expressions. The node that is
+                                            most preferred is the one with the greatest sum of weights, i.e.
+                                            for each node that meets all of the scheduling requirements (resource
+                                            request, requiredDuringScheduling anti-affinity expressions, etc.),
+                                            compute a sum by iterating through the elements of this field and adding
+                                            "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the
+                                            node(s) with the highest sum are the most preferred.
+                                          items:
+                                            description: The
+                                              weights
+                                              of
+                                              all
+                                              of
+                                              the
+                                              matched
+                                              WeightedPodAffinityTerm
+                                              fields
+                                              are
+                                              added
+                                              per-node
+                                              to
+                                              find
+                                              the
+                                              most
+                                              preferred
+                                              node(s)
+                                            properties:
+                                              podAffinityTerm:
+                                                description: Required.
+                                                  A
+                                                  pod
+                                                  affinity
+                                                  term,
+                                                  associated
+                                                  with
+                                                  the
+                                                  corresponding
+                                                  weight.
+                                                properties:
+                                                  labelSelector:
+                                                    description: |-
+                                                      A label query over a set of resources, in this case pods.
+                                                      If it's null, this PodAffinityTerm matches with no Pods.
+                                                    properties:
+                                                      matchExpressions:
+                                                        description:
+                                                          matchExpressions
+                                                          is
+                                                          a
+                                                          list
+                                                          of
+                                                          label
+                                                          selector
+                                                          requirements.
+                                                          The
+                                                          requirements
+                                                          are
+                                                          ANDed.
+                                                        items:
+                                                          description: |-
+                                                            A label selector requirement is a selector that contains values, a key, and an operator that
+                                                            relates the key and values.
+                                                          properties:
+                                                            key:
+                                                              description: key
+                                                                is
+                                                                the
+                                                                label
+                                                                key
+                                                                that
+                                                                the
+                                                                selector
+                                                                applies
+                                                                to.
+                                                              type: string
+                                                            operator:
+                                                              description: |-
+                                                                operator represents a key's relationship to a set of values.
+                                                                Valid operators are In, NotIn, Exists and DoesNotExist.
+                                                              type: string
+                                                            values:
+                                                              description: |-
+                                                                values is an array of string values. If the operator is In or NotIn,
+                                                                the values array must be non-empty. If the operator is Exists or DoesNotExist,
+                                                                the values array must be empty. This array is replaced during a strategic
+                                                                merge patch.
+                                                              items:
+                                                                type: string
+                                                              type: array
+                                                              x-kubernetes-list-type: atomic
+                                                          required:
+                                                            - key
+                                                            - operator
+                                                          type: object
+                                                        type: array
+                                                        x-kubernetes-list-type: atomic
+                                                      matchLabels:
+                                                        additionalProperties:
+                                                          type: string
+                                                        description: |-
+                                                          matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+                                                          map is equivalent to an element of matchExpressions, whose key field is "key", the
+                                                          operator is "In", and the values array contains only "value". The requirements are ANDed.
+                                                        type: object
+                                                    type: object
+                                                    x-kubernetes-map-type: atomic
+                                                  matchLabelKeys:
+                                                    description: |-
+                                                      MatchLabelKeys is a set of pod label keys to select which pods will
+                                                      be taken into consideration. The keys are used to lookup values from the
+                                                      incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`
+                                                      to select the group of existing pods which pods will be taken into consideration
+                                                      for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
+                                                      pod labels will be ignored. The default value is empty.
+                                                      The same key is forbidden to exist in both matchLabelKeys and labelSelector.
+                                                      Also, matchLabelKeys cannot be set when labelSelector isn't set.
+                                                      This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+                                                    items:
+                                                      type: string
+                                                    type: array
+                                                    x-kubernetes-list-type: atomic
+                                                  mismatchLabelKeys:
+                                                    description: |-
+                                                      MismatchLabelKeys is a set of pod label keys to select which pods will
+                                                      be taken into consideration. The keys are used to lookup values from the
+                                                      incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`
+                                                      to select the group of existing pods which pods will be taken into consideration
+                                                      for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
+                                                      pod labels will be ignored. The default value is empty.
+                                                      The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.
+                                                      Also, mismatchLabelKeys cannot be set when labelSelector isn't set.
+                                                      This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+                                                    items:
+                                                      type: string
+                                                    type: array
+                                                    x-kubernetes-list-type: atomic
+                                                  namespaceSelector:
+                                                    description: |-
+                                                      A label query over the set of namespaces that the term applies to.
+                                                      The term is applied to the union of the namespaces selected by this field
+                                                      and the ones listed in the namespaces field.
+                                                      null selector and null or empty namespaces list means "this pod's namespace".
+                                                      An empty selector ({}) matches all namespaces.
+                                                    properties:
+                                                      matchExpressions:
+                                                        description:
+                                                          matchExpressions
+                                                          is
+                                                          a
+                                                          list
+                                                          of
+                                                          label
+                                                          selector
+                                                          requirements.
+                                                          The
+                                                          requirements
+                                                          are
+                                                          ANDed.
+                                                        items:
+                                                          description: |-
+                                                            A label selector requirement is a selector that contains values, a key, and an operator that
+                                                            relates the key and values.
+                                                          properties:
+                                                            key:
+                                                              description: key
+                                                                is
+                                                                the
+                                                                label
+                                                                key
+                                                                that
+                                                                the
+                                                                selector
+                                                                applies
+                                                                to.
+                                                              type: string
+                                                            operator:
+                                                              description: |-
+                                                                operator represents a key's relationship to a set of values.
+                                                                Valid operators are In, NotIn, Exists and DoesNotExist.
+                                                              type: string
+                                                            values:
+                                                              description: |-
+                                                                values is an array of string values. If the operator is In or NotIn,
+                                                                the values array must be non-empty. If the operator is Exists or DoesNotExist,
+                                                                the values array must be empty. This array is replaced during a strategic
+                                                                merge patch.
+                                                              items:
+                                                                type: string
+                                                              type: array
+                                                              x-kubernetes-list-type: atomic
+                                                          required:
+                                                            - key
+                                                            - operator
+                                                          type: object
+                                                        type: array
+                                                        x-kubernetes-list-type: atomic
+                                                      matchLabels:
+                                                        additionalProperties:
+                                                          type: string
+                                                        description: |-
+                                                          matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+                                                          map is equivalent to an element of matchExpressions, whose key field is "key", the
+                                                          operator is "In", and the values array contains only "value". The requirements are ANDed.
+                                                        type: object
+                                                    type: object
+                                                    x-kubernetes-map-type: atomic
+                                                  namespaces:
+                                                    description: |-
+                                                      namespaces specifies a static list of namespace names that the term applies to.
+                                                      The term is applied to the union of the namespaces listed in this field
+                                                      and the ones selected by namespaceSelector.
+                                                      null or empty namespaces list and null namespaceSelector means "this pod's namespace".
+                                                    items:
+                                                      type: string
+                                                    type: array
+                                                    x-kubernetes-list-type: atomic
+                                                  topologyKey:
+                                                    description: |-
+                                                      This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching
+                                                      the labelSelector in the specified namespaces, where co-located is defined as running on a node
+                                                      whose value of the label with key topologyKey matches that of any node on which any of the
+                                                      selected pods is running.
+                                                      Empty topologyKey is not allowed.
+                                                    type: string
+                                                required:
+                                                  - topologyKey
+                                                type: object
+                                              weight:
+                                                description: |-
+                                                  weight associated with matching the corresponding podAffinityTerm,
+                                                  in the range 1-100.
+                                                format: int32
+                                                type: integer
+                                            required:
+                                              - podAffinityTerm
+                                              - weight
+                                            type: object
+                                          type: array
+                                          x-kubernetes-list-type: atomic
+                                        ? requiredDuringSchedulingIgnoredDuringExecution
+                                        : description: |-
+                                            If the anti-affinity requirements specified by this field are not met at
+                                            scheduling time, the pod will not be scheduled onto the node.
+                                            If the anti-affinity requirements specified by this field cease to be met
+                                            at some point during pod execution (e.g. due to a pod label update), the
+                                            system may or may not try to eventually evict the pod from its node.
+                                            When there are multiple elements, the lists of nodes corresponding to each
+                                            podAffinityTerm are intersected, i.e. all terms must be satisfied.
+                                          items:
+                                            description: |-
+                                              Defines a set of pods (namely those matching the labelSelector
+                                              relative to the given namespace(s)) that this pod should be
+                                              co-located (affinity) or not co-located (anti-affinity) with,
+                                              where co-located is defined as running on a node whose value of
+                                              the label with key <topologyKey> matches that of any node on which
+                                              a pod of the set of pods is running
+                                            properties:
+                                              labelSelector:
+                                                description: |-
+                                                  A label query over a set of resources, in this case pods.
+                                                  If it's null, this PodAffinityTerm matches with no Pods.
+                                                properties:
+                                                  matchExpressions:
+                                                    description:
+                                                      matchExpressions
+                                                      is
+                                                      a
+                                                      list
+                                                      of
+                                                      label
+                                                      selector
+                                                      requirements.
+                                                      The
+                                                      requirements
+                                                      are
+                                                      ANDed.
+                                                    items:
+                                                      description: |-
+                                                        A label selector requirement is a selector that contains values, a key, and an operator that
+                                                        relates the key and values.
+                                                      properties:
+                                                        key:
+                                                          description: key
+                                                            is
+                                                            the
+                                                            label
+                                                            key
+                                                            that
+                                                            the
+                                                            selector
+                                                            applies
+                                                            to.
+                                                          type: string
+                                                        operator:
+                                                          description: |-
+                                                            operator represents a key's relationship to a set of values.
+                                                            Valid operators are In, NotIn, Exists and DoesNotExist.
+                                                          type: string
+                                                        values:
+                                                          description: |-
+                                                            values is an array of string values. If the operator is In or NotIn,
+                                                            the values array must be non-empty. If the operator is Exists or DoesNotExist,
+                                                            the values array must be empty. This array is replaced during a strategic
+                                                            merge patch.
+                                                          items:
+                                                            type: string
+                                                          type: array
+                                                          x-kubernetes-list-type: atomic
+                                                      required:
+                                                        - key
+                                                        - operator
+                                                      type: object
+                                                    type: array
+                                                    x-kubernetes-list-type: atomic
+                                                  matchLabels:
+                                                    additionalProperties:
+                                                      type: string
+                                                    description: |-
+                                                      matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+                                                      map is equivalent to an element of matchExpressions, whose key field is "key", the
+                                                      operator is "In", and the values array contains only "value". The requirements are ANDed.
+                                                    type: object
+                                                type: object
+                                                x-kubernetes-map-type: atomic
+                                              matchLabelKeys:
+                                                description: |-
+                                                  MatchLabelKeys is a set of pod label keys to select which pods will
+                                                  be taken into consideration. The keys are used to lookup values from the
+                                                  incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`
+                                                  to select the group of existing pods which pods will be taken into consideration
+                                                  for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
+                                                  pod labels will be ignored. The default value is empty.
+                                                  The same key is forbidden to exist in both matchLabelKeys and labelSelector.
+                                                  Also, matchLabelKeys cannot be set when labelSelector isn't set.
+                                                  This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+                                                items:
+                                                  type: string
+                                                type: array
+                                                x-kubernetes-list-type: atomic
+                                              mismatchLabelKeys:
+                                                description: |-
+                                                  MismatchLabelKeys is a set of pod label keys to select which pods will
+                                                  be taken into consideration. The keys are used to lookup values from the
+                                                  incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`
+                                                  to select the group of existing pods which pods will be taken into consideration
+                                                  for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
+                                                  pod labels will be ignored. The default value is empty.
+                                                  The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.
+                                                  Also, mismatchLabelKeys cannot be set when labelSelector isn't set.
+                                                  This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+                                                items:
+                                                  type: string
+                                                type: array
+                                                x-kubernetes-list-type: atomic
+                                              namespaceSelector:
+                                                description: |-
+                                                  A label query over the set of namespaces that the term applies to.
+                                                  The term is applied to the union of the namespaces selected by this field
+                                                  and the ones listed in the namespaces field.
+                                                  null selector and null or empty namespaces list means "this pod's namespace".
+                                                  An empty selector ({}) matches all namespaces.
+                                                properties:
+                                                  matchExpressions:
+                                                    description:
+                                                      matchExpressions
+                                                      is
+                                                      a
+                                                      list
+                                                      of
+                                                      label
+                                                      selector
+                                                      requirements.
+                                                      The
+                                                      requirements
+                                                      are
+                                                      ANDed.
+                                                    items:
+                                                      description: |-
+                                                        A label selector requirement is a selector that contains values, a key, and an operator that
+                                                        relates the key and values.
+                                                      properties:
+                                                        key:
+                                                          description: key
+                                                            is
+                                                            the
+                                                            label
+                                                            key
+                                                            that
+                                                            the
+                                                            selector
+                                                            applies
+                                                            to.
+                                                          type: string
+                                                        operator:
+                                                          description: |-
+                                                            operator represents a key's relationship to a set of values.
+                                                            Valid operators are In, NotIn, Exists and DoesNotExist.
+                                                          type: string
+                                                        values:
+                                                          description: |-
+                                                            values is an array of string values. If the operator is In or NotIn,
+                                                            the values array must be non-empty. If the operator is Exists or DoesNotExist,
+                                                            the values array must be empty. This array is replaced during a strategic
+                                                            merge patch.
+                                                          items:
+                                                            type: string
+                                                          type: array
+                                                          x-kubernetes-list-type: atomic
+                                                      required:
+                                                        - key
+                                                        - operator
+                                                      type: object
+                                                    type: array
+                                                    x-kubernetes-list-type: atomic
+                                                  matchLabels:
+                                                    additionalProperties:
+                                                      type: string
+                                                    description: |-
+                                                      matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+                                                      map is equivalent to an element of matchExpressions, whose key field is "key", the
+                                                      operator is "In", and the values array contains only "value". The requirements are ANDed.
+                                                    type: object
+                                                type: object
+                                                x-kubernetes-map-type: atomic
+                                              namespaces:
+                                                description: |-
+                                                  namespaces specifies a static list of namespace names that the term applies to.
+                                                  The term is applied to the union of the namespaces listed in this field
+                                                  and the ones selected by namespaceSelector.
+                                                  null or empty namespaces list and null namespaceSelector means "this pod's namespace".
+                                                items:
+                                                  type: string
+                                                type: array
+                                                x-kubernetes-list-type: atomic
+                                              topologyKey:
+                                                description: |-
+                                                  This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching
+                                                  the labelSelector in the specified namespaces, where co-located is defined as running on a node
+                                                  whose value of the label with key topologyKey matches that of any node on which any of the
+                                                  selected pods is running.
+                                                  Empty topologyKey is not allowed.
+                                                type: string
+                                            required:
+                                              - topologyKey
+                                            type: object
+                                          type: array
+                                          x-kubernetes-list-type: atomic
+                                      type: object
+                                  type: object
+                                automountServiceAccountToken:
+                                  description: AutomountServiceAccountToken
+                                    indicates whether
+                                    a service account
+                                    token should be
+                                    automatically
+                                    mounted.
+                                  type: boolean
+                                containers:
+                                  description: List
+                                    of containers
+                                    belonging to the
+                                    pod.
+                                  items:
+                                    description: A
+                                      single application
+                                      container
+                                      that you want
+                                      to run within
+                                      a pod.
+                                    properties:
+                                      args:
+                                        description: |-
+                                          Arguments to the entrypoint.
+                                          The container image's CMD is used if this is not provided.
+                                          Variable references $(VAR_NAME) are expanded using the container's environment. If a variable
+                                          cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced
+                                          to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will
+                                          produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless
+                                          of whether the variable exists or not. Cannot be updated.
+                                          More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell
+                                        items:
+                                          type: string
+                                        type: array
+                                        x-kubernetes-list-type: atomic
+                                      command:
+                                        description: |-
+                                          Entrypoint array. Not executed within a shell.
+                                          The container image's ENTRYPOINT is used if this is not provided.
+                                          Variable references $(VAR_NAME) are expanded using the container's environment. If a variable
+                                          cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced
+                                          to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will
+                                          produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless
+                                          of whether the variable exists or not. Cannot be updated.
+                                          More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell
+                                        items:
+                                          type: string
+                                        type: array
+                                        x-kubernetes-list-type: atomic
+                                      env:
+                                        description: |-
+                                          List of environment variables to set in the container.
+                                          Cannot be updated.
+                                        items:
+                                          description: EnvVar
+                                            represents
+                                            an
+                                            environment
+                                            variable
+                                            present
+                                            in
+                                            a
+                                            Container.
+                                          properties:
+                                            name:
+                                              description: Name
+                                                of
+                                                the
+                                                environment
+                                                variable.
+                                                Must
+                                                be
+                                                a
+                                                C_IDENTIFIER.
+                                              type: string
+                                            value:
+                                              description: |-
+                                                Variable references $(VAR_NAME) are expanded
+                                                using the previously defined environment variables in the container and
+                                                any service environment variables. If a variable cannot be resolved,
+                                                the reference in the input string will be unchanged. Double $$ are reduced
+                                                to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e.
+                                                "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)".
+                                                Escaped references will never be expanded, regardless of whether the variable
+                                                exists or not.
+                                                Defaults to "".
+                                              type: string
+                                            valueFrom:
+                                              description: Source
+                                                for
+                                                the
+                                                environment
+                                                variable's
+                                                value.
+                                                Cannot
+                                                be
+                                                used
+                                                if
+                                                value
+                                                is
+                                                not
+                                                empty.
+                                              properties:
+                                                configMapKeyRef:
+                                                  description: Selects
+                                                    a
+                                                    key
+                                                    of
+                                                    a
+                                                    ConfigMap.
+                                                  properties:
+                                                    key:
+                                                      description: The
+                                                        key
+                                                        to
+                                                        select.
+                                                      type: string
+                                                    name:
+                                                      default: ""
+                                                      description: |-
+                                                        Name of the referent.
+                                                        This field is effectively required, but due to backwards compatibility is
+                                                        allowed to be empty. Instances of this type with an empty value here are
+                                                        almost certainly wrong.
+                                                        TODO: Add other useful fields. apiVersion, kind, uid?
+                                                        More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+                                                        TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
+                                                      type: string
+                                                    optional:
+                                                      description: Specify
+                                                        whether
+                                                        the
+                                                        ConfigMap
+                                                        or
+                                                        its
+                                                        key
+                                                        must
+                                                        be
+                                                        defined
+                                                      type: boolean
+                                                  required:
+                                                    - key
+                                                  type: object
+                                                  x-kubernetes-map-type: atomic
+                                                fieldRef:
+                                                  description: |-
+                                                    Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['<KEY>']`, `metadata.annotations['<KEY>']`,
+                                                    spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.
+                                                  properties:
+                                                    apiVersion:
+                                                      description: Version
+                                                        of
+                                                        the
+                                                        schema
+                                                        the
+                                                        FieldPath
+                                                        is
+                                                        written
+                                                        in
+                                                        terms
+                                                        of,
+                                                        defaults
+                                                        to
+                                                        "v1".
+                                                      type: string
+                                                    fieldPath:
+                                                      description: Path
+                                                        of
+                                                        the
+                                                        field
+                                                        to
+                                                        select
+                                                        in
+                                                        the
+                                                        specified
+                                                        API
+                                                        version.
+                                                      type: string
+                                                  required:
+                                                    - fieldPath
+                                                  type: object
+                                                  x-kubernetes-map-type: atomic
+                                                resourceFieldRef:
+                                                  description: |-
+                                                    Selects a resource of the container: only resources limits and requests
+                                                    (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.
+                                                  properties:
+                                                    containerName:
+                                                      description: "Container
+                                                        name:
+                                                        required
+                                                        for
+                                                        volumes,
+                                                        optional
+                                                        for
+                                                        env
+                                                        vars"
+                                                      type: string
+                                                    divisor:
+                                                      anyOf:
+                                                        - type: integer
+                                                        - type: string
+                                                      description: Specifies
+                                                        the
+                                                        output
+                                                        format
+                                                        of
+                                                        the
+                                                        exposed
+                                                        resources,
+                                                        defaults
+                                                        to
+                                                        "1"
+                                                      pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                                      x-kubernetes-int-or-string: true
+                                                    resource:
+                                                      description: "Required:
+                                                        resource
+                                                        to
+                                                        select"
+                                                      type: string
+                                                  required:
+                                                    - resource
+                                                  type: object
+                                                  x-kubernetes-map-type: atomic
+                                                secretKeyRef:
+                                                  description: Selects
+                                                    a
+                                                    key
+                                                    of
+                                                    a
+                                                    secret
+                                                    in
+                                                    the
+                                                    pod's
+                                                    namespace
+                                                  properties:
+                                                    key:
+                                                      description: The
+                                                        key
+                                                        of
+                                                        the
+                                                        secret
+                                                        to
+                                                        select
+                                                        from.  Must
+                                                        be
+                                                        a
+                                                        valid
+                                                        secret
+                                                        key.
+                                                      type: string
+                                                    name:
+                                                      default: ""
+                                                      description: |-
+                                                        Name of the referent.
+                                                        This field is effectively required, but due to backwards compatibility is
+                                                        allowed to be empty. Instances of this type with an empty value here are
+                                                        almost certainly wrong.
+                                                        TODO: Add other useful fields. apiVersion, kind, uid?
+                                                        More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+                                                        TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
+                                                      type: string
+                                                    optional:
+                                                      description: Specify
+                                                        whether
+                                                        the
+                                                        Secret
+                                                        or
+                                                        its
+                                                        key
+                                                        must
+                                                        be
+                                                        defined
+                                                      type: boolean
+                                                  required:
+                                                    - key
+                                                  type: object
+                                                  x-kubernetes-map-type: atomic
+                                              type: object
+                                          required:
+                                            - name
+                                          type: object
+                                        type: array
+                                        x-kubernetes-list-map-keys:
+                                          - name
+                                        x-kubernetes-list-type: map
+                                      envFrom:
+                                        description: |-
+                                          List of sources to populate environment variables in the container.
+                                          The keys defined within a source must be a C_IDENTIFIER. All invalid keys
+                                          will be reported as an event when the container is starting. When a key exists in multiple
+                                          sources, the value associated with the last source will take precedence.
+                                          Values defined by an Env with a duplicate key will take precedence.
+                                          Cannot be updated.
+                                        items:
+                                          description: EnvFromSource
+                                            represents
+                                            the
+                                            source
+                                            of
+                                            a
+                                            set
+                                            of
+                                            ConfigMaps
+                                          properties:
+                                            configMapRef:
+                                              description: The
+                                                ConfigMap
+                                                to
+                                                select
+                                                from
+                                              properties:
+                                                name:
+                                                  default: ""
+                                                  description: |-
+                                                    Name of the referent.
+                                                    This field is effectively required, but due to backwards compatibility is
+                                                    allowed to be empty. Instances of this type with an empty value here are
+                                                    almost certainly wrong.
+                                                    TODO: Add other useful fields. apiVersion, kind, uid?
+                                                    More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+                                                    TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
+                                                  type: string
+                                                optional:
+                                                  description: Specify
+                                                    whether
+                                                    the
+                                                    ConfigMap
+                                                    must
+                                                    be
+                                                    defined
+                                                  type: boolean
+                                              type: object
+                                              x-kubernetes-map-type: atomic
+                                            prefix:
+                                              description: An
+                                                optional
+                                                identifier
+                                                to
+                                                prepend
+                                                to
+                                                each
+                                                key
+                                                in
+                                                the
+                                                ConfigMap.
+                                                Must
+                                                be
+                                                a
+                                                C_IDENTIFIER.
+                                              type: string
+                                            secretRef:
+                                              description: The
+                                                Secret
+                                                to
+                                                select
+                                                from
+                                              properties:
+                                                name:
+                                                  default: ""
+                                                  description: |-
+                                                    Name of the referent.
+                                                    This field is effectively required, but due to backwards compatibility is
+                                                    allowed to be empty. Instances of this type with an empty value here are
+                                                    almost certainly wrong.
+                                                    TODO: Add other useful fields. apiVersion, kind, uid?
+                                                    More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+                                                    TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
+                                                  type: string
+                                                optional:
+                                                  description: Specify
+                                                    whether
+                                                    the
+                                                    Secret
+                                                    must
+                                                    be
+                                                    defined
+                                                  type: boolean
+                                              type: object
+                                              x-kubernetes-map-type: atomic
+                                          type: object
+                                        type: array
+                                        x-kubernetes-list-type: atomic
+                                      image:
+                                        description: |-
+                                          Container image name.
+                                          More info: https://kubernetes.io/docs/concepts/containers/images
+                                          This field is optional to allow higher level config management to default or override
+                                          container images in workload controllers like Deployments and StatefulSets.
+                                        type: string
+                                      imagePullPolicy:
+                                        description: |-
+                                          Image pull policy.
+                                          One of Always, Never, IfNotPresent.
+                                          Defaults to Always if :latest tag is specified, or IfNotPresent otherwise.
+                                          Cannot be updated.
+                                          More info: https://kubernetes.io/docs/concepts/containers/images#updating-images
+                                        type: string
+                                      lifecycle:
+                                        description: |-
+                                          Actions that the management system should take in response to container lifecycle events.
+                                          Cannot be updated.
+                                        properties:
+                                          postStart:
+                                            description: |-
+                                              PostStart is called immediately after a container is created. If the handler fails,
+                                              the container is terminated and restarted according to its restart policy.
+                                              Other management of the container blocks until the hook completes.
+                                              More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks
+                                            properties:
+                                              exec:
+                                                description: Exec
+                                                  specifies
+                                                  the
+                                                  action
+                                                  to
+                                                  take.
+                                                properties:
+                                                  command:
+                                                    description: |-
+                                                      Command is the command line to execute inside the container, the working directory for the
+                                                      command  is root ('/') in the container's filesystem. The command is simply exec'd, it is
+                                                      not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use
+                                                      a shell, you need to explicitly call out to that shell.
+                                                      Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
+                                                    items:
+                                                      type: string
+                                                    type: array
+                                                    x-kubernetes-list-type: atomic
+                                                type: object
+                                              httpGet:
+                                                description: HTTPGet
+                                                  specifies
+                                                  the
+                                                  http
+                                                  request
+                                                  to
+                                                  perform.
+                                                properties:
+                                                  host:
+                                                    description: |-
+                                                      Host name to connect to, defaults to the pod IP. You probably want to set
+                                                      "Host" in httpHeaders instead.
+                                                    type: string
+                                                  httpHeaders:
+                                                    description: Custom
+                                                      headers
+                                                      to
+                                                      set
+                                                      in
+                                                      the
+                                                      request.
+                                                      HTTP
+                                                      allows
+                                                      repeated
+                                                      headers.
+                                                    items:
+                                                      description: HTTPHeader
+                                                        describes
+                                                        a
+                                                        custom
+                                                        header
+                                                        to
+                                                        be
+                                                        used
+                                                        in
+                                                        HTTP
+                                                        probes
+                                                      properties:
+                                                        name:
+                                                          description: |-
+                                                            The header field name.
+                                                            This will be canonicalized upon output, so case-variant names will be understood as the same header.
+                                                          type: string
+                                                        value:
+                                                          description: The
+                                                            header
+                                                            field
+                                                            value
+                                                          type: string
+                                                      required:
+                                                        - name
+                                                        - value
+                                                      type: object
+                                                    type: array
+                                                    x-kubernetes-list-type: atomic
+                                                  path:
+                                                    description: Path
+                                                      to
+                                                      access
+                                                      on
+                                                      the
+                                                      HTTP
+                                                      server.
+                                                    type: string
+                                                  port:
+                                                    anyOf:
+                                                      - type: integer
+                                                      - type: string
+                                                    description: |-
+                                                      Name or number of the port to access on the container.
+                                                      Number must be in the range 1 to 65535.
+                                                      Name must be an IANA_SVC_NAME.
+                                                    x-kubernetes-int-or-string: true
+                                                  scheme:
+                                                    description: |-
+                                                      Scheme to use for connecting to the host.
+                                                      Defaults to HTTP.
+                                                    type: string
+                                                required:
+                                                  - port
+                                                type: object
+                                              sleep:
+                                                description: Sleep
+                                                  represents
+                                                  the
+                                                  duration
+                                                  that
+                                                  the
+                                                  container
+                                                  should
+                                                  sleep
+                                                  before
+                                                  being
+                                                  terminated.
+                                                properties:
+                                                  seconds:
+                                                    description: Seconds
+                                                      is
+                                                      the
+                                                      number
+                                                      of
+                                                      seconds
+                                                      to
+                                                      sleep.
+                                                    format: int64
+                                                    type: integer
+                                                required:
+                                                  - seconds
+                                                type: object
+                                              tcpSocket:
+                                                description: |-
+                                                  Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept
+                                                  for the backward compatibility. There are no validation of this field and
+                                                  lifecycle hooks will fail in runtime when tcp handler is specified.
+                                                properties:
+                                                  host:
+                                                    description: "Optional:
+                                                      Host
+                                                      name
+                                                      to
+                                                      connect
+                                                      to,
+                                                      defaults
+                                                      to
+                                                      the
+                                                      pod
+                                                      IP."
+                                                    type: string
+                                                  port:
+                                                    anyOf:
+                                                      - type: integer
+                                                      - type: string
+                                                    description: |-
+                                                      Number or name of the port to access on the container.
+                                                      Number must be in the range 1 to 65535.
+                                                      Name must be an IANA_SVC_NAME.
+                                                    x-kubernetes-int-or-string: true
+                                                required:
+                                                  - port
+                                                type: object
+                                            type: object
+                                          preStop:
+                                            description: |-
+                                              PreStop is called immediately before a container is terminated due to an
+                                              API request or management event such as liveness/startup probe failure,
+                                              preemption, resource contention, etc. The handler is not called if the
+                                              container crashes or exits. The Pod's termination grace period countdown begins before the
+                                              PreStop hook is executed. Regardless of the outcome of the handler, the
+                                              container will eventually terminate within the Pod's termination grace
+                                              period (unless delayed by finalizers). Other management of the container blocks until the hook completes
+                                              or until the termination grace period is reached.
+                                              More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks
+                                            properties:
+                                              exec:
+                                                description: Exec
+                                                  specifies
+                                                  the
+                                                  action
+                                                  to
+                                                  take.
+                                                properties:
+                                                  command:
+                                                    description: |-
+                                                      Command is the command line to execute inside the container, the working directory for the
+                                                      command  is root ('/') in the container's filesystem. The command is simply exec'd, it is
+                                                      not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use
+                                                      a shell, you need to explicitly call out to that shell.
+                                                      Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
+                                                    items:
+                                                      type: string
+                                                    type: array
+                                                    x-kubernetes-list-type: atomic
+                                                type: object
+                                              httpGet:
+                                                description: HTTPGet
+                                                  specifies
+                                                  the
+                                                  http
+                                                  request
+                                                  to
+                                                  perform.
+                                                properties:
+                                                  host:
+                                                    description: |-
+                                                      Host name to connect to, defaults to the pod IP. You probably want to set
+                                                      "Host" in httpHeaders instead.
+                                                    type: string
+                                                  httpHeaders:
+                                                    description: Custom
+                                                      headers
+                                                      to
+                                                      set
+                                                      in
+                                                      the
+                                                      request.
+                                                      HTTP
+                                                      allows
+                                                      repeated
+                                                      headers.
+                                                    items:
+                                                      description: HTTPHeader
+                                                        describes
+                                                        a
+                                                        custom
+                                                        header
+                                                        to
+                                                        be
+                                                        used
+                                                        in
+                                                        HTTP
+                                                        probes
+                                                      properties:
+                                                        name:
+                                                          description: |-
+                                                            The header field name.
+                                                            This will be canonicalized upon output, so case-variant names will be understood as the same header.
+                                                          type: string
+                                                        value:
+                                                          description: The
+                                                            header
+                                                            field
+                                                            value
+                                                          type: string
+                                                      required:
+                                                        - name
+                                                        - value
+                                                      type: object
+                                                    type: array
+                                                    x-kubernetes-list-type: atomic
+                                                  path:
+                                                    description: Path
+                                                      to
+                                                      access
+                                                      on
+                                                      the
+                                                      HTTP
+                                                      server.
+                                                    type: string
+                                                  port:
+                                                    anyOf:
+                                                      - type: integer
+                                                      - type: string
+                                                    description: |-
+                                                      Name or number of the port to access on the container.
+                                                      Number must be in the range 1 to 65535.
+                                                      Name must be an IANA_SVC_NAME.
+                                                    x-kubernetes-int-or-string: true
+                                                  scheme:
+                                                    description: |-
+                                                      Scheme to use for connecting to the host.
+                                                      Defaults to HTTP.
+                                                    type: string
+                                                required:
+                                                  - port
+                                                type: object
+                                              sleep:
+                                                description: Sleep
+                                                  represents
+                                                  the
+                                                  duration
+                                                  that
+                                                  the
+                                                  container
+                                                  should
+                                                  sleep
+                                                  before
+                                                  being
+                                                  terminated.
+                                                properties:
+                                                  seconds:
+                                                    description: Seconds
+                                                      is
+                                                      the
+                                                      number
+                                                      of
+                                                      seconds
+                                                      to
+                                                      sleep.
+                                                    format: int64
+                                                    type: integer
+                                                required:
+                                                  - seconds
+                                                type: object
+                                              tcpSocket:
+                                                description: |-
+                                                  Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept
+                                                  for the backward compatibility. There are no validation of this field and
+                                                  lifecycle hooks will fail in runtime when tcp handler is specified.
+                                                properties:
+                                                  host:
+                                                    description: "Optional:
+                                                      Host
+                                                      name
+                                                      to
+                                                      connect
+                                                      to,
+                                                      defaults
+                                                      to
+                                                      the
+                                                      pod
+                                                      IP."
+                                                    type: string
+                                                  port:
+                                                    anyOf:
+                                                      - type: integer
+                                                      - type: string
+                                                    description: |-
+                                                      Number or name of the port to access on the container.
+                                                      Number must be in the range 1 to 65535.
+                                                      Name must be an IANA_SVC_NAME.
+                                                    x-kubernetes-int-or-string: true
+                                                required:
+                                                  - port
+                                                type: object
+                                            type: object
+                                        type: object
+                                      livenessProbe:
+                                        description: |-
+                                          Periodic probe of container liveness.
+                                          Container will be restarted if the probe fails.
+                                          Cannot be updated.
+                                          More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+                                        properties:
+                                          exec:
+                                            description: Exec
+                                              specifies
+                                              the
+                                              action
+                                              to
+                                              take.
+                                            properties:
+                                              command:
+                                                description: |-
+                                                  Command is the command line to execute inside the container, the working directory for the
+                                                  command  is root ('/') in the container's filesystem. The command is simply exec'd, it is
+                                                  not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use
+                                                  a shell, you need to explicitly call out to that shell.
+                                                  Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
+                                                items:
+                                                  type: string
+                                                type: array
+                                                x-kubernetes-list-type: atomic
+                                            type: object
+                                          failureThreshold:
+                                            description: |-
+                                              Minimum consecutive failures for the probe to be considered failed after having succeeded.
+                                              Defaults to 3. Minimum value is 1.
+                                            format: int32
+                                            type: integer
+                                          grpc:
+                                            description: GRPC
+                                              specifies
+                                              an
+                                              action
+                                              involving
+                                              a
+                                              GRPC
+                                              port.
+                                            properties:
+                                              port:
+                                                description: Port
+                                                  number
+                                                  of
+                                                  the
+                                                  gRPC
+                                                  service.
+                                                  Number
+                                                  must
+                                                  be
+                                                  in
+                                                  the
+                                                  range
+                                                  1
+                                                  to
+                                                  65535.
+                                                format: int32
+                                                type: integer
+                                              service:
+                                                description: |-
+                                                  Service is the name of the service to place in the gRPC HealthCheckRequest
+                                                  (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
+
+
+                                                  If this is not specified, the default behavior is defined by gRPC.
+                                                type: string
+                                            required:
+                                              - port
+                                            type: object
+                                          httpGet:
+                                            description: HTTPGet
+                                              specifies
+                                              the
+                                              http
+                                              request
+                                              to
+                                              perform.
+                                            properties:
+                                              host:
+                                                description: |-
+                                                  Host name to connect to, defaults to the pod IP. You probably want to set
+                                                  "Host" in httpHeaders instead.
+                                                type: string
+                                              httpHeaders:
+                                                description: Custom
+                                                  headers
+                                                  to
+                                                  set
+                                                  in
+                                                  the
+                                                  request.
+                                                  HTTP
+                                                  allows
+                                                  repeated
+                                                  headers.
+                                                items:
+                                                  description: HTTPHeader
+                                                    describes
+                                                    a
+                                                    custom
+                                                    header
+                                                    to
+                                                    be
+                                                    used
+                                                    in
+                                                    HTTP
+                                                    probes
+                                                  properties:
+                                                    name:
+                                                      description: |-
+                                                        The header field name.
+                                                        This will be canonicalized upon output, so case-variant names will be understood as the same header.
+                                                      type: string
+                                                    value:
+                                                      description: The
+                                                        header
+                                                        field
+                                                        value
+                                                      type: string
+                                                  required:
+                                                    - name
+                                                    - value
+                                                  type: object
+                                                type: array
+                                                x-kubernetes-list-type: atomic
+                                              path:
+                                                description: Path
+                                                  to
+                                                  access
+                                                  on
+                                                  the
+                                                  HTTP
+                                                  server.
+                                                type: string
+                                              port:
+                                                anyOf:
+                                                  - type: integer
+                                                  - type: string
+                                                description: |-
+                                                  Name or number of the port to access on the container.
+                                                  Number must be in the range 1 to 65535.
+                                                  Name must be an IANA_SVC_NAME.
+                                                x-kubernetes-int-or-string: true
+                                              scheme:
+                                                description: |-
+                                                  Scheme to use for connecting to the host.
+                                                  Defaults to HTTP.
+                                                type: string
+                                            required:
+                                              - port
+                                            type: object
+                                          initialDelaySeconds:
+                                            description: |-
+                                              Number of seconds after the container has started before liveness probes are initiated.
+                                              More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+                                            format: int32
+                                            type: integer
+                                          periodSeconds:
+                                            description: |-
+                                              How often (in seconds) to perform the probe.
+                                              Default to 10 seconds. Minimum value is 1.
+                                            format: int32
+                                            type: integer
+                                          successThreshold:
+                                            description: |-
+                                              Minimum consecutive successes for the probe to be considered successful after having failed.
+                                              Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.
+                                            format: int32
+                                            type: integer
+                                          tcpSocket:
+                                            description: TCPSocket
+                                              specifies
+                                              an
+                                              action
+                                              involving
+                                              a
+                                              TCP
+                                              port.
+                                            properties:
+                                              host:
+                                                description: "Optional:
+                                                  Host
+                                                  name
+                                                  to
+                                                  connect
+                                                  to,
+                                                  defaults
+                                                  to
+                                                  the
+                                                  pod
+                                                  IP."
+                                                type: string
+                                              port:
+                                                anyOf:
+                                                  - type: integer
+                                                  - type: string
+                                                description: |-
+                                                  Number or name of the port to access on the container.
+                                                  Number must be in the range 1 to 65535.
+                                                  Name must be an IANA_SVC_NAME.
+                                                x-kubernetes-int-or-string: true
+                                            required:
+                                              - port
+                                            type: object
+                                          terminationGracePeriodSeconds:
+                                            description: |-
+                                              Optional duration in seconds the pod needs to terminate gracefully upon probe failure.
+                                              The grace period is the duration in seconds after the processes running in the pod are sent
+                                              a termination signal and the time when the processes are forcibly halted with a kill signal.
+                                              Set this value longer than the expected cleanup time for your process.
+                                              If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this
+                                              value overrides the value provided by the pod spec.
+                                              Value must be non-negative integer. The value zero indicates stop immediately via
+                                              the kill signal (no opportunity to shut down).
+                                              This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate.
+                                              Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.
+                                            format: int64
+                                            type: integer
+                                          timeoutSeconds:
+                                            description: |-
+                                              Number of seconds after which the probe times out.
+                                              Defaults to 1 second. Minimum value is 1.
+                                              More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+                                            format: int32
+                                            type: integer
+                                        type: object
+                                      name:
+                                        description: |-
+                                          Name of the container specified as a DNS_LABEL.
+                                          Each container in a pod must have a unique name (DNS_LABEL).
+                                          Cannot be updated.
+                                        type: string
+                                      ports:
+                                        description: |-
+                                          List of ports to expose from the container. Not specifying a port here
+                                          DOES NOT prevent that port from being exposed. Any port which is
+                                          listening on the default "0.0.0.0" address inside a container will be
+                                          accessible from the network.
+                                          Modifying this array with strategic merge patch may corrupt the data.
+                                          For more information See https://github.com/kubernetes/kubernetes/issues/108255.
+                                          Cannot be updated.
+                                        items:
+                                          description: ContainerPort
+                                            represents
+                                            a
+                                            network
+                                            port
+                                            in
+                                            a
+                                            single
+                                            container.
+                                          properties:
+                                            containerPort:
+                                              description: |-
+                                                Number of port to expose on the pod's IP address.
+                                                This must be a valid port number, 0 < x < 65536.
+                                              format: int32
+                                              type: integer
+                                            hostIP:
+                                              description: What
+                                                host
+                                                IP
+                                                to
+                                                bind
+                                                the
+                                                external
+                                                port
+                                                to.
+                                              type: string
+                                            hostPort:
+                                              description: |-
+                                                Number of port to expose on the host.
+                                                If specified, this must be a valid port number, 0 < x < 65536.
+                                                If HostNetwork is specified, this must match ContainerPort.
+                                                Most containers do not need this.
+                                              format: int32
+                                              type: integer
+                                            name:
+                                              description: |-
+                                                If specified, this must be an IANA_SVC_NAME and unique within the pod. Each
+                                                named port in a pod must have a unique name. Name for the port that can be
+                                                referred to by services.
+                                              type: string
+                                            protocol:
+                                              default: TCP
+                                              description: |-
+                                                Protocol for port. Must be UDP, TCP, or SCTP.
+                                                Defaults to "TCP".
+                                              type: string
+                                          required:
+                                            - containerPort
+                                          type: object
+                                        type: array
+                                        x-kubernetes-list-map-keys:
+                                          - containerPort
+                                          - protocol
+                                        x-kubernetes-list-type: map
+                                      readinessProbe:
+                                        description: |-
+                                          Periodic probe of container service readiness.
+                                          Container will be removed from service endpoints if the probe fails.
+                                          Cannot be updated.
+                                          More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+                                        properties:
+                                          exec:
+                                            description: Exec
+                                              specifies
+                                              the
+                                              action
+                                              to
+                                              take.
+                                            properties:
+                                              command:
+                                                description: |-
+                                                  Command is the command line to execute inside the container, the working directory for the
+                                                  command  is root ('/') in the container's filesystem. The command is simply exec'd, it is
+                                                  not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use
+                                                  a shell, you need to explicitly call out to that shell.
+                                                  Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
+                                                items:
+                                                  type: string
+                                                type: array
+                                                x-kubernetes-list-type: atomic
+                                            type: object
+                                          failureThreshold:
+                                            description: |-
+                                              Minimum consecutive failures for the probe to be considered failed after having succeeded.
+                                              Defaults to 3. Minimum value is 1.
+                                            format: int32
+                                            type: integer
+                                          grpc:
+                                            description: GRPC
+                                              specifies
+                                              an
+                                              action
+                                              involving
+                                              a
+                                              GRPC
+                                              port.
+                                            properties:
+                                              port:
+                                                description: Port
+                                                  number
+                                                  of
+                                                  the
+                                                  gRPC
+                                                  service.
+                                                  Number
+                                                  must
+                                                  be
+                                                  in
+                                                  the
+                                                  range
+                                                  1
+                                                  to
+                                                  65535.
+                                                format: int32
+                                                type: integer
+                                              service:
+                                                description: |-
+                                                  Service is the name of the service to place in the gRPC HealthCheckRequest
+                                                  (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
+
+
+                                                  If this is not specified, the default behavior is defined by gRPC.
+                                                type: string
+                                            required:
+                                              - port
+                                            type: object
+                                          httpGet:
+                                            description: HTTPGet
+                                              specifies
+                                              the
+                                              http
+                                              request
+                                              to
+                                              perform.
+                                            properties:
+                                              host:
+                                                description: |-
+                                                  Host name to connect to, defaults to the pod IP. You probably want to set
+                                                  "Host" in httpHeaders instead.
+                                                type: string
+                                              httpHeaders:
+                                                description: Custom
+                                                  headers
+                                                  to
+                                                  set
+                                                  in
+                                                  the
+                                                  request.
+                                                  HTTP
+                                                  allows
+                                                  repeated
+                                                  headers.
+                                                items:
+                                                  description: HTTPHeader
+                                                    describes
+                                                    a
+                                                    custom
+                                                    header
+                                                    to
+                                                    be
+                                                    used
+                                                    in
+                                                    HTTP
+                                                    probes
+                                                  properties:
+                                                    name:
+                                                      description: |-
+                                                        The header field name.
+                                                        This will be canonicalized upon output, so case-variant names will be understood as the same header.
+                                                      type: string
+                                                    value:
+                                                      description: The
+                                                        header
+                                                        field
+                                                        value
+                                                      type: string
+                                                  required:
+                                                    - name
+                                                    - value
+                                                  type: object
+                                                type: array
+                                                x-kubernetes-list-type: atomic
+                                              path:
+                                                description: Path
+                                                  to
+                                                  access
+                                                  on
+                                                  the
+                                                  HTTP
+                                                  server.
