From 5d715ffc744d743a90a1bda30962afd38a4fb3f3 Mon Sep 17 00:00:00 2001 From: Mateusz Date: Wed, 14 Jan 2026 17:30:11 +0100 Subject: [PATCH 01/10] adding otel integration --- charts/netdata/Chart.lock | 6 + charts/netdata/Chart.yaml | 7 + .../opentelemetry-collector-0.115.0.tgz | Bin 0 -> 35597 bytes charts/netdata/templates/_helpers.tpl | 28 ++ .../templates/netdata-otel/configmap.yaml | 16 + .../templates/netdata-otel/deployment.yaml | 177 +++++++++ .../netdata-otel/persistentvolumeclaim.yaml | 22 ++ .../templates/netdata-otel/secrets.yaml | 17 + .../templates/netdata-otel/service.yaml | 47 +++ charts/netdata/values.yaml | 368 +++++++++++++++++- 10 files changed, 672 insertions(+), 16 deletions(-) create mode 100644 charts/netdata/Chart.lock create mode 100644 charts/netdata/charts/opentelemetry-collector-0.115.0.tgz create mode 100644 charts/netdata/templates/netdata-otel/configmap.yaml create mode 100644 charts/netdata/templates/netdata-otel/deployment.yaml create mode 100644 charts/netdata/templates/netdata-otel/persistentvolumeclaim.yaml create mode 100644 charts/netdata/templates/netdata-otel/secrets.yaml create mode 100644 charts/netdata/templates/netdata-otel/service.yaml diff --git a/charts/netdata/Chart.lock b/charts/netdata/Chart.lock new file mode 100644 index 00000000..14245c45 --- /dev/null +++ b/charts/netdata/Chart.lock @@ -0,0 +1,6 @@ +dependencies: +- name: opentelemetry-collector + repository: https://open-telemetry.github.io/opentelemetry-helm-charts + version: 0.115.0 +digest: sha256:64b58dabaaf8b4d9cac1a83f9e80ac632019843b2c42159051ecc5cb9700d8bb +generated: "2026-01-14T17:46:09.646928103+01:00" diff --git a/charts/netdata/Chart.yaml b/charts/netdata/Chart.yaml index 24d6a590..4c150044 100644 --- a/charts/netdata/Chart.yaml +++ b/charts/netdata/Chart.yaml @@ -16,3 +16,10 @@ maintainers: email: cloud-sre@netdata.cloud icon: https://netdata.github.io/helmchart/logo.png appVersion: v2.8.5 + +dependencies: + - name: opentelemetry-collector + alias: opentelemetryCollector + version: "0.115.0" + repository: "https://open-telemetry.github.io/opentelemetry-helm-charts" + condition: opentelemetryCollector.enabled diff --git a/charts/netdata/charts/opentelemetry-collector-0.115.0.tgz b/charts/netdata/charts/opentelemetry-collector-0.115.0.tgz new file mode 100644 index 0000000000000000000000000000000000000000..deb9659db707699de675b9caa9263796b0b1aceb GIT binary patch literal 35597 zcmV)jK%u`MiwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PMYcbKEwvIC}o(r@(KNb8Pu&I2u`gWbP()71t{=LRvRhlO zl!PHMGl)on0YJ$U#rLz{LgPX3H4nXPXT?-G8WLzU8jVJGqtReF$s|cgN+h56BbFp2 zl8g`bXPC=yj??77Zv1R-Z*M=}-G%>eZ*SNCzx`t8`F{;}U+nJgzIZl#y7OP#!{^&C zhW~}OZ{GCsrw|hJ|JuHBTlLO;BM;8$KM5C75ZXBnGJzJK9foy-%$ z74C(c1^QLTj0glPctilcMRrQ%tQdz8O98pQt2XEYa)Y}4h-H$~aUkb886lkK35~EC zmEgi3vS;CTu=@CS&HoFW6hz#P09ZW#pFQ0fzNpXtr%!ht=Kp;>8|W38;3APok2uWU z4yFi$4RkW20#Si5`uE(IFcmI6D)}c1DJUqE(qr|CL`4A1(PC48ZUzl^iQ17*rKYM>BX3&EE7cbwoor7 zdBWx?$Ssz4Z|tORwOlZZ~{=yFD*8HfXs_wPTP_;5H$*#!wU41j8-5FJd^a5~hXG)`0}aW)S&kRXxnf_l>mV+#O8 zILnw+tp*!FYF#u$2bqur$6KxvfzM?xQk)eyN#=-VO`<3!D1@%U(@>uz@_0r}|wsr-lOyl#z%Cf%!ZPG;U%PAhdz@Z9!oWvuh#%fgdPgQxQVxy*Sq8 z)Pzac6mb#}dO@JLdasJ2oaQ8<8G$OQ57<_7SfC4*6sej9S#17BDJwE*8v2O{sR!|r z%9&yZf_^}5y68g3gmf>xF^k0D+^yt;a&;*Acd%jl(Rck&5+o)P(?lSanQ5cHsYX@* zjNYKutNphc1!--}%n<_xI;YUJI5r&5|Cby7a zFliB$Fy)|O^|cMMkc^Z45~pepPG$t9_!CWw6piN!eL?>qYNi;Xv2;u`5UwPNEv_H3 zNb@rkCZ8fg3~wYfrE&}5B(W5a5m8D55f-QxU+9u1iJIiD1;s>@q!2S=+DY-JBa6UW zHa(_)kP#Yg@9b`Gugvv85yeh4s&l{kWWF?JfPMcBO#;=OzQKFtnV>4Y({(zgL4(Yt zUX2bpQ$)}dS5n^lmJ*3$EOCwK=Pw18N{1{|p}YbhNwm~8G#6E(JIT!^D5V*2tP%M! zI{ImEAMwJh_4`R7B;iL)=>zvU24#VM*~@;}%O#^xR^M~AJEhYG`qzwP_KR7sY(p@) z$S27$kTt<$l4!*WX9x?yB8rvDl(X1USV2hDB4ZT{RCXcsqy@lwBoO(8BMC~2o60c2 z#K;|JJ(7D#a>(MhfWURphjrPgA-B?p65zTW*(*_5Fh^QNQO07jrLfg{p|YjGUUb4{ z!dVK{_YMz`AY9E~mLUv$kq{Zy=aPP{^vjz`u&-m{*siQByiBDv(1xY$q@AH@9)Renl-oMXrv4mK4Tuk{zGa}GN#XFp9(?Q#yNjNY8JkYkor^uiZet$Q6ZI*yzjtjdmOYRZQ+6VXK`Q