+                                                type: string
+                                              port:
+                                                anyOf:
+                                                  - type: integer
+                                                  - type: string
+                                                description: |-
+                                                  Name or number of the port to access on the container.
+                                                  Number must be in the range 1 to 65535.
+                                                  Name must be an IANA_SVC_NAME.
+                                                x-kubernetes-int-or-string: true
+                                              scheme:
+                                                description: |-
+                                                  Scheme to use for connecting to the host.
+                                                  Defaults to HTTP.
+                                                type: string
+                                            required:
+                                              - port
+                                            type: object
+                                          initialDelaySeconds:
+                                            description: |-
+                                              Number of seconds after the container has started before liveness probes are initiated.
+                                              More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+                                            format: int32
+                                            type: integer
+                                          periodSeconds:
+                                            description: |-
+                                              How often (in seconds) to perform the probe.
+                                              Default to 10 seconds. Minimum value is 1.
+                                            format: int32
+                                            type: integer
+                                          successThreshold:
+                                            description: |-
+                                              Minimum consecutive successes for the probe to be considered successful after having failed.
+                                              Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.
+                                            format: int32
+                                            type: integer
+                                          tcpSocket:
+                                            description: TCPSocket
+                                              specifies
+                                              an
+                                              action
+                                              involving
+                                              a
+                                              TCP
+                                              port.
+                                            properties:
+                                              host:
+                                                description: "Optional:
+                                                  Host
+                                                  name
+                                                  to
+                                                  connect
+                                                  to,
+                                                  defaults
+                                                  to
+                                                  the
+                                                  pod
+                                                  IP."
+                                                type: string
+                                              port:
+                                                anyOf:
+                                                  - type: integer
+                                                  - type: string
+                                                description: |-
+                                                  Number or name of the port to access on the container.
+                                                  Number must be in the range 1 to 65535.
+                                                  Name must be an IANA_SVC_NAME.
+                                                x-kubernetes-int-or-string: true
+                                            required:
+                                              - port
+                                            type: object
+                                          terminationGracePeriodSeconds:
+                                            description: |-
+                                              Optional duration in seconds the pod needs to terminate gracefully upon probe failure.
+                                              The grace period is the duration in seconds after the processes running in the pod are sent
+                                              a termination signal and the time when the processes are forcibly halted with a kill signal.
+                                              Set this value longer than the expected cleanup time for your process.
+                                              If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this
+                                              value overrides the value provided by the pod spec.
+                                              Value must be non-negative integer. The value zero indicates stop immediately via
+                                              the kill signal (no opportunity to shut down).
+                                              This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate.
+                                              Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.
+                                            format: int64
+                                            type: integer
+                                          timeoutSeconds:
+                                            description: |-
+                                              Number of seconds after which the probe times out.
+                                              Defaults to 1 second. Minimum value is 1.
+                                              More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+                                            format: int32
+                                            type: integer
+                                        type: object
+                                      resizePolicy:
+                                        description: Resources
+                                          resize
+                                          policy
+                                          for
+                                          the
+                                          container.
+                                        items:
+                                          description: ContainerResizePolicy
+                                            represents
+                                            resource
+                                            resize
+                                            policy
+                                            for
+                                            the
+                                            container.
+                                          properties:
+                                            resourceName:
+                                              description: |-
+                                                Name of the resource to which this resource resize policy applies.
+                                                Supported values: cpu, memory.
+                                              type: string
+                                            restartPolicy:
+                                              description: |-
+                                                Restart policy to apply when specified resource is resized.
+                                                If not specified, it defaults to NotRequired.
+                                              type: string
+                                          required:
+                                            - resourceName
+                                            - restartPolicy
+                                          type: object
+                                        type: array
+                                        x-kubernetes-list-type: atomic
+                                      resources:
+                                        description: |-
+                                          Compute Resources required by this container.
+                                          Cannot be updated.
+                                          More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+                                        properties:
+                                          claims:
+                                            description: |-
+                                              Claims lists the names of resources, defined in spec.resourceClaims,
+                                              that are used by this container.
+
+
+                                              This is an alpha field and requires enabling the
+                                              DynamicResourceAllocation feature gate.
+
+
+                                              This field is immutable. It can only be set for containers.
+                                            items:
+                                              description: ResourceClaim
+                                                references
+                                                one
+                                                entry
+                                                in
+                                                PodSpec.ResourceClaims.
+                                              properties:
+                                                name:
+                                                  description: |-
+                                                    Name must match the name of one entry in pod.spec.resourceClaims of
+                                                    the Pod where this field is used. It makes that resource available
+                                                    inside a container.
+                                                  type: string
+                                              required:
+                                                - name
+                                              type: object
+                                            type: array
+                                            x-kubernetes-list-map-keys:
+                                              - name
+                                            x-kubernetes-list-type: map
+                                          limits:
+                                            additionalProperties:
+                                              anyOf:
+                                                - type: integer
+                                                - type: string
+                                              pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                              x-kubernetes-int-or-string: true
+                                            description: |-
+                                              Limits describes the maximum amount of compute resources allowed.
+                                              More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+                                            type: object
+                                          requests:
+                                            additionalProperties:
+                                              anyOf:
+                                                - type: integer
+                                                - type: string
+                                              pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                              x-kubernetes-int-or-string: true
+                                            description: |-
+                                              Requests describes the minimum amount of compute resources required.
+                                              If Requests is omitted for a container, it defaults to Limits if that is explicitly specified,
+                                              otherwise to an implementation-defined value. Requests cannot exceed Limits.
+                                              More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+                                            type: object
+                                        type: object
+                                      restartPolicy:
+                                        description: |-
+                                          RestartPolicy defines the restart behavior of individual containers in a pod.
+                                          This field may only be set for init containers, and the only allowed value is "Always".
+                                          For non-init containers or when this field is not specified,
+                                          the restart behavior is defined by the Pod's restart policy and the container type.
+                                          Setting the RestartPolicy as "Always" for the init container will have the following effect:
+                                          this init container will be continually restarted on
+                                          exit until all regular containers have terminated. Once all regular
+                                          containers have completed, all init containers with restartPolicy "Always"
+                                          will be shut down. This lifecycle differs from normal init containers and
+                                          is often referred to as a "sidecar" container. Although this init
+                                          container still starts in the init container sequence, it does not wait
+                                          for the container to complete before proceeding to the next init
+                                          container. Instead, the next init container starts immediately after this
+                                          init container is started, or after any startupProbe has successfully
+                                          completed.
+                                        type: string
+                                      securityContext:
+                                        description: |-
+                                          SecurityContext defines the security options the container should be run with.
+                                          If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext.
+                                          More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
+                                        properties:
+                                          allowPrivilegeEscalation:
+                                            description: |-
+                                              AllowPrivilegeEscalation controls whether a process can gain more
+                                              privileges than its parent process. This bool directly controls if
+                                              the no_new_privs flag will be set on the container process.
+                                              AllowPrivilegeEscalation is true always when the container is:
+                                              1) run as Privileged
+                                              2) has CAP_SYS_ADMIN
+                                              Note that this field cannot be set when spec.os.name is windows.
+                                            type: boolean
+                                          appArmorProfile:
+                                            description: |-
+                                              appArmorProfile is the AppArmor options to use by this container. If set, this profile
+                                              overrides the pod's appArmorProfile.
+                                              Note that this field cannot be set when spec.os.name is windows.
+                                            properties:
+                                              localhostProfile:
+                                                description: |-
+                                                  localhostProfile indicates a profile loaded on the node that should be used.
+                                                  The profile must be preconfigured on the node to work.
+                                                  Must match the loaded name of the profile.
+                                                  Must be set if and only if type is "Localhost".
+                                                type: string
+                                              type:
+                                                description: |-
+                                                  type indicates which kind of AppArmor profile will be applied.
+                                                  Valid options are:
+                                                    Localhost - a profile pre-loaded on the node.
+                                                    RuntimeDefault - the container runtime's default profile.
+                                                    Unconfined - no AppArmor enforcement.
+                                                type: string
+                                            required:
+                                              - type
+                                            type: object
+                                          capabilities:
+                                            description: |-
+                                              The capabilities to add/drop when running containers.
+                                              Defaults to the default set of capabilities granted by the container runtime.
+                                              Note that this field cannot be set when spec.os.name is windows.
+                                            properties:
+                                              add:
+                                                description: Added
+                                                  capabilities
+                                                items:
+                                                  description: Capability
+                                                    represent
+                                                    POSIX
+                                                    capabilities
+                                                    type
+                                                  type: string
+                                                type: array
+                                                x-kubernetes-list-type: atomic
+                                              drop:
+                                                description: Removed
+                                                  capabilities
+                                                items:
+                                                  description: Capability
+                                                    represent
+                                                    POSIX
+                                                    capabilities
+                                                    type
+                                                  type: string
+                                                type: array
+                                                x-kubernetes-list-type: atomic
+                                            type: object
+                                          privileged:
+                                            description: |-
+                                              Run container in privileged mode.
+                                              Processes in privileged containers are essentially equivalent to root on the host.
+                                              Defaults to false.
+                                              Note that this field cannot be set when spec.os.name is windows.
+                                            type: boolean
+                                          procMount:
+                                            description: |-
+                                              procMount denotes the type of proc mount to use for the containers.
+                                              The default is DefaultProcMount which uses the container runtime defaults for
+                                              readonly paths and masked paths.
+                                              This requires the ProcMountType feature flag to be enabled.
+                                              Note that this field cannot be set when spec.os.name is windows.
+                                            type: string
+                                          readOnlyRootFilesystem:
+                                            description: |-
+                                              Whether this container has a read-only root filesystem.
+                                              Default is false.
+                                              Note that this field cannot be set when spec.os.name is windows.
+                                            type: boolean
+                                          runAsGroup:
+                                            description: |-
+                                              The GID to run the entrypoint of the container process.
+                                              Uses runtime default if unset.
+                                              May also be set in PodSecurityContext.  If set in both SecurityContext and
+                                              PodSecurityContext, the value specified in SecurityContext takes precedence.
+                                              Note that this field cannot be set when spec.os.name is windows.
+                                            format: int64
+                                            type: integer
+                                          runAsNonRoot:
+                                            description: |-
+                                              Indicates that the container must run as a non-root user.
+                                              If true, the Kubelet will validate the image at runtime to ensure that it
+                                              does not run as UID 0 (root) and fail to start the container if it does.
+                                              If unset or false, no such validation will be performed.
+                                              May also be set in PodSecurityContext.  If set in both SecurityContext and
+                                              PodSecurityContext, the value specified in SecurityContext takes precedence.
+                                            type: boolean
+                                          runAsUser:
+                                            description: |-
+                                              The UID to run the entrypoint of the container process.
+                                              Defaults to user specified in image metadata if unspecified.
+                                              May also be set in PodSecurityContext.  If set in both SecurityContext and
+                                              PodSecurityContext, the value specified in SecurityContext takes precedence.
+                                              Note that this field cannot be set when spec.os.name is windows.
+                                            format: int64
+                                            type: integer
+                                          seLinuxOptions:
+                                            description: |-
+                                              The SELinux context to be applied to the container.
+                                              If unspecified, the container runtime will allocate a random SELinux context for each
+                                              container.  May also be set in PodSecurityContext.  If set in both SecurityContext and
+                                              PodSecurityContext, the value specified in SecurityContext takes precedence.
+                                              Note that this field cannot be set when spec.os.name is windows.
+                                            properties:
+                                              level:
+                                                description: Level
+                                                  is
+                                                  SELinux
+                                                  level
+                                                  label
+                                                  that
+                                                  applies
+                                                  to
+                                                  the
+                                                  container.
+                                                type: string
+                                              role:
+                                                description: Role
+                                                  is
+                                                  a
+                                                  SELinux
+                                                  role
+                                                  label
+                                                  that
+                                                  applies
+                                                  to
+                                                  the
+                                                  container.
+                                                type: string
+                                              type:
+                                                description: Type
+                                                  is
+                                                  a
+                                                  SELinux
+                                                  type
+                                                  label
+                                                  that
+                                                  applies
+                                                  to
+                                                  the
+                                                  container.
+                                                type: string
+                                              user:
+                                                description: User
+                                                  is
+                                                  a
+                                                  SELinux
+                                                  user
+                                                  label
+                                                  that
+                                                  applies
+                                                  to
+                                                  the
+                                                  container.
+                                                type: string
+                                            type: object
+                                          seccompProfile:
+                                            description: |-
+                                              The seccomp options to use by this container. If seccomp options are
+                                              provided at both the pod & container level, the container options
+                                              override the pod options.
+                                              Note that this field cannot be set when spec.os.name is windows.
+                                            properties:
+                                              localhostProfile:
+                                                description: |-
+                                                  localhostProfile indicates a profile defined in a file on the node should be used.
+                                                  The profile must be preconfigured on the node to work.
+                                                  Must be a descending path, relative to the kubelet's configured seccomp profile location.
+                                                  Must be set if type is "Localhost". Must NOT be set for any other type.
+                                                type: string
+                                              type:
+                                                description: |-
+                                                  type indicates which kind of seccomp profile will be applied.
+                                                  Valid options are:
+
+
+                                                  Localhost - a profile defined in a file on the node should be used.
+                                                  RuntimeDefault - the container runtime default profile should be used.
+                                                  Unconfined - no profile should be applied.
+                                                type: string
+                                            required:
+                                              - type
+                                            type: object
+                                          windowsOptions:
+                                            description: |-
+                                              The Windows specific settings applied to all containers.
+                                              If unspecified, the options from the PodSecurityContext will be used.
+                                              If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
+                                              Note that this field cannot be set when spec.os.name is linux.
+                                            properties:
+                                              gmsaCredentialSpec:
+                                                description: |-
+                                                  GMSACredentialSpec is where the GMSA admission webhook
+                                                  (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the
+                                                  GMSA credential spec named by the GMSACredentialSpecName field.
+                                                type: string
+                                              gmsaCredentialSpecName:
+                                                description:
+                                                  GMSACredentialSpecName
+                                                  is
+                                                  the
+                                                  name
+                                                  of
+                                                  the
+                                                  GMSA
+                                                  credential
+                                                  spec
+                                                  to
+                                                  use.
+                                                type: string
+                                              hostProcess:
+                                                description: |-
+                                                  HostProcess determines if a container should be run as a 'Host Process' container.
+                                                  All of a Pod's containers must have the same effective HostProcess value
+                                                  (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers).
+                                                  In addition, if HostProcess is true then HostNetwork must also be set to true.
+                                                type: boolean
+                                              runAsUserName:
+                                                description: |-
+                                                  The UserName in Windows to run the entrypoint of the container process.
+                                                  Defaults to the user specified in image metadata if unspecified.
+                                                  May also be set in PodSecurityContext. If set in both SecurityContext and
+                                                  PodSecurityContext, the value specified in SecurityContext takes precedence.
+                                                type: string
+                                            type: object
+                                        type: object
+                                      startupProbe:
+                                        description: |-
+                                          StartupProbe indicates that the Pod has successfully initialized.
+                                          If specified, no other probes are executed until this completes successfully.
+                                          If this probe fails, the Pod will be restarted, just as if the livenessProbe failed.
+                                          This can be used to provide different probe parameters at the beginning of a Pod's lifecycle,
+                                          when it might take a long time to load data or warm a cache, than during steady-state operation.
+                                          This cannot be updated.
+                                          More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+                                        properties:
+                                          exec:
+                                            description: Exec
+                                              specifies
+                                              the
+                                              action
+                                              to
+                                              take.
+                                            properties:
+                                              command:
+                                                description: |-
+                                                  Command is the command line to execute inside the container, the working directory for the
+                                                  command  is root ('/') in the container's filesystem. The command is simply exec'd, it is
+                                                  not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use
+                                                  a shell, you need to explicitly call out to that shell.
+                                                  Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
+                                                items:
+                                                  type: string
+                                                type: array
+                                                x-kubernetes-list-type: atomic
+                                            type: object
+                                          failureThreshold:
+                                            description: |-
+                                              Minimum consecutive failures for the probe to be considered failed after having succeeded.
+                                              Defaults to 3. Minimum value is 1.
+                                            format: int32
+                                            type: integer
+                                          grpc:
+                                            description: GRPC
+                                              specifies
+                                              an
+                                              action
+                                              involving
+                                              a
+                                              GRPC
+                                              port.
+                                            properties:
+                                              port:
+                                                description: Port
+                                                  number
+                                                  of
+                                                  the
+                                                  gRPC
+                                                  service.
+                                                  Number
+                                                  must
+                                                  be
+                                                  in
+                                                  the
+                                                  range
+                                                  1
+                                                  to
+                                                  65535.
+                                                format: int32
+                                                type: integer
+                                              service:
+                                                description: |-
+                                                  Service is the name of the service to place in the gRPC HealthCheckRequest
+                                                  (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
+
+
+                                                  If this is not specified, the default behavior is defined by gRPC.
+                                                type: string
+                                            required:
+                                              - port
+                                            type: object
+                                          httpGet:
+                                            description: HTTPGet
+                                              specifies
+                                              the
+                                              http
+                                              request
+                                              to
+                                              perform.
+                                            properties:
+                                              host:
+                                                description: |-
+                                                  Host name to connect to, defaults to the pod IP. You probably want to set
+                                                  "Host" in httpHeaders instead.
+                                                type: string
+                                              httpHeaders:
+                                                description: Custom
+                                                  headers
+                                                  to
+                                                  set
+                                                  in
+                                                  the
+                                                  request.
+                                                  HTTP
+                                                  allows
+                                                  repeated
+                                                  headers.
+                                                items:
+                                                  description: HTTPHeader
+                                                    describes
+                                                    a
+                                                    custom
+                                                    header
+                                                    to
+                                                    be
+                                                    used
+                                                    in
+                                                    HTTP
+                                                    probes
+                                                  properties:
+                                                    name:
+                                                      description: |-
+                                                        The header field name.
+                                                        This will be canonicalized upon output, so case-variant names will be understood as the same header.
+                                                      type: string
+                                                    value:
+                                                      description: The
+                                                        header
+                                                        field
+                                                        value
+                                                      type: string
+                                                  required:
+                                                    - name
+                                                    - value
+                                                  type: object
+                                                type: array
+                                                x-kubernetes-list-type: atomic
+                                              path:
+                                                description: Path
+                                                  to
+                                                  access
+                                                  on
+                                                  the
+                                                  HTTP
+                                                  server.
+                                                type: string
+                                              port:
+                                                anyOf:
+                                                  - type: integer
+                                                  - type: string
+                                                description: |-
+                                                  Name or number of the port to access on the container.
+                                                  Number must be in the range 1 to 65535.
+                                                  Name must be an IANA_SVC_NAME.
+                                                x-kubernetes-int-or-string: true
+                                              scheme:
+                                                description: |-
+                                                  Scheme to use for connecting to the host.
+                                                  Defaults to HTTP.
+                                                type: string
+                                            required:
+                                              - port
+                                            type: object
+                                          initialDelaySeconds:
+                                            description: |-
+                                              Number of seconds after the container has started before liveness probes are initiated.
+                                              More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+                                            format: int32
+                                            type: integer
+                                          periodSeconds:
+                                            description: |-
+                                              How often (in seconds) to perform the probe.
+                                              Default to 10 seconds. Minimum value is 1.
+                                            format: int32
+                                            type: integer
+                                          successThreshold:
+                                            description: |-
+                                              Minimum consecutive successes for the probe to be considered successful after having failed.
+                                              Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.
+                                            format: int32
+                                            type: integer
+                                          tcpSocket:
+                                            description: TCPSocket
+                                              specifies
+                                              an
+                                              action
+                                              involving
+                                              a
+                                              TCP
+                                              port.
+                                            properties:
+                                              host:
+                                                description: "Optional:
+                                                  Host
+                                                  name
+                                                  to
+                                                  connect
+                                                  to,
+                                                  defaults
+                                                  to
+                                                  the
+                                                  pod
+                                                  IP."
+                                                type: string
+                                              port:
+                                                anyOf:
+                                                  - type: integer
+                                                  - type: string
+                                                description: |-
+                                                  Number or name of the port to access on the container.
+                                                  Number must be in the range 1 to 65535.
+                                                  Name must be an IANA_SVC_NAME.
+                                                x-kubernetes-int-or-string: true
+                                            required:
+                                              - port
+                                            type: object
+                                          terminationGracePeriodSeconds:
+                                            description: |-
+                                              Optional duration in seconds the pod needs to terminate gracefully upon probe failure.
+                                              The grace period is the duration in seconds after the processes running in the pod are sent
+                                              a termination signal and the time when the processes are forcibly halted with a kill signal.
+                                              Set this value longer than the expected cleanup time for your process.
+                                              If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this
+                                              value overrides the value provided by the pod spec.
+                                              Value must be non-negative integer. The value zero indicates stop immediately via
+                                              the kill signal (no opportunity to shut down).
+                                              This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate.
+                                              Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.
+                                            format: int64
+                                            type: integer
+                                          timeoutSeconds:
+                                            description: |-
+                                              Number of seconds after which the probe times out.
+                                              Defaults to 1 second. Minimum value is 1.
+                                              More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+                                            format: int32
+                                            type: integer
+                                        type: object
+                                      stdin:
+                                        description: |-
+                                          Whether this container should allocate a buffer for stdin in the container runtime. If this
+                                          is not set, reads from stdin in the container will always result in EOF.
+                                          Default is false.
+                                        type: boolean
+                                      stdinOnce:
+                                        description: |-
+                                          Whether the container runtime should close the stdin channel after it has been opened by
+                                          a single attach. When stdin is true the stdin stream will remain open across multiple attach
+                                          sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the
+                                          first client attaches to stdin, and then remains open and accepts data until the client disconnects,
+                                          at which time stdin is closed and remains closed until the container is restarted. If this
+                                          flag is false, a container processes that reads from stdin will never receive an EOF.
+                                          Default is false
+                                        type: boolean
+                                      terminationMessagePath:
+                                        description: |-
+                                          Optional: Path at which the file to which the container's termination message
+                                          will be written is mounted into the container's filesystem.
+                                          Message written is intended to be brief final status, such as an assertion failure message.
+                                          Will be truncated by the node if greater than 4096 bytes. The total message length across
+                                          all containers will be limited to 12kb.
+                                          Defaults to /dev/termination-log.
+                                          Cannot be updated.
+                                        type: string
+                                      terminationMessagePolicy:
+                                        description: |-
+                                          Indicate how the termination message should be populated. File will use the contents of
+                                          terminationMessagePath to populate the container status message on both success and failure.
+                                          FallbackToLogsOnError will use the last chunk of container log output if the termination
+                                          message file is empty and the container exited with an error.
+                                          The log output is limited to 2048 bytes or 80 lines, whichever is smaller.
+                                          Defaults to File.
+                                          Cannot be updated.
+                                        type: string
+                                      tty:
+                                        description: |-
+                                          Whether this container should allocate a TTY for itself, also requires 'stdin' to be true.
+                                          Default is false.
+                                        type: boolean
+                                      volumeDevices:
+                                        description: volumeDevices
+                                          is
+                                          the
+                                          list
+                                          of
+                                          block
+                                          devices
+                                          to
+                                          be
+                                          used
+                                          by
+                                          the
+                                          container.
+                                        items:
+                                          description: volumeDevice
+                                            describes
+                                            a
+                                            mapping
+                                            of
+                                            a
+                                            raw
+                                            block
+                                            device
+                                            within
+                                            a
+                                            container.
+                                          properties:
+                                            devicePath:
+                                              description: devicePath
+                                                is
+                                                the
+                                                path
+                                                inside
+                                                of
+                                                the
+                                                container
+                                                that
+                                                the
+                                                device
+                                                will
+                                                be
+                                                mapped
+                                                to.
+                                              type: string
+                                            name:
+                                              description: name
+                                                must
+                                                match
+                                                the
+                                                name
+                                                of
+                                                a
+                                                persistentVolumeClaim
+                                                in
+                                                the
+                                                pod
+                                              type: string
+                                          required:
+                                            - devicePath
+                                            - name
+                                          type: object
+                                        type: array
+                                        x-kubernetes-list-map-keys:
+                                          - devicePath
+                                        x-kubernetes-list-type: map
+                                      volumeMounts:
+                                        description: |-
+                                          Pod volumes to mount into the container's filesystem.
+                                          Cannot be updated.
+                                        items:
+                                          description: VolumeMount
+                                            describes
+                                            a
+                                            mounting
+                                            of
+                                            a
+                                            Volume
+                                            within
+                                            a
+                                            container.
+                                          properties:
+                                            mountPath:
+                                              description: |-
+                                                Path within the container at which the volume should be mounted.  Must
+                                                not contain ':'.
+                                              type: string
+                                            mountPropagation:
+                                              description: |-
+                                                mountPropagation determines how mounts are propagated from the host
+                                                to container and the other way around.
+                                                When not set, MountPropagationNone is used.
+                                                This field is beta in 1.10.
+                                                When RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified
+                                                (which defaults to None).
+                                              type: string
+                                            name:
+                                              description: This
+                                                must
+                                                match
+                                                the
+                                                Name
+                                                of
+                                                a
+                                                Volume.
+                                              type: string
+                                            readOnly:
+                                              description: |-
+                                                Mounted read-only if true, read-write otherwise (false or unspecified).
+                                                Defaults to false.
+                                              type: boolean
+                                            recursiveReadOnly:
+                                              description: |-
+                                                RecursiveReadOnly specifies whether read-only mounts should be handled
+                                                recursively.
+
+
+                                                If ReadOnly is false, this field has no meaning and must be unspecified.
+
+
+                                                If ReadOnly is true, and this field is set to Disabled, the mount is not made
+                                                recursively read-only.  If this field is set to IfPossible, the mount is made
+                                                recursively read-only, if it is supported by the container runtime.  If this
+                                                field is set to Enabled, the mount is made recursively read-only if it is
+                                                supported by the container runtime, otherwise the pod will not be started and
+                                                an error will be generated to indicate the reason.
+
+
+                                                If this field is set to IfPossible or Enabled, MountPropagation must be set to
+                                                None (or be unspecified, which defaults to None).
+
+
+                                                If this field is not specified, it is treated as an equivalent of Disabled.
+                                              type: string
+                                            subPath:
+                                              description: |-
+                                                Path within the volume from which the container's volume should be mounted.
+                                                Defaults to "" (volume's root).
+                                              type: string
+                                            subPathExpr:
+                                              description: |-
+                                                Expanded path within the volume from which the container's volume should be mounted.
+                                                Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment.
+                                                Defaults to "" (volume's root).
+                                                SubPathExpr and SubPath are mutually exclusive.
+                                              type: string
+                                          required:
+                                            - mountPath
+                                            - name
+                                          type: object
+                                        type: array
+                                        x-kubernetes-list-map-keys:
+                                          - mountPath
+                                        x-kubernetes-list-type: map
+                                      workingDir:
+                                        description: |-
+                                          Container's working directory.
+                                          If not specified, the container runtime's default will be used, which
+                                          might be configured in the container image.
+                                          Cannot be updated.
+                                        type: string
+                                    required:
+                                      - name
+                                    type: object
+                                  type: array
+                                dnsConfig:
+                                  description: Specifies
+                                    the DNS parameters
+                                    of a pod.
+                                  properties:
+                                    nameservers:
+                                      description: |-
+                                        A list of DNS name server IP addresses.
+                                        This will be appended to the base nameservers generated from DNSPolicy.
+                                        Duplicated nameservers will be removed.
+                                      items:
+                                        type: string
+                                      type: array
+                                      x-kubernetes-list-type: atomic
+                                    options:
+                                      description: |-
+                                        A list of DNS resolver options.
+                                        This will be merged with the base options generated from DNSPolicy.
+                                        Duplicated entries will be removed. Resolution options given in Options
+                                        will override those that appear in the base DNSPolicy.
+                                      items:
+                                        description: PodDNSConfigOption
+                                          defines
+                                          DNS
+                                          resolver
+                                          options
+                                          of
+                                          a
+                                          pod.
+                                        properties:
+                                          name:
+                                            description: Required.
+                                            type: string
+                                          value:
+                                            type: string
+                                        type: object
+                                      type: array
+                                      x-kubernetes-list-type: atomic
+                                    searches:
+                                      description: |-
+                                        A list of DNS search domains for host-name lookup.
+                                        This will be appended to the base search paths generated from DNSPolicy.
+                                        Duplicated search paths will be removed.
+                                      items:
+                                        type: string
+                                      type: array
+                                      x-kubernetes-list-type: atomic
+                                  type: object
+                                dnsPolicy:
+                                  description: |-
+                                    Set DNS policy for the pod.
+                                    Defaults to "ClusterFirst". (default: ClusterFirst)
+                                    Valid values are 'ClusterFirstWithHostNet', 'ClusterFirst', 'Default' or 'None'.
+                                  type: string
+                                enableServiceLinks:
+                                  description: |-
+                                    EnableServiceLinks indicates whether information about services should be injected into pod's
+                                    environment variables, matching the syntax of Docker links.
+                                    Optional: Defaults to true. (default: true)
+                                  type: boolean
+                                ephemeralContainers:
+                                  description: List
+                                    of ephemeral containers
+                                    run in this pod.
+                                  items:
+                                    description: |-
+                                      An EphemeralContainer is a temporary container that you may add to an existing Pod for
+                                      user-initiated activities such as debugging. Ephemeral containers have no resource or
+                                      scheduling guarantees, and they will not be restarted when they exit or when a Pod is
+                                      removed or restarted. The kubelet may evict a Pod if an ephemeral container causes the
+                                      Pod to exceed its resource allocation.
+
+
+                                      To add an ephemeral container, use the ephemeralcontainers subresource of an existing
+                                      Pod. Ephemeral containers may not be removed or restarted.
+                                    properties:
+                                      args:
+                                        description: |-
+                                          Arguments to the entrypoint.
+                                          The image's CMD is used if this is not provided.
+                                          Variable references $(VAR_NAME) are expanded using the container's environment. If a variable
+                                          cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced
+                                          to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will
+                                          produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless
+                                          of whether the variable exists or not. Cannot be updated.
+                                          More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell
+                                        items:
+                                          type: string
+                                        type: array
+                                        x-kubernetes-list-type: atomic
+                                      command:
+                                        description: |-
+                                          Entrypoint array. Not executed within a shell.
+                                          The image's ENTRYPOINT is used if this is not provided.
+                                          Variable references $(VAR_NAME) are expanded using the container's environment. If a variable
+                                          cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced
+                                          to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will
+                                          produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless
+                                          of whether the variable exists or not. Cannot be updated.
+                                          More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell
+                                        items:
+                                          type: string
+                                        type: array
+                                        x-kubernetes-list-type: atomic
+                                      env:
+                                        description: |-
+                                          List of environment variables to set in the container.
+                                          Cannot be updated.
+                                        items:
+                                          description: EnvVar
+                                            represents
+                                            an
+                                            environment
+                                            variable
+                                            present
+                                            in
+                                            a
+                                            Container.
+                                          properties:
+                                            name:
+                                              description: Name
+                                                of
+                                                the
+                                                environment
+                                                variable.
+                                                Must
+                                                be
+                                                a
+                                                C_IDENTIFIER.
+                                              type: string
+                                            value:
+                                              description: |-
+                                                Variable references $(VAR_NAME) are expanded
+                                                using the previously defined environment variables in the container and
+                                                any service environment variables. If a variable cannot be resolved,
+                                                the reference in the input string will be unchanged. Double $$ are reduced
+                                                to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e.
+                                                "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)".
+                                                Escaped references will never be expanded, regardless of whether the variable
+                                                exists or not.
+                                                Defaults to "".
+                                              type: string
+                                            valueFrom:
+                                              description: Source
+                                                for
+                                                the
+                                                environment
+                                                variable's
+                                                value.
+                                                Cannot
+                                                be
+                                                used
+                                                if
+                                                value
+                                                is
+                                                not
+                                                empty.
+                                              properties:
+                                                configMapKeyRef:
+                                                  description: Selects
+                                                    a
+                                                    key
+                                                    of
+                                                    a
+                                                    ConfigMap.
+                                                  properties:
+                                                    key:
+                                                      description: The
+                                                        key
+                                                        to
+                                                        select.
+                                                      type: string
+                                                    name:
+                                                      default: ""
+                                                      description: |-
+                                                        Name of the referent.
+                                                        This field is effectively required, but due to backwards compatibility is
+                                                        allowed to be empty. Instances of this type with an empty value here are
+                                                        almost certainly wrong.
+                                                        TODO: Add other useful fields. apiVersion, kind, uid?
+                                                        More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+                                                        TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
+                                                      type: string
+                                                    optional:
+                                                      description: Specify
+                                                        whether
+                                                        the
+                                                        ConfigMap
+                                                        or
+                                                        its
+                                                        key
+                                                        must
+                                                        be
+                                                        defined
+                                                      type: boolean
+                                                  required:
+                                                    - key
+                                                  type: object
+                                                  x-kubernetes-map-type: atomic
+                                                fieldRef:
+                                                  description: |-
+                                                    Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['<KEY>']`, `metadata.annotations['<KEY>']`,
+                                                    spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.
+                                                  properties:
+                                                    apiVersion:
+                                                      description: Version
+                                                        of
+                                                        the
+                                                        schema
+                                                        the
+                                                        FieldPath
+                                                        is
+                                                        written
+                                                        in
+                                                        terms
+                                                        of,
+                                                        defaults
+                                                        to
+                                                        "v1".
+                                                      type: string
+                                                    fieldPath:
+                                                      description: Path
+                                                        of
+                                                        the
+                                                        field
+                                                        to
+                                                        select
+                                                        in
+                                                        the
+                                                        specified
+                                                        API
+                                                        version.
+                                                      type: string
+                                                  required:
+                                                    - fieldPath
+                                                  type: object
+                                                  x-kubernetes-map-type: atomic
+                                                resourceFieldRef:
+                                                  description: |-
+                                                    Selects a resource of the container: only resources limits and requests
+                                                    (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.
+                                                  properties:
+                                                    containerName:
+                                                      description: "Container
+                                                        name:
+                                                        required
+                                                        for
+                                                        volumes,
+                                                        optional
+                                                        for
+                                                        env
+                                                        vars"
+                                                      type: string
+                                                    divisor:
+                                                      anyOf:
+                                                        - type: integer
+                                                        - type: string
+                                                      description: Specifies
+                                                        the
+                                                        output
+                                                        format
+                                                        of
+                                                        the
+                                                        exposed
+                                                        resources,
+                                                        defaults
+                                                        to
+                                                        "1"
+                                                      pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                                      x-kubernetes-int-or-string: true
+                                                    resource:
+                                                      description: "Required:
+                                                        resource
+                                                        to
+                                                        select"
+                                                      type: string
+                                                  required:
+                                                    - resource
+                                                  type: object
+                                                  x-kubernetes-map-type: atomic
+                                                secretKeyRef:
+                                                  description: Selects
+                                                    a
+                                                    key
+                                                    of
+                                                    a
+                                                    secret
+                                                    in
+                                                    the
+                                                    pod's
+                                                    namespace
+                                                  properties:
+                                                    key:
+                                                      description: The
+                                                        key
+                                                        of
+                                                        the
+                                                        secret
+                                                        to
+                                                        select
+                                                        from.  Must
+                                                        be
+                                                        a
+                                                        valid
+                                                        secret
+                                                        key.
+                                                      type: string
+                                                    name:
+                                                      default: ""
+                                                      description: |-
+                                                        Name of the referent.
+                                                        This field is effectively required, but due to backwards compatibility is
+                                                        allowed to be empty. Instances of this type with an empty value here are
+                                                        almost certainly wrong.
+                                                        TODO: Add other useful fields. apiVersion, kind, uid?
+                                                        More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+                                                        TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
+                                                      type: string
+                                                    optional:
+                                                      description: Specify
+                                                        whether
+                                                        the
+                                                        Secret
+                                                        or
+                                                        its
+                                                        key
+                                                        must
+                                                        be
+                                                        defined
+                                                      type: boolean
+                                                  required:
+                                                    - key
+                                                  type: object
+                                                  x-kubernetes-map-type: atomic
+                                              type: object
+                                          required:
+                                            - name
+                                          type: object
+                                        type: array
+                                        x-kubernetes-list-map-keys:
+                                          - name
+                                        x-kubernetes-list-type: map
+                                      envFrom:
+                                        description: |-
+                                          List of sources to populate environment variables in the container.
+                                          The keys defined within a source must be a C_IDENTIFIER. All invalid keys
+                                          will be reported as an event when the container is starting. When a key exists in multiple
+                                          sources, the value associated with the last source will take precedence.
+                                          Values defined by an Env with a duplicate key will take precedence.
+                                          Cannot be updated.
+                                        items:
+                                          description: EnvFromSource
+                                            represents
+                                            the
+                                            source
+                                            of
+                                            a
+                                            set
+                                            of
+                                            ConfigMaps
+                                          properties:
+                                            configMapRef:
+                                              description: The
+                                                ConfigMap
+                                                to
+                                                select
+                                                from
+                                              properties:
+                                                name:
+                                                  default: ""
+                                                  description: |-
+                                                    Name of the referent.
+                                                    This field is effectively required, but due to backwards compatibility is
+                                                    allowed to be empty. Instances of this type with an empty value here are
+                                                    almost certainly wrong.
+                                                    TODO: Add other useful fields. apiVersion, kind, uid?
+                                                    More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+                                                    TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
+                                                  type: string
+                                                optional:
+                                                  description: Specify
+                                                    whether
+                                                    the
+                                                    ConfigMap
+                                                    must
+                                                    be
+                                                    defined
+                                                  type: boolean
+                                              type: object
+                                              x-kubernetes-map-type: atomic
+                                            prefix:
+                                              description: An
+                                                optional
+                                                identifier
+                                                to
+                                                prepend
+                                                to
+                                                each
+                                                key
+                                                in
+                                                the
+                                                ConfigMap.
+                                                Must
+                                                be
+                                                a
+                                                C_IDENTIFIER.
+                                              type: string
+                                            secretRef:
+                                              description: The
+                                                Secret
+                                                to
+                                                select
+                                                from
+                                              properties:
+                                                name:
+                                                  default: ""
+                                                  description: |-
+                                                    Name of the referent.
+                                                    This field is effectively required, but due to backwards compatibility is
+                                                    allowed to be empty. Instances of this type with an empty value here are
+                                                    almost certainly wrong.
+                                                    TODO: Add other useful fields. apiVersion, kind, uid?
+                                                    More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+                                                    TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
+                                                  type: string
+                                                optional:
+                                                  description: Specify
+                                                    whether
+                                                    the
+                                                    Secret
+                                                    must
+                                                    be
+                                                    defined
+                                                  type: boolean
+                                              type: object
+                                              x-kubernetes-map-type: atomic
+                                          type: object
+                                        type: array
+                                        x-kubernetes-list-type: atomic
+                                      image:
+                                        description: |-
+                                          Container image name.
+                                          More info: https://kubernetes.io/docs/concepts/containers/images
+                                        type: string
+                                      imagePullPolicy:
+                                        description: |-
+                                          Image pull policy.
+                                          One of Always, Never, IfNotPresent.
+                                          Defaults to Always if :latest tag is specified, or IfNotPresent otherwise.
+                                          Cannot be updated.
+                                          More info: https://kubernetes.io/docs/concepts/containers/images#updating-images
+                                        type: string
+                                      lifecycle:
+                                        description: Lifecycle
+                                          is
+                                          not
+                                          allowed
+                                          for
+                                          ephemeral
+                                          containers.
+                                        properties:
+                                          postStart:
+                                            description: |-
+                                              PostStart is called immediately after a container is created. If the handler fails,
+                                              the container is terminated and restarted according to its restart policy.
+                                              Other management of the container blocks until the hook completes.
+                                              More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks
+                                            properties:
+                                              exec:
+                                                description: Exec
+                                                  specifies
+                                                  the
+                                                  action
+                                                  to
+                                                  take.
+                                                properties:
+                                                  command:
+                                                    description: |-
+                                                      Command is the command line to execute inside the container, the working directory for the
+                                                      command  is root ('/') in the container's filesystem. The command is simply exec'd, it is
+                                                      not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use
+                                                      a shell, you need to explicitly call out to that shell.
+                                                      Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
+                                                    items:
+                                                      type: string
+                                                    type: array
+                                                    x-kubernetes-list-type: atomic
+                                                type: object
+                                              httpGet:
+                                                description: HTTPGet
+                                                  specifies
+                                                  the
+                                                  http
+                                                  request
+                                                  to
+                                                  perform.
+                                                properties:
+                                                  host:
+                                                    description: |-
+                                                      Host name to connect to, defaults to the pod IP. You probably want to set
+                                                      "Host" in httpHeaders instead.
+                                                    type: string
+                                                  httpHeaders:
+                                                    description: Custom
+                                                      headers
+                                                      to
+                                                      set
+                                                      in
+                                                      the
+                                                      request.
+                                                      HTTP
+                                                      allows
+                                                      repeated
+                                                      headers.
+                                                    items:
+                                                      description: HTTPHeader
+                                                        describes
+                                                        a
+                                                        custom
+                                                        header
+                                                        to
+                                                        be
+                                                        used
+                                                        in
+                                                        HTTP
+                                                        probes
+                                                      properties:
+                                                        name:
+                                                          description: |-
+                                                            The header field name.
+                                                            This will be canonicalized upon output, so case-variant names will be understood as the same header.
+                                                          type: string
+                                                        value:
+                                                          description: The
+                                                            header
+                                                            field
+                                                            value
+                                                          type: string
+                                                      required:
+                                                        - name
+                                                        - value
+                                                      type: object
+                                                    type: array
+                                                    x-kubernetes-list-type: atomic
+                                                  path:
+                                                    description: Path
+                                                      to
+                                                      access
+                                                      on
+                                                      the
+                                                      HTTP
+                                                      server.
+                                                    type: string
+                                                  port:
+                                                    anyOf:
+                                                      - type: integer
+                                                      - type: string
+                                                    description: |-
+                                                      Name or number of the port to access on the container.
+                                                      Number must be in the range 1 to 65535.
+                                                      Name must be an IANA_SVC_NAME.
+                                                    x-kubernetes-int-or-string: true
+                                                  scheme:
+                                                    description: |-
+                                                      Scheme to use for connecting to the host.
+                                                      Defaults to HTTP.
+                                                    type: string
+                                                required:
+                                                  - port
+                                                type: object
+                                              sleep:
+                                                description: Sleep
+                                                  represents
+                                                  the
+                                                  duration
+                                                  that
+                                                  the
+                                                  container
+                                                  should
+                                                  sleep
+                                                  before
+                                                  being
+                                                  terminated.
+                                                properties:
+                                                  seconds:
+                                                    description: Seconds
+                                                      is
+                                                      the
+                                                      number
+                                                      of
+                                                      seconds
+                                                      to
+                                                      sleep.
+                                                    format: int64
+                                                    type: integer
+                                                required:
+                                                  - seconds
+                                                type: object
+                                              tcpSocket:
+                                                description: |-
+                                                  Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept
+                                                  for the backward compatibility. There are no validation of this field and
+                                                  lifecycle hooks will fail in runtime when tcp handler is specified.
+                                                properties:
+                                                  host:
+                                                    description: "Optional:
+                                                      Host
+                                                      name
+                                                      to
+                                                      connect
+                                                      to,
+                                                      defaults
+                                                      to
+                                                      the
+                                                      pod
+                                                      IP."
+                                                    type: string
+                                                  port:
+                                                    anyOf:
+                                                      - type: integer
+                                                      - type: string
+                                                    description: |-
+                                                      Number or name of the port to access on the container.
+                                                      Number must be in the range 1 to 65535.
+                                                      Name must be an IANA_SVC_NAME.
+                                                    x-kubernetes-int-or-string: true
+                                                required:
+                                                  - port
+                                                type: object
+                                            type: object
+                                          preStop:
+                                            description: |-
+                                              PreStop is called immediately before a container is terminated due to an
+                                              API request or management event such as liveness/startup probe failure,
+                                              preemption, resource contention, etc. The handler is not called if the
+                                              container crashes or exits. The Pod's termination grace period countdown begins before the
+                                              PreStop hook is executed. Regardless of the outcome of the handler, the
+                                              container will eventually terminate within the Pod's termination grace
+                                              period (unless delayed by finalizers). Other management of the container blocks until the hook completes
+                                              or until the termination grace period is reached.
+                                              More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks
+                                            properties:
+                                              exec:
+                                                description: Exec
+                                                  specifies
+                                                  the
+                                                  action
+                                                  to
+                                                  take.
+                                                properties:
+                                                  command:
+                                                    description: |-
+                                                      Command is the command line to execute inside the container, the working directory for the
+                                                      command  is root ('/') in the container's filesystem. The command is simply exec'd, it is
+                                                      not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use
+                                                      a shell, you need to explicitly call out to that shell.
+                                                      Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
+                                                    items:
+                                                      type: string
+                                                    type: array
+                                                    x-kubernetes-list-type: atomic
+                                                type: object
+                                              httpGet:
+                                                description: HTTPGet
+                                                  specifies
+                                                  the
+                                                  http
+                                                  request
+                                                  to
+                                                  perform.
+                                                properties:
+                                                  host:
+                                                    description: |-
+                                                      Host name to connect to, defaults to the pod IP. You probably want to set
+                                                      "Host" in httpHeaders instead.
+                                                    type: string
+                                                  httpHeaders:
+                                                    description: Custom
+                                                      headers
+                                                      to
+                                                      set
+                                                      in
+                                                      the
+                                                      request.
+                                                      HTTP
+                                                      allows
+                                                      repeated
+                                                      headers.
+                                                    items:
+                                                      description: HTTPHeader
+                                                        describes
+                                                        a
+                                                        custom
+                                                        header
+                                                        to
+                                                        be
+                                                        used
+                                                        in
+                                                        HTTP
+                                                        probes
+                                                      properties:
+                                                        name:
+                                                          description: |-
+                                                            The header field name.
+                                                            This will be canonicalized upon output, so case-variant names will be understood as the same header.
+                                                          type: string
+                                                        value:
+                                                          description: The
+                                                            header
+                                                            field
+                                                            value
+                                                          type: string
+                                                      required:
+                                                        - name
+                                                        - value
+                                                      type: object
+                                                    type: array
+                                                    x-kubernetes-list-type: atomic
+                                                  path:
+                                                    description: Path
+                                                      to
+                                                      access
+                                                      on
+                                                      the
+                                                      HTTP
+                                                      server.
+                                                    type: string
+                                                  port:
+                                                    anyOf:
+                                                      - type: integer
+                                                      - type: string
+                                                    description: |-
+                                                      Name or number of the port to access on the container.
+                                                      Number must be in the range 1 to 65535.
+                                                      Name must be an IANA_SVC_NAME.
+                                                    x-kubernetes-int-or-string: true
+                                                  scheme:
+                                                    description: |-
+                                                      Scheme to use for connecting to the host.
+                                                      Defaults to HTTP.
+                                                    type: string
+                                                required:
+                                                  - port
+                                                type: object
+                                              sleep:
+                                                description: Sleep
+                                                  represents
+                                                  the
+                                                  duration
+                                                  that
+                                                  the
+                                                  container
+                                                  should
+                                                  sleep
+                                                  before
+                                                  being
+                                                  terminated.
+                                                properties:
+                                                  seconds:
+                                                    description: Seconds
+                                                      is
+                                                      the
+                                                      number
+                                                      of
+                                                      seconds
+                                                      to
+                                                      sleep.
+                                                    format: int64
+                                                    type: integer
+                                                required:
+                                                  - seconds
+                                                type: object
+                                              tcpSocket:
+                                                description: |-
+                                                  Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept
+                                                  for the backward compatibility. There are no validation of this field and
+                                                  lifecycle hooks will fail in runtime when tcp handler is specified.
+                                                properties:
+                                                  host:
+                                                    description: "Optional:
+                                                      Host
+                                                      name
+                                                      to
+                                                      connect
+                                                      to,
+                                                      defaults
+                                                      to
+                                                      the
+                                                      pod
+                                                      IP."
+                                                    type: string
+                                                  port:
+                                                    anyOf:
+                                                      - type: integer
+                                                      - type: string
+                                                    description: |-
+                                                      Number or name of the port to access on the container.
+                                                      Number must be in the range 1 to 65535.
+                                                      Name must be an IANA_SVC_NAME.
+                                                    x-kubernetes-int-or-string: true
+                                                required:
+                                                  - port
+                                                type: object
+                                            type: object
+                                        type: object
+                                      livenessProbe:
+                                        description: Probes
+                                          are
+                                          not
+                                          allowed
+                                          for
+                                          ephemeral
+                                          containers.
+                                        properties:
+                                          exec:
+                                            description: Exec
+                                              specifies
+                                              the
+                                              action
+                                              to
+                                              take.
+                                            properties:
+                                              command:
+                                                description: |-
+                                                  Command is the command line to execute inside the container, the working directory for the
+                                                  command  is root ('/') in the container's filesystem. The command is simply exec'd, it is
+                                                  not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use
+                                                  a shell, you need to explicitly call out to that shell.
+                                                  Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
+                                                items:
+                                                  type: string
+                                                type: array
+                                                x-kubernetes-list-type: atomic
+                                            type: object
+                                          failureThreshold:
+                                            description: |-
+                                              Minimum consecutive failures for the probe to be considered failed after having succeeded.
+                                              Defaults to 3. Minimum value is 1.
+                                            format: int32
+                                            type: integer
+                                          grpc:
+                                            description: GRPC
+                                              specifies
+                                              an
+                                              action
+                                              involving
+                                              a
+                                              GRPC
+                                              port.
+                                            properties:
+                                              port:
+                                                description: Port
+                                                  number
+                                                  of
+                                                  the
+                                                  gRPC
+                                                  service.
+                                                  Number
+                                                  must
+                                                  be
+                                                  in
+                                                  the
+                                                  range
+                                                  1
+                                                  to
+                                                  65535.
+                                                format: int32
+                                                type: integer
+                                              service:
+                                                description: |-
+                                                  Service is the name of the service to place in the gRPC HealthCheckRequest
+                                                  (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
+
+
+                                                  If this is not specified, the default behavior is defined by gRPC.
+                                                type: string
+                                            required:
+                                              - port
+                                            type: object
+                                          httpGet:
+                                            description: HTTPGet
+                                              specifies
+                                              the
+                                              http
+                                              request
+                                              to
+                                              perform.
+                                            properties:
+                                              host:
+                                                description: |-
+                                                  Host name to connect to, defaults to the pod IP. You probably want to set
+                                                  "Host" in httpHeaders instead.
+                                                type: string
+                                              httpHeaders:
+                                                description: Custom
+                                                  headers
+                                                  to
+                                                  set
+                                                  in
+                                                  the
+                                                  request.
+                                                  HTTP
+                                                  allows
+                                                  repeated
+                                                  headers.
+                                                items:
+                                                  description: HTTPHeader
+                                                    describes
+                                                    a
+                                                    custom
+                                                    header
+                                                    to
+                                                    be
+                                                    used
+                                                    in
+                                                    HTTP
+                                                    probes
+                                                  properties:
+                                                    name:
+                                                      description: |-
+                                                        The header field name.
+                                                        This will be canonicalized upon output, so case-variant names will be understood as the same header.
+                                                      type: string
+                                                    value:
+                                                      description: The
+                                                        header
+                                                        field
+                                                        value
+                                                      type: string
+                                                  required:
+                                                    - name
+                                                    - value
+                                                  type: object
+                                                type: array
+                                                x-kubernetes-list-type: atomic
+                                              path:
+                                                description: Path
+                                                  to
+                                                  access
+                                                  on
+                                                  the
+                                                  HTTP
+                                                  server.
+                                                type: string
+                                              port:
+                                                anyOf:
+                                                  - type: integer
+                                                  - type: string
+                                                description: |-
+                                                  Name or number of the port to access on the container.
+                                                  Number must be in the range 1 to 65535.
+                                                  Name must be an IANA_SVC_NAME.
+                                                x-kubernetes-int-or-string: true
+                                              scheme:
+                                                description: |-
+                                                  Scheme to use for connecting to the host.
+                                                  Defaults to HTTP.
+                                                type: string
+                                            required:
+                                              - port
+                                            type: object
+                                          initialDelaySeconds:
+                                            description: |-
+                                              Number of seconds after the container has started before liveness probes are initiated.
+                                              More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+                                            format: int32
+                                            type: integer
+                                          periodSeconds:
+                                            description: |-
+                                              How often (in seconds) to perform the probe.
+                                              Default to 10 seconds. Minimum value is 1.
+                                            format: int32
+                                            type: integer
+                                          successThreshold:
+                                            description: |-
+                                              Minimum consecutive successes for the probe to be considered successful after having failed.
+                                              Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.
+                                            format: int32
+                                            type: integer
+                                          tcpSocket:
+                                            description: TCPSocket
+                                              specifies
+                                              an
+                                              action
+                                              involving
+                                              a
+                                              TCP
+                                              port.
+                                            properties:
+                                              host:
+                                                description: "Optional:
+                                                  Host
+                                                  name
+                                                  to
+                                                  connect
+                                                  to,
+                                                  defaults
+                                                  to
+                                                  the
+                                                  pod
+                                                  IP."
+                                                type: string
+                                              port:
+                                                anyOf:
+                                                  - type: integer
+                                                  - type: string
+                                                description: |-
+                                                  Number or name of the port to access on the container.
+                                                  Number must be in the range 1 to 65535.
+                                                  Name must be an IANA_SVC_NAME.
+                                                x-kubernetes-int-or-string: true
+                                            required:
+                                              - port
+                                            type: object
+                                          terminationGracePeriodSeconds:
+                                            description: |-
+                                              Optional duration in seconds the pod needs to terminate gracefully upon probe failure.
+                                              The grace period is the duration in seconds after the processes running in the pod are sent
+                                              a termination signal and the time when the processes are forcibly halted with a kill signal.
+                                              Set this value longer than the expected cleanup time for your process.
+                                              If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this
+                                              value overrides the value provided by the pod spec.
+                                              Value must be non-negative integer. The value zero indicates stop immediately via
+                                              the kill signal (no opportunity to shut down).
+                                              This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate.
+                                              Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.
+                                            format: int64
+                                            type: integer
+                                          timeoutSeconds:
+                                            description: |-
+                                              Number of seconds after which the probe times out.
+                                              Defaults to 1 second. Minimum value is 1.
+                                              More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+                                            format: int32
+                                            type: integer
+                                        type: object
+                                      name:
+                                        description: |-
+                                          Name of the ephemeral container specified as a DNS_LABEL.
+                                          This name must be unique among all containers, init containers and ephemeral containers.
+                                        type: string
+                                      ports:
+                                        description: Ports
+                                          are
+                                          not
+                                          allowed
+                                          for
+                                          ephemeral
+                                          containers.
+                                        items:
+                                          description: ContainerPort
+                                            represents
+                                            a
+                                            network
+                                            port
+                                            in
+                                            a
+                                            single
+                                            container.
+                                          properties:
+                                            containerPort:
+                                              description: |-
+                                                Number of port to expose on the pod's IP address.
+                                                This must be a valid port number, 0 < x < 65536.
+                                              format: int32
+                                              type: integer
+                                            hostIP:
+                                              description: What
+                                                host
+                                                IP
+                                                to
+                                                bind
+                                                the
+                                                external
+                                                port
+                                                to.
+                                              type: string
+                                            hostPort:
+                                              description: |-
+                                                Number of port to expose on the host.
+                                                If specified, this must be a valid port number, 0 < x < 65536.
+                                                If HostNetwork is specified, this must match ContainerPort.
+                                                Most containers do not need this.
+                                              format: int32
+                                              type: integer
+                                            name:
+                                              description: |-
+                                                If specified, this must be an IANA_SVC_NAME and unique within the pod. Each
+                                                named port in a pod must have a unique name. Name for the port that can be
+                                                referred to by services.
+                                              type: string
+                                            protocol:
+                                              default: TCP
+                                              description: |-
+                                                Protocol for port. Must be UDP, TCP, or SCTP.
+                                                Defaults to "TCP".
+                                              type: string
+                                          required:
+                                            - containerPort
+                                          type: object
+                                        type: array
+                                        x-kubernetes-list-map-keys:
+                                          - containerPort
+                                          - protocol
+                                        x-kubernetes-list-type: map
+                                      readinessProbe:
+                                        description: Probes
+                                          are
+                                          not
+                                          allowed
+                                          for
+                                          ephemeral
+                                          containers.
+                                        properties:
+                                          exec:
+                                            description: Exec
+                                              specifies
+                                              the
+                                              action
+                                              to
+                                              take.
+                                            properties:
+                                              command:
+                                                description: |-
+                                                  Command is the command line to execute inside the container, the working directory for the
+                                                  command  is root ('/') in the container's filesystem. The command is simply exec'd, it is
+                                                  not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use
+                                                  a shell, you need to explicitly call out to that shell.
+                                                  Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
+                                                items:
+                                                  type: string
+                                                type: array
+                                                x-kubernetes-list-type: atomic
+                                            type: object
+                                          failureThreshold:
+                                            description: |-
+                                              Minimum consecutive failures for the probe to be considered failed after having succeeded.
+                                              Defaults to 3. Minimum value is 1.
+                                            format: int32
+                                            type: integer
+                                          grpc:
+                                            description: GRPC
+                                              specifies
+                                              an
+                                              action
+                                              involving
+                                              a
+                                              GRPC
+                                              port.
+                                            properties:
+                                              port:
+                                                description: Port
+                                                  number
+                                                  of
+                                                  the
+                                                  gRPC
+                                                  service.
+                                                  Number
+                                                  must
+                                                  be
+                                                  in
+                                                  the
+                                                  range
+                                                  1
+                                                  to
+                                                  65535.
+                                                format: int32
+                                                type: integer
+                                              service:
+                                                description: |-
+                                                  Service is the name of the service to place in the gRPC HealthCheckRequest
+                                                  (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
+
+
+                                                  If this is not specified, the default behavior is defined by gRPC.
+                                                type: string
+                                            required:
+                                              - port
+                                            type: object
+                                          httpGet:
+                                            description: HTTPGet
+                                              specifies
+                                              the
+                                              http
+                                              request
+                                              to
+                                              perform.
+                                            properties:
+                                              host:
+                                                description: |-
+                                                  Host name to connect to, defaults to the pod IP. You probably want to set
+                                                  "Host" in httpHeaders instead.
+                                                type: string
+                                              httpHeaders:
+                                                description: Custom
+                                                  headers
+                                                  to
+                                                  set
+                                                  in
+                                                  the
+                                                  request.
+                                                  HTTP
+                                                  allows
+                                                  repeated
+                                                  headers.
+                                                items:
+                                                  description: HTTPHeader
+                                                    describes
+                                                    a
+                                                    custom
+                                                    header
+                                                    to
+                                                    be
+                                                    used
+                                                    in
+                                                    HTTP
+                                                    probes
+                                                  properties:
+                                                    name:
+                                                      description: |-
+                                                        The header field name.
+                                                        This will be canonicalized upon output, so case-variant names will be understood as the same header.
+                                                      type: string
+                                                    value:
+                                                      description: The
+                                                        header
+                                                        field
+                                                        value
+                                                      type: string
+                                                  required:
+                                                    - name
+                                                    - value
+                                                  type: object
+                                                type: array
+                                                x-kubernetes-list-type: atomic
+                                              path:
+                                                description: Path
+                                                  to
+                                                  access
+                                                  on
+                                                  the
+                                                  HTTP
+                                                  server.
+                                                type: string
+                                              port:
+                                                anyOf:
+                                                  - type: integer
+                                                  - type: string
+                                                description: |-
+                                                  Name or number of the port to access on the container.
+                                                  Number must be in the range 1 to 65535.
+                                                  Name must be an IANA_SVC_NAME.
+                                                x-kubernetes-int-or-string: true
+                                              scheme:
+                                                description: |-
+                                                  Scheme to use for connecting to the host.
+                                                  Defaults to HTTP.
+                                                type: string
+                                            required:
+                                              - port
+                                            type: object
+                                          initialDelaySeconds:
+                                            description: |-
+                                              Number of seconds after the container has started before liveness probes are initiated.
+                                              More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+                                            format: int32
+                                            type: integer
+                                          periodSeconds:
+                                            description: |-
+                                              How often (in seconds) to perform the probe.
+                                              Default to 10 seconds. Minimum value is 1.
+                                            format: int32
+                                            type: integer
+                                          successThreshold:
+                                            description: |-
+                                              Minimum consecutive successes for the probe to be considered successful after having failed.
+                                              Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.
+                                            format: int32
+                                            type: integer
+                                          tcpSocket:
+                                            description: TCPSocket
+                                              specifies
+                                              an
+                                              action
+                                              involving
+                                              a
+                                              TCP
+                                              port.
+                                            properties:
+                                              host:
+                                                description: "Optional:
+                                                  Host
+                                                  name
+                                                  to
+                                                  connect
+                                                  to,
+                                                  defaults
+                                                  to
+                                                  the
+                                                  pod
+                                                  IP."
+                                                type: string
+                                              port:
+                                                anyOf:
+                                                  - type: integer
+                                                  - type: string
+                                                description: |-
+                                                  Number or name of the port to access on the container.
+                                                  Number must be in the range 1 to 65535.
+                                                  Name must be an IANA_SVC_NAME.
+                                                x-kubernetes-int-or-string: true
+                                            required:
+                                              - port
+                                            type: object
+                                          terminationGracePeriodSeconds:
+                                            description: |-
+                                              Optional duration in seconds the pod needs to terminate gracefully upon probe failure.
+                                              The grace period is the duration in seconds after the processes running in the pod are sent
+                                              a termination signal and the time when the processes are forcibly halted with a kill signal.
+                                              Set this value longer than the expected cleanup time for your process.
+                                              If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this
+                                              value overrides the value provided by the pod spec.
+                                              Value must be non-negative integer. The value zero indicates stop immediately via
+                                              the kill signal (no opportunity to shut down).
+                                              This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate.
+                                              Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.
+                                            format: int64
+                                            type: integer
+                                          timeoutSeconds:
+                                            description: |-
+                                              Number of seconds after which the probe times out.
+                                              Defaults to 1 second. Minimum value is 1.
+                                              More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+                                            format: int32
+                                            type: integer
+                                        type: object
+                                      resizePolicy:
+                                        description: Resources
+                                          resize
+                                          policy
+                                          for
+                                          the
+                                          container.
+                                        items:
+                                          description: ContainerResizePolicy
+                                            represents
+                                            resource
+                                            resize
+                                            policy
+                                            for
+                                            the
+                                            container.
+                                          properties:
+                                            resourceName:
+                                              description: |-
+                                                Name of the resource to which this resource resize policy applies.
+                                                Supported values: cpu, memory.
+                                              type: string
+                                            restartPolicy:
+                                              description: |-
+                                                Restart policy to apply when specified resource is resized.
+                                                If not specified, it defaults to NotRequired.
+                                              type: string
+                                          required:
+                                            - resourceName
+                                            - restartPolicy
+                                          type: object
+                                        type: array
+                                        x-kubernetes-list-type: atomic
+                                      resources:
+                                        description: |-
+                                          Resources are not allowed for ephemeral containers. Ephemeral containers use spare resources
+                                          already allocated to the pod.
+                                        properties:
+                                          claims:
+                                            description: |-
+                                              Claims lists the names of resources, defined in spec.resourceClaims,
+                                              that are used by this container.
+
+
+                                              This is an alpha field and requires enabling the
+                                              DynamicResourceAllocation feature gate.
+
+
+                                              This field is immutable. It can only be set for containers.
+                                            items:
+                                              description: ResourceClaim
+                                                references
+                                                one
+                                                entry
+                                                in
+                                                PodSpec.ResourceClaims.
+                                              properties:
+                                                name:
+                                                  description: |-
+                                                    Name must match the name of one entry in pod.spec.resourceClaims of
+                                                    the Pod where this field is used. It makes that resource available
+                                                    inside a container.
+                                                  type: string
+                                              required:
+                                                - name
+                                              type: object
+                                            type: array
+                                            x-kubernetes-list-map-keys:
+                                              - name
+                                            x-kubernetes-list-type: map
+                                          limits:
+                                            additionalProperties:
+                                              anyOf:
+                                                - type: integer
+                                                - type: string
+                                              pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                              x-kubernetes-int-or-string: true
+                                            description: |-
+                                              Limits describes the maximum amount of compute resources allowed.
+                                              More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+                                            type: object
+                                          requests:
+                                            additionalProperties:
+                                              anyOf:
+                                                - type: integer
+                                                - type: string
+                                              pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                              x-kubernetes-int-or-string: true
+                                            description: |-
+                                              Requests describes the minimum amount of compute resources required.
+                                              If Requests is omitted for a container, it defaults to Limits if that is explicitly specified,
+                                              otherwise to an implementation-defined value. Requests cannot exceed Limits.
+                                              More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+                                            type: object
+                                        type: object
+                                      restartPolicy:
+                                        description: |-
+                                          Restart policy for the container to manage the restart behavior of each
+                                          container within a pod.
+                                          This may only be set for init containers. You cannot set this field on
+                                          ephemeral containers.
+                                        type: string
+                                      securityContext:
+                                        description: |-
+                                          Optional: SecurityContext defines the security options the ephemeral container should be run with.
+                                          If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext.
+                                        properties:
+                                          allowPrivilegeEscalation:
+                                            description: |-
+                                              AllowPrivilegeEscalation controls whether a process can gain more
+                                              privileges than its parent process. This bool directly controls if
+                                              the no_new_privs flag will be set on the container process.
+                                              AllowPrivilegeEscalation is true always when the container is:
+                                              1) run as Privileged
+                                              2) has CAP_SYS_ADMIN
+                                              Note that this field cannot be set when spec.os.name is windows.
+                                            type: boolean
+                                          appArmorProfile:
+                                            description: |-
+                                              appArmorProfile is the AppArmor options to use by this container. If set, this profile
+                                              overrides the pod's appArmorProfile.
+                                              Note that this field cannot be set when spec.os.name is windows.
+                                            properties:
+                                              localhostProfile:
+                                                description: |-
+                                                  localhostProfile indicates a profile loaded on the node that should be used.
+                                                  The profile must be preconfigured on the node to work.
+                                                  Must match the loaded name of the profile.
+                                                  Must be set if and only if type is "Localhost".
+                                                type: string
+                                              type:
+                                                description: |-
+                                                  type indicates which kind of AppArmor profile will be applied.
+                                                  Valid options are:
+                                                    Localhost - a profile pre-loaded on the node.
+                                                    RuntimeDefault - the container runtime's default profile.
+                                                    Unconfined - no AppArmor enforcement.
+                                                type: string
+                                            required:
+                                              - type
+                                            type: object
+                                          capabilities:
+                                            description: |-
+                                              The capabilities to add/drop when running containers.
+                                              Defaults to the default set of capabilities granted by the container runtime.
+                                              Note that this field cannot be set when spec.os.name is windows.
+                                            properties:
+                                              add:
+                                                description: Added
+                                                  capabilities
+                                                items:
+                                                  description: Capability
+                                                    represent
+                                                    POSIX
+                                                    capabilities
+                                                    type
+                                                  type: string
+                                                type: array
+                                                x-kubernetes-list-type: atomic
+                                              drop:
+                                                description: Removed
+                                                  capabilities
+                                                items:
+                                                  description: Capability
+                                                    represent
+                                                    POSIX
+                                                    capabilities
+                                                    type
+                                                  type: string
+                                                type: array
+                                                x-kubernetes-list-type: atomic
+                                            type: object
+                                          privileged:
+                                            description: |-
+                                              Run container in privileged mode.
+                                              Processes in privileged containers are essentially equivalent to root on the host.
+                                              Defaults to false.
+                                              Note that this field cannot be set when spec.os.name is windows.
+                                            type: boolean
+                                          procMount:
+                                            description: |-
+                                              procMount denotes the type of proc mount to use for the containers.
+                                              The default is DefaultProcMount which uses the container runtime defaults for
+                                              readonly paths and masked paths.
+                                              This requires the ProcMountType feature flag to be enabled.
+                                              Note that this field cannot be set when spec.os.name is windows.
+                                            type: string
+                                          readOnlyRootFilesystem:
+                                            description: |-
+                                              Whether this container has a read-only root filesystem.
+                                              Default is false.
+                                              Note that this field cannot be set when spec.os.name is windows.
+                                            type: boolean
+                                          runAsGroup:
+                                            description: |-
+                                              The GID to run the entrypoint of the container process.
+                                              Uses runtime default if unset.
+                                              May also be set in PodSecurityContext.  If set in both SecurityContext and
+                                              PodSecurityContext, the value specified in SecurityContext takes precedence.
+                                              Note that this field cannot be set when spec.os.name is windows.
+                                            format: int64
+                                            type: integer
+                                          runAsNonRoot:
+                                            description: |-
+                                              Indicates that the container must run as a non-root user.
+                                              If true, the Kubelet will validate the image at runtime to ensure that it
+                                              does not run as UID 0 (root) and fail to start the container if it does.
+                                              If unset or false, no such validation will be performed.
+                                              May also be set in PodSecurityContext.  If set in both SecurityContext and
+                                              PodSecurityContext, the value specified in SecurityContext takes precedence.
+                                            type: boolean
+                                          runAsUser:
+                                            description: |-
+                                              The UID to run the entrypoint of the container process.
+                                              Defaults to user specified in image metadata if unspecified.
+                                              May also be set in PodSecurityContext.  If set in both SecurityContext and
+                                              PodSecurityContext, the value specified in SecurityContext takes precedence.
+                                              Note that this field cannot be set when spec.os.name is windows.
+                                            format: int64
+                                            type: integer
+                                          seLinuxOptions:
+                                            description: |-
+                                              The SELinux context to be applied to the container.
+                                              If unspecified, the container runtime will allocate a random SELinux context for each
+                                              container.  May also be set in PodSecurityContext.  If set in both SecurityContext and
+                                              PodSecurityContext, the value specified in SecurityContext takes precedence.
+                                              Note that this field cannot be set when spec.os.name is windows.
+                                            properties:
+                                              level:
+                                                description: Level
+                                                  is
+                                                  SELinux
+                                                  level
+                                                  label
+                                                  that
+                                                  applies
+                                                  to
+                                                  the
+                                                  container.
+                                                type: string
+                                              role:
+                                                description: Role
+                                                  is
+                                                  a
+                                                  SELinux
+                                                  role
+                                                  label
+                                                  that
+                                                  applies
+                                                  to
+                                                  the
+                                                  container.
+                                                type: string
+                                              type:
+                                                description: Type
+                                                  is
+                                                  a
+                                                  SELinux
+                                                  type
+                                                  label
+                                                  that
+                                                  applies
+                                                  to
+                                                  the
+                                                  container.
+                                                type: string
+                                              user:
+                                                description: User
+                                                  is
+                                                  a
+                                                  SELinux
+                                                  user
+                                                  label
+                                                  that
+                                                  applies
+                                                  to
+                                                  the
+                                                  container.
+                                                type: string
+                                            type: object
+                                          seccompProfile:
+                                            description: |-
+                                              The seccomp options to use by this container. If seccomp options are
+                                              provided at both the pod & container level, the container options
+                                              override the pod options.
+                                              Note that this field cannot be set when spec.os.name is windows.
+                                            properties:
+                                              localhostProfile:
+                                                description: |-
+                                                  localhostProfile indicates a profile defined in a file on the node should be used.
+                                                  The profile must be preconfigured on the node to work.
+                                                  Must be a descending path, relative to the kubelet's configured seccomp profile location.
+                                                  Must be set if type is "Localhost". Must NOT be set for any other type.
+                                                type: string
+                                              type:
+                                                description: |-
+                                                  type indicates which kind of seccomp profile will be applied.
+                                                  Valid options are:
+
+
+                                                  Localhost - a profile defined in a file on the node should be used.
+                                                  RuntimeDefault - the container runtime default profile should be used.
+                                                  Unconfined - no profile should be applied.
+                                                type: string
+                                            required:
+                                              - type
+                                            type: object
+                                          windowsOptions:
+                                            description: |-
+                                              The Windows specific settings applied to all containers.
+                                              If unspecified, the options from the PodSecurityContext will be used.
+                                              If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
+                                              Note that this field cannot be set when spec.os.name is linux.
+                                            properties:
+                                              gmsaCredentialSpec:
+                                                description: |-
+                                                  GMSACredentialSpec is where the GMSA admission webhook
+                                                  (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the
+                                                  GMSA credential spec named by the GMSACredentialSpecName field.
+                                                type: string
+                                              gmsaCredentialSpecName:
+                                                description:
+                                                  GMSACredentialSpecName
+                                                  is
+                                                  the
+                                                  name
+                                                  of
+                                                  the
+                                                  GMSA
+                                                  credential
+                                                  spec
+                                                  to
+                                                  use.
+                                                type: string
+                                              hostProcess:
+                                                description: |-
+                                                  HostProcess determines if a container should be run as a 'Host Process' container.
+                                                  All of a Pod's containers must have the same effective HostProcess value
+                                                  (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers).
+                                                  In addition, if HostProcess is true then HostNetwork must also be set to true.
+                                                type: boolean
+                                              runAsUserName:
+                                                description: |-
+                                                  The UserName in Windows to run the entrypoint of the container process.
+                                                  Defaults to the user specified in image metadata if unspecified.
+                                                  May also be set in PodSecurityContext. If set in both SecurityContext and
+                                                  PodSecurityContext, the value specified in SecurityContext takes precedence.
+                                                type: string
+                                            type: object
+                                        type: object
+                                      startupProbe:
+                                        description: Probes
+                                          are
+                                          not
+                                          allowed
+                                          for
+                                          ephemeral
+                                          containers.
+                                        properties:
+                                          exec:
+                                            description: Exec
+                                              specifies
+                                              the
+                                              action
+                                              to
+                                              take.
+                                            properties:
+                                              command:
+                                                description: |-
+                                                  Command is the command line to execute inside the container, the working directory for the
+                                                  command  is root ('/') in the container's filesystem. The command is simply exec'd, it is
+                                                  not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use
+                                                  a shell, you need to explicitly call out to that shell.
+                                                  Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
+                                                items:
+                                                  type: string
+                                                type: array
+                                                x-kubernetes-list-type: atomic
+                                            type: object
+                                          failureThreshold:
+                                            description: |-
+                                              Minimum consecutive failures for the probe to be considered failed after having succeeded.
+                                              Defaults to 3. Minimum value is 1.
+                                            format: int32
+                                            type: integer
+                                          grpc:
+                                            description: GRPC
+                                              specifies
+                                              an
+                                              action
+                                              involving
+                                              a
+                                              GRPC
+                                              port.
+                                            properties:
+                                              port:
+                                                description: Port
+                                                  number
+                                                  of
+                                                  the
+                                                  gRPC
+                                                  service.
+                                                  Number
+                                                  must
+                                                  be
+                                                  in
+                                                  the
+                                                  range
+                                                  1
+                                                  to
+                                                  65535.
+                                                format: int32
+                                                type: integer
+                                              service:
+                                                description: |-
+                                                  Service is the name of the service to place in the gRPC HealthCheckRequest
+                                                  (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
+
+
+                                                  If this is not specified, the default behavior is defined by gRPC.
+                                                type: string
+                                            required:
+                                              - port
+                                            type: object
+                                          httpGet:
+                                            description: HTTPGet
+                                              specifies
+                                              the
+                                              http
+                                              request
+                                              to
+                                              perform.
+                                            properties:
+                                              host:
+                                                description: |-
+                                                  Host name to connect to, defaults to the pod IP. You probably want to set
+                                                  "Host" in httpHeaders instead.
+                                                type: string
+                                              httpHeaders:
+                                                description: Custom
+                                                  headers
+                                                  to
+                                                  set
+                                                  in
+                                                  the
+                                                  request.
+                                                  HTTP
+                                                  allows
+                                                  repeated
+                                                  headers.
+                                                items:
+                                                  description: HTTPHeader
+                                                    describes
+                                                    a
+                                                    custom
+                                                    header
+                                                    to
+                                                    be
+                                                    used
+                                                    in
+                                                    HTTP
+                                                    probes
+                                                  properties:
+                                                    name:
+                                                      description: |-
+                                                        The header field name.
+                                                        This will be canonicalized upon output, so case-variant names will be understood as the same header.
+                                                      type: string
+                                                    value:
+                                                      description: The
+                                                        header
+                                                        field
+                                                        value
+                                                      type: string
+                                                  required:
+                                                    - name
+                                                    - value
+                                                  type: object
+                                                type: array
+                                                x-kubernetes-list-type: atomic
+                                              path:
+                                                description: Path
+                                                  to
+                                                  access
+                                                  on
+                                                  the
+                                                  HTTP
+                                                  server.
+                                                type: string
+                                              port:
+                                                anyOf:
+                                                  - type: integer
+                                                  - type: string
+                                                description: |-
+                                                  Name or number of the port to access on the container.
+                                                  Number must be in the range 1 to 65535.
+                                                  Name must be an IANA_SVC_NAME.
+                                                x-kubernetes-int-or-string: true
+                                              scheme:
+                                                description: |-
+                                                  Scheme to use for connecting to the host.
+                                                  Defaults to HTTP.
+                                                type: string
+                                            required:
+                                              - port
+                                            type: object
+                                          initialDelaySeconds:
+                                            description: |-
+                                              Number of seconds after the container has started before liveness probes are initiated.
+                                              More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+                                            format: int32
+                                            type: integer
+                                          periodSeconds:
+                                            description: |-
+                                              How often (in seconds) to perform the probe.
+                                              Default to 10 seconds. Minimum value is 1.
+                                            format: int32
+                                            type: integer
+                                          successThreshold:
+                                            description: |-
+                                              Minimum consecutive successes for the probe to be considered successful after having failed.
+                                              Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.
+                                            format: int32
+                                            type: integer
+                                          tcpSocket:
+                                            description: TCPSocket
+                                              specifies
+                                              an
+                                              action
+                                              involving
+                                              a
+                                              TCP
+                                              port.
+                                            properties:
+                                              host:
+                                                description: "Optional:
+                                                  Host
+                                                  name
+                                                  to
+                                                  connect
+                                                  to,
+                                                  defaults
+                                                  to
+                                                  the
+                                                  pod
+                                                  IP."
+                                                type: string
+                                              port:
+                                                anyOf:
+                                                  - type: integer
+                                                  - type: string
+                                                description: |-
+                                                  Number or name of the port to access on the container.
+                                                  Number must be in the range 1 to 65535.
+                                                  Name must be an IANA_SVC_NAME.
+                                                x-kubernetes-int-or-string: true
+                                            required:
+                                              - port
+                                            type: object
+                                          terminationGracePeriodSeconds:
+                                            description: |-
+                                              Optional duration in seconds the pod needs to terminate gracefully upon probe failure.
+                                              The grace period is the duration in seconds after the processes running in the pod are sent
+                                              a termination signal and the time when the processes are forcibly halted with a kill signal.
+                                              Set this value longer than the expected cleanup time for your process.
+                                              If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this
+                                              value overrides the value provided by the pod spec.
+                                              Value must be non-negative integer. The value zero indicates stop immediately via
+                                              the kill signal (no opportunity to shut down).
+                                              This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate.
+                                              Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.
+                                            format: int64
+                                            type: integer
+                                          timeoutSeconds:
+                                            description: |-
+                                              Number of seconds after which the probe times out.
+                                              Defaults to 1 second. Minimum value is 1.
+                                              More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+                                            format: int32
+                                            type: integer
+                                        type: object
+                                      stdin:
+                                        description: |-
+                                          Whether this container should allocate a buffer for stdin in the container runtime. If this
+                                          is not set, reads from stdin in the container will always result in EOF.
+                                          Default is false.
+                                        type: boolean
+                                      stdinOnce:
+                                        description: |-
+                                          Whether the container runtime should close the stdin channel after it has been opened by
+                                          a single attach. When stdin is true the stdin stream will remain open across multiple attach
+                                          sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the
+                                          first client attaches to stdin, and then remains open and accepts data until the client disconnects,
+                                          at which time stdin is closed and remains closed until the container is restarted. If this
+                                          flag is false, a container processes that reads from stdin will never receive an EOF.
+                                          Default is false
+                                        type: boolean
+                                      targetContainerName:
+                                        description: |-
+                                          If set, the name of the container from PodSpec that this ephemeral container targets.
+                                          The ephemeral container will be run in the namespaces (IPC, PID, etc) of this container.
+                                          If not set then the ephemeral container uses the namespaces configured in the Pod spec.
+
+
+                                          The container runtime must implement support for this feature. If the runtime does not
+                                          support namespace targeting then the result of setting this field is undefined.
+                                        type: string
+                                      terminationMessagePath:
+                                        description: |-
+                                          Optional: Path at which the file to which the container's termination message
+                                          will be written is mounted into the container's filesystem.
+                                          Message written is intended to be brief final status, such as an assertion failure message.
+                                          Will be truncated by the node if greater than 4096 bytes. The total message length across
+                                          all containers will be limited to 12kb.
+                                          Defaults to /dev/termination-log.
+                                          Cannot be updated.
+                                        type: string
+                                      terminationMessagePolicy:
+                                        description: |-
+                                          Indicate how the termination message should be populated. File will use the contents of
+                                          terminationMessagePath to populate the container status message on both success and failure.
+                                          FallbackToLogsOnError will use the last chunk of container log output if the termination
+                                          message file is empty and the container exited with an error.
+                                          The log output is limited to 2048 bytes or 80 lines, whichever is smaller.
+                                          Defaults to File.
+                                          Cannot be updated.
+                                        type: string
+                                      tty:
+                                        description: |-
+                                          Whether this container should allocate a TTY for itself, also requires 'stdin' to be true.
+                                          Default is false.
+                                        type: boolean
+                                      volumeDevices:
+                                        description: volumeDevices
+                                          is
+                                          the
+                                          list
+                                          of
+                                          block
+                                          devices
+                                          to
+                                          be
+                                          used
+                                          by
+                                          the
+                                          container.
+                                        items:
+                                          description: volumeDevice
+                                            describes
+                                            a
+                                            mapping
+                                            of
+                                            a
+                                            raw
+                                            block
+                                            device
+                                            within
+                                            a
+                                            container.
+                                          properties:
+                                            devicePath:
+                                              description: devicePath
+                                                is
+                                                the
+                                                path
+                                                inside
+                                                of
+                                                the
+                                                container
+                                                that
+                                                the
+                                                device
+                                                will
+                                                be
+                                                mapped
+                                                to.
+                                              type: string
+                                            name:
+                                              description: name
+                                                must
+                                                match
+                                                the
+                                                name
+                                                of
+                                                a
+                                                persistentVolumeClaim
+                                                in
+                                                the
+                                                pod
+                                              type: string
+                                          required:
+                                            - devicePath
+                                            - name
+                                          type: object
+                                        type: array
+                                        x-kubernetes-list-map-keys:
+                                          - devicePath
+                                        x-kubernetes-list-type: map
+                                      volumeMounts:
+                                        description: |-
+                                          Pod volumes to mount into the container's filesystem. Subpath mounts are not allowed for ephemeral containers.
+                                          Cannot be updated.
+                                        items:
+                                          description: VolumeMount
+                                            describes
+                                            a
+                                            mounting
+                                            of
+                                            a
+                                            Volume
+                                            within
+                                            a
+                                            container.
+                                          properties:
+                                            mountPath:
+                                              description: |-
+                                                Path within the container at which the volume should be mounted.  Must
+                                                not contain ':'.
+                                              type: string
+                                            mountPropagation:
+                                              description: |-
+                                                mountPropagation determines how mounts are propagated from the host
+                                                to container and the other way around.
+                                                When not set, MountPropagationNone is used.
+                                                This field is beta in 1.10.
+                                                When RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified
+                                                (which defaults to None).
+                                              type: string
+                                            name:
+                                              description: This
+                                                must
+                                                match
+                                                the
+                                                Name
+                                                of
+                                                a
+                                                Volume.
+                                              type: string
+                                            readOnly:
+                                              description: |-
+                                                Mounted read-only if true, read-write otherwise (false or unspecified).
+                                                Defaults to false.
+                                              type: boolean
+                                            recursiveReadOnly:
+                                              description: |-
+                                                RecursiveReadOnly specifies whether read-only mounts should be handled
+                                                recursively.
+
+
+                                                If ReadOnly is false, this field has no meaning and must be unspecified.
+
+
+                                                If ReadOnly is true, and this field is set to Disabled, the mount is not made
+                                                recursively read-only.  If this field is set to IfPossible, the mount is made
+                                                recursively read-only, if it is supported by the container runtime.  If this
+                                                field is set to Enabled, the mount is made recursively read-only if it is
+                                                supported by the container runtime, otherwise the pod will not be started and
+                                                an error will be generated to indicate the reason.
+
+
+                                                If this field is set to IfPossible or Enabled, MountPropagation must be set to
+                                                None (or be unspecified, which defaults to None).
+
+
+                                                If this field is not specified, it is treated as an equivalent of Disabled.
+                                              type: string
+                                            subPath:
+                                              description: |-
+                                                Path within the volume from which the container's volume should be mounted.
+                                                Defaults to "" (volume's root).
+                                              type: string
+                                            subPathExpr:
+                                              description: |-
+                                                Expanded path within the volume from which the container's volume should be mounted.
+                                                Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment.
+                                                Defaults to "" (volume's root).
+                                                SubPathExpr and SubPath are mutually exclusive.
+                                              type: string
+                                          required:
+                                            - mountPath
+                                            - name
+                                          type: object
+                                        type: array
+                                        x-kubernetes-list-map-keys:
+                                          - mountPath
+                                        x-kubernetes-list-type: map
+                                      workingDir:
+                                        description: |-
+                                          Container's working directory.
+                                          If not specified, the container runtime's default will be used, which
+                                          might be configured in the container image.
+                                          Cannot be updated.
+                                        type: string
+                                    required:
+                                      - name
+                                    type: object
+                                  type: array
+                                hostAliases:
+                                  description: |-
+                                    HostAliases is an optional list of hosts and IPs that will be injected into the pod's hosts
+                                    file if specified. This is only valid for non-hostNetwork pods.
+                                  items:
+                                    description: |-
+                                      HostAlias holds the mapping between IP and hostnames that will be injected as an entry in the
+                                      pod's hosts file.
+                                    properties:
+                                      hostnames:
+                                        description: Hostnames
+                                          for
+                                          the
+                                          above
+                                          IP
+                                          address.
+                                        items:
+                                          type: string
+                                        type: array
+                                        x-kubernetes-list-type: atomic
+                                      ip:
+                                        description: IP
+                                          address
+                                          of
+                                          the
+                                          host
+                                          file
+                                          entry.
+                                        type: string
+                                    required:
+                                      - ip
+                                    type: object
+                                  type: array
+                                hostIPC:
+                                  description: |-
+                                    Use the host's ipc namespace.
+                                    Optional: Default to false. (default: false)
+                                  type: boolean
+                                hostNetwork:
+                                  description: |-
+                                    Host networking requested for this pod. Use the host's network namespace.
+                                    If this option is set, the ports that will be used must be specified.
+                                    Default to false. (default: false)
+                                  type: boolean
+                                hostPID:
+                                  description: |-
+                                    Use the host's pid namespace.
+                                    Optional: Default to false. (default: false)
+                                  type: boolean
+                                hostname:
+                                  description: |-
+                                    Specifies the hostname of the Pod
+                                    If not specified, the pod's hostname will be set to a system-defined value.
+                                  type: string
+                                imagePullSecrets:
+                                  description: ImagePullSecrets
+                                    is an optional
+                                    list of references
+                                    to secrets in
+                                    the same namespace
+                                    to use for pulling
+                                    any of the images
+                                    used by this PodSpec.
+                                  items:
+                                    description: |-
+                                      LocalObjectReference contains enough information to let you locate the
+                                      referenced object inside the same namespace.
+                                    properties:
+                                      name:
+                                        default: ""
+                                        description: |-
+                                          Name of the referent.
+                                          This field is effectively required, but due to backwards compatibility is
+                                          allowed to be empty. Instances of this type with an empty value here are
+                                          almost certainly wrong.
+                                          TODO: Add other useful fields. apiVersion, kind, uid?
+                                          More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+                                          TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
+                                        type: string
+                                    type: object
+                                    x-kubernetes-map-type: atomic
+                                  type: array
+                                initContainers:
+                                  description: List
+                                    of initialization
+                                    containers belonging
+                                    to the pod.
+                                  items:
+                                    description: A
+                                      single application
+                                      container
+                                      that you want
+                                      to run within
+                                      a pod.
+                                    properties:
+                                      args:
+                                        description: |-
+                                          Arguments to the entrypoint.
+                                          The container image's CMD is used if this is not provided.
+                                          Variable references $(VAR_NAME) are expanded using the container's environment. If a variable
+                                          cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced
+                                          to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will
+                                          produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless
+                                          of whether the variable exists or not. Cannot be updated.
+                                          More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell
+                                        items:
+                                          type: string
+                                        type: array
+                                        x-kubernetes-list-type: atomic
+                                      command:
+                                        description: |-
+                                          Entrypoint array. Not executed within a shell.
+                                          The container image's ENTRYPOINT is used if this is not provided.
+                                          Variable references $(VAR_NAME) are expanded using the container's environment. If a variable
+                                          cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced
+                                          to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will
+                                          produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless
+                                          of whether the variable exists or not. Cannot be updated.
+                                          More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell
+                                        items:
+                                          type: string
+                                        type: array
+                                        x-kubernetes-list-type: atomic
+                                      env:
+                                        description: |-
+                                          List of environment variables to set in the container.
+                                          Cannot be updated.
+                                        items:
+                                          description: EnvVar
+                                            represents
+                                            an
+                                            environment
+                                            variable
+                                            present
+                                            in
+                                            a
+                                            Container.
+                                          properties:
+                                            name:
+                                              description: Name
+                                                of
+                                                the
+                                                environment
+                                                variable.
+                                                Must
+                                                be
+                                                a
+                                                C_IDENTIFIER.
+                                              type: string
+                                            value:
+                                              description: |-
+                                                Variable references $(VAR_NAME) are expanded
+                                                using the previously defined environment variables in the container and
+                                                any service environment variables. If a variable cannot be resolved,
+                                                the reference in the input string will be unchanged. Double $$ are reduced
+                                                to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e.
+                                                "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)".
+                                                Escaped references will never be expanded, regardless of whether the variable
+                                                exists or not.
+                                                Defaults to "".
+                                              type: string
+                                            valueFrom:
+                                              description: Source
+                                                for
+                                                the
+                                                environment
+                                                variable's
+                                                value.
+                                                Cannot
+                                                be
+                                                used
+                                                if
+                                                value
+                                                is
+                                                not
+                                                empty.
+                                              properties:
+                                                configMapKeyRef:
+                                                  description: Selects
+                                                    a
+                                                    key
+                                                    of
+                                                    a
+                                                    ConfigMap.
+                                                  properties:
+                                                    key:
+                                                      description: The
+                                                        key
+                                                        to
+                                                        select.
+                                                      type: string
+                                                    name:
+                                                      default: ""
+                                                      description: |-
+                                                        Name of the referent.
+                                                        This field is effectively required, but due to backwards compatibility is
+                                                        allowed to be empty. Instances of this type with an empty value here are
+                                                        almost certainly wrong.
+                                                        TODO: Add other useful fields. apiVersion, kind, uid?
+                                                        More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+                                                        TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
+                                                      type: string
+                                                    optional:
+                                                      description: Specify
+                                                        whether
+                                                        the
+                                                        ConfigMap
+                                                        or
+                                                        its
+                                                        key
+                                                        must
+                                                        be
+                                                        defined
+                                                      type: boolean
+                                                  required:
+                                                    - key
+                                                  type: object
+                                                  x-kubernetes-map-type: atomic
+                                                fieldRef:
+                                                  description: |-
+                                                    Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['<KEY>']`, `metadata.annotations['<KEY>']`,
+                                                    spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.
+                                                  properties:
+                                                    apiVersion:
+                                                      description: Version
+                                                        of
+                                                        the
+                                                        schema
+                                                        the
+                                                        FieldPath
+                                                        is
+                                                        written
+                                                        in
+                                                        terms
+                                                        of,
+                                                        defaults
+                                                        to
+                                                        "v1".
+                                                      type: string
+                                                    fieldPath:
+                                                      description: Path
+                                                        of
+                                                        the
+                                                        field
+                                                        to
+                                                        select
+                                                        in
+                                                        the
+                                                        specified
+                                                        API
+                                                        version.
+                                                      type: string
+                                                  required:
+                                                    - fieldPath
+                                                  type: object
+                                                  x-kubernetes-map-type: atomic
+                                                resourceFieldRef:
+                                                  description: |-
+                                                    Selects a resource of the container: only resources limits and requests
+                                                    (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.
+                                                  properties:
+                                                    containerName:
+                                                      description: "Container
+                                                        name:
+                                                        required
+                                                        for
+                                                        volumes,
+                                                        optional
+                                                        for
+                                                        env
+                                                        vars"
+                                                      type: string
+                                                    divisor:
+                                                      anyOf:
+                                                        - type: integer
+                                                        - type: string
+                                                      description: Specifies
+                                                        the
+                                                        output
+                                                        format
+                                                        of
+                                                        the
+                                                        exposed
+                                                        resources,
+                                                        defaults
+                                                        to
+                                                        "1"
+                                                      pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                                      x-kubernetes-int-or-string: true
+                                                    resource:
+                                                      description: "Required:
+                                                        resource
+                                                        to
+                                                        select"
+                                                      type: string
+                                                  required:
+                                                    - resource
+                                                  type: object
+                                                  x-kubernetes-map-type: atomic
+                                                secretKeyRef:
+                                                  description: Selects
+                                                    a
+                                                    key
+                                                    of
+                                                    a
+                                                    secret
+                                                    in
+                                                    the
+                                                    pod's
+                                                    namespace
+                                                  properties:
+                                                    key:
+                                                      description: The
+                                                        key
+                                                        of
+                                                        the
+                                                        secret
+                                                        to
+                                                        select
+                                                        from.  Must
+                                                        be
+                                                        a
+                                                        valid
+                                                        secret
+                                                        key.
+                                                      type: string
+                                                    name:
+                                                      default: ""
+                                                      description: |-
+                                                        Name of the referent.
+                                                        This field is effectively required, but due to backwards compatibility is
+                                                        allowed to be empty. Instances of this type with an empty value here are
+                                                        almost certainly wrong.
+                                                        TODO: Add other useful fields. apiVersion, kind, uid?
+                                                        More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+                                                        TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
+                                                      type: string
+                                                    optional:
+                                                      description: Specify
+                                                        whether
+                                                        the
+                                                        Secret
+                                                        or
+                                                        its
+                                                        key
+                                                        must
+                                                        be
+                                                        defined
+                                                      type: boolean
+                                                  required:
+                                                    - key
+                                                  type: object
+                                                  x-kubernetes-map-type: atomic
+                                              type: object
+                                          required:
+                                            - name
+                                          type: object
+                                        type: array
+                                        x-kubernetes-list-map-keys:
+                                          - name
+                                        x-kubernetes-list-type: map
+                                      envFrom:
+                                        description: |-
+                                          List of sources to populate environment variables in the container.
+                                          The keys defined within a source must be a C_IDENTIFIER. All invalid keys
+                                          will be reported as an event when the container is starting. When a key exists in multiple
+                                          sources, the value associated with the last source will take precedence.
+                                          Values defined by an Env with a duplicate key will take precedence.
+                                          Cannot be updated.
+                                        items:
+                                          description: EnvFromSource
+                                            represents
+                                            the
+                                            source
+                                            of
+                                            a
+                                            set
+                                            of
+                                            ConfigMaps
+                                          properties:
+                                            configMapRef:
+                                              description: The
+                                                ConfigMap
+                                                to
+                                                select
+                                                from
+                                              properties:
+                                                name:
+                                                  default: ""
+                                                  description: |-
+                                                    Name of the referent.
+                                                    This field is effectively required, but due to backwards compatibility is
+                                                    allowed to be empty. Instances of this type with an empty value here are
+                                                    almost certainly wrong.
+                                                    TODO: Add other useful fields. apiVersion, kind, uid?
+                                                    More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+                                                    TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
+                                                  type: string
+                                                optional:
+                                                  description: Specify
+                                                    whether
+                                                    the
+                                                    ConfigMap
+                                                    must
+                                                    be
+                                                    defined
+                                                  type: boolean
+                                              type: object
+                                              x-kubernetes-map-type: atomic
+                                            prefix:
+                                              description: An
+                                                optional
+                                                identifier
+                                                to
+                                                prepend
+                                                to
+                                                each
+                                                key
+                                                in
+                                                the
+                                                ConfigMap.
+                                                Must
+                                                be
+                                                a
+                                                C_IDENTIFIER.
+                                              type: string
+                                            secretRef:
+                                              description: The
+                                                Secret
+                                                to
+                                                select
+                                                from
+                                              properties:
+                                                name:
+                                                  default: ""
+                                                  description: |-
+                                                    Name of the referent.
+                                                    This field is effectively required, but due to backwards compatibility is
+                                                    allowed to be empty. Instances of this type with an empty value here are
+                                                    almost certainly wrong.
+                                                    TODO: Add other useful fields. apiVersion, kind, uid?
+                                                    More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+                                                    TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
+                                                  type: string
+                                                optional:
+                                                  description: Specify
+                                                    whether
+                                                    the
+                                                    Secret
+                                                    must
+                                                    be
+                                                    defined
+                                                  type: boolean
+                                              type: object
+                                              x-kubernetes-map-type: atomic
+                                          type: object
+                                        type: array
+                                        x-kubernetes-list-type: atomic
+                                      image:
+                                        description: |-
+                                          Container image name.
+                                          More info: https://kubernetes.io/docs/concepts/containers/images
+                                          This field is optional to allow higher level config management to default or override
+                                          container images in workload controllers like Deployments and StatefulSets.
+                                        type: string
+                                      imagePullPolicy:
+                                        description: |-
+                                          Image pull policy.
+                                          One of Always, Never, IfNotPresent.
+                                          Defaults to Always if :latest tag is specified, or IfNotPresent otherwise.
+                                          Cannot be updated.
+                                          More info: https://kubernetes.io/docs/concepts/containers/images#updating-images
+                                        type: string
+                                      lifecycle:
+                                        description: |-
+                                          Actions that the management system should take in response to container lifecycle events.
+                                          Cannot be updated.
+                                        properties:
+                                          postStart:
+                                            description: |-
+                                              PostStart is called immediately after a container is created. If the handler fails,
+                                              the container is terminated and restarted according to its restart policy.
+                                              Other management of the container blocks until the hook completes.
+                                              More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks
+                                            properties:
+                                              exec:
+                                                description: Exec
+                                                  specifies
+                                                  the
+                                                  action
+                                                  to
+                                                  take.
+                                                properties:
+                                                  command:
+                                                    description: |-
+                                                      Command is the command line to execute inside the container, the working directory for the
+                                                      command  is root ('/') in the container's filesystem. The command is simply exec'd, it is
+                                                      not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use
+                                                      a shell, you need to explicitly call out to that shell.
+                                                      Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
+                                                    items:
+                                                      type: string
+                                                    type: array
+                                                    x-kubernetes-list-type: atomic
+                                                type: object
+                                              httpGet:
+                                                description: HTTPGet
+                                                  specifies
+                                                  the
+                                                  http
+                                                  request
+                                                  to
+                                                  perform.
+                                                properties:
+                                                  host:
+                                                    description: |-
+                                                      Host name to connect to, defaults to the pod IP. You probably want to set
+                                                      "Host" in httpHeaders instead.
+                                                    type: string
+                                                  httpHeaders:
+                                                    description: Custom
+                                                      headers
+                                                      to
+                                                      set
+                                                      in
+                                                      the
+                                                      request.
+                                                      HTTP
+                                                      allows
+                                                      repeated
+                                                      headers.
+                                                    items:
+                                                      description: HTTPHeader
+                                                        describes
+                                                        a
+                                                        custom
+                                                        header
+                                                        to
+                                                        be
+                                                        used
+                                                        in
+                                                        HTTP
+                                                        probes
+                                                      properties:
+                                                        name:
+                                                          description: |-
+                                                            The header field name.
+                                                            This will be canonicalized upon output, so case-variant names will be understood as the same header.
+                                                          type: string
+                                                        value:
+                                                          description: The
+                                                            header
+                                                            field
+                                                            value
+                                                          type: string
+                                                      required:
+                                                        - name
+                                                        - value
+                                                      type: object
+                                                    type: array
+                                                    x-kubernetes-list-type: atomic
+                                                  path:
+                                                    description: Path
+                                                      to
+                                                      access
+                                                      on
+                                                      the
+                                                      HTTP
+                                                      server.
+                                                    type: string
+                                                  port:
+                                                    anyOf:
+                                                      - type: integer
+                                                      - type: string
+                                                    description: |-
+                                                      Name or number of the port to access on the container.
+                                                      Number must be in the range 1 to 65535.
+                                                      Name must be an IANA_SVC_NAME.
+                                                    x-kubernetes-int-or-string: true
+                                                  scheme:
+                                                    description: |-
+                                                      Scheme to use for connecting to the host.
+                                                      Defaults to HTTP.
+                                                    type: string
+                                                required:
+                                                  - port
+                                                type: object
+                                              sleep:
+                                                description: Sleep
+                                                  represents
+                                                  the
+                                                  duration
+                                                  that
+                                                  the
+                                                  container
+                                                  should
+                                                  sleep
+                                                  before
+                                                  being
+                                                  terminated.
+                                                properties:
+                                                  seconds:
+                                                    description: Seconds
+                                                      is
+                                                      the
+                                                      number
+                                                      of
+                                                      seconds
+                                                      to
+                                                      sleep.
+                                                    format: int64
+                                                    type: integer
+                                                required:
+                                                  - seconds
+                                                type: object
+                                              tcpSocket:
+                                                description: |-
+                                                  Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept
+                                                  for the backward compatibility. There are no validation of this field and
+                                                  lifecycle hooks will fail in runtime when tcp handler is specified.
+                                                properties:
+                                                  host:
+                                                    description: "Optional:
+                                                      Host
+                                                      name
+                                                      to
+                                                      connect
+                                                      to,
+                                                      defaults
+                                                      to
+                                                      the
+                                                      pod
+                                                      IP."
+                                                    type: string
+                                                  port:
+                                                    anyOf:
+                                                      - type: integer
+                                                      - type: string
+                                                    description: |-
+                                                      Number or name of the port to access on the container.
+                                                      Number must be in the range 1 to 65535.
+                                                      Name must be an IANA_SVC_NAME.
+                                                    x-kubernetes-int-or-string: true
+                                                required:
+                                                  - port
+                                                type: object
+                                            type: object
+                                          preStop:
+                                            description: |-
+                                              PreStop is called immediately before a container is terminated due to an
+                                              API request or management event such as liveness/startup probe failure,
+                                              preemption, resource contention, etc. The handler is not called if the
+                                              container crashes or exits. The Pod's termination grace period countdown begins before the
+                                              PreStop hook is executed. Regardless of the outcome of the handler, the
+                                              container will eventually terminate within the Pod's termination grace
+                                              period (unless delayed by finalizers). Other management of the container blocks until the hook completes
+                                              or until the termination grace period is reached.
+                                              More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks
+                                            properties:
+                                              exec:
+                                                description: Exec
+                                                  specifies
+                                                  the
+                                                  action
+                                                  to
+                                                  take.
+                                                properties:
+                                                  command:
+                                                    description: |-
+                                                      Command is the command line to execute inside the container, the working directory for the
+                                                      command  is root ('/') in the container's filesystem. The command is simply exec'd, it is
+                                                      not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use
+                                                      a shell, you need to explicitly call out to that shell.
+                                                      Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
+                                                    items:
+                                                      type: string
+                                                    type: array
+                                                    x-kubernetes-list-type: atomic
+                                                type: object
+                                              httpGet:
+                                                description: HTTPGet
+                                                  specifies
+                                                  the
+                                                  http
+                                                  request
+                                                  to
+                                                  perform.
+                                                properties:
+                                                  host:
+                                                    description: |-
+                                                      Host name to connect to, defaults to the pod IP. You probably want to set
+                                                      "Host" in httpHeaders instead.
+                                                    type: string
+                                                  httpHeaders:
+                                                    description: Custom
+                                                      headers
+                                                      to
+                                                      set
+                                                      in
+                                                      the
+                                                      request.
+                                                      HTTP
+                                                      allows
+                                                      repeated
+                                                      headers.
+                                                    items:
+                                                      description: HTTPHeader
+                                                        describes
+                                                        a
+                                                        custom
+                                                        header
+                                                        to
+                                                        be
+                                                        used
+                                                        in
+                                                        HTTP
+                                                        probes
+                                                      properties:
+                                                        name:
+                                                          description: |-
+                                                            The header field name.
+                                                            This will be canonicalized upon output, so case-variant names will be understood as the same header.
+                                                          type: string
+                                                        value:
+                                                          description: The
+                                                            header
+                                                            field
+                                                            value
+                                                          type: string
+                                                      required:
+                                                        - name
+                                                        - value
+                                                      type: object
+                                                    type: array
+                                                    x-kubernetes-list-type: atomic
+                                                  path:
+                                                    description: Path
+                                                      to
+                                                      access
+                                                      on
+                                                      the
+                                                      HTTP
+                                                      server.
+                                                    type: string
+                                                  port:
+                                                    anyOf:
+                                                      - type: integer
+                                                      - type: string
+                                                    description: |-
+                                                      Name or number of the port to access on the container.
+                                                      Number must be in the range 1 to 65535.
+                                                      Name must be an IANA_SVC_NAME.
+                                                    x-kubernetes-int-or-string: true
+                                                  scheme:
+                                                    description: |-
+                                                      Scheme to use for connecting to the host.
+                                                      Defaults to HTTP.
+                                                    type: string
+                                                required:
+                                                  - port
+                                                type: object
+                                              sleep:
+                                                description: Sleep
+                                                  represents
+                                                  the
+                                                  duration
+                                                  that
+                                                  the
+                                                  container
+                                                  should
+                                                  sleep
+                                                  before
+                                                  being
+                                                  terminated.
+                                                properties:
+                                                  seconds:
+                                                    description: Seconds
+                                                      is
+                                                      the
+                                                      number
+                                                      of
+                                                      seconds
+                                                      to
+                                                      sleep.
+                                                    format: int64
+                                                    type: integer
+                                                required:
+                                                  - seconds
+                                                type: object
+                                              tcpSocket:
+                                                description: |-
+                                                  Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept
+                                                  for the backward compatibility. There are no validation of this field and
+                                                  lifecycle hooks will fail in runtime when tcp handler is specified.
+                                                properties:
+                                                  host:
+                                                    description: "Optional:
+                                                      Host
+                                                      name
+                                                      to
+                                                      connect
+                                                      to,
+                                                      defaults
+                                                      to
+                                                      the
+                                                      pod
+                                                      IP."
+                                                    type: string
+                                                  port:
+                                                    anyOf:
+                                                      - type: integer
+                                                      - type: string
+                                                    description: |-
+                                                      Number or name of the port to access on the container.
+                                                      Number must be in the range 1 to 65535.
+                                                      Name must be an IANA_SVC_NAME.
+                                                    x-kubernetes-int-or-string: true
+                                                required:
+                                                  - port
+                                                type: object
+                                            type: object
+                                        type: object
+                                      livenessProbe:
+                                        description: |-
+                                          Periodic probe of container liveness.
+                                          Container will be restarted if the probe fails.
+                                          Cannot be updated.
+                                          More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+                                        properties:
+                                          exec:
+                                            description: Exec
+                                              specifies
+                                              the
+                                              action
+                                              to
+                                              take.
+                                            properties:
+                                              command:
+                                                description: |-
+                                                  Command is the command line to execute inside the container, the working directory for the
+                                                  command  is root ('/') in the container's filesystem. The command is simply exec'd, it is
+                                                  not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use
+                                                  a shell, you need to explicitly call out to that shell.
+                                                  Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
+                                                items:
+                                                  type: string
+                                                type: array
+                                                x-kubernetes-list-type: atomic
+                                            type: object
+                                          failureThreshold:
+                                            description: |-
+                                              Minimum consecutive failures for the probe to be considered failed after having succeeded.
+                                              Defaults to 3. Minimum value is 1.
+                                            format: int32
+                                            type: integer
+                                          grpc:
+                                            description: GRPC
+                                              specifies
+                                              an
+                                              action
+                                              involving
+                                              a
+                                              GRPC
+                                              port.
+                                            properties:
+                                              port:
+                                                description: Port
+                                                  number
+                                                  of
+                                                  the
+                                                  gRPC
+                                                  service.
+                                                  Number
+                                                  must
+                                                  be
+                                                  in
+                                                  the
+                                                  range
+                                                  1
+                                                  to
+                                                  65535.
+                                                format: int32
+                                                type: integer
+                                              service:
+                                                description: |-
+                                                  Service is the name of the service to place in the gRPC HealthCheckRequest
+                                                  (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
+
+
+                                                  If this is not specified, the default behavior is defined by gRPC.
+                                                type: string
+                                            required:
+                                              - port
+                                            type: object
+                                          httpGet:
+                                            description: HTTPGet
+                                              specifies
+                                              the
+                                              http
+                                              request
+                                              to
+                                              perform.
+                                            properties:
+                                              host:
+                                                description: |-
+                                                  Host name to connect to, defaults to the pod IP. You probably want to set
+                                                  "Host" in httpHeaders instead.
+                                                type: string
+                                              httpHeaders:
+                                                description: Custom
+                                                  headers
+                                                  to
+                                                  set
+                                                  in
+                                                  the
+                                                  request.
+                                                  HTTP
+                                                  allows
+                                                  repeated
+                                                  headers.
+                                                items:
+                                                  description: HTTPHeader
+                                                    describes
+                                                    a
+                                                    custom
+                                                    header
+                                                    to
+                                                    be
+                                                    used
+                                                    in
+                                                    HTTP
+                                                    probes
+                                                  properties:
+                                                    name:
+                                                      description: |-
+                                                        The header field name.
+                                                        This will be canonicalized upon output, so case-variant names will be understood as the same header.
+                                                      type: string
+                                                    value:
+                                                      description: The
+                                                        header
+                                                        field
+                                                        value
+                                                      type: string
+                                                  required:
+                                                    - name
+                                                    - value
+                                                  type: object
+                                                type: array
+                                                x-kubernetes-list-type: atomic
+                                              path:
+                                                description: Path
+                                                  to
+                                                  access
+                                                  on
+                                                  the
+                                                  HTTP
+                                                  server.
+                                                type: string
+                                              port:
+                                                anyOf:
+                                                  - type: integer
+                                                  - type: string
+                                                description: |-
+                                                  Name or number of the port to access on the container.
+                                                  Number must be in the range 1 to 65535.
+                                                  Name must be an IANA_SVC_NAME.
+                                                x-kubernetes-int-or-string: true
+                                              scheme:
+                                                description: |-
+                                                  Scheme to use for connecting to the host.
+                                                  Defaults to HTTP.
+                                                type: string
+                                            required:
+                                              - port
+                                            type: object
+                                          initialDelaySeconds:
+                                            description: |-
+                                              Number of seconds after the container has started before liveness probes are initiated.
+                                              More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+                                            format: int32
+                                            type: integer
+                                          periodSeconds:
+                                            description: |-
+                                              How often (in seconds) to perform the probe.
+                                              Default to 10 seconds. Minimum value is 1.
+                                            format: int32
+                                            type: integer
+                                          successThreshold:
+                                            description: |-
+                                              Minimum consecutive successes for the probe to be considered successful after having failed.
+                                              Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.
+                                            format: int32
+                                            type: integer
+                                          tcpSocket:
+                                            description: TCPSocket
+                                              specifies
+                                              an
+                                              action
+                                              involving
+                                              a
+                                              TCP
+                                              port.
+                                            properties:
+                                              host:
+                                                description: "Optional:
+                                                  Host
+                                                  name
+                                                  to
+                                                  connect
+                                                  to,
+                                                  defaults
+                                                  to
+                                                  the
+                                                  pod
+                                                  IP."
+                                                type: string
+                                              port:
+                                                anyOf:
+                                                  - type: integer
+                                                  - type: string
+                                                description: |-
+                                                  Number or name of the port to access on the container.
+                                                  Number must be in the range 1 to 65535.
+                                                  Name must be an IANA_SVC_NAME.
+                                                x-kubernetes-int-or-string: true
+                                            required:
+                                              - port
+                                            type: object
+                                          terminationGracePeriodSeconds:
+                                            description: |-
+                                              Optional duration in seconds the pod needs to terminate gracefully upon probe failure.
+                                              The grace period is the duration in seconds after the processes running in the pod are sent
+                                              a termination signal and the time when the processes are forcibly halted with a kill signal.
+                                              Set this value longer than the expected cleanup time for your process.
+                                              If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this
+                                              value overrides the value provided by the pod spec.
+                                              Value must be non-negative integer. The value zero indicates stop immediately via
+                                              the kill signal (no opportunity to shut down).
+                                              This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate.
+                                              Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.
+                                            format: int64
+                                            type: integer
+                                          timeoutSeconds:
+                                            description: |-
+                                              Number of seconds after which the probe times out.
+                                              Defaults to 1 second. Minimum value is 1.
+                                              More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+                                            format: int32
+                                            type: integer
+                                        type: object
+                                      name:
+                                        description: |-
+                                          Name of the container specified as a DNS_LABEL.
+                                          Each container in a pod must have a unique name (DNS_LABEL).
+                                          Cannot be updated.
+                                        type: string
+                                      ports:
+                                        description: |-
+                                          List of ports to expose from the container. Not specifying a port here
+                                          DOES NOT prevent that port from being exposed. Any port which is
+                                          listening on the default "0.0.0.0" address inside a container will be
+                                          accessible from the network.
+                                          Modifying this array with strategic merge patch may corrupt the data.
+                                          For more information See https://github.com/kubernetes/kubernetes/issues/108255.
+                                          Cannot be updated.
+                                        items:
+                                          description: ContainerPort
+                                            represents
+                                            a
+                                            network
+                                            port
+                                            in
+                                            a
+                                            single
+                                            container.
+                                          properties:
+                                            containerPort:
+                                              description: |-
+                                                Number of port to expose on the pod's IP address.
+                                                This must be a valid port number, 0 < x < 65536.
+                                              format: int32
+                                              type: integer
+                                            hostIP:
+                                              description: What
+                                                host
+                                                IP
+                                                to
+                                                bind
+                                                the
+                                                external
+                                                port
+                                                to.
+                                              type: string
+                                            hostPort:
+                                              description: |-
+                                                Number of port to expose on the host.
+                                                If specified, this must be a valid port number, 0 < x < 65536.
+                                                If HostNetwork is specified, this must match ContainerPort.
+                                                Most containers do not need this.
+                                              format: int32
+                                              type: integer
+                                            name:
+                                              description: |-
+                                                If specified, this must be an IANA_SVC_NAME and unique within the pod. Each
+                                                named port in a pod must have a unique name. Name for the port that can be
+                                                referred to by services.
+                                              type: string
+                                            protocol:
+                                              default: TCP
+                                              description: |-
+                                                Protocol for port. Must be UDP, TCP, or SCTP.
+                                                Defaults to "TCP".
+                                              type: string
+                                          required:
+                                            - containerPort
+                                          type: object
+                                        type: array
+                                        x-kubernetes-list-map-keys:
+                                          - containerPort
+                                          - protocol
+                                        x-kubernetes-list-type: map
+                                      readinessProbe:
+                                        description: |-
+                                          Periodic probe of container service readiness.
+                                          Container will be removed from service endpoints if the probe fails.
+                                          Cannot be updated.
+                                          More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+                                        properties:
+                                          exec:
+                                            description: Exec
+                                              specifies
+                                              the
+                                              action
+                                              to
+                                              take.
+                                            properties:
+                                              command:
+                                                description: |-
+                                                  Command is the command line to execute inside the container, the working directory for the
+                                                  command  is root ('/') in the container's filesystem. The command is simply exec'd, it is
+                                                  not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use
+                                                  a shell, you need to explicitly call out to that shell.
+                                                  Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
+                                                items:
+                                                  type: string
+                                                type: array
+                                                x-kubernetes-list-type: atomic
+                                            type: object
+                                          failureThreshold:
+                                            description: |-
+                                              Minimum consecutive failures for the probe to be considered failed after having succeeded.
+                                              Defaults to 3. Minimum value is 1.
+                                            format: int32
+                                            type: integer
+                                          grpc:
+                                            description: GRPC
+                                              specifies
+                                              an
+                                              action
+                                              involving
+                                              a
+                                              GRPC
+                                              port.
+                                            properties:
+                                              port:
+                                                description: Port
+                                                  number
+                                                  of
+                                                  the
+                                                  gRPC
+                                                  service.
+                                                  Number
+                                                  must
+                                                  be
+                                                  in
+                                                  the
+                                                  range
+                                                  1
+                                                  to
+                                                  65535.
+                                                format: int32
+                                                type: integer
+                                              service:
+                                                description: |-
+                                                  Service is the name of the service to place in the gRPC HealthCheckRequest
+                                                  (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
+
+
+                                                  If this is not specified, the default behavior is defined by gRPC.
+                                                type: string
+                                            required:
+                                              - port
+                                            type: object
+                                          httpGet:
+                                            description: HTTPGet
+                                              specifies
+                                              the
+                                              http
+                                              request
+                                              to
+                                              perform.
+                                            properties:
+                                              host:
+                                                description: |-
+                                                  Host name to connect to, defaults to the pod IP. You probably want to set
+                                                  "Host" in httpHeaders instead.
+                                                type: string
+                                              httpHeaders:
+                                                description: Custom
+                                                  headers
+                                                  to
+                                                  set
+                                                  in
+                                                  the
+                                                  request.
+                                                  HTTP
+                                                  allows
+                                                  repeated
+                                                  headers.
+                                                items:
+                                                  description: HTTPHeader
+                                                    describes
+                                                    a
+                                                    custom
+                                                    header
+                                                    to
+                                                    be
+                                                    used
+                                                    in
+                                                    HTTP
+                                                    probes
+                                                  properties:
+                                                    name:
+                                                      description: |-
+                                                        The header field name.
+                                                        This will be canonicalized upon output, so case-variant names will be understood as the same header.
+                                                      type: string
+                                                    value:
+                                                      description: The
+                                                        header
+                                                        field
+                                                        value
+                                                      type: string
+                                                  required:
+                                                    - name
+                                                    - value
+                                                  type: object
+                                                type: array
+                                                x-kubernetes-list-type: atomic
+                                              path:
+                                                description: Path
+                                                  to
+                                                  access
+                                                  on
+                                                  the
+                                                  HTTP
+                                                  server.
+                                                type: string
+                                              port:
+                                                anyOf:
+                                                  - type: integer
+                                                  - type: string
+                                                description: |-
+                                                  Name or number of the port to access on the container.
+                                                  Number must be in the range 1 to 65535.
+                                                  Name must be an IANA_SVC_NAME.
+                                                x-kubernetes-int-or-string: true
+                                              scheme:
+                                                description: |-
+                                                  Scheme to use for connecting to the host.
+                                                  Defaults to HTTP.
+                                                type: string
+                                            required:
+                                              - port
+                                            type: object
+                                          initialDelaySeconds:
+                                            description: |-
+                                              Number of seconds after the container has started before liveness probes are initiated.
+                                              More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+                                            format: int32
+                                            type: integer
+                                          periodSeconds:
+                                            description: |-
+                                              How often (in seconds) to perform the probe.
+                                              Default to 10 seconds. Minimum value is 1.
+                                            format: int32
+                                            type: integer
+                                          successThreshold:
+                                            description: |-
+                                              Minimum consecutive successes for the probe to be considered successful after having failed.
+                                              Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.
+                                            format: int32
+                                            type: integer
+                                          tcpSocket:
+                                            description: TCPSocket
+                                              specifies
+                                              an
+                                              action
+                                              involving
+                                              a
+                                              TCP
+                                              port.
+                                            properties:
+                                              host:
+                                                description: "Optional:
+                                                  Host
+                                                  name
+                                                  to
+                                                  connect
+                                                  to,
+                                                  defaults
+                                                  to
+                                                  the
+                                                  pod
+                                                  IP."
+                                                type: string
+                                              port:
+                                                anyOf:
+                                                  - type: integer
+                                                  - type: string
+                                                description: |-
+                                                  Number or name of the port to access on the container.
+                                                  Number must be in the range 1 to 65535.
+                                                  Name must be an IANA_SVC_NAME.
+                                                x-kubernetes-int-or-string: true
+                                            required:
+                                              - port
+                                            type: object
+                                          terminationGracePeriodSeconds:
+                                            description: |-
+                                              Optional duration in seconds the pod needs to terminate gracefully upon probe failure.
+                                              The grace period is the duration in seconds after the processes running in the pod are sent
+                                              a termination signal and the time when the processes are forcibly halted with a kill signal.
+                                              Set this value longer than the expected cleanup time for your process.
+                                              If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this
+                                              value overrides the value provided by the pod spec.
+                                              Value must be non-negative integer. The value zero indicates stop immediately via
+                                              the kill signal (no opportunity to shut down).
+                                              This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate.
+                                              Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.
+                                            format: int64
+                                            type: integer
+                                          timeoutSeconds:
+                                            description: |-
+                                              Number of seconds after which the probe times out.
+                                              Defaults to 1 second. Minimum value is 1.
+                                              More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+                                            format: int32
+                                            type: integer
+                                        type: object
+                                      resizePolicy:
+                                        description: Resources
+                                          resize
+                                          policy
+                                          for
+                                          the
+                                          container.
+                                        items:
+                                          description: ContainerResizePolicy
+                                            represents
+                                            resource
+                                            resize
+                                            policy
+                                            for
+                                            the
+                                            container.
+                                          properties:
+                                            resourceName:
+                                              description: |-
+                                                Name of the resource to which this resource resize policy applies.
+                                                Supported values: cpu, memory.
+                                              type: string
+                                            restartPolicy:
+                                              description: |-
+                                                Restart policy to apply when specified resource is resized.
+                                                If not specified, it defaults to NotRequired.
+                                              type: string
+                                          required:
+                                            - resourceName
+                                            - restartPolicy
+                                          type: object
+                                        type: array
+                                        x-kubernetes-list-type: atomic
+                                      resources:
+                                        description: |-
+                                          Compute Resources required by this container.
+                                          Cannot be updated.
+                                          More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+                                        properties:
+                                          claims:
+                                            description: |-
+                                              Claims lists the names of resources, defined in spec.resourceClaims,
+                                              that are used by this container.
+
+
+                                              This is an alpha field and requires enabling the
+                                              DynamicResourceAllocation feature gate.
+
+
+                                              This field is immutable. It can only be set for containers.
+                                            items:
+                                              description: ResourceClaim
+                                                references
+                                                one
+                                                entry
+                                                in
+                                                PodSpec.ResourceClaims.
+                                              properties:
+                                                name:
+                                                  description: |-
+                                                    Name must match the name of one entry in pod.spec.resourceClaims of
+                                                    the Pod where this field is used. It makes that resource available
+                                                    inside a container.
+                                                  type: string
+                                              required:
+                                                - name
+                                              type: object
+                                            type: array
+                                            x-kubernetes-list-map-keys:
+                                              - name
+                                            x-kubernetes-list-type: map
+                                          limits:
+                                            additionalProperties:
+                                              anyOf:
+                                                - type: integer
+                                                - type: string
+                                              pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                              x-kubernetes-int-or-string: true
+                                            description: |-
+                                              Limits describes the maximum amount of compute resources allowed.
+                                              More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+                                            type: object
+                                          requests:
+                                            additionalProperties:
+                                              anyOf:
+                                                - type: integer
+                                                - type: string
+                                              pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                              x-kubernetes-int-or-string: true
+                                            description: |-
+                                              Requests describes the minimum amount of compute resources required.
+                                              If Requests is omitted for a container, it defaults to Limits if that is explicitly specified,
+                                              otherwise to an implementation-defined value. Requests cannot exceed Limits.
+                                              More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+                                            type: object
+                                        type: object
+                                      restartPolicy:
+                                        description: |-
+                                          RestartPolicy defines the restart behavior of individual containers in a pod.
+                                          This field may only be set for init containers, and the only allowed value is "Always".
+                                          For non-init containers or when this field is not specified,
+                                          the restart behavior is defined by the Pod's restart policy and the container type.
+                                          Setting the RestartPolicy as "Always" for the init container will have the following effect:
+                                          this init container will be continually restarted on
+                                          exit until all regular containers have terminated. Once all regular
+                                          containers have completed, all init containers with restartPolicy "Always"
+                                          will be shut down. This lifecycle differs from normal init containers and
+                                          is often referred to as a "sidecar" container. Although this init
+                                          container still starts in the init container sequence, it does not wait
+                                          for the container to complete before proceeding to the next init
+                                          container. Instead, the next init container starts immediately after this
+                                          init container is started, or after any startupProbe has successfully
+                                          completed.
+                                        type: string
+                                      securityContext:
+                                        description: |-
+                                          SecurityContext defines the security options the container should be run with.
+                                          If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext.
+                                          More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
+                                        properties:
+                                          allowPrivilegeEscalation:
+                                            description: |-
+                                              AllowPrivilegeEscalation controls whether a process can gain more
+                                              privileges than its parent process. This bool directly controls if
+                                              the no_new_privs flag will be set on the container process.
+                                              AllowPrivilegeEscalation is true always when the container is:
+                                              1) run as Privileged
+                                              2) has CAP_SYS_ADMIN
+                                              Note that this field cannot be set when spec.os.name is windows.
+                                            type: boolean
+                                          appArmorProfile:
+                                            description: |-
+                                              appArmorProfile is the AppArmor options to use by this container. If set, this profile
+                                              overrides the pod's appArmorProfile.
+                                              Note that this field cannot be set when spec.os.name is windows.
+                                            properties:
+                                              localhostProfile:
+                                                description: |-
+                                                  localhostProfile indicates a profile loaded on the node that should be used.
+                                                  The profile must be preconfigured on the node to work.
+                                                  Must match the loaded name of the profile.
+                                                  Must be set if and only if type is "Localhost".
+                                                type: string
+                                              type:
+                                                description: |-
+                                                  type indicates which kind of AppArmor profile will be applied.
+                                                  Valid options are:
+                                                    Localhost - a profile pre-loaded on the node.
+                                                    RuntimeDefault - the container runtime's default profile.
+                                                    Unconfined - no AppArmor enforcement.
+                                                type: string
+                                            required:
+                                              - type
+                                            type: object
+                                          capabilities:
+                                            description: |-
+                                              The capabilities to add/drop when running containers.
+                                              Defaults to the default set of capabilities granted by the container runtime.
+                                              Note that this field cannot be set when spec.os.name is windows.
+                                            properties:
+                                              add:
+                                                description: Added
+                                                  capabilities
+                                                items:
+                                                  description: Capability
+                                                    represent
+                                                    POSIX
+                                                    capabilities
+                                                    type
+                                                  type: string
+                                                type: array
+                                                x-kubernetes-list-type: atomic
+                                              drop:
+                                                description: Removed
+                                                  capabilities
+                                                items:
+                                                  description: Capability
+                                                    represent
+                                                    POSIX
+                                                    capabilities
+                                                    type
+                                                  type: string
+                                                type: array
+                                                x-kubernetes-list-type: atomic
+                                            type: object
+                                          privileged:
+                                            description: |-
+                                              Run container in privileged mode.
+                                              Processes in privileged containers are essentially equivalent to root on the host.
+                                              Defaults to false.
+                                              Note that this field cannot be set when spec.os.name is windows.
+                                            type: boolean
+                                          procMount:
+                                            description: |-
+                                              procMount denotes the type of proc mount to use for the containers.
+                                              The default is DefaultProcMount which uses the container runtime defaults for
+                                              readonly paths and masked paths.
+                                              This requires the ProcMountType feature flag to be enabled.
+                                              Note that this field cannot be set when spec.os.name is windows.
+                                            type: string
+                                          readOnlyRootFilesystem:
+                                            description: |-
+                                              Whether this container has a read-only root filesystem.
+                                              Default is false.
+                                              Note that this field cannot be set when spec.os.name is windows.
+                                            type: boolean
+                                          runAsGroup:
+                                            description: |-
+                                              The GID to run the entrypoint of the container process.
+                                              Uses runtime default if unset.
+                                              May also be set in PodSecurityContext.  If set in both SecurityContext and
+                                              PodSecurityContext, the value specified in SecurityContext takes precedence.
+                                              Note that this field cannot be set when spec.os.name is windows.
+                                            format: int64
+                                            type: integer
+                                          runAsNonRoot:
+                                            description: |-
+                                              Indicates that the container must run as a non-root user.
+                                              If true, the Kubelet will validate the image at runtime to ensure that it
+                                              does not run as UID 0 (root) and fail to start the container if it does.
+                                              If unset or false, no such validation will be performed.
+                                              May also be set in PodSecurityContext.  If set in both SecurityContext and
+                                              PodSecurityContext, the value specified in SecurityContext takes precedence.
+                                            type: boolean
+                                          runAsUser:
+                                            description: |-
+                                              The UID to run the entrypoint of the container process.
+                                              Defaults to user specified in image metadata if unspecified.
+                                              May also be set in PodSecurityContext.  If set in both SecurityContext and
+                                              PodSecurityContext, the value specified in SecurityContext takes precedence.
+                                              Note that this field cannot be set when spec.os.name is windows.
+                                            format: int64
+                                            type: integer
+                                          seLinuxOptions:
+                                            description: |-
+                                              The SELinux context to be applied to the container.
+                                              If unspecified, the container runtime will allocate a random SELinux context for each
+                                              container.  May also be set in PodSecurityContext.  If set in both SecurityContext and
+                                              PodSecurityContext, the value specified in SecurityContext takes precedence.
+                                              Note that this field cannot be set when spec.os.name is windows.
+                                            properties:
+                                              level:
+                                                description: Level
+                                                  is
+                                                  SELinux
+                                                  level
+                                                  label
+                                                  that
+                                                  applies
+                                                  to
+                                                  the
+                                                  container.
+                                                type: string
+                                              role:
+                                                description: Role
+                                                  is
+                                                  a
+                                                  SELinux
+                                                  role
+                                                  label
+                                                  that
+                                                  applies
+                                                  to
+                                                  the
+                                                  container.
+                                                type: string
+                                              type:
+                                                description: Type
+                                                  is
+                                                  a
+                                                  SELinux
+                                                  type
+                                                  label
+                                                  that
+                                                  applies
+                                                  to
+                                                  the
+                                                  container.
+                                                type: string
+                                              user:
+                                                description: User
+                                                  is
+                                                  a
+                                                  SELinux
+                                                  user
+                                                  label
+                                                  that
+                                                  applies
+                                                  to
+                                                  the
+                                                  container.
+                                                type: string
+                                            type: object
+                                          seccompProfile:
+                                            description: |-
+                                              The seccomp options to use by this container. If seccomp options are
+                                              provided at both the pod & container level, the container options
+                                              override the pod options.
+                                              Note that this field cannot be set when spec.os.name is windows.
+                                            properties:
+                                              localhostProfile:
+                                                description: |-
+                                                  localhostProfile indicates a profile defined in a file on the node should be used.
+                                                  The profile must be preconfigured on the node to work.
+                                                  Must be a descending path, relative to the kubelet's configured seccomp profile location.
+                                                  Must be set if type is "Localhost". Must NOT be set for any other type.
+                                                type: string
+                                              type:
+                                                description: |-
+                                                  type indicates which kind of seccomp profile will be applied.
+                                                  Valid options are:
+
+
+                                                  Localhost - a profile defined in a file on the node should be used.
+                                                  RuntimeDefault - the container runtime default profile should be used.
+                                                  Unconfined - no profile should be applied.
+                                                type: string
+                                            required:
+                                              - type
+                                            type: object
+                                          windowsOptions:
+                                            description: |-
+                                              The Windows specific settings applied to all containers.
+                                              If unspecified, the options from the PodSecurityContext will be used.
+                                              If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
+                                              Note that this field cannot be set when spec.os.name is linux.
+                                            properties:
+                                              gmsaCredentialSpec:
+                                                description: |-
+                                                  GMSACredentialSpec is where the GMSA admission webhook
+                                                  (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the
+                                                  GMSA credential spec named by the GMSACredentialSpecName field.
+                                                type: string
+                                              gmsaCredentialSpecName:
+                                                description:
+                                                  GMSACredentialSpecName
+                                                  is
+                                                  the
+                                                  name
+                                                  of
+                                                  the
+                                                  GMSA
+                                                  credential
+                                                  spec
+                                                  to
+                                                  use.
+                                                type: string
+                                              hostProcess:
+                                                description: |-
+                                                  HostProcess determines if a container should be run as a 'Host Process' container.
+                                                  All of a Pod's containers must have the same effective HostProcess value
+                                                  (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers).
+                                                  In addition, if HostProcess is true then HostNetwork must also be set to true.
+                                                type: boolean
+                                              runAsUserName:
+                                                description: |-
+                                                  The UserName in Windows to run the entrypoint of the container process.
+                                                  Defaults to the user specified in image metadata if unspecified.
+                                                  May also be set in PodSecurityContext. If set in both SecurityContext and
+                                                  PodSecurityContext, the value specified in SecurityContext takes precedence.
+                                                type: string
+                                            type: object
+                                        type: object
+                                      startupProbe:
+                                        description: |-
+                                          StartupProbe indicates that the Pod has successfully initialized.
+                                          If specified, no other probes are executed until this completes successfully.
+                                          If this probe fails, the Pod will be restarted, just as if the livenessProbe failed.
+                                          This can be used to provide different probe parameters at the beginning of a Pod's lifecycle,
+                                          when it might take a long time to load data or warm a cache, than during steady-state operation.
+                                          This cannot be updated.
+                                          More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+                                        properties:
+                                          exec:
+                                            description: Exec
+                                              specifies
+                                              the
+                                              action
+                                              to
+                                              take.
+                                            properties:
+                                              command:
+                                                description: |-
+                                                  Command is the command line to execute inside the container, the working directory for the
+                                                  command  is root ('/') in the container's filesystem. The command is simply exec'd, it is
+                                                  not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use
+                                                  a shell, you need to explicitly call out to that shell.
+                                                  Exit status of 0 is treated as live/healthy and non-zero is unhealthy.
+                                                items:
+                                                  type: string
+                                                type: array
+                                                x-kubernetes-list-type: atomic
+                                            type: object
+                                          failureThreshold:
+                                            description: |-
+                                              Minimum consecutive failures for the probe to be considered failed after having succeeded.
+                                              Defaults to 3. Minimum value is 1.
+                                            format: int32
+                                            type: integer
+                                          grpc:
+                                            description: GRPC
+                                              specifies
+                                              an
+                                              action
+                                              involving
+                                              a
+                                              GRPC
+                                              port.
+                                            properties:
+                                              port:
+                                                description: Port
+                                                  number
+                                                  of
+                                                  the
+                                                  gRPC
+                                                  service.
+                                                  Number
+                                                  must
+                                                  be
+                                                  in
+                                                  the
+                                                  range
+                                                  1
+                                                  to
+                                                  65535.
+                                                format: int32
+                                                type: integer
+                                              service:
+                                                description: |-
+                                                  Service is the name of the service to place in the gRPC HealthCheckRequest
+                                                  (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
+
+
+                                                  If this is not specified, the default behavior is defined by gRPC.
+                                                type: string
+                                            required:
+                                              - port
+                                            type: object
+                                          httpGet:
+                                            description: HTTPGet
+                                              specifies
+                                              the
+                                              http
+                                              request
+                                              to
+                                              perform.
+                                            properties:
+                                              host:
+                                                description: |-
+                                                  Host name to connect to, defaults to the pod IP. You probably want to set
+                                                  "Host" in httpHeaders instead.
+                                                type: string
+                                              httpHeaders:
+                                                description: Custom
+                                                  headers
+                                                  to
+                                                  set
+                                                  in
+                                                  the
+                                                  request.
+                                                  HTTP
+                                                  allows
+                                                  repeated
+                                                  headers.
+                                                items:
+                                                  description: HTTPHeader
+                                                    describes
+                                                    a
+                                                    custom
+                                                    header
+                                                    to
+                                                    be
+                                                    used
+                                                    in
+                                                    HTTP
+                                                    probes
+                                                  properties:
+                                                    name:
+                                                      description: |-
+                                                        The header field name.
+                                                        This will be canonicalized upon output, so case-variant names will be understood as the same header.
+                                                      type: string
+                                                    value:
+                                                      description: The
+                                                        header
+                                                        field
+                                                        value
+                                                      type: string
+                                                  required:
+                                                    - name
+                                                    - value
+                                                  type: object
+                                                type: array
+                                                x-kubernetes-list-type: atomic
+                                              path:
+                                                description: Path
+                                                  to
+                                                  access
+                                                  on
+                                                  the
+                                                  HTTP
+                                                  server.
+                                                type: string
+                                              port:
+                                                anyOf:
+                                                  - type: integer
+                                                  - type: string
+                                                description: |-
+                                                  Name or number of the port to access on the container.
+                                                  Number must be in the range 1 to 65535.
+                                                  Name must be an IANA_SVC_NAME.
+                                                x-kubernetes-int-or-string: true
+                                              scheme:
+                                                description: |-
+                                                  Scheme to use for connecting to the host.
+                                                  Defaults to HTTP.
+                                                type: string
+                                            required:
+                                              - port
+                                            type: object
+                                          initialDelaySeconds:
+                                            description: |-
+                                              Number of seconds after the container has started before liveness probes are initiated.
+                                              More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+                                            format: int32
+                                            type: integer
+                                          periodSeconds:
+                                            description: |-
+                                              How often (in seconds) to perform the probe.
+                                              Default to 10 seconds. Minimum value is 1.
+                                            format: int32
+                                            type: integer
+                                          successThreshold:
+                                            description: |-
+                                              Minimum consecutive successes for the probe to be considered successful after having failed.
+                                              Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1.
+                                            format: int32
+                                            type: integer
+                                          tcpSocket:
+                                            description: TCPSocket
+                                              specifies
+                                              an
+                                              action
+                                              involving
+                                              a
+                                              TCP
+                                              port.
+                                            properties:
+                                              host:
+                                                description: "Optional:
+                                                  Host
+                                                  name
+                                                  to
+                                                  connect
+                                                  to,
+                                                  defaults
+                                                  to
+                                                  the
+                                                  pod
+                                                  IP."
+                                                type: string
+                                              port:
+                                                anyOf:
+                                                  - type: integer
+                                                  - type: string
+                                                description: |-
+                                                  Number or name of the port to access on the container.
+                                                  Number must be in the range 1 to 65535.
+                                                  Name must be an IANA_SVC_NAME.
+                                                x-kubernetes-int-or-string: true
+                                            required:
+                                              - port
+                                            type: object
+                                          terminationGracePeriodSeconds:
+                                            description: |-
+                                              Optional duration in seconds the pod needs to terminate gracefully upon probe failure.
+                                              The grace period is the duration in seconds after the processes running in the pod are sent
+                                              a termination signal and the time when the processes are forcibly halted with a kill signal.
+                                              Set this value longer than the expected cleanup time for your process.
+                                              If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this
+                                              value overrides the value provided by the pod spec.
+                                              Value must be non-negative integer. The value zero indicates stop immediately via
+                                              the kill signal (no opportunity to shut down).
+                                              This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate.
+                                              Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset.
+                                            format: int64
+                                            type: integer
+                                          timeoutSeconds:
+                                            description: |-
+                                              Number of seconds after which the probe times out.
+                                              Defaults to 1 second. Minimum value is 1.
+                                              More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+                                            format: int32
+                                            type: integer
+                                        type: object
+                                      stdin:
+                                        description: |-
+                                          Whether this container should allocate a buffer for stdin in the container runtime. If this
+                                          is not set, reads from stdin in the container will always result in EOF.
+                                          Default is false.
+                                        type: boolean
+                                      stdinOnce:
+                                        description: |-
+                                          Whether the container runtime should close the stdin channel after it has been opened by
+                                          a single attach. When stdin is true the stdin stream will remain open across multiple attach
+                                          sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the
+                                          first client attaches to stdin, and then remains open and accepts data until the client disconnects,
+                                          at which time stdin is closed and remains closed until the container is restarted. If this
+                                          flag is false, a container processes that reads from stdin will never receive an EOF.
+                                          Default is false
+                                        type: boolean
+                                      terminationMessagePath:
+                                        description: |-
+                                          Optional: Path at which the file to which the container's termination message
+                                          will be written is mounted into the container's filesystem.
+                                          Message written is intended to be brief final status, such as an assertion failure message.
+                                          Will be truncated by the node if greater than 4096 bytes. The total message length across
+                                          all containers will be limited to 12kb.
+                                          Defaults to /dev/termination-log.
+                                          Cannot be updated.
+                                        type: string
+                                      terminationMessagePolicy:
+                                        description: |-
+                                          Indicate how the termination message should be populated. File will use the contents of
+                                          terminationMessagePath to populate the container status message on both success and failure.
+                                          FallbackToLogsOnError will use the last chunk of container log output if the termination
+                                          message file is empty and the container exited with an error.
+                                          The log output is limited to 2048 bytes or 80 lines, whichever is smaller.
+                                          Defaults to File.
+                                          Cannot be updated.
+                                        type: string
+                                      tty:
+                                        description: |-
+                                          Whether this container should allocate a TTY for itself, also requires 'stdin' to be true.
+                                          Default is false.
+                                        type: boolean
+                                      volumeDevices:
+                                        description: volumeDevices
+                                          is
+                                          the
+                                          list
+                                          of
+                                          block
+                                          devices
+                                          to
+                                          be
+                                          used
+                                          by
+                                          the
+                                          container.
+                                        items:
+                                          description: volumeDevice
+                                            describes
+                                            a
+                                            mapping
+                                            of
+                                            a
+                                            raw
+                                            block
+                                            device
+                                            within
+                                            a
+                                            container.
+                                          properties:
+                                            devicePath:
+                                              description: devicePath
+                                                is
+                                                the
+                                                path
+                                                inside
+                                                of
+                                                the
+                                                container
+                                                that
+                                                the
+                                                device
+                                                will
+                                                be
+                                                mapped
+                                                to.
+                                              type: string
+                                            name:
+                                              description: name
+                                                must
+                                                match
+                                                the
+                                                name
+                                                of
+                                                a
+                                                persistentVolumeClaim
+                                                in
+                                                the
+                                                pod
+                                              type: string
+                                          required:
+                                            - devicePath
+                                            - name
+                                          type: object
+                                        type: array
+                                        x-kubernetes-list-map-keys:
+                                          - devicePath
+                                        x-kubernetes-list-type: map
+                                      volumeMounts:
+                                        description: |-
+                                          Pod volumes to mount into the container's filesystem.
+                                          Cannot be updated.
+                                        items:
+                                          description: VolumeMount
+                                            describes
+                                            a
+                                            mounting
+                                            of
+                                            a
+                                            Volume
+                                            within
+                                            a
+                                            container.
+                                          properties:
+                                            mountPath:
+                                              description: |-
+                                                Path within the container at which the volume should be mounted.  Must
+                                                not contain ':'.
+                                              type: string
+                                            mountPropagation:
+                                              description: |-
+                                                mountPropagation determines how mounts are propagated from the host
+                                                to container and the other way around.
+                                                When not set, MountPropagationNone is used.
+                                                This field is beta in 1.10.
+                                                When RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified
+                                                (which defaults to None).
+                                              type: string
+                                            name:
+                                              description: This
+                                                must
+                                                match
+                                                the
+                                                Name
+                                                of
+                                                a
+                                                Volume.
+                                              type: string
+                                            readOnly:
+                                              description: |-
+                                                Mounted read-only if true, read-write otherwise (false or unspecified).
+                                                Defaults to false.
+                                              type: boolean
+                                            recursiveReadOnly:
+                                              description: |-
+                                                RecursiveReadOnly specifies whether read-only mounts should be handled
+                                                recursively.
+
+
+                                                If ReadOnly is false, this field has no meaning and must be unspecified.
+
+
+                                                If ReadOnly is true, and this field is set to Disabled, the mount is not made
+                                                recursively read-only.  If this field is set to IfPossible, the mount is made
+                                                recursively read-only, if it is supported by the container runtime.  If this
+                                                field is set to Enabled, the mount is made recursively read-only if it is
+                                                supported by the container runtime, otherwise the pod will not be started and
+                                                an error will be generated to indicate the reason.
+
+
+                                                If this field is set to IfPossible or Enabled, MountPropagation must be set to
+                                                None (or be unspecified, which defaults to None).
+
+
+                                                If this field is not specified, it is treated as an equivalent of Disabled.
+                                              type: string
+                                            subPath:
+                                              description: |-
+                                                Path within the volume from which the container's volume should be mounted.
+                                                Defaults to "" (volume's root).
+                                              type: string
+                                            subPathExpr:
+                                              description: |-
+                                                Expanded path within the volume from which the container's volume should be mounted.
+                                                Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment.
+                                                Defaults to "" (volume's root).
+                                                SubPathExpr and SubPath are mutually exclusive.
+                                              type: string
+                                          required:
+                                            - mountPath
+                                            - name
+                                          type: object
+                                        type: array
+                                        x-kubernetes-list-map-keys:
+                                          - mountPath
+                                        x-kubernetes-list-type: map
+                                      workingDir:
+                                        description: |-
+                                          Container's working directory.
+                                          If not specified, the container runtime's default will be used, which
+                                          might be configured in the container image.
+                                          Cannot be updated.
+                                        type: string
+                                    required:
+                                      - name
+                                    type: object
+                                  type: array
+                                nodeName:
+                                  description: NodeName
+                                    is a request to
+                                    schedule this
+                                    pod onto a specific
+                                    node.
+                                  type: string
+                                nodeSelector:
+                                  additionalProperties:
+                                    type: string
+                                  description: NodeSelector
+                                    is a selector
+                                    which must be
+                                    true for the pod
+                                    to fit on a node.
+                                  type: object
+                                overhead:
+                                  additionalProperties:
+                                    anyOf:
+                                      - type: integer
+                                      - type: string
+                                    pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                    x-kubernetes-int-or-string: true
+                                  description: Overhead
+                                    represents the
+                                    resource overhead
+                                    associated with
+                                    running a pod
+                                    for a given RuntimeClass.
+                                  type: object
+                                preemptionPolicy:
+                                  description: |-
+                                    PreemptionPolicy is the Policy for preempting pods with lower priority.
+                                    One of Never, PreemptLowerPriority.
+                                    Defaults to PreemptLowerPriority if unset. (default: PreemptLowerPriority)
+                                  type: string
+                                priority:
+                                  description: |-
+                                    The priority value. Various system components use this field to find the
+                                    priority of the pod.
+                                  format: int32
+                                  type: integer
+                                priorityClassName:
+                                  description: If specified,
+                                    indicates the
+                                    pod's priority.
+                                  type: string
+                                readinessGates:
+                                  description: If specified,
+                                    all readiness
+                                    gates will be
+                                    evaluated for
+                                    pod readiness.
+                                  items:
+                                    description: PodReadinessGate
+                                      contains the
+                                      reference
+                                      to a pod condition
+                                    properties:
+                                      conditionType:
+                                        description: ConditionType
+                                          refers
+                                          to
+                                          a
+                                          condition
+                                          in
+                                          the
+                                          pod's
+                                          condition
+                                          list
+                                          with
+                                          matching
+                                          type.
+                                        type: string
+                                    required:
+                                      - conditionType
+                                    type: object
+                                  type: array
+                                restartPolicy:
+                                  description: |-
+                                    Restart policy for all containers within the pod.
+                                    One of Always, OnFailure, Never.
+                                    Default to Always. (default: Always)
+                                  type: string
+                                runtimeClassName:
+                                  description: |-
+                                    RuntimeClassName refers to a RuntimeClass object in the node.k8s.io group, which should be used
+                                    to run this pod.
+                                  type: string
+                                schedulerName:
+                                  description: |-
+                                    If specified, the pod will be dispatched by specified scheduler.
+                                    If not specified, the pod will be dispatched by default scheduler.
+                                  type: string
+                                securityContext:
+                                  description: |-
+                                    SecurityContext holds pod-level security attributes and common container settings.
+                                    Optional: Defaults to empty.  See type description for default values of each field.
+                                  properties:
+                                    appArmorProfile:
+                                      description: |-
+                                        appArmorProfile is the AppArmor options to use by the containers in this pod.
+                                        Note that this field cannot be set when spec.os.name is windows.
+                                      properties:
+                                        localhostProfile:
+                                          description: |-
+                                            localhostProfile indicates a profile loaded on the node that should be used.
+                                            The profile must be preconfigured on the node to work.
+                                            Must match the loaded name of the profile.
+                                            Must be set if and only if type is "Localhost".
+                                          type: string
+                                        type:
+                                          description: |-
+                                            type indicates which kind of AppArmor profile will be applied.
+                                            Valid options are:
+                                              Localhost - a profile pre-loaded on the node.
+                                              RuntimeDefault - the container runtime's default profile.
+                                              Unconfined - no AppArmor enforcement.
+                                          type: string
+                                      required:
+                                        - type
+                                      type: object
+                                    fsGroup:
+                                      description: |-
+                                        A special supplemental group that applies to all containers in a pod.
+                                        Some volume types allow the Kubelet to change the ownership of that volume
+                                        to be owned by the pod:
+
+
+                                        1. The owning GID will be the FSGroup
+                                        2. The setgid bit is set (new files created in the volume will be owned by FSGroup)
+                                        3. The permission bits are OR'd with rw-rw----
+
+
+                                        If unset, the Kubelet will not modify the ownership and permissions of any volume.
+                                        Note that this field cannot be set when spec.os.name is windows.
+                                      format: int64
+                                      type: integer
+                                    fsGroupChangePolicy:
+                                      description: |-
+                                        fsGroupChangePolicy defines behavior of changing ownership and permission of the volume
+                                        before being exposed inside Pod. This field will only apply to
+                                        volume types which support fsGroup based ownership(and permissions).
+                                        It will have no effect on ephemeral volume types such as: secret, configmaps
+                                        and emptydir.
+                                        Valid values are "OnRootMismatch" and "Always". If not specified, "Always" is used.
+                                        Note that this field cannot be set when spec.os.name is windows.
+                                      type: string
+                                    runAsGroup:
+                                      description: |-
+                                        The GID to run the entrypoint of the container process.
+                                        Uses runtime default if unset.
+                                        May also be set in SecurityContext.  If set in both SecurityContext and
+                                        PodSecurityContext, the value specified in SecurityContext takes precedence
+                                        for that container.
+                                        Note that this field cannot be set when spec.os.name is windows.
+                                      format: int64
+                                      type: integer
+                                    runAsNonRoot:
+                                      description: |-
+                                        Indicates that the container must run as a non-root user.
+                                        If true, the Kubelet will validate the image at runtime to ensure that it
+                                        does not run as UID 0 (root) and fail to start the container if it does.
+                                        If unset or false, no such validation will be performed.
+                                        May also be set in SecurityContext.  If set in both SecurityContext and
+                                        PodSecurityContext, the value specified in SecurityContext takes precedence.
+                                      type: boolean
+                                    runAsUser:
+                                      description: |-
+                                        The UID to run the entrypoint of the container process.
+                                        Defaults to user specified in image metadata if unspecified.
+                                        May also be set in SecurityContext.  If set in both SecurityContext and
+                                        PodSecurityContext, the value specified in SecurityContext takes precedence
+                                        for that container.
+                                        Note that this field cannot be set when spec.os.name is windows.
+                                      format: int64
+                                      type: integer
+                                    seLinuxOptions:
+                                      description: |-
+                                        The SELinux context to be applied to all containers.
+                                        If unspecified, the container runtime will allocate a random SELinux context for each
+                                        container.  May also be set in SecurityContext.  If set in
+                                        both SecurityContext and PodSecurityContext, the value specified in SecurityContext
+                                        takes precedence for that container.
+                                        Note that this field cannot be set when spec.os.name is windows.
+                                      properties:
+                                        level:
+                                          description: Level
+                                            is
+                                            SELinux
+                                            level
+                                            label
+                                            that
+                                            applies
+                                            to
+                                            the
+                                            container.
+                                          type: string
+                                        role:
+                                          description: Role
+                                            is
+                                            a
+                                            SELinux
+                                            role
+                                            label
+                                            that
+                                            applies
+                                            to
+                                            the
+                                            container.
+                                          type: string
+                                        type:
+                                          description: Type
+                                            is
+                                            a
+                                            SELinux
+                                            type
+                                            label
+                                            that
+                                            applies
+                                            to
+                                            the
+                                            container.
+                                          type: string
+                                        user:
+                                          description: User
+                                            is
+                                            a
+                                            SELinux
+                                            user
+                                            label
+                                            that
+                                            applies
+                                            to
+                                            the
+                                            container.
+                                          type: string
+                                      type: object
+                                    seccompProfile:
+                                      description: |-
+                                        The seccomp options to use by the containers in this pod.
+                                        Note that this field cannot be set when spec.os.name is windows.
+                                      properties:
+                                        localhostProfile:
+                                          description: |-
+                                            localhostProfile indicates a profile defined in a file on the node should be used.
+                                            The profile must be preconfigured on the node to work.
+                                            Must be a descending path, relative to the kubelet's configured seccomp profile location.
+                                            Must be set if type is "Localhost". Must NOT be set for any other type.
+                                          type: string
+                                        type:
+                                          description: |-
+                                            type indicates which kind of seccomp profile will be applied.
+                                            Valid options are:
+
+
+                                            Localhost - a profile defined in a file on the node should be used.
+                                            RuntimeDefault - the container runtime default profile should be used.
+                                            Unconfined - no profile should be applied.
+                                          type: string
+                                      required:
+                                        - type
+                                      type: object
+                                    supplementalGroups:
+                                      description: |-
+                                        A list of groups applied to the first process run in each container, in addition
+                                        to the container's primary GID, the fsGroup (if specified), and group memberships
+                                        defined in the container image for the uid of the container process. If unspecified,
+                                        no additional groups are added to any container. Note that group memberships
+                                        defined in the container image for the uid of the container process are still effective,
+                                        even if they are not included in this list.
+                                        Note that this field cannot be set when spec.os.name is windows.
+                                      items:
+                                        format: int64
+                                        type: integer
+                                      type: array
+                                      x-kubernetes-list-type: atomic
+                                    sysctls:
+                                      description: |-
+                                        Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported
+                                        sysctls (by the container runtime) might fail to launch.
+                                        Note that this field cannot be set when spec.os.name is windows.
+                                      items:
+                                        description: Sysctl
+                                          defines
+                                          a
+                                          kernel
+                                          parameter
+                                          to
+                                          be
+                                          set
+                                        properties:
+                                          name:
+                                            description: Name
+                                              of
+                                              a
+                                              property
+                                              to
+                                              set
+                                            type: string
+                                          value:
+                                            description: Value
+                                              of
+                                              a
+                                              property
+                                              to
+                                              set
+                                            type: string
+                                        required:
+                                          - name
+                                          - value
+                                        type: object
+                                      type: array
+                                      x-kubernetes-list-type: atomic
+                                    windowsOptions:
+                                      description: |-
+                                        The Windows specific settings applied to all containers.
+                                        If unspecified, the options within a container's SecurityContext will be used.
+                                        If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
+                                        Note that this field cannot be set when spec.os.name is linux.
+                                      properties:
+                                        gmsaCredentialSpec:
+                                          description: |-
+                                            GMSACredentialSpec is where the GMSA admission webhook
+                                            (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the
+                                            GMSA credential spec named by the GMSACredentialSpecName field.
+                                          type: string
+                                        gmsaCredentialSpecName:
+                                          description: GMSACredentialSpecName
+                                            is
+                                            the
+                                            name
+                                            of
+                                            the
+                                            GMSA
+                                            credential
+                                            spec
+                                            to
+                                            use.
+                                          type: string
+                                        hostProcess:
+                                          description: |-
+                                            HostProcess determines if a container should be run as a 'Host Process' container.
+                                            All of a Pod's containers must have the same effective HostProcess value
+                                            (it is not allowed to have a mix of HostProcess containers and non-HostProcess containers).
+                                            In addition, if HostProcess is true then HostNetwork must also be set to true.
+                                          type: boolean
+                                        runAsUserName:
+                                          description: |-
+                                            The UserName in Windows to run the entrypoint of the container process.
+                                            Defaults to the user specified in image metadata if unspecified.
+                                            May also be set in PodSecurityContext. If set in both SecurityContext and
+                                            PodSecurityContext, the value specified in SecurityContext takes precedence.
+                                          type: string
+                                      type: object
+                                  type: object
+                                serviceAccountName:
+                                  description: ServiceAccountName
+                                    is the name of
+                                    the ServiceAccount
+                                    to use to run
+                                    this pod.
+                                  type: string
+                                setHostnameAsFQDN:
+                                  description: |-
+                                    If true the pod's hostname will be configured as the pod's FQDN, rather than the leaf name (the default).
+                                    Default to false. (default: false)
+                                  type: boolean
+                                shareProcessNamespace:
+                                  description: |-
+                                    Share a single process namespace between all of the containers in a pod.
+                                    HostPID and ShareProcessNamespace cannot both be set.
+                                    Optional: Default to false. (default: false)
+                                  type: boolean
+                                subdomain:
+                                  description: |-
+                                    If specified, the fully qualified Pod hostname will be "<hostname>.<subdomain>.<pod namespace>.svc.<cluster domain>".
+                                    If not specified, the pod will not have a domainname at all.
+                                  type: string
+                                terminationGracePeriodSeconds:
+                                  description: |-
+                                    Optional duration in seconds the pod needs to terminate gracefully.
+                                    Defaults to 30 seconds. (default: 30)
+                                  format: int64
+                                  type: integer
+                                tolerations:
+                                  description: If specified,
+                                    the pod's tolerations.
+                                  items:
+                                    description: |-
+                                      The pod this Toleration is attached to tolerates any taint that matches
+                                      the triple <key,value,effect> using the matching operator <operator>.
+                                    properties:
+                                      effect:
+                                        description: |-
+                                          Effect indicates the taint effect to match. Empty means match all taint effects.
+                                          When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.
+                                        type: string
+                                      key:
+                                        description: |-
+                                          Key is the taint key that the toleration applies to. Empty means match all taint keys.
+                                          If the key is empty, operator must be Exists; this combination means to match all values and all keys.
+                                        type: string
+                                      operator:
+                                        description: |-
+                                          Operator represents a key's relationship to the value.
+                                          Valid operators are Exists and Equal. Defaults to Equal.
+                                          Exists is equivalent to wildcard for value, so that a pod can
+                                          tolerate all taints of a particular category.
+                                        type: string
+                                      tolerationSeconds:
+                                        description: |-
+                                          TolerationSeconds represents the period of time the toleration (which must be
+                                          of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default,
+                                          it is not set, which means tolerate the taint forever (do not evict). Zero and
+                                          negative values will be treated as 0 (evict immediately) by the system.
+                                        format: int64
+                                        type: integer
+                                      value:
+                                        description: |-
+                                          Value is the taint value the toleration matches to.
+                                          If the operator is Exists, the value should be empty, otherwise just a regular string.
+                                        type: string
+                                    type: object
+                                  type: array
+                                topologySpreadConstraints:
+                                  description: |-
+                                    TopologySpreadConstraints describes how a group of pods ought to spread across topology
+                                    domains.
+                                  items:
+                                    description: TopologySpreadConstraint
+                                      specifies
+                                      how to spread
+                                      matching pods
+                                      among the
+                                      given topology.
+                                    properties:
+                                      labelSelector:
+                                        description: |-
+                                          LabelSelector is used to find matching pods.
+                                          Pods that match this label selector are counted to determine the number of pods
+                                          in their corresponding topology domain.
+                                        properties:
+                                          matchExpressions:
+                                            description: matchExpressions
+                                              is
+                                              a
+                                              list
+                                              of
+                                              label
+                                              selector
+                                              requirements.
+                                              The
+                                              requirements
+                                              are
+                                              ANDed.
+                                            items:
+                                              description: |-
+                                                A label selector requirement is a selector that contains values, a key, and an operator that
+                                                relates the key and values.
+                                              properties:
+                                                key:
+                                                  description: key
+                                                    is
+                                                    the
+                                                    label
+                                                    key
+                                                    that
+                                                    the
+                                                    selector
+                                                    applies
+                                                    to.
+                                                  type: string
+                                                operator:
+                                                  description: |-
+                                                    operator represents a key's relationship to a set of values.
+                                                    Valid operators are In, NotIn, Exists and DoesNotExist.
+                                                  type: string
+                                                values:
+                                                  description: |-
+                                                    values is an array of string values. If the operator is In or NotIn,
+                                                    the values array must be non-empty. If the operator is Exists or DoesNotExist,
+                                                    the values array must be empty. This array is replaced during a strategic
+                                                    merge patch.
+                                                  items:
+                                                    type: string
+                                                  type: array
+                                                  x-kubernetes-list-type: atomic
+                                              required:
+                                                - key
+                                                - operator
+                                              type: object
+                                            type: array
+                                            x-kubernetes-list-type: atomic
+                                          matchLabels:
+                                            additionalProperties:
+                                              type: string
+                                            description: |-
+                                              matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+                                              map is equivalent to an element of matchExpressions, whose key field is "key", the
+                                              operator is "In", and the values array contains only "value". The requirements are ANDed.
+                                            type: object
+                                        type: object
+                                        x-kubernetes-map-type: atomic
+                                      matchLabelKeys:
+                                        description: |-
+                                          MatchLabelKeys is a set of pod label keys to select the pods over which
+                                          spreading will be calculated. The keys are used to lookup values from the
+                                          incoming pod labels, those key-value labels are ANDed with labelSelector
+                                          to select the group of existing pods over which spreading will be calculated
+                                          for the incoming pod. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.
+                                          MatchLabelKeys cannot be set when LabelSelector isn't set.
+                                          Keys that don't exist in the incoming pod labels will
+                                          be ignored. A null or empty list means only match against labelSelector.
+
+
+                                          This is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default).
+                                        items:
+                                          type: string
+                                        type: array
+                                        x-kubernetes-list-type: atomic
+                                      maxSkew:
+                                        description: |-
+                                          MaxSkew describes the degree to which pods may be unevenly distributed.
+                                          When `whenUnsatisfiable=DoNotSchedule`, it is the maximum permitted difference
+                                          between the number of matching pods in the target topology and the global minimum.
+                                          The global minimum is the minimum number of matching pods in an eligible domain
+                                          or zero if the number of eligible domains is less than MinDomains.
+                                          For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same
+                                          labelSelector spread as 2/2/1:
+                                          In this case, the global minimum is 1.
+                                          | zone1 | zone2 | zone3 |
+                                          |  P P  |  P P  |   P   |
+                                          - if MaxSkew is 1, incoming pod can only be scheduled to zone3 to become 2/2/2;
+                                          scheduling it onto zone1(zone2) would make the ActualSkew(3-1) on zone1(zone2)
+                                          violate MaxSkew(1).
+                                          - if MaxSkew is 2, incoming pod can be scheduled onto any zone.
+                                          When `whenUnsatisfiable=ScheduleAnyway`, it is used to give higher precedence
+                                          to topologies that satisfy it.
+                                          It's a required field. Default value is 1 and 0 is not allowed.
+                                        format: int32
+                                        type: integer
+                                      minDomains:
+                                        description: |-
+                                          MinDomains indicates a minimum number of eligible domains.
+                                          When the number of eligible domains with matching topology keys is less than minDomains,
+                                          Pod Topology Spread treats "global minimum" as 0, and then the calculation of Skew is performed.
+                                          And when the number of eligible domains with matching topology keys equals or greater than minDomains,
+                                          this value has no effect on scheduling.
+                                          As a result, when the number of eligible domains is less than minDomains,
+                                          scheduler won't schedule more than maxSkew Pods to those domains.
+                                          If value is nil, the constraint behaves as if MinDomains is equal to 1.
+                                          Valid values are integers greater than 0.
+                                          When value is not nil, WhenUnsatisfiable must be DoNotSchedule.
+
+
+                                          For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same
+                                          labelSelector spread as 2/2/2:
+                                          | zone1 | zone2 | zone3 |
+                                          |  P P  |  P P  |  P P  |
+                                          The number of domains is less than 5(MinDomains), so "global minimum" is treated as 0.
+                                          In this situation, new pod with the same labelSelector cannot be scheduled,
+                                          because computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones,
+                                          it will violate MaxSkew.
+                                        format: int32
+                                        type: integer
+                                      nodeAffinityPolicy:
+                                        description: |-
+                                          NodeAffinityPolicy indicates how we will treat Pod's nodeAffinity/nodeSelector
+                                          when calculating pod topology spread skew. Options are:
+                                          - Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations.
+                                          - Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations.
+
+
+                                          If this value is nil, the behavior is equivalent to the Honor policy.
+                                          This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag.
+                                        type: string
+                                      nodeTaintsPolicy:
+                                        description: |-
+                                          NodeTaintsPolicy indicates how we will treat node taints when calculating
+                                          pod topology spread skew. Options are:
+                                          - Honor: nodes without taints, along with tainted nodes for which the incoming pod
+                                          has a toleration, are included.
+                                          - Ignore: node taints are ignored. All nodes are included.
+
+
+                                          If this value is nil, the behavior is equivalent to the Ignore policy.
+                                          This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag.
+                                        type: string
+                                      topologyKey:
+                                        description: |-
+                                          TopologyKey is the key of node labels. Nodes that have a label with this key
+                                          and identical values are considered to be in the same topology.
+                                          We consider each <key, value> as a "bucket", and try to put balanced number
+                                          of pods into each bucket.
+                                          We define a domain as a particular instance of a topology.
+                                          Also, we define an eligible domain as a domain whose nodes meet the requirements of
+                                          nodeAffinityPolicy and nodeTaintsPolicy.
+                                          e.g. If TopologyKey is "kubernetes.io/hostname", each Node is a domain of that topology.
+                                          And, if TopologyKey is "topology.kubernetes.io/zone", each zone is a domain of that topology.
+                                          It's a required field.
+                                        type: string
+                                      whenUnsatisfiable:
+                                        description: |-
+                                          WhenUnsatisfiable indicates how to deal with a pod if it doesn't satisfy
+                                          the spread constraint.
+                                          - DoNotSchedule (default) tells the scheduler not to schedule it.
+                                          - ScheduleAnyway tells the scheduler to schedule the pod in any location,
+                                            but giving higher precedence to topologies that would help reduce the
+                                            skew.
+                                          A constraint is considered "Unsatisfiable" for an incoming pod
+                                          if and only if every possible node assignment for that pod would violate
+                                          "MaxSkew" on some topology.
+                                          For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same
+                                          labelSelector spread as 3/1/1:
+                                          | zone1 | zone2 | zone3 |
+                                          | P P P |   P   |   P   |
+                                          If WhenUnsatisfiable is set to DoNotSchedule, incoming pod can only be scheduled
+                                          to zone2(zone3) to become 3/2/1(3/1/2) as ActualSkew(2-1) on zone2(zone3) satisfies
+                                          MaxSkew(1). In other words, the cluster can still be imbalanced, but scheduler
+                                          won't make it *more* imbalanced.
+                                          It's a required field.
+                                        type: string
+                                    required:
+                                      - maxSkew
+                                      - topologyKey
+                                      - whenUnsatisfiable
+                                    type: object
+                                  type: array
+                                  x-kubernetes-list-map-keys:
+                                    - topologyKey
+                                    - whenUnsatisfiable
+                                  x-kubernetes-list-type: map
+                                volumes:
+                                  description: List
+                                    of volumes that
+                                    can be mounted
+                                    by containers
+                                    belonging to the
+                                    pod.
+                                  items:
+                                    description: Volume
+                                      represents
+                                      a named volume
+                                      in a pod that
+                                      may be accessed
+                                      by any container
+                                      in the pod.
+                                    properties:
+                                      awsElasticBlockStore:
+                                        description: |-
+                                          awsElasticBlockStore represents an AWS Disk resource that is attached to a
+                                          kubelet's host machine and then exposed to the pod.
+                                          More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
+                                        properties:
+                                          fsType:
+                                            description: |-
+                                              fsType is the filesystem type of the volume that you want to mount.
+                                              Tip: Ensure that the filesystem type is supported by the host operating system.
+                                              Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
+                                              More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
+                                              TODO: how do we prevent errors in the filesystem from compromising the machine
+                                            type: string
+                                          partition:
+                                            description: |-
+                                              partition is the partition in the volume that you want to mount.
+                                              If omitted, the default is to mount by volume name.
+                                              Examples: For volume /dev/sda1, you specify the partition as "1".
+                                              Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty).
+                                            format: int32
+                                            type: integer
+                                          readOnly:
+                                            description: |-
+                                              readOnly value true will force the readOnly setting in VolumeMounts.
+                                              More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
+                                            type: boolean
+                                          volumeID:
+                                            description: |-
+                                              volumeID is unique ID of the persistent disk resource in AWS (Amazon EBS volume).
+                                              More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore
+                                            type: string
+                                        required:
+                                          - volumeID
+                                        type: object
+                                      azureDisk:
+                                        description: azureDisk
+                                          represents
+                                          an
+                                          Azure
+                                          Data
+                                          Disk
+                                          mount
+                                          on
+                                          the
+                                          host
+                                          and
+                                          bind
+                                          mount
+                                          to
+                                          the
+                                          pod.
+                                        properties:
+                                          cachingMode:
+                                            description: "cachingMode
+                                              is
+                                              the
+                                              Host
+                                              Caching
+                                              mode:
+                                              None,
+                                              Read
+                                              Only,
+                                              Read
+                                              Write."
+                                            type: string
+                                          diskName:
+                                            description: diskName
+                                              is
+                                              the
+                                              Name
+                                              of
+                                              the
+                                              data
+                                              disk
+                                              in
+                                              the
+                                              blob
+                                              storage
+                                            type: string
+                                          diskURI:
+                                            description: diskURI
+                                              is
+                                              the
+                                              URI
+                                              of
+                                              data
+                                              disk
+                                              in
+                                              the
+                                              blob
+                                              storage
+                                            type: string
+                                          fsType:
+                                            description: |-
+                                              fsType is Filesystem type to mount.
+                                              Must be a filesystem type supported by the host operating system.
+                                              Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
+                                            type: string
+                                          kind:
+                                            description: "kind
+                                              expected
+                                              values
+                                              are
+                                              Shared:
+                                              multiple
+                                              blob
+                                              disks
+                                              per
+                                              storage
+                                              account  Dedicated:
+                                              single
+                                              blob
+                                              disk
+                                              per
+                                              storage
+                                              account  Managed:
+                                              azure
+                                              managed
+                                              data
+                                              disk
+                                              (only
+                                              in
+                                              managed
+                                              availability
+                                              set).
+                                              defaults
+                                              to
+                                              shared"
+                                            type: string
+                                          readOnly:
+                                            description: |-
+                                              readOnly Defaults to false (read/write). ReadOnly here will force
+                                              the ReadOnly setting in VolumeMounts.
+                                            type: boolean
+                                        required:
+                                          - diskName
+                                          - diskURI
+                                        type: object
+                                      azureFile:
+                                        description: azureFile
+                                          represents
+                                          an
+                                          Azure
+                                          File
+                                          Service
+                                          mount
+                                          on
+                                          the
+                                          host
+                                          and
+                                          bind
+                                          mount
+                                          to
+                                          the
+                                          pod.
+                                        properties:
+                                          readOnly:
+                                            description: |-
+                                              readOnly defaults to false (read/write). ReadOnly here will force
+                                              the ReadOnly setting in VolumeMounts.
+                                            type: boolean
+                                          secretName:
+                                            description: secretName
+                                              is
+                                              the  name
+                                              of
+                                              secret
+                                              that
+                                              contains
+                                              Azure
+                                              Storage
+                                              Account
+                                              Name
+                                              and
+                                              Key
+                                            type: string
+                                          shareName:
+                                            description: shareName
+                                              is
+                                              the
+                                              azure
+                                              share
+                                              Name
+                                            type: string
+                                        required:
+                                          - secretName
+                                          - shareName
+                                        type: object
+                                      cephfs:
+                                        description: cephFS
+                                          represents
+                                          a
+                                          Ceph
+                                          FS
+                                          mount
+                                          on
+                                          the
+                                          host
+                                          that
+                                          shares
+                                          a
+                                          pod's
+                                          lifetime
+                                        properties:
+                                          monitors:
+                                            description: |-
+                                              monitors is Required: Monitors is a collection of Ceph monitors
+                                              More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
+                                            items:
+                                              type: string
+                                            type: array
+                                            x-kubernetes-list-type: atomic
+                                          path:
+                                            description: "path
+                                              is
+                                              Optional:
+                                              Used
+                                              as
+                                              the
+                                              mounted
+                                              root,
+                                              rather
+                                              than
+                                              the
+                                              full
+                                              Ceph
+                                              tree,
+                                              default
+                                              is
+                                              /"
+                                            type: string
+                                          readOnly:
+                                            description: |-
+                                              readOnly is Optional: Defaults to false (read/write). ReadOnly here will force
+                                              the ReadOnly setting in VolumeMounts.
+                                              More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
+                                            type: boolean
+                                          secretFile:
+                                            description: |-
+                                              secretFile is Optional: SecretFile is the path to key ring for User, default is /etc/ceph/user.secret
+                                              More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
+                                            type: string
+                                          secretRef:
+                                            description: |-
+                                              secretRef is Optional: SecretRef is reference to the authentication secret for User, default is empty.
+                                              More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
+                                            properties:
+                                              name:
+                                                default: ""
+                                                description: |-
+                                                  Name of the referent.
+                                                  This field is effectively required, but due to backwards compatibility is
+                                                  allowed to be empty. Instances of this type with an empty value here are
+                                                  almost certainly wrong.
+                                                  TODO: Add other useful fields. apiVersion, kind, uid?
+                                                  More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+                                                  TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
+                                                type: string
+                                            type: object
+                                            x-kubernetes-map-type: atomic
+                                          user:
+                                            description: |-
+                                              user is optional: User is the rados user name, default is admin
+                                              More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it
+                                            type: string
+                                        required:
+                                          - monitors
+                                        type: object
+                                      cinder:
+                                        description: |-
+                                          cinder represents a cinder volume attached and mounted on kubelets host machine.
+                                          More info: https://examples.k8s.io/mysql-cinder-pd/README.md
+                                        properties:
+                                          fsType:
+                                            description: |-
+                                              fsType is the filesystem type to mount.
+                                              Must be a filesystem type supported by the host operating system.
+                                              Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
+                                              More info: https://examples.k8s.io/mysql-cinder-pd/README.md
+                                            type: string
+                                          readOnly:
+                                            description: |-
+                                              readOnly defaults to false (read/write). ReadOnly here will force
+                                              the ReadOnly setting in VolumeMounts.
+                                              More info: https://examples.k8s.io/mysql-cinder-pd/README.md
+                                            type: boolean
+                                          secretRef:
+                                            description: |-
+                                              secretRef is optional: points to a secret object containing parameters used to connect
+                                              to OpenStack.
+                                            properties:
+                                              name:
+                                                default: ""
+                                                description: |-
+                                                  Name of the referent.
+                                                  This field is effectively required, but due to backwards compatibility is
+                                                  allowed to be empty. Instances of this type with an empty value here are
+                                                  almost certainly wrong.
+                                                  TODO: Add other useful fields. apiVersion, kind, uid?
+                                                  More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+                                                  TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
+                                                type: string
+                                            type: object
+                                            x-kubernetes-map-type: atomic
+                                          volumeID:
+                                            description: |-
+                                              volumeID used to identify the volume in cinder.
+                                              More info: https://examples.k8s.io/mysql-cinder-pd/README.md
+                                            type: string
+                                        required:
+                                          - volumeID
+                                        type: object
+                                      configMap:
+                                        description: configMap
+                                          represents
+                                          a
+                                          configMap
+                                          that
+                                          should
+                                          populate
+                                          this
+                                          volume
+                                        properties:
+                                          defaultMode:
+                                            description: |-
+                                              defaultMode is optional: mode bits used to set permissions on created files by default.
+                                              Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.
+                                              YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.
+                                              Defaults to 0644.
+                                              Directories within the path are not affected by this setting.
+                                              This might be in conflict with other options that affect the file
+                                              mode, like fsGroup, and the result can be other mode bits set.
+                                            format: int32
+                                            type: integer
+                                          items:
+                                            description: |-
+                                              items if unspecified, each key-value pair in the Data field of the referenced
+                                              ConfigMap will be projected into the volume as a file whose name is the
+                                              key and content is the value. If specified, the listed keys will be
+                                              projected into the specified paths, and unlisted keys will not be
+                                              present. If a key is specified which is not present in the ConfigMap,
+                                              the volume setup will error unless it is marked optional. Paths must be
+                                              relative and may not contain the '..' path or start with '..'.
+                                            items:
+                                              description: Maps
+                                                a
+                                                string
+                                                key
+                                                to
+                                                a
+                                                path
+                                                within
+                                                a
+                                                volume.
+                                              properties:
+                                                key:
+                                                  description: key
+                                                    is
+                                                    the
+                                                    key
+                                                    to
+                                                    project.
+                                                  type: string
+                                                mode:
+                                                  description: |-
+                                                    mode is Optional: mode bits used to set permissions on this file.
+                                                    Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.
+                                                    YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.
+                                                    If not specified, the volume defaultMode will be used.
+                                                    This might be in conflict with other options that affect the file
+                                                    mode, like fsGroup, and the result can be other mode bits set.
+                                                  format: int32
+                                                  type: integer
+                                                path:
+                                                  description: |-
+                                                    path is the relative path of the file to map the key to.
+                                                    May not be an absolute path.
+                                                    May not contain the path element '..'.
+                                                    May not start with the string '..'.
+                                                  type: string
+                                              required:
+                                                - key
+                                                - path
+                                              type: object
+                                            type: array
+                                            x-kubernetes-list-type: atomic
+                                          name:
+                                            default: ""
+                                            description: |-
+                                              Name of the referent.
+                                              This field is effectively required, but due to backwards compatibility is
+                                              allowed to be empty. Instances of this type with an empty value here are
+                                              almost certainly wrong.
+                                              TODO: Add other useful fields. apiVersion, kind, uid?
+                                              More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+                                              TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
+                                            type: string
+                                          optional:
+                                            description: optional
+                                              specify
+                                              whether
+                                              the
+                                              ConfigMap
+                                              or
+                                              its
+                                              keys
+                                              must
+                                              be
+                                              defined
+                                            type: boolean
+                                        type: object
+                                        x-kubernetes-map-type: atomic
+                                      csi:
+                                        description: csi
+                                          (Container
+                                          Storage
+                                          Interface)
+                                          represents
+                                          ephemeral
+                                          storage
+                                          that
+                                          is
+                                          handled
+                                          by
+                                          certain
+                                          external
+                                          CSI
+                                          drivers
+                                          (Beta
+                                          feature).
+                                        properties:
+                                          driver:
+                                            description: |-
+                                              driver is the name of the CSI driver that handles this volume.
+                                              Consult with your admin for the correct name as registered in the cluster.
+                                            type: string
+                                          fsType:
+                                            description: |-
+                                              fsType to mount. Ex. "ext4", "xfs", "ntfs".
+                                              If not provided, the empty value is passed to the associated CSI driver
+                                              which will determine the default filesystem to apply.
+                                            type: string
+                                          nodePublishSecretRef:
+                                            description: |-
+                                              nodePublishSecretRef is a reference to the secret object containing
+                                              sensitive information to pass to the CSI driver to complete the CSI
+                                              NodePublishVolume and NodeUnpublishVolume calls.
+                                              This field is optional, and  may be empty if no secret is required. If the
+                                              secret object contains more than one secret, all secret references are passed.
+                                            properties:
+                                              name:
+                                                default: ""
+                                                description: |-
+                                                  Name of the referent.
+                                                  This field is effectively required, but due to backwards compatibility is
+                                                  allowed to be empty. Instances of this type with an empty value here are
+                                                  almost certainly wrong.
+                                                  TODO: Add other useful fields. apiVersion, kind, uid?
+                                                  More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+                                                  TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
+                                                type: string
+                                            type: object
+                                            x-kubernetes-map-type: atomic
+                                          readOnly:
+                                            description: |-
+                                              readOnly specifies a read-only configuration for the volume.
+                                              Defaults to false (read/write).
+                                            type: boolean
+                                          volumeAttributes:
+                                            additionalProperties:
+                                              type: string
+                                            description: |-
+                                              volumeAttributes stores driver-specific properties that are passed to the CSI
+                                              driver. Consult your driver's documentation for supported values.
+                                            type: object
+                                        required:
+                                          - driver
+                                        type: object
+                                      downwardAPI:
+                                        description: downwardAPI
+                                          represents
+                                          downward
+                                          API
+                                          about
+                                          the
+                                          pod
+                                          that
+                                          should
+                                          populate
+                                          this
+                                          volume
+                                        properties:
+                                          defaultMode:
+                                            description: |-
+                                              Optional: mode bits to use on created files by default. Must be a
+                                              Optional: mode bits used to set permissions on created files by default.
+                                              Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.
+                                              YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.
+                                              Defaults to 0644.
+                                              Directories within the path are not affected by this setting.
+                                              This might be in conflict with other options that affect the file
+                                              mode, like fsGroup, and the result can be other mode bits set.
+                                            format: int32
+                                            type: integer
+                                          items:
+                                            description: Items
+                                              is
+                                              a
+                                              list
+                                              of
+                                              downward
+                                              API
+                                              volume
+                                              file
+                                            items:
+                                              description: DownwardAPIVolumeFile
+                                                represents
+                                                information
+                                                to
+                                                create
+                                                the
+                                                file
+                                                containing
+                                                the
+                                                pod
+                                                field
+                                              properties:
+                                                fieldRef:
+                                                  description: "Required:
+                                                    Selects
+                                                    a
+                                                    field
+                                                    of
+                                                    the
+                                                    pod:
+                                                    only
+                                                    annotations,
+                                                    labels,
+                                                    name,
+                                                    namespace
+                                                    and
+                                                    uid
+                                                    are
+                                                    supported."
+                                                  properties:
+                                                    apiVersion:
+                                                      description: Version
+                                                        of
+                                                        the
+                                                        schema
+                                                        the
+                                                        FieldPath
+                                                        is
+                                                        written
+                                                        in
+                                                        terms
+                                                        of,
+                                                        defaults
+                                                        to
+                                                        "v1".
+                                                      type: string
+                                                    fieldPath:
+                                                      description: Path
+                                                        of
+                                                        the
+                                                        field
+                                                        to
+                                                        select
+                                                        in
+                                                        the
+                                                        specified
+                                                        API
+                                                        version.
+                                                      type: string
+                                                  required:
+                                                    - fieldPath
+                                                  type: object
+                                                  x-kubernetes-map-type: atomic
+                                                mode:
+                                                  description: |-
+                                                    Optional: mode bits used to set permissions on this file, must be an octal value
+                                                    between 0000 and 0777 or a decimal value between 0 and 511.
+                                                    YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.
+                                                    If not specified, the volume defaultMode will be used.
+                                                    This might be in conflict with other options that affect the file
+                                                    mode, like fsGroup, and the result can be other mode bits set.
+                                                  format: int32
+                                                  type: integer
+                                                path:
+                                                  description: "Required:
+                                                    Path
+                                                    is  the
+                                                    relative
+                                                    path
+                                                    name
+                                                    of
+                                                    the
+                                                    file
+                                                    to
+                                                    be
+                                                    created.
+                                                    Must
+                                                    not
+                                                    be
+                                                    absolute
+                                                    or
+                                                    contain
+                                                    the
+                                                    '..'
+                                                    path.
+                                                    Must
+                                                    be
+                                                    utf-8
+                                                    encoded.
+                                                    The
+                                                    first
+                                                    item
+                                                    of
+                                                    the
+                                                    relative
+                                                    path
+                                                    must
+                                                    not
+                                                    start
+                                                    with
+                                                    '..'"
+                                                  type: string
+                                                resourceFieldRef:
+                                                  description: |-
+                                                    Selects a resource of the container: only resources limits and requests
+                                                    (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported.
+                                                  properties:
+                                                    containerName:
+                                                      description: "Container
+                                                        name:
+                                                        required
+                                                        for
+                                                        volumes,
+                                                        optional
+                                                        for
+                                                        env
+                                                        vars"
+                                                      type: string
+                                                    divisor:
+                                                      anyOf:
+                                                        - type: integer
+                                                        - type: string
+                                                      description: Specifies
+                                                        the
+                                                        output
+                                                        format
+                                                        of
+                                                        the
+                                                        exposed
+                                                        resources,
+                                                        defaults
+                                                        to
+                                                        "1"
+                                                      pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                                      x-kubernetes-int-or-string: true
+                                                    resource:
+                                                      description: "Required:
+                                                        resource
+                                                        to
+                                                        select"
+                                                      type: string
+                                                  required:
+                                                    - resource
+                                                  type: object
+                                                  x-kubernetes-map-type: atomic
+                                              required:
+                                                - path
+                                              type: object
+                                            type: array
+                                            x-kubernetes-list-type: atomic
+                                        type: object
+                                      emptyDir:
+                                        description: |-
+                                          emptyDir represents a temporary directory that shares a pod's lifetime.
+                                          More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir
+                                        properties:
+                                          medium:
+                                            description: |-
+                                              medium represents what type of storage medium should back this directory.
+                                              The default is "" which means to use the node's default medium.
+                                              Must be an empty string (default) or Memory.
+                                              More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir
+                                            type: string
+                                          sizeLimit:
+                                            anyOf:
+                                              - type: integer
+                                              - type: string
+                                            description: |-
+                                              sizeLimit is the total amount of local storage required for this EmptyDir volume.
+                                              The size limit is also applicable for memory medium.
+                                              The maximum usage on memory medium EmptyDir would be the minimum value between
+                                              the SizeLimit specified here and the sum of memory limits of all containers in a pod.
+                                              The default is nil which means that the limit is undefined.
+                                              More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir
+                                            pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                            x-kubernetes-int-or-string: true
+                                        type: object
+                                      ephemeral:
+                                        description: |-
+                                          ephemeral represents a volume that is handled by a cluster storage driver.
+                                          The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts,
+                                          and deleted when the pod is removed.
+
+
+                                          Use this if:
+                                          a) the volume is only needed while the pod runs,
+                                          b) features of normal volumes like restoring from snapshot or capacity
+                                             tracking are needed,
+                                          c) the storage driver is specified through a storage class, and
+                                          d) the storage driver supports dynamic volume provisioning through
+                                             a PersistentVolumeClaim (see EphemeralVolumeSource for more
+                                             information on the connection between this volume type
+                                             and PersistentVolumeClaim).
+
+
+                                          Use PersistentVolumeClaim or one of the vendor-specific
+                                          APIs for volumes that persist for longer than the lifecycle
+                                          of an individual pod.
+
+
+                                          Use CSI for light-weight local ephemeral volumes if the CSI driver is meant to
+                                          be used that way - see the documentation of the driver for
+                                          more information.
+
+
+                                          A pod can use both types of ephemeral volumes and
+                                          persistent volumes at the same time.
+                                        properties:
+                                          volumeClaimTemplate:
+                                            description: |-
+                                              Will be used to create a stand-alone PVC to provision the volume.
+                                              The pod in which this EphemeralVolumeSource is embedded will be the
+                                              owner of the PVC, i.e. the PVC will be deleted together with the
+                                              pod.  The name of the PVC will be `<pod name>-<volume name>` where
+                                              `<volume name>` is the name from the `PodSpec.Volumes` array
+                                              entry. Pod validation will reject the pod if the concatenated name
+                                              is not valid for a PVC (for example, too long).
+
+
+                                              An existing PVC with that name that is not owned by the pod
+                                              will *not* be used for the pod to avoid using an unrelated
+                                              volume by mistake. Starting the pod is then blocked until
+                                              the unrelated PVC is removed. If such a pre-created PVC is
+                                              meant to be used by the pod, the PVC has to updated with an
+                                              owner reference to the pod once the pod exists. Normally
+                                              this should not be necessary, but it may be useful when
+                                              manually reconstructing a broken cluster.
+
+
+                                              This field is read-only and no changes will be made by Kubernetes
+                                              to the PVC after it has been created.
+
+
+                                              Required, must not be nil.
+                                            properties:
+                                              metadata:
+                                                description: |-
+                                                  May contain labels and annotations that will be copied into the PVC
+                                                  when creating it. No other fields are allowed and will be rejected during
+                                                  validation.
+                                                type: object
+                                              spec:
+                                                description: |-
+                                                  The specification for the PersistentVolumeClaim. The entire content is
+                                                  copied unchanged into the PVC that gets created from this
+                                                  template. The same fields as in a PersistentVolumeClaim
+                                                  are also valid here.
+                                                properties:
+                                                  accessModes:
+                                                    description: |-
+                                                      accessModes contains the desired access modes the volume should have.
+                                                      More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1
+                                                    items:
+                                                      type: string
+                                                    type: array
+                                                    x-kubernetes-list-type: atomic
+                                                  dataSource:
+                                                    description: |-
+                                                      dataSource field can be used to specify either:
+                                                      * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot)
+                                                      * An existing PVC (PersistentVolumeClaim)
+                                                      If the provisioner or an external controller can support the specified data source,
+                                                      it will create a new volume based on the contents of the specified data source.
+                                                      When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef,
+                                                      and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified.
+                                                      If the namespace is specified, then dataSourceRef will not be copied to dataSource.
+                                                    properties:
+                                                      apiGroup:
+                                                        description: |-
+                                                          APIGroup is the group for the resource being referenced.
+                                                          If APIGroup is not specified, the specified Kind must be in the core API group.
+                                                          For any other third-party types, APIGroup is required.
+                                                        type: string
+                                                      kind:
+                                                        description: Kind
+                                                          is
+                                                          the
+                                                          type
+                                                          of
+                                                          resource
+                                                          being
+                                                          referenced
+                                                        type: string
+                                                      name:
+                                                        description: Name
+                                                          is
+                                                          the
+                                                          name
+                                                          of
+                                                          resource
+                                                          being
+                                                          referenced
+                                                        type: string
+                                                    required:
+                                                      - kind
+                                                      - name
+                                                    type: object
+                                                    x-kubernetes-map-type: atomic
+                                                  dataSourceRef:
+                                                    description: |-
+                                                      dataSourceRef specifies the object from which to populate the volume with data, if a non-empty
+                                                      volume is desired. This may be any object from a non-empty API group (non
+                                                      core object) or a PersistentVolumeClaim object.
+                                                      When this field is specified, volume binding will only succeed if the type of
+                                                      the specified object matches some installed volume populator or dynamic
+                                                      provisioner.
+                                                      This field will replace the functionality of the dataSource field and as such
+                                                      if both fields are non-empty, they must have the same value. For backwards
+                                                      compatibility, when namespace isn't specified in dataSourceRef,
+                                                      both fields (dataSource and dataSourceRef) will be set to the same
+                                                      value automatically if one of them is empty and the other is non-empty.
+                                                      When namespace is specified in dataSourceRef,
+                                                      dataSource isn't set to the same value and must be empty.
+                                                      There are three important differences between dataSource and dataSourceRef:
+                                                      * While dataSource only allows two specific types of objects, dataSourceRef
+                                                        allows any non-core object, as well as PersistentVolumeClaim objects.
+                                                      * While dataSource ignores disallowed values (dropping them), dataSourceRef
+                                                        preserves all values, and generates an error if a disallowed value is
+                                                        specified.
+                                                      * While dataSource only allows local objects, dataSourceRef allows objects
+                                                        in any namespaces.
+                                                      (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled.
+                                                      (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled.
+                                                    properties:
+                                                      apiGroup:
+                                                        description: |-
+                                                          APIGroup is the group for the resource being referenced.
+                                                          If APIGroup is not specified, the specified Kind must be in the core API group.
+                                                          For any other third-party types, APIGroup is required.
+                                                        type: string
+                                                      kind:
+                                                        description: Kind
+                                                          is
+                                                          the
+                                                          type
+                                                          of
+                                                          resource
+                                                          being
+                                                          referenced
+                                                        type: string
+                                                      name:
+                                                        description: Name
+                                                          is
+                                                          the
+                                                          name
+                                                          of
+                                                          resource
+                                                          being
+                                                          referenced
+                                                        type: string
+                                                      namespace:
+                                                        description: |-
+                                                          Namespace is the namespace of resource being referenced
+                                                          Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details.
+                                                          (Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled.
+                                                        type: string
+                                                    required:
+                                                      - kind
+                                                      - name
+                                                    type: object
+                                                  resources:
+                                                    description: |-
+                                                      resources represents the minimum resources the volume should have.
+                                                      If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements
+                                                      that are lower than previous value but must still be higher than capacity recorded in the
+                                                      status field of the claim.
+                                                      More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources
+                                                    properties:
+                                                      limits:
+                                                        additionalProperties:
+                                                          anyOf:
+                                                            - type: integer
+                                                            - type: string
+                                                          pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                                          x-kubernetes-int-or-string: true
+                                                        description: |-
+                                                          Limits describes the maximum amount of compute resources allowed.
+                                                          More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+                                                        type: object
+                                                      requests:
+                                                        additionalProperties:
+                                                          anyOf:
+                                                            - type: integer
+                                                            - type: string
+                                                          pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                                          x-kubernetes-int-or-string: true
+                                                        description: |-
+                                                          Requests describes the minimum amount of compute resources required.
+                                                          If Requests is omitted for a container, it defaults to Limits if that is explicitly specified,
+                                                          otherwise to an implementation-defined value. Requests cannot exceed Limits.
+                                                          More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+                                                        type: object
+                                                    type: object
+                                                  selector:
+                                                    description: selector
+                                                      is
+                                                      a
+                                                      label
+                                                      query
+                                                      over
+                                                      volumes
+                                                      to
+                                                      consider
+                                                      for
+                                                      binding.
+                                                    properties:
+                                                      matchExpressions:
+                                                        description:
+                                                          matchExpressions
+                                                          is
+                                                          a
+                                                          list
+                                                          of
+                                                          label
+                                                          selector
+                                                          requirements.
+                                                          The
+                                                          requirements
+                                                          are
+                                                          ANDed.
+                                                        items:
+                                                          description: |-
+                                                            A label selector requirement is a selector that contains values, a key, and an operator that
+                                                            relates the key and values.
+                                                          properties:
+                                                            key:
+                                                              description: key
+                                                                is
+                                                                the
+                                                                label
+                                                                key
+                                                                that
+                                                                the
+                                                                selector
+                                                                applies
+                                                                to.
+                                                              type: string
+                                                            operator:
+                                                              description: |-
+                                                                operator represents a key's relationship to a set of values.
+                                                                Valid operators are In, NotIn, Exists and DoesNotExist.
+                                                              type: string
+                                                            values:
+                                                              description: |-
+                                                                values is an array of string values. If the operator is In or NotIn,
+                                                                the values array must be non-empty. If the operator is Exists or DoesNotExist,
+                                                                the values array must be empty. This array is replaced during a strategic
+                                                                merge patch.
+                                                              items:
+                                                                type: string
+                                                              type: array
+                                                              x-kubernetes-list-type: atomic
+                                                          required:
+                                                            - key
+                                                            - operator
+                                                          type: object
+                                                        type: array
+                                                        x-kubernetes-list-type: atomic
+                                                      matchLabels:
+                                                        additionalProperties:
+                                                          type: string
+                                                        description: |-
+                                                          matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+                                                          map is equivalent to an element of matchExpressions, whose key field is "key", the
+                                                          operator is "In", and the values array contains only "value". The requirements are ANDed.
+                                                        type: object
+                                                    type: object
+                                                    x-kubernetes-map-type: atomic
+                                                  storageClassName:
+                                                    description: |-
+                                                      storageClassName is the name of the StorageClass required by the claim.
+                                                      More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1
+                                                    type: string
+                                                  volumeAttributesClassName:
+                                                    description: |-
+                                                      volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.
+                                                      If specified, the CSI driver will create or update the volume with the attributes defined
+                                                      in the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,
+                                                      it can be changed after the claim is created. An empty string value means that no VolumeAttributesClass
+                                                      will be applied to the claim but it's not allowed to reset this field to empty string once it is set.
+                                                      If unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClass
+                                                      will be set by the persistentvolume controller if it exists.
+                                                      If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will be
+                                                      set to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resource
+                                                      exists.
+                                                      More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/
+                                                      (Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled.
+                                                    type: string
+                                                  volumeMode:
+                                                    description: |-
+                                                      volumeMode defines what type of volume is required by the claim.
+                                                      Value of Filesystem is implied when not included in claim spec.
+                                                    type: string
+                                                  volumeName:
+                                                    description: volumeName
+                                                      is
+                                                      the
+                                                      binding
+                                                      reference
+                                                      to
+                                                      the
+                                                      PersistentVolume
+                                                      backing
+                                                      this
+                                                      claim.
+                                                    type: string
+                                                type: object
+                                            required:
+                                              - spec
+                                            type: object
+                                        type: object
+                                      fc:
+                                        description: fc
+                                          represents
+                                          a
+                                          Fibre
+                                          Channel
+                                          resource
+                                          that
+                                          is
+                                          attached
+                                          to
+                                          a
+                                          kubelet's
+                                          host
+                                          machine
+                                          and
+                                          then
+                                          exposed
+                                          to
+                                          the
+                                          pod.
+                                        properties:
+                                          fsType:
+                                            description: |-
+                                              fsType is the filesystem type to mount.
+                                              Must be a filesystem type supported by the host operating system.
+                                              Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
+                                              TODO: how do we prevent errors in the filesystem from compromising the machine
+                                            type: string
+                                          lun:
+                                            description: "lun
+                                              is
+                                              Optional:
+                                              FC
+                                              target
+                                              lun
+                                              number"
+                                            format: int32
+                                            type: integer
+                                          readOnly:
+                                            description: |-
+                                              readOnly is Optional: Defaults to false (read/write). ReadOnly here will force
+                                              the ReadOnly setting in VolumeMounts.
+                                            type: boolean
+                                          targetWWNs:
+                                            description: "targetWWNs
+                                              is
+                                              Optional:
+                                              FC
+                                              target
+                                              worldwide
+                                              names
+                                              (WWNs)"
+                                            items:
+                                              type: string
+                                            type: array
+                                            x-kubernetes-list-type: atomic
+                                          wwids:
+                                            description: |-
+                                              wwids Optional: FC volume world wide identifiers (wwids)
+                                              Either wwids or combination of targetWWNs and lun must be set, but not both simultaneously.
+                                            items:
+                                              type: string
+                                            type: array
+                                            x-kubernetes-list-type: atomic
+                                        type: object
+                                      flexVolume:
+                                        description: |-
+                                          flexVolume represents a generic volume resource that is
+                                          provisioned/attached using an exec based plugin.
+                                        properties:
+                                          driver:
+                                            description: driver
+                                              is
+                                              the
+                                              name
+                                              of
+                                              the
+                                              driver
+                                              to
+                                              use
+                                              for
+                                              this
+                                              volume.
+                                            type: string
+                                          fsType:
+                                            description: |-
+                                              fsType is the filesystem type to mount.
+                                              Must be a filesystem type supported by the host operating system.
+                                              Ex. "ext4", "xfs", "ntfs". The default filesystem depends on FlexVolume script.
+                                            type: string
+                                          options:
+                                            additionalProperties:
+                                              type: string
+                                            description: "options
+                                              is
+                                              Optional:
+                                              this
+                                              field
+                                              holds
+                                              extra
+                                              command
+                                              options
+                                              if
+                                              any."
+                                            type: object
+                                          readOnly:
+                                            description: |-
+                                              readOnly is Optional: defaults to false (read/write). ReadOnly here will force
+                                              the ReadOnly setting in VolumeMounts.
+                                            type: boolean
+                                          secretRef:
+                                            description: |-
+                                              secretRef is Optional: secretRef is reference to the secret object containing
+                                              sensitive information to pass to the plugin scripts. This may be
+                                              empty if no secret object is specified. If the secret object
+                                              contains more than one secret, all secrets are passed to the plugin
+                                              scripts.
+                                            properties:
+                                              name:
+                                                default: ""
+                                                description: |-
+                                                  Name of the referent.
+                                                  This field is effectively required, but due to backwards compatibility is
+                                                  allowed to be empty. Instances of this type with an empty value here are
+                                                  almost certainly wrong.
+                                                  TODO: Add other useful fields. apiVersion, kind, uid?
+                                                  More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+                                                  TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
+                                                type: string
+                                            type: object
+                                            x-kubernetes-map-type: atomic
+                                        required:
+                                          - driver
+                                        type: object
+                                      flocker:
+                                        description: flocker
+                                          represents
+                                          a
+                                          Flocker
+                                          volume
+                                          attached
+                                          to
+                                          a
+                                          kubelet's
+                                          host
+                                          machine.
+                                          This
+                                          depends
+                                          on
+                                          the
+                                          Flocker
+                                          control
+                                          service
+                                          being
+                                          running
+                                        properties:
+                                          datasetName:
+                                            description: |-
+                                              datasetName is Name of the dataset stored as metadata -> name on the dataset for Flocker
+                                              should be considered as deprecated
+                                            type: string
+                                          datasetUUID:
+                                            description: datasetUUID
+                                              is
+                                              the
+                                              UUID
+                                              of
+                                              the
+                                              dataset.
+                                              This
+                                              is
+                                              unique
+                                              identifier
+                                              of
+                                              a
+                                              Flocker
+                                              dataset
+                                            type: string
+                                        type: object
+                                      gcePersistentDisk:
+                                        description: |-
+                                          gcePersistentDisk represents a GCE Disk resource that is attached to a
+                                          kubelet's host machine and then exposed to the pod.
+                                          More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
+                                        properties:
+                                          fsType:
+                                            description: |-
+                                              fsType is filesystem type of the volume that you want to mount.
+                                              Tip: Ensure that the filesystem type is supported by the host operating system.
+                                              Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
+                                              More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
+                                              TODO: how do we prevent errors in the filesystem from compromising the machine
+                                            type: string
+                                          partition:
+                                            description: |-
+                                              partition is the partition in the volume that you want to mount.
+                                              If omitted, the default is to mount by volume name.
+                                              Examples: For volume /dev/sda1, you specify the partition as "1".
+                                              Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty).
+                                              More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
+                                            format: int32
+                                            type: integer
+                                          pdName:
+                                            description: |-
+                                              pdName is unique name of the PD resource in GCE. Used to identify the disk in GCE.
+                                              More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
+                                            type: string
+                                          readOnly:
+                                            description: |-
+                                              readOnly here will force the ReadOnly setting in VolumeMounts.
+                                              Defaults to false.
+                                              More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk
+                                            type: boolean
+                                        required:
+                                          - pdName
+                                        type: object
+                                      gitRepo:
+                                        description: |-
+                                          gitRepo represents a git repository at a particular revision.
+                                          DEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an
+                                          EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir
+                                          into the Pod's container.
+                                        properties:
+                                          directory:
+                                            description: |-
+                                              directory is the target directory name.
+                                              Must not contain or start with '..'.  If '.' is supplied, the volume directory will be the
+                                              git repository.  Otherwise, if specified, the volume will contain the git repository in
+                                              the subdirectory with the given name.
+                                            type: string
+                                          repository:
+                                            description: repository
+                                              is
+                                              the
+                                              URL
+                                            type: string
+                                          revision:
+                                            description: revision
+                                              is
+                                              the
+                                              commit
+                                              hash
+                                              for
+                                              the
+                                              specified
+                                              revision.
+                                            type: string
+                                        required:
+                                          - repository
+                                        type: object
+                                      glusterfs:
+                                        description: |-
+                                          glusterfs represents a Glusterfs mount on the host that shares a pod's lifetime.
+                                          More info: https://examples.k8s.io/volumes/glusterfs/README.md
+                                        properties:
+                                          endpoints:
+                                            description: |-
+                                              endpoints is the endpoint name that details Glusterfs topology.
+                                              More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod
+                                            type: string
+                                          path:
+                                            description: |-
+                                              path is the Glusterfs volume path.
+                                              More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod
+                                            type: string
+                                          readOnly:
+                                            description: |-
+                                              readOnly here will force the Glusterfs volume to be mounted with read-only permissions.
+                                              Defaults to false.
+                                              More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod
+                                            type: boolean
+                                        required:
+                                          - endpoints
+                                          - path
+                                        type: object
+                                      hostPath:
+                                        description: |-
+                                          hostPath represents a pre-existing file or directory on the host
+                                          machine that is directly exposed to the container. This is generally
+                                          used for system agents or other privileged things that are allowed
+                                          to see the host machine. Most containers will NOT need this.
+                                          More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath
+                                          ---
+                                          TODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not
+                                          mount host directories as read/write.
+                                        properties:
+                                          path:
+                                            description: |-
+                                              path of the directory on the host.
+                                              If the path is a symlink, it will follow the link to the real path.
+                                              More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath
+                                            type: string
+                                          type:
+                                            description: |-
+                                              type for HostPath Volume
+                                              Defaults to ""
+                                              More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath
+                                            type: string
+                                        required:
+                                          - path
+                                        type: object
+                                      iscsi:
+                                        description: |-
+                                          iscsi represents an ISCSI Disk resource that is attached to a
+                                          kubelet's host machine and then exposed to the pod.
+                                          More info: https://examples.k8s.io/volumes/iscsi/README.md
+                                        properties:
+                                          chapAuthDiscovery:
+                                            description: chapAuthDiscovery
+                                              defines
+                                              whether
+                                              support
+                                              iSCSI
+                                              Discovery
+                                              CHAP
+                                              authentication
+                                            type: boolean
+                                          chapAuthSession:
+                                            description: chapAuthSession
+                                              defines
+                                              whether
+                                              support
+                                              iSCSI
+                                              Session
+                                              CHAP
+                                              authentication
+                                            type: boolean
+                                          fsType:
+                                            description: |-
+                                              fsType is the filesystem type of the volume that you want to mount.
+                                              Tip: Ensure that the filesystem type is supported by the host operating system.
+                                              Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
+                                              More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi
+                                              TODO: how do we prevent errors in the filesystem from compromising the machine
+                                            type: string
+                                          initiatorName:
+                                            description: |-
+                                              initiatorName is the custom iSCSI Initiator Name.
+                                              If initiatorName is specified with iscsiInterface simultaneously, new iSCSI interface
+                                              <target portal>:<volume name> will be created for the connection.
+                                            type: string
+                                          iqn:
+                                            description: iqn
+                                              is
+                                              the
+                                              target
+                                              iSCSI
+                                              Qualified
+                                              Name.
+                                            type: string
+                                          iscsiInterface:
+                                            description: |-
+                                              iscsiInterface is the interface Name that uses an iSCSI transport.
+                                              Defaults to 'default' (tcp).
+                                            type: string
+                                          lun:
+                                            description: lun
+                                              represents
+                                              iSCSI
+                                              Target
+                                              Lun
+                                              number.
+                                            format: int32
+                                            type: integer
+                                          portals:
+                                            description: |-
+                                              portals is the iSCSI Target Portal List. The portal is either an IP or ip_addr:port if the port
+                                              is other than default (typically TCP ports 860 and 3260).
+                                            items:
+                                              type: string
+                                            type: array
+                                            x-kubernetes-list-type: atomic
+                                          readOnly:
+                                            description: |-
+                                              readOnly here will force the ReadOnly setting in VolumeMounts.
+                                              Defaults to false.
+                                            type: boolean
+                                          secretRef:
+                                            description: secretRef
+                                              is
+                                              the
+                                              CHAP
+                                              Secret
+                                              for
+                                              iSCSI
+                                              target
+                                              and
+                                              initiator
+                                              authentication
+                                            properties:
+                                              name:
+                                                default: ""
+                                                description: |-
+                                                  Name of the referent.
+                                                  This field is effectively required, but due to backwards compatibility is
+                                                  allowed to be empty. Instances of this type with an empty value here are
+                                                  almost certainly wrong.
+                                                  TODO: Add other useful fields. apiVersion, kind, uid?
+                                                  More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+                                                  TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
+                                                type: string
+                                            type: object
+                                            x-kubernetes-map-type: atomic
+                                          targetPortal:
+                                            description: |-
+                                              targetPortal is iSCSI Target Portal. The Portal is either an IP or ip_addr:port if the port
+                                              is other than default (typically TCP ports 860 and 3260).
+                                            type: string
+                                        required:
+                                          - iqn
+                                          - lun
+                                          - targetPortal
+                                        type: object
+                                      name:
+                                        description: |-
+                                          name of the volume.
+                                          Must be a DNS_LABEL and unique within the pod.
+                                          More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+                                        type: string
+                                      nfs:
+                                        description: |-
+                                          nfs represents an NFS mount on the host that shares a pod's lifetime
+                                          More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs
+                                        properties:
+                                          path:
+                                            description: |-
+                                              path that is exported by the NFS server.
+                                              More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs
+                                            type: string
+                                          readOnly:
+                                            description: |-
+                                              readOnly here will force the NFS export to be mounted with read-only permissions.
+                                              Defaults to false.
+                                              More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs
+                                            type: boolean
+                                          server:
+                                            description: |-
+                                              server is the hostname or IP address of the NFS server.
+                                              More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs
+                                            type: string
+                                        required:
+                                          - path
+                                          - server
+                                        type: object
+                                      persistentVolumeClaim:
+                                        description: |-
+                                          persistentVolumeClaimVolumeSource represents a reference to a
+                                          PersistentVolumeClaim in the same namespace.
+                                          More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims
+                                        properties:
+                                          claimName:
+                                            description: |-
+                                              claimName is the name of a PersistentVolumeClaim in the same namespace as the pod using this volume.
+                                              More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims
+                                            type: string
+                                          readOnly:
+                                            description: |-
+                                              readOnly Will force the ReadOnly setting in VolumeMounts.
+                                              Default false.
+                                            type: boolean
+                                        required:
+                                          - claimName
+                                        type: object
+                                      photonPersistentDisk:
+                                        description: photonPersistentDisk
+                                          represents
+                                          a
+                                          PhotonController
+                                          persistent
+                                          disk
+                                          attached
+                                          and
+                                          mounted
+                                          on
+                                          kubelets
+                                          host
+                                          machine
+                                        properties:
+                                          fsType:
+                                            description: |-
+                                              fsType is the filesystem type to mount.
+                                              Must be a filesystem type supported by the host operating system.
+                                              Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
+                                            type: string
+                                          pdID:
+                                            description: pdID
+                                              is
+                                              the
+                                              ID
+                                              that
+                                              identifies
+                                              Photon
+                                              Controller
+                                              persistent
+                                              disk
+                                            type: string
+                                        required:
+                                          - pdID
+                                        type: object
+                                      portworxVolume:
+                                        description: portworxVolume
+                                          represents
+                                          a
+                                          portworx
+                                          volume
+                                          attached
+                                          and
+                                          mounted
+                                          on
+                                          kubelets
+                                          host
+                                          machine
+                                        properties:
+                                          fsType:
+                                            description: |-
+                                              fSType represents the filesystem type to mount
+                                              Must be a filesystem type supported by the host operating system.
+                                              Ex. "ext4", "xfs". Implicitly inferred to be "ext4" if unspecified.
+                                            type: string
+                                          readOnly:
+                                            description: |-
+                                              readOnly defaults to false (read/write). ReadOnly here will force
+                                              the ReadOnly setting in VolumeMounts.
+                                            type: boolean
+                                          volumeID:
+                                            description: volumeID
+                                              uniquely
+                                              identifies
+                                              a
+                                              Portworx
+                                              volume
+                                            type: string
+                                        required:
+                                          - volumeID
+                                        type: object
+                                      projected:
+                                        description: projected
+                                          items
+                                          for
+                                          all
+                                          in
+                                          one
+                                          resources
+                                          secrets,
+                                          configmaps,
+                                          and
+                                          downward
+                                          API
+                                        properties:
+                                          defaultMode:
+                                            description: |-
+                                              defaultMode are the mode bits used to set permissions on created files by default.
+                                              Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.
+                                              YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.
+                                              Directories within the path are not affected by this setting.
+                                              This might be in conflict with other options that affect the file
+                                              mode, like fsGroup, and the result can be other mode bits set.
+                                            format: int32
+                                            type: integer
+                                          sources:
+                                            description: sources
+                                              is
+                                              the
+                                              list
+                                              of
+                                              volume
+                                              projections
+                                            items:
+                                              description: Projection
+                                                that
+                                                may
+                                                be
+                                                projected
+                                                along
+                                                with
+                                                other
+                                                supported
+                                                volume
+                                                types
+                                              properties:
+                                                clusterTrustBundle:
+                                                  description: |-
+                                                    ClusterTrustBundle allows a pod to access the `.spec.trustBundle` field
+                                                    of ClusterTrustBundle objects in an auto-updating file.
+
+
+                                                    Alpha, gated by the ClusterTrustBundleProjection feature gate.
+
+
+                                                    ClusterTrustBundle objects can either be selected by name, or by the
+                                                    combination of signer name and a label selector.
+
+
+                                                    Kubelet performs aggressive normalization of the PEM contents written
+                                                    into the pod filesystem.  Esoteric PEM features such as inter-block
+                                                    comments and block headers are stripped.  Certificates are deduplicated.
+                                                    The ordering of certificates within the file is arbitrary, and Kubelet
+                                                    may change the order over time.
+                                                  properties:
+                                                    labelSelector:
+                                                      description: |-
+                                                        Select all ClusterTrustBundles that match this label selector.  Only has
+                                                        effect if signerName is set.  Mutually-exclusive with name.  If unset,
+                                                        interpreted as "match nothing".  If set but empty, interpreted as "match
+                                                        everything".
+                                                      properties:
+                                                        matchExpressions:
+                                                          description:
+                                                            matchExpressions
+                                                            is
+                                                            a
+                                                            list
+                                                            of
+                                                            label
+                                                            selector
+                                                            requirements.
+                                                            The
+                                                            requirements
+                                                            are
+                                                            ANDed.
+                                                          items:
+                                                            description: |-
+                                                              A label selector requirement is a selector that contains values, a key, and an operator that
+                                                              relates the key and values.
+                                                            properties:
+                                                              key:
+                                                                description: key
+                                                                  is
+                                                                  the
+                                                                  label
+                                                                  key
+                                                                  that
+                                                                  the
+                                                                  selector
+                                                                  applies
+                                                                  to.
+                                                                type: string
+                                                              operator:
+                                                                description: |-
+                                                                  operator represents a key's relationship to a set of values.
+                                                                  Valid operators are In, NotIn, Exists and DoesNotExist.
+                                                                type: string
+                                                              values:
+                                                                description: |-
+                                                                  values is an array of string values. If the operator is In or NotIn,
+                                                                  the values array must be non-empty. If the operator is Exists or DoesNotExist,
+                                                                  the values array must be empty. This array is replaced during a strategic
+                                                                  merge patch.
+                                                                items:
+                                                                  type: string
+                                                                type: array
+                                                                x-kubernetes-list-type: atomic
+                                                            required:
+                                                              - key
+                                                              - operator
+                                                            type: object
+                                                          type: array
+                                                          x-kubernetes-list-type: atomic
+                                                        matchLabels:
+                                                          additionalProperties:
+                                                            type: string
+                                                          description: |-
+                                                            matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+                                                            map is equivalent to an element of matchExpressions, whose key field is "key", the
+                                                            operator is "In", and the values array contains only "value". The requirements are ANDed.
+                                                          type: object
+                                                      type: object
+                                                      x-kubernetes-map-type: atomic
+                                                    name:
+                                                      description: |-
+                                                        Select a single ClusterTrustBundle by object name.  Mutually-exclusive
+                                                        with signerName and labelSelector.
+                                                      type: string
+                                                    optional:
+                                                      description: |-
+                                                        If true, don't block pod startup if the referenced ClusterTrustBundle(s)
+                                                        aren't available.  If using name, then the named ClusterTrustBundle is
+                                                        allowed not to exist.  If using signerName, then the combination of
+                                                        signerName and labelSelector is allowed to match zero
+                                                        ClusterTrustBundles.
+                                                      type: boolean
+                                                    path:
+                                                      description: Relative
+                                                        path
+                                                        from
+                                                        the
+                                                        volume
+                                                        root
+                                                        to
+                                                        write
+                                                        the
+                                                        bundle.
+                                                      type: string
+                                                    signerName:
+                                                      description: |-
+                                                        Select all ClusterTrustBundles that match this signer name.
+                                                        Mutually-exclusive with name.  The contents of all selected
+                                                        ClusterTrustBundles will be unified and deduplicated.
+                                                      type: string
+                                                  required:
+                                                    - path
+                                                  type: object
+                                                configMap:
+                                                  description: configMap
+                                                    information
+                                                    about
+                                                    the
+                                                    configMap
+                                                    data
+                                                    to
+                                                    project
+                                                  properties:
+                                                    items:
+                                                      description: |-
+                                                        items if unspecified, each key-value pair in the Data field of the referenced
+                                                        ConfigMap will be projected into the volume as a file whose name is the
+                                                        key and content is the value. If specified, the listed keys will be
+                                                        projected into the specified paths, and unlisted keys will not be
+                                                        present. If a key is specified which is not present in the ConfigMap,
+                                                        the volume setup will error unless it is marked optional. Paths must be
+                                                        relative and may not contain the '..' path or start with '..'.
+                                                      items:
+                                                        description: Maps
+                                                          a
+                                                          string
+                                                          key
+                                                          to
+                                                          a
+                                                          path
+                                                          within
+                                                          a
+                                                          volume.
+                                                        properties:
+                                                          key:
+                                                            description: key
+                                                              is
+                                                              the
+                                                              key
+                                                              to
+                                                              project.
+                                                            type: string
+                                                          mode:
+                                                            description: |-
+                                                              mode is Optional: mode bits used to set permissions on this file.
+                                                              Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.
+                                                              YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.
+                                                              If not specified, the volume defaultMode will be used.
+                                                              This might be in conflict with other options that affect the file
+                                                              mode, like fsGroup, and the result can be other mode bits set.
+                                                            format: int32
+                                                            type: integer
+                                                          path:
+                                                            description: |-
+                                                              path is the relative path of the file to map the key to.
+                                                              May not be an absolute path.
+                                                              May not contain the path element '..'.
+                                                              May not start with the string '..'.
+                                                            type: string
+                                                        required:
+                                                          - key
+                                                          - path
+                                                        type: object
+                                                      type: array
+                                                      x-kubernetes-list-type: atomic
+                                                    name:
+                                                      default: ""
+                                                      description: |-
+                                                        Name of the referent.
+                                                        This field is effectively required, but due to backwards compatibility is
+                                                        allowed to be empty. Instances of this type with an empty value here are
+                                                        almost certainly wrong.
+                                                        TODO: Add other useful fields. apiVersion, kind, uid?
+                                                        More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+                                                        TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
+                                                      type: string
+                                                    optional:
+                                                      description: optional
+                                                        specify
+                                                        whether
+                                                        the
+                                                        ConfigMap
+                                                        or
+                                                        its
+                                                        keys
+                                                        must
+                                                        be
+                                                        defined
+                                                      type: boolean
+                                                  type: object
+                                                  x-kubernetes-map-type: atomic
+                                                downwardAPI:
+                                                  description: downwardAPI
+                                                    information
+                                                    about
+                                                    the
+                                                    downwardAPI
+                                                    data
+                                                    to
+                                                    project
+                                                  properties:
+                                                    items:
+                                                      description: Items
+                                                        is
+                                                        a
+                                                        list
+                                                        of
+                                                        DownwardAPIVolume
+                                                        file
+                                                      items:
+                                                        description:
+                                                          DownwardAPIVolumeFile
+                                                          represents
+                                                          information
+                                                          to
+                                                          create
+                                                          the
+                                                          file
+                                                          containing
+                                                          the
+                                                          pod
+                                                          field
+                                                        properties:
+                                                          fieldRef:
+                                                            description:
+                                                              "Required:
+                                                              Selects
+                                                              a
+                                                              field
+                                                              of
+                                                              the
+                                                              pod:
+                                                              only
+                                                              annotations,
+                                                              labels,
+                                                              name,
+                                                              namespace
+                                                              and
+                                                              uid
+                                                              are
+                                                              supported."
+                                                            properties:
+                                                              apiVersion:
+                                                                description:
+                                                                  Version
+                                                                  of
+                                                                  the
+                                                                  schema
+                                                                  the
+                                                                  FieldPath
+                                                                  is
+                                                                  written
+                                                                  in
+                                                                  terms
+                                                                  of,
+                                                                  defaults
+                                                                  to
+                                                                  "v1".
+                                                                type: string
+                                                              fieldPath:
+                                                                description:
+                                                                  Path
+                                                                  of
+                                                                  the
+                                                                  field
+                                                                  to
+                                                                  select
+                                                                  in
+                                                                  the
+                                                                  specified
+                                                                  API
+                                                                  version.
+                                                                type: string
+                                                            required:
+                                                              - fieldPath
+                                                            type: object
+                                                            x-kubernetes-map-type: atomic
+                                                          mode:
+                                                            description: |-
+                                                              Optional: mode bits used to set permissions on this file, must be an octal value
+                                                              between 0000 and 0777 or a decimal value between 0 and 511.
+                                                              YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.
+                                                              If not specified, the volume defaultMode will be used.
+                                                              This might be in conflict with other options that affect the file
+                                                              mode, like fsGroup, and the result can be other mode bits set.
+                                                            format: int32
+                                                            type: integer
+                                                          path:
+                                                            description:
+                                                              "Required:
+                                                              Path
+                                                              is  the
+                                                              relative
+                                                              path
+                                                              name
+                                                              of
+                                                              the
+                                                              file
+                                                              to
+                                                              be
+                                                              created.
+                                                              Must
+                                                              not
+                                                              be
+                                                              absolute
+                                                              or
+                                                              contain
+                                                              the
+                                                              '..'
+                                                              path.
+                                                              Must
+                                                              be
+                                                              utf-8
+                                                              encoded.
+                                                              The
+                                                              first
+                                                              item
+                                                              of
+                                                              the
+                                                              relative
+                                                              path
+                                                              must
+                                                              not
+                                                              start
+                                                              with
+                                                              '..'"
+                                                            type: string
+                                                          resourceFieldRef:
+                                                            description: |-
+                                                              Selects a resource of the container: only resources limits and requests
+                                                              (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported.
+                                                            properties:
+                                                              containerName:
+                                                                description:
+                                                                  "Container
+                                                                  name:
+                                                                  required
+                                                                  for
+                                                                  volumes,
+                                                                  optional
+                                                                  for
+                                                                  env
+                                                                  vars"
+                                                                type: string
+                                                              divisor:
+                                                                anyOf:
+                                                                  - type: integer
+                                                                  - type: string
+                                                                description:
+                                                                  Specifies
+                                                                  the
+                                                                  output
+                                                                  format
+                                                                  of
+                                                                  the
+                                                                  exposed
+                                                                  resources,
+                                                                  defaults
+                                                                  to
+                                                                  "1"
+                                                                pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                                                x-kubernetes-int-or-string: true
+                                                              resource:
+                                                                description:
+                                                                  "Required:
+                                                                  resource
+                                                                  to
+                                                                  select"
+                                                                type: string
+                                                            required:
+                                                              - resource
+                                                            type: object
+                                                            x-kubernetes-map-type: atomic
+                                                        required:
+                                                          - path
+                                                        type: object
+                                                      type: array
+                                                      x-kubernetes-list-type: atomic
+                                                  type: object
+                                                secret:
+                                                  description: secret
+                                                    information
+                                                    about
+                                                    the
+                                                    secret
+                                                    data
+                                                    to
+                                                    project
+                                                  properties:
+                                                    items:
+                                                      description: |-
+                                                        items if unspecified, each key-value pair in the Data field of the referenced
+                                                        Secret will be projected into the volume as a file whose name is the
+                                                        key and content is the value. If specified, the listed keys will be
+                                                        projected into the specified paths, and unlisted keys will not be
+                                                        present. If a key is specified which is not present in the Secret,
+                                                        the volume setup will error unless it is marked optional. Paths must be
+                                                        relative and may not contain the '..' path or start with '..'.
+                                                      items:
+                                                        description: Maps
+                                                          a
+                                                          string
+                                                          key
+                                                          to
+                                                          a
+                                                          path
+                                                          within
+                                                          a
+                                                          volume.
+                                                        properties:
+                                                          key:
+                                                            description: key
+                                                              is
+                                                              the
+                                                              key
+                                                              to
+                                                              project.
+                                                            type: string
+                                                          mode:
+                                                            description: |-
+                                                              mode is Optional: mode bits used to set permissions on this file.
+                                                              Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.
+                                                              YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.
+                                                              If not specified, the volume defaultMode will be used.
+                                                              This might be in conflict with other options that affect the file
+                                                              mode, like fsGroup, and the result can be other mode bits set.
+                                                            format: int32
+                                                            type: integer
+                                                          path:
+                                                            description: |-
+                                                              path is the relative path of the file to map the key to.
+                                                              May not be an absolute path.
+                                                              May not contain the path element '..'.
+                                                              May not start with the string '..'.
+                                                            type: string
+                                                        required:
+                                                          - key
+                                                          - path
+                                                        type: object
+                                                      type: array
+                                                      x-kubernetes-list-type: atomic
+                                                    name:
+                                                      default: ""
+                                                      description: |-
+                                                        Name of the referent.
+                                                        This field is effectively required, but due to backwards compatibility is
+                                                        allowed to be empty. Instances of this type with an empty value here are
+                                                        almost certainly wrong.
+                                                        TODO: Add other useful fields. apiVersion, kind, uid?
+                                                        More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+                                                        TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
+                                                      type: string
+                                                    optional:
+                                                      description: optional
+                                                        field
+                                                        specify
+                                                        whether
+                                                        the
+                                                        Secret
+                                                        or
+                                                        its
+                                                        key
+                                                        must
+                                                        be
+                                                        defined
+                                                      type: boolean
+                                                  type: object
+                                                  x-kubernetes-map-type: atomic
+                                                serviceAccountToken:
+                                                  description:
+                                                    serviceAccountToken
+                                                    is
+                                                    information
+                                                    about
+                                                    the
+                                                    serviceAccountToken
+                                                    data
+                                                    to
+                                                    project
+                                                  properties:
+                                                    audience:
+                                                      description: |-
+                                                        audience is the intended audience of the token. A recipient of a token
+                                                        must identify itself with an identifier specified in the audience of the
+                                                        token, and otherwise should reject the token. The audience defaults to the
+                                                        identifier of the apiserver.
+                                                      type: string
+                                                    expirationSeconds:
+                                                      description: |-
+                                                        expirationSeconds is the requested duration of validity of the service
+                                                        account token. As the token approaches expiration, the kubelet volume
+                                                        plugin will proactively rotate the service account token. The kubelet will
+                                                        start trying to rotate the token if the token is older than 80 percent of
+                                                        its time to live or if the token is older than 24 hours.Defaults to 1 hour
+                                                        and must be at least 10 minutes.
+                                                      format: int64
+                                                      type: integer
+                                                    path:
+                                                      description: |-
+                                                        path is the path relative to the mount point of the file to project the
+                                                        token into.
+                                                      type: string
+                                                  required:
+                                                    - path
+                                                  type: object
+                                              type: object
+                                            type: array
+                                            x-kubernetes-list-type: atomic
+                                        type: object
+                                      quobyte:
+                                        description: quobyte
+                                          represents
+                                          a
+                                          Quobyte
+                                          mount
+                                          on
+                                          the
+                                          host
+                                          that
+                                          shares
+                                          a
+                                          pod's
+                                          lifetime
+                                        properties:
+                                          group:
+                                            description: |-
+                                              group to map volume access to
+                                              Default is no group
+                                            type: string
+                                          readOnly:
+                                            description: |-
+                                              readOnly here will force the Quobyte volume to be mounted with read-only permissions.
+                                              Defaults to false.
+                                            type: boolean
+                                          registry:
+                                            description: |-
+                                              registry represents a single or multiple Quobyte Registry services
+                                              specified as a string as host:port pair (multiple entries are separated with commas)
+                                              which acts as the central registry for volumes
+                                            type: string
+                                          tenant:
+                                            description: |-
+                                              tenant owning the given Quobyte volume in the Backend
+                                              Used with dynamically provisioned Quobyte volumes, value is set by the plugin
+                                            type: string
+                                          user:
+                                            description: |-
+                                              user to map volume access to
+                                              Defaults to serivceaccount user
+                                            type: string
+                                          volume:
+                                            description: volume
+                                              is
+                                              a
+                                              string
+                                              that
+                                              references
+                                              an
+                                              already
+                                              created
+                                              Quobyte
+                                              volume
+                                              by
+                                              name.
+                                            type: string
+                                        required:
+                                          - registry
+                                          - volume
+                                        type: object
+                                      rbd:
+                                        description: |-
+                                          rbd represents a Rados Block Device mount on the host that shares a pod's lifetime.
+                                          More info: https://examples.k8s.io/volumes/rbd/README.md
+                                        properties:
+                                          fsType:
+                                            description: |-
+                                              fsType is the filesystem type of the volume that you want to mount.
+                                              Tip: Ensure that the filesystem type is supported by the host operating system.
+                                              Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
+                                              More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd
+                                              TODO: how do we prevent errors in the filesystem from compromising the machine
+                                            type: string
+                                          image:
+                                            description: |-
+                                              image is the rados image name.
+                                              More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
+                                            type: string
+                                          keyring:
+                                            description: |-
+                                              keyring is the path to key ring for RBDUser.
+                                              Default is /etc/ceph/keyring.
+                                              More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
+                                            type: string
+                                          monitors:
+                                            description: |-
+                                              monitors is a collection of Ceph monitors.
+                                              More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
+                                            items:
+                                              type: string
+                                            type: array
+                                            x-kubernetes-list-type: atomic
+                                          pool:
+                                            description: |-
+                                              pool is the rados pool name.
+                                              Default is rbd.
+                                              More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
+                                            type: string
+                                          readOnly:
+                                            description: |-
+                                              readOnly here will force the ReadOnly setting in VolumeMounts.
+                                              Defaults to false.
+                                              More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
+                                            type: boolean
+                                          secretRef:
+                                            description: |-
+                                              secretRef is name of the authentication secret for RBDUser. If provided
+                                              overrides keyring.
+                                              Default is nil.
+                                              More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
+                                            properties:
+                                              name:
+                                                default: ""
+                                                description: |-
+                                                  Name of the referent.
+                                                  This field is effectively required, but due to backwards compatibility is
+                                                  allowed to be empty. Instances of this type with an empty value here are
+                                                  almost certainly wrong.
+                                                  TODO: Add other useful fields. apiVersion, kind, uid?
+                                                  More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+                                                  TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
+                                                type: string
+                                            type: object
+                                            x-kubernetes-map-type: atomic
+                                          user:
+                                            description: |-
+                                              user is the rados user name.
+                                              Default is admin.
+                                              More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it
+                                            type: string
+                                        required:
+                                          - image
+                                          - monitors
+                                        type: object
+                                      scaleIO:
+                                        description: scaleIO
+                                          represents
+                                          a
+                                          ScaleIO
+                                          persistent
+                                          volume
+                                          attached
+                                          and
+                                          mounted
+                                          on
+                                          Kubernetes
+                                          nodes.
+                                        properties:
+                                          fsType:
+                                            description: |-
+                                              fsType is the filesystem type to mount.
+                                              Must be a filesystem type supported by the host operating system.
+                                              Ex. "ext4", "xfs", "ntfs".
+                                              Default is "xfs".
+                                            type: string
+                                          gateway:
+                                            description: gateway
+                                              is
+                                              the
+                                              host
+                                              address
+                                              of
+                                              the
+                                              ScaleIO
+                                              API
+                                              Gateway.
+                                            type: string
+                                          protectionDomain:
+                                            description: protectionDomain
+                                              is
+                                              the
+                                              name
+                                              of
+                                              the
+                                              ScaleIO
+                                              Protection
+                                              Domain
+                                              for
+                                              the
+                                              configured
+                                              storage.
+                                            type: string
+                                          readOnly:
+                                            description: |-
+                                              readOnly Defaults to false (read/write). ReadOnly here will force
+                                              the ReadOnly setting in VolumeMounts.
+                                            type: boolean
+                                          secretRef:
+                                            description: |-
+                                              secretRef references to the secret for ScaleIO user and other
+                                              sensitive information. If this is not provided, Login operation will fail.
+                                            properties:
+                                              name:
+                                                default: ""
+                                                description: |-
+                                                  Name of the referent.
+                                                  This field is effectively required, but due to backwards compatibility is
+                                                  allowed to be empty. Instances of this type with an empty value here are
+                                                  almost certainly wrong.
+                                                  TODO: Add other useful fields. apiVersion, kind, uid?
+                                                  More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+                                                  TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
+                                                type: string
+                                            type: object
+                                            x-kubernetes-map-type: atomic
+                                          sslEnabled:
+                                            description: sslEnabled
+                                              Flag
+                                              enable/disable
+                                              SSL
+                                              communication
+                                              with
+                                              Gateway,
+                                              default
+                                              false
+                                            type: boolean
+                                          storageMode:
+                                            description: |-
+                                              storageMode indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned.
+                                              Default is ThinProvisioned.
+                                            type: string
+                                          storagePool:
+                                            description: storagePool
+                                              is
+                                              the
+                                              ScaleIO
+                                              Storage
+                                              Pool
+                                              associated
+                                              with
+                                              the
+                                              protection
+                                              domain.
+                                            type: string
+                                          system:
+                                            description: system
+                                              is
+                                              the
+                                              name
+                                              of
+                                              the
+                                              storage
+                                              system
+                                              as
+                                              configured
+                                              in
+                                              ScaleIO.
+                                            type: string
+                                          volumeName:
+                                            description: |-
+                                              volumeName is the name of a volume already created in the ScaleIO system
+                                              that is associated with this volume source.
+                                            type: string
+                                        required:
+                                          - gateway
+                                          - secretRef
+                                          - system
+                                        type: object
+                                      secret:
+                                        description: |-
+                                          secret represents a secret that should populate this volume.
+                                          More info: https://kubernetes.io/docs/concepts/storage/volumes#secret
+                                        properties:
+                                          defaultMode:
+                                            description: |-
+                                              defaultMode is Optional: mode bits used to set permissions on created files by default.
+                                              Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.
+                                              YAML accepts both octal and decimal values, JSON requires decimal values
+                                              for mode bits. Defaults to 0644.
+                                              Directories within the path are not affected by this setting.
+                                              This might be in conflict with other options that affect the file
+                                              mode, like fsGroup, and the result can be other mode bits set.
+                                            format: int32
+                                            type: integer
+                                          items:
+                                            description: |-
+                                              items If unspecified, each key-value pair in the Data field of the referenced
+                                              Secret will be projected into the volume as a file whose name is the
+                                              key and content is the value. If specified, the listed keys will be
+                                              projected into the specified paths, and unlisted keys will not be
+                                              present. If a key is specified which is not present in the Secret,
+                                              the volume setup will error unless it is marked optional. Paths must be
+                                              relative and may not contain the '..' path or start with '..'.
+                                            items:
+                                              description: Maps
+                                                a
+                                                string
+                                                key
+                                                to
+                                                a
+                                                path
+                                                within
+                                                a
+                                                volume.
+                                              properties:
+                                                key:
+                                                  description: key
+                                                    is
+                                                    the
+                                                    key
+                                                    to
+                                                    project.
+                                                  type: string
+                                                mode:
+                                                  description: |-
+                                                    mode is Optional: mode bits used to set permissions on this file.
+                                                    Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511.
+                                                    YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.
+                                                    If not specified, the volume defaultMode will be used.
+                                                    This might be in conflict with other options that affect the file
+                                                    mode, like fsGroup, and the result can be other mode bits set.
+                                                  format: int32
+                                                  type: integer
+                                                path:
+                                                  description: |-
+                                                    path is the relative path of the file to map the key to.
+                                                    May not be an absolute path.
+                                                    May not contain the path element '..'.
+                                                    May not start with the string '..'.
+                                                  type: string
+                                              required:
+                                                - key
+                                                - path
+                                              type: object
+                                            type: array
+                                            x-kubernetes-list-type: atomic
+                                          optional:
+                                            description: optional
+                                              field
+                                              specify
+                                              whether
+                                              the
+                                              Secret
+                                              or
+                                              its
+                                              keys
+                                              must
+                                              be
+                                              defined
+                                            type: boolean
+                                          secretName:
+                                            description: |-
+                                              secretName is the name of the secret in the pod's namespace to use.
+                                              More info: https://kubernetes.io/docs/concepts/storage/volumes#secret
+                                            type: string
+                                        type: object
+                                      storageos:
+                                        description: storageOS
+                                          represents
+                                          a
+                                          StorageOS
+                                          volume
+                                          attached
+                                          and
+                                          mounted
+                                          on
+                                          Kubernetes
+                                          nodes.
+                                        properties:
+                                          fsType:
+                                            description: |-
+                                              fsType is the filesystem type to mount.
+                                              Must be a filesystem type supported by the host operating system.
+                                              Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
+                                            type: string
+                                          readOnly:
+                                            description: |-
+                                              readOnly defaults to false (read/write). ReadOnly here will force
+                                              the ReadOnly setting in VolumeMounts.
+                                            type: boolean
+                                          secretRef:
+                                            description: |-
+                                              secretRef specifies the secret to use for obtaining the StorageOS API
+                                              credentials.  If not specified, default values will be attempted.
+                                            properties:
+                                              name:
+                                                default: ""
+                                                description: |-
+                                                  Name of the referent.
+                                                  This field is effectively required, but due to backwards compatibility is
+                                                  allowed to be empty. Instances of this type with an empty value here are
+                                                  almost certainly wrong.
+                                                  TODO: Add other useful fields. apiVersion, kind, uid?
+                                                  More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+                                                  TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
+                                                type: string
+                                            type: object
+                                            x-kubernetes-map-type: atomic
+                                          volumeName:
+                                            description: |-
+                                              volumeName is the human-readable name of the StorageOS volume.  Volume
+                                              names are only unique within a namespace.
+                                            type: string
+                                          volumeNamespace:
+                                            description: |-
+                                              volumeNamespace specifies the scope of the volume within StorageOS.  If no
+                                              namespace is specified then the Pod's namespace will be used.  This allows the
+                                              Kubernetes name scoping to be mirrored within StorageOS for tighter integration.
+                                              Set VolumeName to any name to override the default behaviour.
+                                              Set to "default" if you are not using namespaces within StorageOS.
+                                              Namespaces that do not pre-exist within StorageOS will be created.
+                                            type: string
+                                        type: object
+                                      vsphereVolume:
+                                        description: vsphereVolume
+                                          represents
+                                          a
+                                          vSphere
+                                          volume
+                                          attached
+                                          and
+                                          mounted
+                                          on
+                                          kubelets
+                                          host
+                                          machine
+                                        properties:
+                                          fsType:
+                                            description: |-
+                                              fsType is filesystem type to mount.
+                                              Must be a filesystem type supported by the host operating system.
+                                              Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified.
+                                            type: string
+                                          storagePolicyID:
+                                            description: storagePolicyID
+                                              is
+                                              the
+                                              storage
+                                              Policy
+                                              Based
+                                              Management
+                                              (SPBM)
+                                              profile
+                                              ID
+                                              associated
+                                              with
+                                              the
+                                              StoragePolicyName.
+                                            type: string
+                                          storagePolicyName:
+                                            description: storagePolicyName
+                                              is
+                                              the
+                                              storage
+                                              Policy
+                                              Based
+                                              Management
+                                              (SPBM)
+                                              profile
+                                              name.
+                                            type: string
+                                          volumePath:
+                                            description: volumePath
+                                              is
+                                              the
+                                              path
+                                              that
+                                              identifies
+                                              vSphere
+                                              volume
+                                              vmdk
+                                            type: string
+                                        required:
+                                          - volumePath
+                                        type: object
+                                    required:
+                                      - name
+                                    type: object
+                                  type: array
+                              type: object
+                          type: object
+                        updateStrategy:
+                          description: An update strategy to
+                            replace existing DaemonSet pods
+                            with new pods.
+                          properties:
+                            rollingUpdate:
+                              description: |-
+                                Rolling update config params. Present only if type = "RollingUpdate".
+                                ---
+                                TODO: Update this to follow our convention for oneOf, whatever we decide it
+                                to be. Same as Deployment `strategy.rollingUpdate`.
+                                See https://github.com/kubernetes/kubernetes/issues/35345
+                              properties:
+                                maxSurge:
+                                  anyOf:
+                                    - type: integer
+                                    - type: string
+                                  description: |-
+                                    The maximum number of nodes with an existing available DaemonSet pod that
+                                    can have an updated DaemonSet pod during during an update.
+                                    Value can be an absolute number (ex: 5) or a percentage of desired pods (ex: 10%).
+                                    This can not be 0 if MaxUnavailable is 0.
+                                    Absolute number is calculated from percentage by rounding up to a minimum of 1.
+                                    Default value is 0.
+                                    Example: when this is set to 30%, at most 30% of the total number of nodes
+                                    that should be running the daemon pod (i.e. status.desiredNumberScheduled)
+                                    can have their a new pod created before the old pod is marked as deleted.
+                                    The update starts by launching new pods on 30% of nodes. Once an updated
+                                    pod is available (Ready for at least minReadySeconds) the old DaemonSet pod
+                                    on that node is marked deleted. If the old pod becomes unavailable for any
+                                    reason (Ready transitions to false, is evicted, or is drained) an updated
+                                    pod is immediatedly created on that node without considering surge limits.
+                                    Allowing surge implies the possibility that the resources consumed by the
+                                    daemonset on any given node can double if the readiness check fails, and
+                                    so resource intensive daemonsets should take into account that they may
+                                    cause evictions during disruption.
+                                  x-kubernetes-int-or-string: true
+                                maxUnavailable:
+                                  anyOf:
+                                    - type: integer
+                                    - type: string
+                                  description: |-
+                                    The maximum number of DaemonSet pods that can be unavailable during the
+                                    update. Value can be an absolute number (ex: 5) or a percentage of total
+                                    number of DaemonSet pods at the start of the update (ex: 10%). Absolute
+                                    number is calculated from percentage by rounding up.
+                                    This cannot be 0 if MaxSurge is 0
+                                    Default value is 1.
+                                    Example: when this is set to 30%, at most 30% of the total number of nodes
+                                    that should be running the daemon pod (i.e. status.desiredNumberScheduled)
+                                    can have their pods stopped for an update at any given time. The update
+                                    starts by stopping at most 30% of those DaemonSet pods and then brings
+                                    up new DaemonSet pods in their place. Once the new pods are available,
+                                    it then proceeds onto other DaemonSet pods, thus ensuring that at least
+                                    70% of original number of DaemonSet pods are available at all times during
+                                    the update.
+                                  x-kubernetes-int-or-string: true
+                              type: object
+                            type:
+                              description: Type of daemon
+                                set update. Can be "RollingUpdate"
+                                or "OnDelete". Default
+                                is RollingUpdate.
+                              type: string
+                          type: object
+                      type: object
+                  type: object
+                debug:
+                  description: Enables debug logging for the collector
+                  type: boolean
+                memoryLimiter:
+                  description: Setting memory limits for the Collector
+                  properties:
+                    check_interval:
+                      description: |-
+                        CheckInterval is the time between measurements of memory usage for the
+                        purposes of avoiding going over the limits. Defaults to zero, so no
+                        checks will be performed.
+                      format: int64
+                      type: integer
+                    limit_mib:
+                      description: |-
+                        MemoryLimitMiB is the maximum amount of memory, in MiB, targeted to be
+                        allocated by the process.
+                      format: int32
+                      type: integer
+                    limit_percentage:
+                      description: |-
+                        MemoryLimitPercentage is the maximum amount of memory, in %, targeted to be
+                        allocated by the process. The fixed memory settings MemoryLimitMiB has a higher precedence.
+                      format: int32
+                      type: integer
+                    spike_limit_mib:
+                      description: |-
+                        MemorySpikeLimitMiB is the maximum, in MiB, spike expected between the
+                        measurements of memory usage.
+                      format: int32
+                      type: integer
+                    spike_limit_percentage:
+                      description: |-
+                        MemorySpikePercentage is the maximum, in percents against the total memory,
+                        spike expected between the measurements of memory usage.
+                      format: int32
+                      type: integer
+                  required:
+                    - check_interval
+                    - limit_mib
+                    - limit_percentage
+                    - spike_limit_mib
+                    - spike_limit_percentage
+                  type: object
+                tenantSelector:
+                  description: |-
+                    A label selector is a label query over a set of resources. The result of matchLabels and
+                    matchExpressions are ANDed. An empty label selector matches all objects. A null
+                    label selector matches no objects.
+                  properties:
+                    matchExpressions:
+                      description: matchExpressions is a list of
+                        label selector requirements. The requirements
+                        are ANDed.
+                      items:
+                        description: |-
+                          A label selector requirement is a selector that contains values, a key, and an operator that
+                          relates the key and values.
+                        properties:
+                          key:
+                            description: key is the label
+                              key that the selector applies
+                              to.
+                            type: string
+                          operator:
+                            description: |-
+                              operator represents a key's relationship to a set of values.
+                              Valid operators are In, NotIn, Exists and DoesNotExist.
+                            type: string
+                          values:
+                            description: |-
+                              values is an array of string values. If the operator is In or NotIn,
+                              the values array must be non-empty. If the operator is Exists or DoesNotExist,
+                              the values array must be empty. This array is replaced during a strategic
+                              merge patch.
+                            items:
+                              type: string
+                            type: array
+                            x-kubernetes-list-type: atomic
+                        required:
+                          - key
+                          - operator
+                        type: object
+                      type: array
+                      x-kubernetes-list-type: atomic
+                    matchLabels:
+                      additionalProperties:
+                        type: string
+                      description: |-
+                        matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+                        map is equivalent to an element of matchExpressions, whose key field is "key", the
+                        operator is "In", and the values array contains only "value". The requirements are ANDed.
+                      type: object
+                  type: object
+                  x-kubernetes-map-type: atomic
+              required:
+                - controlNamespace
+              type: object
+            status:
+              description: CollectorStatus defines the observed state of
+                Collector
+              properties:
+                tenants:
+                  items:
+                    type: string
+                  type: array
+              type: object
+          type: object
+      served: true
+      storage: true
+      subresources:
+        status: {}
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    controller-gen.kubebuilder.io/version: v0.14.0
+  name: outputs.telemetry.kube-logging.dev
+spec:
+  group: telemetry.kube-logging.dev
+  names:
+    categories:
+      - telemetry-all
+    kind: Output
+    listKind: OutputList
+    plural: outputs
+    singular: output
+  scope: Namespaced
+  versions:
+    - name: v1alpha1
+      schema:
+        openAPIV3Schema:
+          description: Output is the Schema for the outputs API
+          properties:
+            apiVersion:
+              description: |-
+                APIVersion defines the versioned schema of this representation of an object.
+                Servers should convert recognized schemas to the latest internal value, and
+                may reject unrecognized values.
+                More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+              type: string
+            kind:
+              description: |-
+                Kind is a string value representing the REST resource this object represents.
+                Servers may infer this from the endpoint the client submits requests to.
+                Cannot be updated.
+                In CamelCase.
+                More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+              type: string
+            metadata:
+              type: object
+            spec:
+              description: OutputSpec defines the desired state of Output
+              properties:
+                fluentforward:
+                  properties:
+                    compress_gzip:
+                      description: CompressGzip enables gzip compression
+                        for the payload.
+                      type: boolean
+                    connection_timeout:
+                      description: Connection Timeout parameter
+                        configures `net.Dialer`.
+                      format: int64
+                      type: integer
+                    default_labels_enabled:
+                      additionalProperties:
+                        type: boolean
+                      description: DefaultLabelsEnabled is a map
+                        of default attributes to be added to each
+                        log record.
+                      type: object
+                    endpoint:
+                      description: "The target endpoint URI to send
+                        data to (e.g.: some.url:24224)."
+                      type: string
+                    kubernetes_metadata:
+                      properties:
+                        include_pod_labels:
+                          type: boolean
+                        key:
+                          type: string
+                      required:
+                        - include_pod_labels
+                        - key
+                      type: object
+                    require_ack:
+                      description: RequireAck enables the acknowledgement
+                        feature.
+                      type: boolean
+                    retry_on_failure:
+                      description: |-
+                        BackOffConfig defines configuration for retrying batches in case of export failure.
+                        The current supported strategy is exponential backoff.
+                      properties:
+                        enabled:
+                          description: Enabled indicates whether
+                            to not retry sending batches in
+                            case of export failure.
+                          type: boolean
+                        initial_interval:
+                          description: InitialInterval the time
+                            to wait after the first failure
+                            before retrying.
+                          format: int64
+                          type: integer
+                        max_elapsed_time:
+                          description: |-
+                            MaxElapsedTime is the maximum amount of time (including retries) spent trying to send a request/batch.
+                            Once this value is reached, the data is discarded. If set to 0, the retries are never stopped.
+                          format: int64
+                          type: integer
+                        max_interval:
+                          description: |-
+                            MaxInterval is the upper bound on backoff interval. Once this value is reached the delay between
+                            consecutive retries will always be `MaxInterval`.
+                          format: int64
+                          type: integer
+                        multiplier:
+                          description: Multiplier is the value
+                            multiplied by the backoff interval
+                            bounds
+                          type: string
+                        randomization_factor:
+                          description: |-
+                            RandomizationFactor is a random factor used to calculate next backoffs
+                            Randomized interval = RetryInterval * (1 ± RandomizationFactor)
+                          type: string
+                      type: object
+                    sending_queue:
+                      description: QueueSettings defines configuration
+                        for queueing batches before sending to
+                        the consumerSender.
+                      properties:
+                        enabled:
+                          description: Enabled indicates whether
+                            to not enqueue batches before
+                            sending to the consumerSender.
+                          type: boolean
+                        num_consumers:
+                          description: NumConsumers is the number
+                            of consumers from the queue.
+                          type: integer
+                        queue_size:
+                          description: QueueSize is the maximum
+                            number of batches allowed in queue
+                            at a given time.
+                          type: integer
+                        storage:
+                          description: |-
+                            StorageID if not empty, enables the persistent storage and uses the component specified
+                            as a storage extension for the persistent queue
+                          type: string
+                      type: object
+                    shared_key:
+                      description: SharedKey is used for authorization
+                        with the server that knows it.
+                      type: string
+                    tag:
+                      description: The Fluent tag parameter used
+                        for routing
+                      type: string
+                    tls:
+                      description: TLSSetting struct exposes TLS
+                        client configuration.
+                      properties:
+                        ca_file:
+                          description: |-
+                            Path to the CA cert. For a client this verifies the server certificate.
+                            For a server this verifies client certificates. If empty uses system root CA.
+                            (optional)
+                          type: string
+                        ca_pem:
+                          description: In memory PEM encoded
+                            cert. (optional)
+                          type: string
+                        cert_file:
+                          description: Path to the TLS cert
+                            to use for TLS required connections.
+                            (optional)
+                          type: string
+                        cert_pem:
+                          description: In memory PEM encoded
+                            TLS cert to use for TLS required
+                            connections. (optional)
+                          type: string
+                        insecure:
+                          description: |-
+                            In gRPC when set to true, this is used to disable the client transport security.
+                            See https://godoc.org/google.golang.org/grpc#WithInsecure.
+                            In HTTP, this disables verifying the server's certificate chain and host name
+                            (InsecureSkipVerify in the tls Config). Please refer to
+                            https://godoc.org/crypto/tls#Config for more information.
+                            (optional, default false)
+                          type: boolean
+                        insecure_skip_verify:
+                          description: InsecureSkipVerify will
+                            enable TLS but not verify the
+                            certificate.
+                          type: boolean
+                        key_file:
+                          description: Path to the TLS key to
+                            use for TLS required connections.
+                            (optional)
+                          type: string
+                        key_pem:
+                          description: In memory PEM encoded
+                            TLS key to use for TLS required
+                            connections. (optional)
+                          type: string
+                        max_version:
+                          description: |-
+                            MaxVersion sets the maximum TLS version that is acceptable.
+                            If not set, refer to crypto/tls for defaults. (optional)
+                          type: string
+                        min_version:
+                          description: |-
+                            MinVersion sets the minimum TLS version that is acceptable.
+                            If not set, TLS 1.2 will be used. (optional)
+                          type: string
+                        reload_interval:
+                          description: |-
+                            ReloadInterval specifies the duration after which the certificate will be reloaded
+                            If not set, it will never be reloaded (optional)
+                          format: int64
+                          type: integer
+                        server_name_override:
+                          description: |-
+                            ServerName requested by client for virtual hosting.
+                            This sets the ServerName in the TLSConfig. Please refer to
+                            https://godoc.org/crypto/tls#Config for more information. (optional)
+                          type: string
+                      type: object
+                  type: object
+                loki:
+                  properties:
+                    auth:
+                      description: Auth configuration for outgoing
+                        HTTP calls.
+                      type: string
+                    compression:
+                      description: The compression key for supported
+                        compression types within collector.
+                      type: string
+                    disable_keep_alives:
+                      description: |-
+                        DisableKeepAlives, if true, disables HTTP keep-alives and will only use the connection to the server
+                        for a single HTTP request.
+
+
+                        WARNING: enabling this option can result in significant overhead establishing a new HTTP(S)
+                        connection for every request. Before enabling this option please consider whether changes
+                        to idle connection settings can achieve your goal.
+                      type: boolean
+                    endpoint:
+                      description: "The target URL to send data
+                        to (e.g.: http://some.url:9411/v1/traces)."
+                      type: string
+                    headers:
+                      additionalProperties:
+                        description: |-
+                          String alias that is marshaled and printed in an opaque way.
+                          To recover the original value, cast it to a string.
+                        type: string
+                      description: |-
+                        Additional headers attached to each HTTP request sent by the client.
+                        Existing header values are overwritten if collision happens.
+                        Header values are opaque since they may be sensitive.
+                      type: object
+                    http2_ping_timeout:
+                      description: |-
+                        HTTP2PingTimeout if there's no response to the ping within the configured value, the connection will be closed.
+                        If not set or set to 0, it defaults to 15s.
+                      format: int64
+                      type: integer
+                    http2_read_idle_timeout:
+                      description: |-
+                        This is needed in case you run into
+                        https://github.com/golang/go/issues/59690
+                        https://github.com/golang/go/issues/36026
+                        HTTP2ReadIdleTimeout if the connection has been idle for the configured value send a ping frame for health check
+                        0s means no health check will be performed.
+                      format: int64
+                      type: integer
+                    idle_conn_timeout:
+                      description: |-
+                        IdleConnTimeout is the maximum amount of time a connection will remain open before closing itself.
+                        There's an already set value, and we want to override it only if an explicit value provided
+                      format: int64
+                      type: integer
+                    max_conns_per_host:
+                      description: |-
+                        MaxConnsPerHost limits the total number of connections per host, including connections in the dialing,
+                        active, and idle states.
+                        There's an already set value, and we want to override it only if an explicit value provided
+                      type: integer
+                    max_idle_conns:
+                      description: |-
+                        MaxIdleConns is used to set a limit to the maximum idle HTTP connections the client can keep open.
+                        There's an already set value, and we want to override it only if an explicit value provided
+                      type: integer
+                    max_idle_conns_per_host:
+                      description: |-
+                        MaxIdleConnsPerHost is used to set a limit to the maximum idle HTTP connections the host can keep open.
+                        There's an already set value, and we want to override it only if an explicit value provided
+                      type: integer
+                    proxy_url:
+                      description: ProxyURL setting for the collector
+                      type: string
+                    read_buffer_size:
+                      description: ReadBufferSize for HTTP client.
+                        See http.Transport.ReadBufferSize.
+                      type: integer
+                    retry_on_failure:
+                      description: |-
+                        BackOffConfig defines configuration for retrying batches in case of export failure.
+                        The current supported strategy is exponential backoff.
+                      properties:
+                        enabled:
+                          description: Enabled indicates whether
+                            to not retry sending batches in
+                            case of export failure.
+                          type: boolean
+                        initial_interval:
+                          description: InitialInterval the time
+                            to wait after the first failure
+                            before retrying.
+                          format: int64
+                          type: integer
+                        max_elapsed_time:
+                          description: |-
+                            MaxElapsedTime is the maximum amount of time (including retries) spent trying to send a request/batch.
+                            Once this value is reached, the data is discarded. If set to 0, the retries are never stopped.
+                          format: int64
+                          type: integer
+                        max_interval:
+                          description: |-
+                            MaxInterval is the upper bound on backoff interval. Once this value is reached the delay between
+                            consecutive retries will always be `MaxInterval`.
+                          format: int64
+                          type: integer
+                        multiplier:
+                          description: Multiplier is the value
+                            multiplied by the backoff interval
+                            bounds
+                          type: string
+                        randomization_factor:
+                          description: |-
+                            RandomizationFactor is a random factor used to calculate next backoffs
+                            Randomized interval = RetryInterval * (1 ± RandomizationFactor)
+                          type: string
+                      type: object
+                    sending_queue:
+                      description: QueueSettings defines configuration
+                        for queueing batches before sending to
+                        the consumerSender.
+                      properties:
+                        enabled:
+                          description: Enabled indicates whether
+                            to not enqueue batches before
+                            sending to the consumerSender.
+                          type: boolean
+                        num_consumers:
+                          description: NumConsumers is the number
+                            of consumers from the queue.
+                          type: integer
+                        queue_size:
+                          description: QueueSize is the maximum
+                            number of batches allowed in queue
+                            at a given time.
+                          type: integer
+                        storage:
+                          description: |-
+                            StorageID if not empty, enables the persistent storage and uses the component specified
+                            as a storage extension for the persistent queue
+                          type: string
+                      type: object
+                    timeout:
+                      description: Timeout parameter configures
+                        `http.Client.Timeout`.
+                      format: int64
+                      type: integer
+                    tls:
+                      description: TLSSetting struct exposes TLS
+                        client configuration.
+                      properties:
+                        ca_file:
+                          description: |-
+                            Path to the CA cert. For a client this verifies the server certificate.
+                            For a server this verifies client certificates. If empty uses system root CA.
+                            (optional)
+                          type: string
+                        ca_pem:
+                          description: In memory PEM encoded
+                            cert. (optional)
+                          type: string
+                        cert_file:
+                          description: Path to the TLS cert
+                            to use for TLS required connections.
+                            (optional)
+                          type: string
+                        cert_pem:
+                          description: In memory PEM encoded
+                            TLS cert to use for TLS required
+                            connections. (optional)
+                          type: string
+                        insecure:
+                          description: |-
+                            In gRPC when set to true, this is used to disable the client transport security.
+                            See https://godoc.org/google.golang.org/grpc#WithInsecure.
+                            In HTTP, this disables verifying the server's certificate chain and host name
+                            (InsecureSkipVerify in the tls Config). Please refer to
+                            https://godoc.org/crypto/tls#Config for more information.
+                            (optional, default false)
+                          type: boolean
+                        insecure_skip_verify:
+                          description: InsecureSkipVerify will
+                            enable TLS but not verify the
+                            certificate.
+                          type: boolean
+                        key_file:
+                          description: Path to the TLS key to
+                            use for TLS required connections.
+                            (optional)
+                          type: string
+                        key_pem:
+                          description: In memory PEM encoded
+                            TLS key to use for TLS required
+                            connections. (optional)
+                          type: string
+                        max_version:
+                          description: |-
+                            MaxVersion sets the maximum TLS version that is acceptable.
+                            If not set, refer to crypto/tls for defaults. (optional)
+                          type: string
+                        min_version:
+                          description: |-
+                            MinVersion sets the minimum TLS version that is acceptable.
+                            If not set, TLS 1.2 will be used. (optional)
+                          type: string
+                        reload_interval:
+                          description: |-
+                            ReloadInterval specifies the duration after which the certificate will be reloaded
+                            If not set, it will never be reloaded (optional)
+                          format: int64
+                          type: integer
+                        server_name_override:
+                          description: |-
+                            ServerName requested by client for virtual hosting.
+                            This sets the ServerName in the TLSConfig. Please refer to
+                            https://godoc.org/crypto/tls#Config for more information. (optional)
+                          type: string
+                      type: object
+                    write_buffer_size:
+                      description: WriteBufferSize for HTTP client.
+                        See http.Transport.WriteBufferSize.
+                      type: integer
+                  type: object
+                otlp:
+                  description: "OTLP grpc exporter config ref: https://github.com/open-telemetry/opentelemetry-collector/blob/main/exporter/otlpexporter/config.go"
+                  properties:
+                    auth:
+                      description: Auth configuration for outgoing
+                        RPCs.
+                      type: string
+                    authority:
+                      description: |-
+                        WithAuthority parameter configures client to rewrite ":authority" header
+                        (godoc.org/google.golang.org/grpc#WithAuthority)
+                      type: string
+                    balancer_name:
+                      description: |-
+                        Sets the balancer in grpclb_policy to discover the servers. Default is pick_first.
+                        https://github.com/grpc/grpc-go/blob/master/examples/features/load_balancing/README.md
+                      type: string
+                    compression:
+                      description: The compression key for supported
+                        compression types within collector.
+                      type: string
+                    endpoint:
+                      description: |-
+                        The target to which the exporter is going to send traces or metrics,
+                        using the gRPC protocol. The valid syntax is described at
+                        https://github.com/grpc/grpc/blob/master/doc/naming.md.
+                      type: string
+                    headers:
+                      additionalProperties:
+                        type: string
+                      description: The headers associated with gRPC
+                        requests.
+                      type: object
+                    keepalive:
+                      description: |-
+                        The keepalive parameters for gRPC client. See grpc.WithKeepaliveParams.
+                        (https://godoc.org/google.golang.org/grpc#WithKeepaliveParams).
+                      properties:
+                        permit_without_stream:
+                          type: boolean
+                        time:
+                          description: |-
+                            A Duration represents the elapsed time between two instants
+                            as an int64 nanosecond count. The representation limits the
+                            largest representable duration to approximately 290 years.
+                          format: int64
+                          type: integer
+                        timeout:
+                          description: |-
+                            A Duration represents the elapsed time between two instants
+                            as an int64 nanosecond count. The representation limits the
+                            largest representable duration to approximately 290 years.
+                          format: int64
+                          type: integer
+                      type: object
+                    read_buffer_size:
+                      description: |-
+                        ReadBufferSize for gRPC client. See grpc.WithReadBufferSize.
+                        (https://godoc.org/google.golang.org/grpc#WithReadBufferSize).
+                      type: integer
+                    retry_on_failure:
+                      description: |-
+                        BackOffConfig defines configuration for retrying batches in case of export failure.
+                        The current supported strategy is exponential backoff.
+                      properties:
+                        enabled:
+                          description: Enabled indicates whether
+                            to not retry sending batches in
+                            case of export failure.
+                          type: boolean
+                        initial_interval:
+                          description: InitialInterval the time
+                            to wait after the first failure
+                            before retrying.
+                          format: int64
+                          type: integer
+                        max_elapsed_time:
+                          description: |-
+                            MaxElapsedTime is the maximum amount of time (including retries) spent trying to send a request/batch.
+                            Once this value is reached, the data is discarded. If set to 0, the retries are never stopped.
+                          format: int64
+                          type: integer
+                        max_interval:
+                          description: |-
+                            MaxInterval is the upper bound on backoff interval. Once this value is reached the delay between
+                            consecutive retries will always be `MaxInterval`.
+                          format: int64
+                          type: integer
+                        multiplier:
+                          description: Multiplier is the value
+                            multiplied by the backoff interval
+                            bounds
+                          type: string
+                        randomization_factor:
+                          description: |-
+                            RandomizationFactor is a random factor used to calculate next backoffs
+                            Randomized interval = RetryInterval * (1 ± RandomizationFactor)
+                          type: string
+                      type: object
+                    sending_queue:
+                      description: QueueSettings defines configuration
+                        for queueing batches before sending to
+                        the consumerSender.
+                      properties:
+                        enabled:
+                          description: Enabled indicates whether
+                            to not enqueue batches before
+                            sending to the consumerSender.
+                          type: boolean
+                        num_consumers:
+                          description: NumConsumers is the number
+                            of consumers from the queue.
+                          type: integer
+                        queue_size:
+                          description: QueueSize is the maximum
+                            number of batches allowed in queue
+                            at a given time.
+                          type: integer
+                        storage:
+                          description: |-
+                            StorageID if not empty, enables the persistent storage and uses the component specified
+                            as a storage extension for the persistent queue
+                          type: string
+                      type: object
+                    timeout:
+                      description: |-
+                        Timeout is the timeout for every attempt to send data to the backend.
+                        A zero timeout means no timeout.
+                      format: int64
+                      type: integer
+                    tls:
+                      description: TLSSetting struct exposes TLS
+                        client configuration.
+                      properties:
+                        ca_file:
+                          description: |-
+                            Path to the CA cert. For a client this verifies the server certificate.
+                            For a server this verifies client certificates. If empty uses system root CA.
+                            (optional)
+                          type: string
+                        ca_pem:
+                          description: In memory PEM encoded
+                            cert. (optional)
+                          type: string
+                        cert_file:
+                          description: Path to the TLS cert
+                            to use for TLS required connections.
+                            (optional)
+                          type: string
+                        cert_pem:
+                          description: In memory PEM encoded
+                            TLS cert to use for TLS required
+                            connections. (optional)
+                          type: string
+                        insecure:
+                          description: |-
+                            In gRPC when set to true, this is used to disable the client transport security.
+                            See https://godoc.org/google.golang.org/grpc#WithInsecure.
+                            In HTTP, this disables verifying the server's certificate chain and host name
+                            (InsecureSkipVerify in the tls Config). Please refer to
+                            https://godoc.org/crypto/tls#Config for more information.
+                            (optional, default false)
+                          type: boolean
+                        insecure_skip_verify:
+                          description: InsecureSkipVerify will
+                            enable TLS but not verify the
+                            certificate.
+                          type: boolean
+                        key_file:
+                          description: Path to the TLS key to
+                            use for TLS required connections.
+                            (optional)
+                          type: string
+                        key_pem:
+                          description: In memory PEM encoded
+                            TLS key to use for TLS required
+                            connections. (optional)
+                          type: string
+                        max_version:
+                          description: |-
+                            MaxVersion sets the maximum TLS version that is acceptable.
+                            If not set, refer to crypto/tls for defaults. (optional)
+                          type: string
+                        min_version:
+                          description: |-
+                            MinVersion sets the minimum TLS version that is acceptable.
+                            If not set, TLS 1.2 will be used. (optional)
+                          type: string
+                        reload_interval:
+                          description: |-
+                            ReloadInterval specifies the duration after which the certificate will be reloaded
+                            If not set, it will never be reloaded (optional)
+                          format: int64
+                          type: integer
+                        server_name_override:
+                          description: |-
+                            ServerName requested by client for virtual hosting.
+                            This sets the ServerName in the TLSConfig. Please refer to
+                            https://godoc.org/crypto/tls#Config for more information. (optional)
+                          type: string
+                      type: object
+                    wait_for_ready:
+                      description: |-
+                        WaitForReady parameter configures client to wait for ready state before sending data.
+                        (https://github.com/grpc/grpc/blob/master/doc/wait-for-ready.md)
+                      type: boolean
+                    write_buffer_size:
+                      description: |-
+                        WriteBufferSize for gRPC gRPC. See grpc.WithWriteBufferSize.
+                        (https://godoc.org/google.golang.org/grpc#WithWriteBufferSize).
+                      type: integer
+                  required:
+                    - endpoint
+                  type: object
+              type: object
+            status:
+              description: OutputStatus defines the observed state of Output
+              type: object
+          type: object
+      served: true
+      storage: true
+      subresources:
+        status: {}
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    controller-gen.kubebuilder.io/version: v0.14.0
+  name: subscriptions.telemetry.kube-logging.dev
+spec:
+  group: telemetry.kube-logging.dev
+  names:
+    categories:
+      - telemetry-all
+    kind: Subscription
+    listKind: SubscriptionList
+    plural: subscriptions
+    singular: subscription
+  scope: Namespaced
+  versions:
+    - additionalPrinterColumns:
+        - jsonPath: .status.tenant
+          name: Tenant
+          type: string
+        - jsonPath: .status.outputs
+          name: Outputs
+          type: string
+      name: v1alpha1
+      schema:
+        openAPIV3Schema:
+          description: Subscription is the Schema for the subscriptions API
+          properties:
+            apiVersion:
+              description: |-
+                APIVersion defines the versioned schema of this representation of an object.
+                Servers should convert recognized schemas to the latest internal value, and
+                may reject unrecognized values.
+                More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+              type: string
+            kind:
+              description: |-
+                Kind is a string value representing the REST resource this object represents.
+                Servers may infer this from the endpoint the client submits requests to.
+                Cannot be updated.
+                In CamelCase.
+                More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+              type: string
+            metadata:
+              type: object
+            spec:
+              description: SubscriptionSpec defines the desired state of
+                Subscription
+              properties:
+                debug:
+                  type: boolean
+                ottl:
+                  type: string
+                outputs:
+                  items:
+                    properties:
+                      name:
+                        type: string
+                      namespace:
+                        type: string
+                    required:
+                      - name
+                      - namespace
+                    type: object
+                  type: array
+              type: object
+            status:
+              description: SubscriptionStatus defines the observed state
+                of Subscription
+              properties:
+                outputs:
+                  items:
+                    properties:
+                      name:
+                        type: string
+                      namespace:
+                        type: string
+                    required:
+                      - name
+                      - namespace
+                    type: object
+                  type: array
+                tenant:
+                  type: string
+              type: object
+          type: object
+      served: true
+      storage: true
+      subresources:
+        status: {}
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    controller-gen.kubebuilder.io/version: v0.14.0
+  name: tenants.telemetry.kube-logging.dev
+spec:
+  group: telemetry.kube-logging.dev
+  names:
+    categories:
+      - telemetry-all
+    kind: Tenant
+    listKind: TenantList
+    plural: tenants
+    singular: tenant
+  scope: Cluster
+  versions:
+    - additionalPrinterColumns:
+        - jsonPath: .status.subscriptions
+          name: Subscriptions
+          type: string
+        - jsonPath: .status.logSourceNamespaces
+          name: Logsource namespaces
+          type: string
+        - jsonPath: .status.state
+          name: State
+          type: string
+      name: v1alpha1
+      schema:
+        openAPIV3Schema:
+          description: Tenant is the Schema for the tenants API
+          properties:
+            apiVersion:
+              description: |-
+                APIVersion defines the versioned schema of this representation of an object.
+                Servers should convert recognized schemas to the latest internal value, and
+                may reject unrecognized values.
+                More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+              type: string
+            kind:
+              description: |-
+                Kind is a string value representing the REST resource this object represents.
+                Servers may infer this from the endpoint the client submits requests to.
+                Cannot be updated.
+                In CamelCase.
+                More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+              type: string
+            metadata:
+              type: object
+            spec:
+              description: TenantSpec defines the desired state of Tenant
+              properties:
+                logSourceNamespaceSelectors:
+                  items:
+                    description: |-
+                      A label selector is a label query over a set of resources. The result of matchLabels and
+                      matchExpressions are ANDed. An empty label selector matches all objects. A null
+                      label selector matches no objects.
+                    properties:
+                      matchExpressions:
+                        description: matchExpressions is a list
+                          of label selector requirements. The
+                          requirements are ANDed.
+                        items:
+                          description: |-
+                            A label selector requirement is a selector that contains values, a key, and an operator that
+                            relates the key and values.
+                          properties:
+                            key:
+                              description: key is the label
+                                key that the selector
+                                applies to.
+                              type: string
+                            operator:
+                              description: |-
+                                operator represents a key's relationship to a set of values.
+                                Valid operators are In, NotIn, Exists and DoesNotExist.
+                              type: string
+                            values:
+                              description: |-
+                                values is an array of string values. If the operator is In or NotIn,
+                                the values array must be non-empty. If the operator is Exists or DoesNotExist,
+                                the values array must be empty. This array is replaced during a strategic
+                                merge patch.
+                              items:
+                                type: string
+                              type: array
+                              x-kubernetes-list-type: atomic
+                          required:
+                            - key
+                            - operator
+                          type: object
+                        type: array
+                        x-kubernetes-list-type: atomic
+                      matchLabels:
+                        additionalProperties:
+                          type: string
+                        description: |-
+                          matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+                          map is equivalent to an element of matchExpressions, whose key field is "key", the
+                          operator is "In", and the values array contains only "value". The requirements are ANDed.
+                        type: object
+                    type: object
+                    x-kubernetes-map-type: atomic
+                  type: array
+                subscriptionNamespaceSelectors:
+                  items:
+                    description: |-
+                      A label selector is a label query over a set of resources. The result of matchLabels and
+                      matchExpressions are ANDed. An empty label selector matches all objects. A null
+                      label selector matches no objects.
+                    properties:
+                      matchExpressions:
+                        description: matchExpressions is a list
+                          of label selector requirements. The
+                          requirements are ANDed.
+                        items:
+                          description: |-
+                            A label selector requirement is a selector that contains values, a key, and an operator that
+                            relates the key and values.
+                          properties:
+                            key:
+                              description: key is the label
+                                key that the selector
+                                applies to.
+                              type: string
+                            operator:
+                              description: |-
+                                operator represents a key's relationship to a set of values.
+                                Valid operators are In, NotIn, Exists and DoesNotExist.
+                              type: string
+                            values:
+                              description: |-
+                                values is an array of string values. If the operator is In or NotIn,
+                                the values array must be non-empty. If the operator is Exists or DoesNotExist,
+                                the values array must be empty. This array is replaced during a strategic
+                                merge patch.
+                              items:
+                                type: string
+                              type: array
+                              x-kubernetes-list-type: atomic
+                          required:
+                            - key
+                            - operator
+                          type: object
+                        type: array
+                        x-kubernetes-list-type: atomic
+                      matchLabels:
+                        additionalProperties:
+                          type: string
+                        description: |-
+                          matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+                          map is equivalent to an element of matchExpressions, whose key field is "key", the
+                          operator is "In", and the values array contains only "value". The requirements are ANDed.
+                        type: object
+                    type: object
+                    x-kubernetes-map-type: atomic
+                  type: array
+              type: object
+            status:
+              description: TenantStatus defines the observed state of Tenant
+              properties:
+                logSourceNamespaces:
+                  items:
+                    type: string
+                  type: array
+                state:
+                  type: string
+                subscriptions:
+                  items:
+                    properties:
+                      name:
+                        type: string
+                      namespace:
+                        type: string
+                    required:
+                      - name
+                      - namespace
+                    type: object
+                  type: array
+              type: object
+          type: object
+      served: true
+      storage: true
+      subresources:
+        status: {}
diff --git a/charts/telemetry-controller/templates/_helpers.tpl b/charts/telemetry-controller/templates/_helpers.tpl
new file mode 100644
index 00000000..6d75aef1
--- /dev/null
+++ b/charts/telemetry-controller/templates/_helpers.tpl
@@ -0,0 +1,74 @@
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "telemetry-controller.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "telemetry-controller.fullname" -}}
+{{- if .Values.fullnameOverride }}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- $name := default .Chart.Name .Values.nameOverride }}
+{{- if contains $name .Release.Name }}
+{{- .Release.Name | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
+{{- end }}
+{{- end }}
+{{- end }}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "telemetry-controller.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Provides the namespace the chart will be installed in using the builtin .Release.Namespace,
+or, if provided, a manually overwritten namespace value.
+*/}}
+{{- define "telemetry-controller.namespace" -}}
+{{- if .Values.namespaceOverride -}}
+{{ .Values.namespaceOverride -}}
+{{- else -}}
+{{ .Release.Namespace }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Common labels
+*/}}
+{{- define "telemetry-controller.labels" -}}
+helm.sh/chart: {{ include "telemetry-controller.chart" . }}
+{{ include "telemetry-controller.selectorLabels" . }}
+{{- if .Chart.AppVersion }}
+app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
+{{- end }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+
+{{/*
+Selector labels
+*/}}
+{{- define "telemetry-controller.selectorLabels" -}}
+app.kubernetes.io/name: {{ include "telemetry-controller.name" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+{{- end }}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "telemetry-controller.serviceAccountName" -}}
+{{- if .Values.serviceAccount.create }}
+{{- default (include "telemetry-controller.fullname" .) .Values.serviceAccount.name }}
+{{- else }}
+{{- default "default" .Values.serviceAccount.name }}
+{{- end }}
+{{- end }}
diff --git a/charts/telemetry-controller/templates/deployment.yaml b/charts/telemetry-controller/templates/deployment.yaml
new file mode 100644
index 00000000..de807604
--- /dev/null
+++ b/charts/telemetry-controller/templates/deployment.yaml
@@ -0,0 +1,86 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  labels: 
+{{ include "telemetry-controller.labels" . | indent 4 }}
+  name: '{{ include "telemetry-controller.fullname" . }}'
+  namespace: '{{ include "telemetry-controller.namespace" . }}'
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "telemetry-controller.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  template:
+    metadata:
+      annotations:
+        kubectl.kubernetes.io/default-container: manager
+      labels:
+        app.kubernetes.io/name: {{ include "telemetry-controller.name" . }}
+        app.kubernetes.io/instance: {{ .Release.Name }}
+      {{- with .Values.podLabels }}
+          {{ toYaml . | nindent 8 }}
+      {{- end }}
+    spec:
+      containers:
+        - args:
+            - --secure-listen-address=0.0.0.0:8443
+            - --upstream=http://127.0.0.1:8080/
+            - --logtostderr=true
+            - --v=0
+          image: gcr.io/kubebuilder/kube-rbac-proxy:v0.15.0
+          name: kube-rbac-proxy
+          ports:
+            - containerPort: 8443
+              name: https
+              protocol: TCP
+          resources:
+            limits:
+              cpu: 500m
+              memory: 128Mi
+            requests:
+              cpu: 5m
+              memory: 64Mi
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+        - args:
+            - --health-probe-bind-address=:8081
+            - --metrics-bind-address=127.0.0.1:8080
+            - --leader-elect
+          command:
+            - /manager
+          image:
+            '{{ .Values.image.repository | default "" }}:{{ .Values.image.tag | default .Chart.AppVersion
+            }}'
+          imagePullPolicy: IfNotPresent
+          livenessProbe:
+            httpGet:
+              path: /healthz
+              port: 8081
+            initialDelaySeconds: 15
+            periodSeconds: 20
+          name: manager
+          readinessProbe:
+            httpGet:
+              path: /readyz
+              port: 8081
+            initialDelaySeconds: 5
+            periodSeconds: 10
+          resources:
+            limits:
+              cpu: 500m
+              memory: 128Mi
+            requests:
+              cpu: 10m
+              memory: 64Mi
+          {{- if .Values.securityContext }}
+          securityContext: {{ toYaml .Values.securityContext | nindent 12 }}
+          {{- end }}
+      {{- if .Values.podSecurityContext }}
+      securityContext: {{ toYaml .Values.podSecurityContext | nindent 8 }}
+      {{- end }}
+      serviceAccountName: '{{ include "telemetry-controller.serviceAccountName" . }}'
+      terminationGracePeriodSeconds: 10
diff --git a/charts/telemetry-controller/templates/rbac.yaml b/charts/telemetry-controller/templates/rbac.yaml
new file mode 100644
index 00000000..86df0ee0
--- /dev/null
+++ b/charts/telemetry-controller/templates/rbac.yaml
@@ -0,0 +1,247 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  labels:
+{{ include "telemetry-controller.labels" . | indent 4 }}
+  name: telemetry-controller-leader-election-role
+  namespace: "{{.Release.Namespace}}"
+rules:
+  - apiGroups:
+      - ""
+    resources:
+      - configmaps
+    verbs:
+      - get
+      - list
+      - watch
+      - create
+      - update
+      - patch
+      - delete
+  - apiGroups:
+      - coordination.k8s.io
+    resources:
+      - leases
+    verbs:
+      - get
+      - list
+      - watch
+      - create
+      - update
+      - patch
+      - delete
+  - apiGroups:
+      - ""
+    resources:
+      - events
+    verbs:
+      - create
+      - patch
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: telemetry-controller-manager-role
+rules:
+  - apiGroups:
+      - ""
+    resources:
+      - endpoints
+      - namespaces
+      - nodes
+      - nodes/proxy
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - ""
+    resources:
+      - persistentvolumeclaims
+      - pods
+      - serviceaccounts
+      - services
+    verbs:
+      - create
+      - delete
+      - get
+      - list
+      - patch
+      - update
+      - watch
+  - apiGroups:
+      - apps
+    resources:
+      - daemonsets
+      - replicasets
+      - statefulsets
+    verbs:
+      - create
+      - delete
+      - get
+      - list
+      - patch
+      - update
+      - watch
+  - apiGroups:
+      - opentelemetry.io
+    resources:
+      - opentelemetrycollectors
+    verbs:
+      - create
+      - delete
+      - get
+      - list
+      - patch
+      - update
+      - watch
+  - apiGroups:
+      - rbac.authorization.k8s.io
+    resources:
+      - clusterrolebindings
+      - clusterroles
+      - rolebindings
+      - roles
+    verbs:
+      - create
+      - delete
+      - get
+      - list
+      - patch
+      - update
+      - watch
+  - apiGroups:
+      - telemetry.kube-logging.dev
+    resources:
+      - collectors
+      - outputs
+      - subscriptions
+      - tenants
+    verbs:
+      - create
+      - delete
+      - get
+      - list
+      - patch
+      - update
+      - watch
+  - apiGroups:
+      - telemetry.kube-logging.dev
+    resources:
+      - collectors/finalizers
+    verbs:
+      - update
+  - apiGroups:
+      - telemetry.kube-logging.dev
+    resources:
+      - collectors/status
+      - outputs/status
+      - subscriptions/status
+      - tenants/status
+    verbs:
+      - get
+      - patch
+      - update
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  labels:
+    app.kubernetes.io/component: kube-rbac-proxy
+    app.kubernetes.io/created-by: telemetry-controller
+    app.kubernetes.io/instance: metrics-reader
+    app.kubernetes.io/managed-by: kustomize
+    app.kubernetes.io/name: clusterrole
+    app.kubernetes.io/part-of: telemetry-controller
+  name: telemetry-controller-metrics-reader
+rules:
+  - nonResourceURLs:
+      - /metrics
+    verbs:
+      - get
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  labels:
+    app.kubernetes.io/component: kube-rbac-proxy
+    app.kubernetes.io/created-by: telemetry-controller
+    app.kubernetes.io/instance: proxy-role
+    app.kubernetes.io/managed-by: kustomize
+    app.kubernetes.io/name: clusterrole
+    app.kubernetes.io/part-of: telemetry-controller
+  name: telemetry-controller-proxy-role
+rules:
+  - apiGroups:
+      - authentication.k8s.io
+    resources:
+      - tokenreviews
+    verbs:
+      - create
+  - apiGroups:
+      - authorization.k8s.io
+    resources:
+      - subjectaccessreviews
+    verbs:
+      - create
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  labels:
+    app.kubernetes.io/component: rbac
+    app.kubernetes.io/created-by: telemetry-controller
+    app.kubernetes.io/instance: leader-election-rolebinding
+    app.kubernetes.io/managed-by: kustomize
+    app.kubernetes.io/name: rolebinding
+    app.kubernetes.io/part-of: telemetry-controller
+  name: telemetry-controller-leader-election-rolebinding
+  namespace: "{{.Release.Namespace}}"
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: telemetry-controller-leader-election-role
+subjects:
+  - kind: ServiceAccount
+    name: '{{ include "telemetry-controller.serviceAccountName" . }}'
+    namespace: "{{.Release.Namespace}}"
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  labels:
+    app.kubernetes.io/component: rbac
+    app.kubernetes.io/created-by: telemetry-controller
+    app.kubernetes.io/instance: manager-rolebinding
+    app.kubernetes.io/managed-by: kustomize
+    app.kubernetes.io/name: clusterrolebinding
+    app.kubernetes.io/part-of: telemetry-controller
+  name: telemetry-controller-manager-rolebinding
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: telemetry-controller-manager-role
+subjects:
+  - kind: ServiceAccount
+    name: '{{ include "telemetry-controller.serviceAccountName" . }}'
+    namespace: "{{.Release.Namespace}}"
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  labels:
+    app.kubernetes.io/component: kube-rbac-proxy
+    app.kubernetes.io/created-by: telemetry-controller
+    app.kubernetes.io/instance: proxy-rolebinding
+    app.kubernetes.io/managed-by: kustomize
+    app.kubernetes.io/name: clusterrolebinding
+    app.kubernetes.io/part-of: telemetry-controller
+  name: telemetry-controller-proxy-rolebinding
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: telemetry-controller-proxy-role
+subjects:
+  - kind: ServiceAccount
+    name: '{{ include "telemetry-controller.serviceAccountName" . }}'
+    namespace: "{{.Release.Namespace}}"
diff --git a/charts/telemetry-controller/templates/service.yaml b/charts/telemetry-controller/templates/service.yaml
new file mode 100644
index 00000000..e9ef5a3c
--- /dev/null
+++ b/charts/telemetry-controller/templates/service.yaml
@@ -0,0 +1,16 @@
+apiVersion: v1
+kind: Service
+metadata:
+  labels:
+{{ include "telemetry-controller.labels" . | indent 4 }}
+  name: '{{ include "telemetry-controller.fullname" . }}-metrics-service'
+  namespace: "{{.Release.Namespace}}"
+spec:
+  ports:
+    - name: https
+      port: 8443
+      protocol: TCP
+      targetPort: https
+  selector:
+    app.kubernetes.io/name: {{ include "telemetry-controller.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
diff --git a/charts/telemetry-controller/templates/serviceaccount.yaml b/charts/telemetry-controller/templates/serviceaccount.yaml
new file mode 100644
index 00000000..c61ae287
--- /dev/null
+++ b/charts/telemetry-controller/templates/serviceaccount.yaml
@@ -0,0 +1,7 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  labels:
+{{ include "telemetry-controller.labels" . | indent 4 }}
+  name: '{{ include "telemetry-controller.serviceAccountName" . }}'
+  namespace: "{{.Release.Namespace}}"
diff --git a/charts/telemetry-controller/values.yaml b/charts/telemetry-controller/values.yaml
new file mode 100644
index 00000000..fedb9526
--- /dev/null
+++ b/charts/telemetry-controller/values.yaml
@@ -0,0 +1,53 @@
+# Default values for telemetry-controller.
+# This is a YAML-formatted file.
+# Declare variables to be passed into your templates.
+
+replicaCount: 1
+
+image:
+  repository: ghcr.io/kube-logging/telemetry-controller
+  pullPolicy: IfNotPresent
+  # Overrides the image tag whose default is the chart appVersion.
+  tag: ""
+
+imagePullSecrets: []
+nameOverride: ""
+namespaceOverride: ""
+fullnameOverride: ""
+
+serviceAccount:
+  # Specifies whether a service account should be created
+  create: true
+  # Automatically mount a ServiceAccount's API credentials?
+  automount: true
+  # Annotations to add to the service account
+  annotations: {}
+  # The name of the service account to use.
+  # If not set and create is true, a name is generated using the fullname template
+  name: ""
+
+podAnnotations: {}
+podLabels: {}
+
+podSecurityContext:
+  runAsNonRoot: true
+
+securityContext:
+  allowPrivilegeEscalation: false
+  capabilities:
+    drop:
+      - ALL
+
+service:
+  type: ClusterIP
+  port: 8443
+
+opentelemetry-operator:
+  admissionWebhooks:
+    certManager:
+      enabled: false
+    autoGenerateCert:
+      enabled: true
+  manager:
+    collectorImage:
+      repository: otel/opentelemetry-collector-k8s

From 137dc1565c2e16cfeeadbc1254ee88abbe58a5bd Mon Sep 17 00:00:00 2001
From: Kristof Gyuracz <kristof.gyuracz@axoflow.com>
Date: Mon, 9 Sep 2024 14:26:23 +0200
Subject: [PATCH 02/11] build and publish helm chart by CI

Signed-off-by: Kristof Gyuracz <kristof.gyuracz@axoflow.com>
---
 .github/workflows/artifacts.yaml | 99 ++++++++++++++++++++++++++++++++
 1 file changed, 99 insertions(+)

diff --git a/.github/workflows/artifacts.yaml b/.github/workflows/artifacts.yaml
index ee788e35..b7a4a325 100644
--- a/.github/workflows/artifacts.yaml
+++ b/.github/workflows/artifacts.yaml
@@ -26,6 +26,15 @@ on:
       container-image-ref:
         description: Container image ref
         value: ${{ jobs.container-image.outputs.ref }}
+      helm-chart-name:
+        description: Helm chart OCI name
+        value: ${{ jobs.helm-chart.outputs.name }}
+      helm-chart-tag:
+        description: Helm chart tag
+        value: ${{ jobs.helm-chart.outputs.tag }}
+      helm-chart-package:
+        description: Helm chart package name
+        value: ${{ jobs.helm-chart.outputs.package }}
 
 permissions:
   contents: read
@@ -142,3 +151,93 @@ jobs:
         uses: github/codeql-action/upload-sarif@b7cec7526559c32f1616476ff32d17ba4c59b2d6 # v3.25.5
         with:
           sarif_file: trivy-results.sarif
+  helm-chart:
+    name: Helm chart
+    runs-on: ubuntu-latest
+
+    permissions:
+      contents: read
+      packages: write
+      id-token: write
+      security-events: write
+
+    outputs:
+      name: ${{ steps.oci-chart-name.outputs.value }}
+      tag: ${{ steps.version.outputs.value }}
+      package: ${{ steps.build.outputs.package }}
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Set up Helm
+        uses: azure/setup-helm@v4.2.0
+
+      - name: Set chart name
+        id: chart-name
+        run: echo "value=${{ github.event.repository.name }}" >> "$GITHUB_OUTPUT"
+
+      - name: Set OCI registry name
+        id: oci-registry-name
+        run: echo "value=ghcr.io/${{ github.repository_owner }}/helm-charts" >> "$GITHUB_OUTPUT"
+
+      - name: Set OCI chart name
+        id: oci-chart-name
+        run: echo "value=${{ steps.oci-registry-name.outputs.value }}/${{ steps.chart-name.outputs.value }}" >> "$GITHUB_OUTPUT"
+
+      - name: Helm lint
+        run: helm lint charts/${{ steps.chart-name.outputs.value }}
+
+      - name: Determine raw version
+        uses: haya14busa/action-cond@94f77f7a80cd666cb3155084e428254fea4281fd # v1.2.1
+        id: version
+        with:
+          cond: ${{ inputs.release }}
+          if_true: ${{ github.ref_name }}
+          if_false: 0.0.0
+
+      - name: Helm package
+        id: build
+        run: |
+          helm package charts/${{ steps.chart-name.outputs.value }} --version ${{ steps.version.outputs.value }} --app-version ${{ steps.version.outputs.value }}
+          echo "package=${{ steps.chart-name.outputs.value }}-${{ steps.version.outputs.value }}.tgz" >> "$GITHUB_OUTPUT"
+
+      - name: Upload chart as artifact
+        uses: actions/upload-artifact@v4
+        with:
+          name: "[${{ github.job }}] Helm chart"
+          path: ${{ steps.build.outputs.package }}
+
+      - name: Login to GitHub Container Registry
+        uses: docker/login-action@465a07811f14bebb1938fbed4728c6a1ff8901fc # v2.2.0
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ github.token }}
+        if: inputs.publish && inputs.release
+
+      - name: Helm push
+        run: helm push ${{ steps.build.outputs.package }} oci://${{ steps.oci-registry-name.outputs.value }}
+        env:
+          HELM_REGISTRY_CONFIG: ~/.docker/config.json
+        if: inputs.publish && inputs.release
+
+      - name: Run Trivy vulnerability scanner
+        uses: aquasecurity/trivy-action@6e7b7d1fd3e4fef0c5fa8cce1229c54b2c9bd0d8 # 0.24.0
+        with:
+          scan-type: config
+          scan-ref: charts/${{ steps.chart-name.outputs.value }}
+          format: sarif
+          output: trivy-results.sarif
+
+      - name: Upload Trivy scan results as artifact
+        uses: actions/upload-artifact@v4
+        with:
+          name: "[${{ github.job }}] Trivy scan results"
+          path: trivy-results.sarif
+          retention-days: 5
+
+      - name: Upload Trivy scan results to GitHub Security tab
+        uses: github/codeql-action/upload-sarif@407ffafae6a767df3e0230c3df91b6443ae8df75 # v2.22.8
+        with:
+          sarif_file: trivy-results.sarif

From 09345b871e2b7c7fa69e52884609a8a5ae96f45f Mon Sep 17 00:00:00 2001
From: Kristof Gyuracz <kristof.gyuracz@axoflow.com>
Date: Mon, 9 Sep 2024 14:27:18 +0200
Subject: [PATCH 03/11] update readme for helm chart as main deployment method

Signed-off-by: Kristof Gyuracz <kristof.gyuracz@axoflow.com>
---
 README.md | 11 +++--------
 1 file changed, 3 insertions(+), 8 deletions(-)

diff --git a/README.md b/README.md
index b3bb4646..b514fdf8 100644
--- a/README.md
+++ b/README.md
@@ -31,15 +31,10 @@ minikube start --container-runtime=containerd
 
 ### Deployment steps for users
 
-Install dependencies (cert-manager and opentelemetry-operator):
-```sh
-kubectl apply -f https://github.com/cert-manager/cert-manager/releases/download/v1.14.4/cert-manager.yaml
-kubectl apply -f https://github.com/open-telemetry/opentelemetry-operator/releases/download/v0.104.0/opentelemetry-operator.yaml
-```
-
 Deploy latest telemetry-controller:
 ```sh
-kubectl apply -k github.com/kube-logging/telemetry-controller/config/default --server-side
+# Install telemetry-controller, and opentelemetry-operator as a sub-chart
+helm upgrade --install --wait --create-namespace --namespace telemetry-controller-system telemetry-controller oci://ghcr.io/kube-logging/helm-charts/telemetry-controller --version 0.0.10
 ```
 
 ### Deployment steps for devs
@@ -47,7 +42,7 @@ kubectl apply -k github.com/kube-logging/telemetry-controller/config/default --s
 #### Install deps, CRDs and RBAC
 
 ```sh
-# Install dependencies (cert-manager and opentelemtry-operator):
+# Install dependencies (opentelemtry-operator):
 make install-deps
 
 # Install the CRDs and RBAC into the cluster:

From f7e4742f56f8fcabe3be318fcaa15c8ef237e026 Mon Sep 17 00:00:00 2001
From: Kristof Gyuracz <kristof.gyuracz@axoflow.com>
Date: Mon, 9 Sep 2024 14:27:40 +0200
Subject: [PATCH 04/11] E2E test using helm chart

Signed-off-by: Kristof Gyuracz <kristof.gyuracz@axoflow.com>
---
 .gitignore      |  2 +-
 Makefile        |  9 ++-------
 e2e/e2e_test.sh | 38 ++++++--------------------------------
 3 files changed, 9 insertions(+), 40 deletions(-)

diff --git a/.gitignore b/.gitignore
index e3060dcf..dc78265d 100644
--- a/.gitignore
+++ b/.gitignore
@@ -31,4 +31,4 @@ crddir
 
 .DS_Store
 
-go.work.sum
\ No newline at end of file
+go.work.sum
diff --git a/Makefile b/Makefile
index 9908ae17..02506b05 100644
--- a/Makefile
+++ b/Makefile
@@ -14,7 +14,7 @@ KIND_CLUSTER ?= kind
 CI_MODE_ENABLED := ""
 NO_KIND_CLEANUP := ""
 
-IMG ?= controller:latest
+IMG ?= ghcr.io/kube-logging/telemetry-controller:0.0.9
 # ENVTEST_K8S_VERSION refers to the version of kubebuilder assets to be downloaded by envtest binary.
 ENVTEST_K8S_VERSION = 1.28.0
 
@@ -25,11 +25,7 @@ else
 GOBIN=$(shell go env GOBIN)
 endif
 
-ifeq ($(go env GOOS),darwin)
-  TIMEOUT_CMD=gtimeout
-else
-  TIMEOUT_CMD=timeout
-endif
+TIMEOUT_CMD=timeout
 
 
 # CONTAINER_TOOL defines the container tool to be used for building images.
@@ -148,7 +144,6 @@ endif
 
 .PHONY: install-deps
 install-deps: ## Install dependencies into the actual K8s cluster
-	kubectl apply -f https://github.com/cert-manager/cert-manager/releases/download/v1.14.4/cert-manager.yaml
 	kubectl apply -f https://github.com/open-telemetry/opentelemetry-operator/releases/download/v0.104.0/opentelemetry-operator.yaml
 
 .PHONY: install
diff --git a/e2e/e2e_test.sh b/e2e/e2e_test.sh
index ec0bfbc1..58a9d65c 100755
--- a/e2e/e2e_test.sh
+++ b/e2e/e2e_test.sh
@@ -1,6 +1,7 @@
 #!/usr/bin/env bash
 
 set -eou pipefail
+set -o xtrace
 
 create_if_does_not_exist() {
   local resource_type=$1
@@ -14,48 +15,21 @@ CI_MODE=${CI_MODE:-}
   # Backup current kubernetes context
 CURRENT_K8S_CTX=$(kubectl config view | grep "current" | cut -f 2 -d : | xargs)
 
-if GOOS="darwin"
-then
-  TIMEOUT_CMD=gtimeout
-else
-  TIMEOUT_CMD=timeout
-fi
+TIMEOUT_CMD=timeout
 
 
+# HELM BASED DEPLOYMENT
 
 # Prepare env
 kind create cluster --name "${KIND_CLUSTER_NAME}" --wait 5m
 kubectl config set-context kind-"${KIND_CLUSTER_NAME}"
 
-# Install prerequisites
-
-helm upgrade \
-  --install \
-  --repo https://charts.jetstack.io \
-  cert-manager cert-manager \
-  --namespace cert-manager \
-  --create-namespace \
-  --version v1.13.3 \
-  --set installCRDs=true \
-  --wait
-
-kubectl apply -f https://github.com/open-telemetry/opentelemetry-operator/releases/download/v0.103.0/opentelemetry-operator.yaml --wait
-echo "Wait until otel operator pod is in ready state..."
-kubectl wait --namespace opentelemetry-operator-system --for=condition=available deployment/opentelemetry-operator-controller-manager --timeout=300s
-
-# Create subscription operator resources
-(cd .. && make manifests generate install)
+# Install telemetry-controller and opentelemetry-operator
+helm upgrade --install --wait --create-namespace --namespace telemetry-controller-system telemetry-controller oci://ghcr.io/kube-logging/helm-charts/telemetry-controller --version 0.0.10-dev.1
 
 # Use example
 kubectl apply -f ../e2e/testdata/one_tenant_two_subscriptions
 
-if [[ -z "${CI_MODE}" ]]; then
-  $(cd .. && $(TIMEOUT_CMD) 5m make run &)
-else
-  kind load docker-image controller:latest --name "${KIND_CLUSTER_NAME}"
-  cd .. && make deploy && cd -
-fi
-
 # Create log-generator
 helm install --wait --create-namespace --namespace example-tenant-ns --generate-name oci://ghcr.io/kube-logging/helm-charts/log-generator
 
@@ -76,7 +50,7 @@ while
   [[ $? -ne 0 ]]
 do true; done
 
-echo "E2E test: PASSED"
+echo "E2E (helm) test: PASSED"
 
 
 # Check if cluster should be removed, ctx restored

From 09128b9ae6f591ab7dc39c25919f8d516780509a Mon Sep 17 00:00:00 2001
From: Kristof Gyuracz <kristof.gyuracz@axoflow.com>
Date: Mon, 9 Sep 2024 15:23:33 +0200
Subject: [PATCH 05/11] fix e2e test

Signed-off-by: Kristof Gyuracz <kristof.gyuracz@axoflow.com>
---
 e2e/e2e_test.sh | 16 +++++++++-------
 1 file changed, 9 insertions(+), 7 deletions(-)

diff --git a/e2e/e2e_test.sh b/e2e/e2e_test.sh
index 58a9d65c..d2d0160f 100755
--- a/e2e/e2e_test.sh
+++ b/e2e/e2e_test.sh
@@ -27,6 +27,9 @@ kubectl config set-context kind-"${KIND_CLUSTER_NAME}"
 # Install telemetry-controller and opentelemetry-operator
 helm upgrade --install --wait --create-namespace --namespace telemetry-controller-system telemetry-controller oci://ghcr.io/kube-logging/helm-charts/telemetry-controller --version 0.0.10-dev.1
 
+# Wait for the pod to be ready, without it the webhook backend service will be unavailable.
+sleep 10
+
 # Use example
 kubectl apply -f ../e2e/testdata/one_tenant_two_subscriptions
 
@@ -34,20 +37,19 @@ kubectl apply -f ../e2e/testdata/one_tenant_two_subscriptions
 helm install --wait --create-namespace --namespace example-tenant-ns --generate-name oci://ghcr.io/kube-logging/helm-charts/log-generator
 
 
-# Check for received messages - subscription-sample
+# Check for received messages - subscription-sample-1
+# NOTE: We should not use grep -q, because it causes a SIGPIPE for kubectl and we have -o pipefail
+echo "Checking for subscription-sample-1 in deployments/receiver-collector logs"
 while
-  echo "Checking for subscription-sample-1 in deployments/receiver-collector logs"
-  kubectl logs --namespace example-tenant-ns deployments/receiver-collector | grep -q "subscription-sample-1"
+  ! kubectl logs --namespace example-tenant-ns deployments/receiver-collector |  grep "subscription-sample-1"
   
-  [[ $? -ne 0 ]]
 do true; done
 
 # Check for received messages - subscription-sample-2
+echo "Checking for subscription-sample-2 in deployments/receiver-collector logs"
 while
-  echo "Checking for subscription-sample-2 in deployments/receiver-collector logs"
-  kubectl logs --namespace example-tenant-ns deployments/receiver-collector | grep -q "subscription-sample-2"
+  ! kubectl logs --namespace example-tenant-ns deployments/receiver-collector |  grep "subscription-sample-2"
 
-  [[ $? -ne 0 ]]
 do true; done
 
 echo "E2E (helm) test: PASSED"

From 01339d220c0b1833940ef2110eaab7cb368c3a1c Mon Sep 17 00:00:00 2001
From: Kristof Gyuracz <kristof.gyuracz@axoflow.com>
Date: Tue, 10 Sep 2024 16:35:15 +0200
Subject: [PATCH 06/11] Let the CI job set the appversion

Signed-off-by: Kristof Gyuracz <kristof.gyuracz@axoflow.com>
---
 charts/telemetry-controller/Chart.yaml | 6 +-----
 1 file changed, 1 insertion(+), 5 deletions(-)

diff --git a/charts/telemetry-controller/Chart.yaml b/charts/telemetry-controller/Chart.yaml
index 4b7b4e48..40a121e3 100644
--- a/charts/telemetry-controller/Chart.yaml
+++ b/charts/telemetry-controller/Chart.yaml
@@ -17,11 +17,7 @@ type: application
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
 version: 0.1.0
 
-# This is the version number of the application being deployed. This version number should be
-# incremented each time you make changes to the application. Versions are not expected to
-# follow Semantic Versioning. They should reflect the version the application is using.
-# It is recommended to use it with quotes.
-appVersion: "0.0.9"
+
 
 dependencies:
   - name: opentelemetry-operator

From 0b8d98510637a389b5d10504e304a31690b9129e Mon Sep 17 00:00:00 2001
From: Kristof Gyuracz <kristof.gyuracz@axoflow.com>
Date: Tue, 10 Sep 2024 16:35:54 +0200
Subject: [PATCH 07/11] use generated labels

Signed-off-by: Kristof Gyuracz <kristof.gyuracz@axoflow.com>
---
 .../telemetry-controller/templates/rbac.yaml  | 35 +++----------------
 1 file changed, 5 insertions(+), 30 deletions(-)

diff --git a/charts/telemetry-controller/templates/rbac.yaml b/charts/telemetry-controller/templates/rbac.yaml
index 86df0ee0..6f828c19 100644
--- a/charts/telemetry-controller/templates/rbac.yaml
+++ b/charts/telemetry-controller/templates/rbac.yaml
@@ -147,12 +147,7 @@ apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
   labels:
-    app.kubernetes.io/component: kube-rbac-proxy
-    app.kubernetes.io/created-by: telemetry-controller
-    app.kubernetes.io/instance: metrics-reader
-    app.kubernetes.io/managed-by: kustomize
-    app.kubernetes.io/name: clusterrole
-    app.kubernetes.io/part-of: telemetry-controller
+{{ include "telemetry-controller.labels" . | indent 4 }}
   name: telemetry-controller-metrics-reader
 rules:
   - nonResourceURLs:
@@ -164,12 +159,7 @@ apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
   labels:
-    app.kubernetes.io/component: kube-rbac-proxy
-    app.kubernetes.io/created-by: telemetry-controller
-    app.kubernetes.io/instance: proxy-role
-    app.kubernetes.io/managed-by: kustomize
-    app.kubernetes.io/name: clusterrole
-    app.kubernetes.io/part-of: telemetry-controller
+{{ include "telemetry-controller.labels" . | indent 4 }}
   name: telemetry-controller-proxy-role
 rules:
   - apiGroups:
@@ -189,12 +179,7 @@ apiVersion: rbac.authorization.k8s.io/v1
 kind: RoleBinding
 metadata:
   labels:
-    app.kubernetes.io/component: rbac
-    app.kubernetes.io/created-by: telemetry-controller
-    app.kubernetes.io/instance: leader-election-rolebinding
-    app.kubernetes.io/managed-by: kustomize
-    app.kubernetes.io/name: rolebinding
-    app.kubernetes.io/part-of: telemetry-controller
+{{ include "telemetry-controller.labels" . | indent 4 }}
   name: telemetry-controller-leader-election-rolebinding
   namespace: "{{.Release.Namespace}}"
 roleRef:
@@ -210,12 +195,7 @@ apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
 metadata:
   labels:
-    app.kubernetes.io/component: rbac
-    app.kubernetes.io/created-by: telemetry-controller
-    app.kubernetes.io/instance: manager-rolebinding
-    app.kubernetes.io/managed-by: kustomize
-    app.kubernetes.io/name: clusterrolebinding
-    app.kubernetes.io/part-of: telemetry-controller
+{{ include "telemetry-controller.labels" . | indent 4 }}
   name: telemetry-controller-manager-rolebinding
 roleRef:
   apiGroup: rbac.authorization.k8s.io
@@ -230,12 +210,7 @@ apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
 metadata:
   labels:
-    app.kubernetes.io/component: kube-rbac-proxy
-    app.kubernetes.io/created-by: telemetry-controller
-    app.kubernetes.io/instance: proxy-rolebinding
-    app.kubernetes.io/managed-by: kustomize
-    app.kubernetes.io/name: clusterrolebinding
-    app.kubernetes.io/part-of: telemetry-controller
+{{ include "telemetry-controller.labels" . | indent 4 }}
   name: telemetry-controller-proxy-rolebinding
 roleRef:
   apiGroup: rbac.authorization.k8s.io

From a4ca1ecfc8165f4a3d70e5bc6e9bfca9cbe7694b Mon Sep 17 00:00:00 2001
From: Kristof Gyuracz <kristof.gyuracz@axoflow.com>
Date: Tue, 10 Sep 2024 16:37:55 +0200
Subject: [PATCH 08/11] fixup! Let the CI job set the appversion

Signed-off-by: Kristof Gyuracz <kristof.gyuracz@axoflow.com>
---
 charts/telemetry-controller/Chart.yaml | 18 +++---------------
 1 file changed, 3 insertions(+), 15 deletions(-)

diff --git a/charts/telemetry-controller/Chart.yaml b/charts/telemetry-controller/Chart.yaml
index 40a121e3..f523a0ee 100644
--- a/charts/telemetry-controller/Chart.yaml
+++ b/charts/telemetry-controller/Chart.yaml
@@ -1,23 +1,11 @@
 apiVersion: v2
 name: telemetry-controller
-description: A Helm chart for Kubernetes
+description: A Helm chart for deploying telemetry-controller
 
-# A chart can be either an 'application' or a 'library' chart.
-#
-# Application charts are a collection of templates that can be packaged into versioned archives
-# to be deployed.
-#
-# Library charts provide useful utilities or functions for the chart developer. They're included as
-# a dependency of application charts to inject those utilities and functions into the rendering
-# pipeline. Library charts do not define any templates and therefore cannot be deployed.
 type: application
 
-# This is the chart version. This version number should be incremented each time you make changes
-# to the chart and its templates, including the app version.
-# Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.1.0
-
-
+version: 0.0.0
+appVersion: latest
 
 dependencies:
   - name: opentelemetry-operator

From 47af71c0847724b1b082b255ff9c75e19e06b185 Mon Sep 17 00:00:00 2001
From: Kristof Gyuracz <kristof.gyuracz@axoflow.com>
Date: Tue, 10 Sep 2024 17:14:01 +0200
Subject: [PATCH 09/11] use release name for RBAC object prefixes

Signed-off-by: Kristof Gyuracz <kristof.gyuracz@axoflow.com>
---
 .../telemetry-controller/templates/rbac.yaml  | 20 +++++++++----------
 1 file changed, 10 insertions(+), 10 deletions(-)

diff --git a/charts/telemetry-controller/templates/rbac.yaml b/charts/telemetry-controller/templates/rbac.yaml
index 6f828c19..204bf340 100644
--- a/charts/telemetry-controller/templates/rbac.yaml
+++ b/charts/telemetry-controller/templates/rbac.yaml
@@ -3,7 +3,7 @@ kind: Role
 metadata:
   labels:
 {{ include "telemetry-controller.labels" . | indent 4 }}
-  name: telemetry-controller-leader-election-role
+  name: "{{.Release.Name}}-leader-election-role"
   namespace: "{{.Release.Namespace}}"
 rules:
   - apiGroups:
@@ -41,7 +41,7 @@ rules:
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
-  name: telemetry-controller-manager-role
+  name: "{{.Release.Name}}-manager-role"
 rules:
   - apiGroups:
       - ""
@@ -148,7 +148,7 @@ kind: ClusterRole
 metadata:
   labels:
 {{ include "telemetry-controller.labels" . | indent 4 }}
-  name: telemetry-controller-metrics-reader
+  name: "{{.Release.Name}}-metrics-reader"
 rules:
   - nonResourceURLs:
       - /metrics
@@ -160,7 +160,7 @@ kind: ClusterRole
 metadata:
   labels:
 {{ include "telemetry-controller.labels" . | indent 4 }}
-  name: telemetry-controller-proxy-role
+  name: "{{.Release.Name}}-proxy-role"
 rules:
   - apiGroups:
       - authentication.k8s.io
@@ -180,12 +180,12 @@ kind: RoleBinding
 metadata:
   labels:
 {{ include "telemetry-controller.labels" . | indent 4 }}
-  name: telemetry-controller-leader-election-rolebinding
+  name: "{{.Release.Name}}-leader-election-rolebinding"
   namespace: "{{.Release.Namespace}}"
 roleRef:
   apiGroup: rbac.authorization.k8s.io
   kind: Role
-  name: telemetry-controller-leader-election-role
+  name: "{{.Release.Name}}-leader-election-role"
 subjects:
   - kind: ServiceAccount
     name: '{{ include "telemetry-controller.serviceAccountName" . }}'
@@ -196,11 +196,11 @@ kind: ClusterRoleBinding
 metadata:
   labels:
 {{ include "telemetry-controller.labels" . | indent 4 }}
-  name: telemetry-controller-manager-rolebinding
+  name: "{{.Release.Name}}-manager-rolebinding"
 roleRef:
   apiGroup: rbac.authorization.k8s.io
   kind: ClusterRole
-  name: telemetry-controller-manager-role
+  name: "{{.Release.Name}}-manager-role"
 subjects:
   - kind: ServiceAccount
     name: '{{ include "telemetry-controller.serviceAccountName" . }}'
@@ -211,11 +211,11 @@ kind: ClusterRoleBinding
 metadata:
   labels:
 {{ include "telemetry-controller.labels" . | indent 4 }}
-  name: telemetry-controller-proxy-rolebinding
+  name: "{{.Release.Name}}-proxy-rolebinding"
 roleRef:
   apiGroup: rbac.authorization.k8s.io
   kind: ClusterRole
-  name: telemetry-controller-proxy-role
+  name: "{{.Release.Name}}-proxy-role"
 subjects:
   - kind: ServiceAccount
     name: '{{ include "telemetry-controller.serviceAccountName" . }}'

From b280b86e1d13c4772b68ab7d2f4c19cec3271b95 Mon Sep 17 00:00:00 2001
From: Kristof Gyuracz <kristof.gyuracz@axoflow.com>
Date: Tue, 10 Sep 2024 17:24:45 +0200
Subject: [PATCH 10/11] use laster version of helm chart in readme

Signed-off-by: Kristof Gyuracz <kristof.gyuracz@axoflow.com>
---
 README.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/README.md b/README.md
index b514fdf8..16fb15e8 100644
--- a/README.md
+++ b/README.md
@@ -34,7 +34,7 @@ minikube start --container-runtime=containerd
 Deploy latest telemetry-controller:
 ```sh
 # Install telemetry-controller, and opentelemetry-operator as a sub-chart
-helm upgrade --install --wait --create-namespace --namespace telemetry-controller-system telemetry-controller oci://ghcr.io/kube-logging/helm-charts/telemetry-controller --version 0.0.10
+helm upgrade --install --wait --create-namespace --namespace telemetry-controller-system telemetry-controller oci://ghcr.io/kube-logging/helm-charts/telemetry-controller
 ```
 
 ### Deployment steps for devs

From edd4d3173fcc721d0d9dd97158fa0865cef4cc54 Mon Sep 17 00:00:00 2001
From: Kristof Gyuracz <kristof.gyuracz@axoflow.com>
Date: Wed, 11 Sep 2024 08:58:08 +0200
Subject: [PATCH 11/11] finalize for release

Signed-off-by: Kristof Gyuracz <kristof.gyuracz@axoflow.com>
---
 Makefile                          | 2 +-
 config/manager/kustomization.yaml | 2 +-
 e2e/e2e_test.sh                   | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/Makefile b/Makefile
index 02506b05..93d71436 100644
--- a/Makefile
+++ b/Makefile
@@ -14,7 +14,7 @@ KIND_CLUSTER ?= kind
 CI_MODE_ENABLED := ""
 NO_KIND_CLEANUP := ""
 
-IMG ?= ghcr.io/kube-logging/telemetry-controller:0.0.9
+IMG ?= ghcr.io/kube-logging/telemetry-controller:0.0.10
 # ENVTEST_K8S_VERSION refers to the version of kubebuilder assets to be downloaded by envtest binary.
 ENVTEST_K8S_VERSION = 1.28.0
 
diff --git a/config/manager/kustomization.yaml b/config/manager/kustomization.yaml
index cc5954ab..a9bcf869 100644
--- a/config/manager/kustomization.yaml
+++ b/config/manager/kustomization.yaml
@@ -5,4 +5,4 @@ kind: Kustomization
 images:
   - name: controller
     newName: ghcr.io/kube-logging/telemetry-controller
-    newTag: 0.0.9
+    newTag: 0.0.10
diff --git a/e2e/e2e_test.sh b/e2e/e2e_test.sh
index d2d0160f..bfc00d4a 100755
--- a/e2e/e2e_test.sh
+++ b/e2e/e2e_test.sh
@@ -25,7 +25,7 @@ kind create cluster --name "${KIND_CLUSTER_NAME}" --wait 5m
 kubectl config set-context kind-"${KIND_CLUSTER_NAME}"
 
 # Install telemetry-controller and opentelemetry-operator
-helm upgrade --install --wait --create-namespace --namespace telemetry-controller-system telemetry-controller oci://ghcr.io/kube-logging/helm-charts/telemetry-controller --version 0.0.10-dev.1
+helm upgrade --install --wait --create-namespace --namespace telemetry-controller-system telemetry-controller oci://ghcr.io/kube-logging/helm-charts/telemetry-controller
 
 # Wait for the pod to be ready, without it the webhook backend service will be unavailable.
 sleep 10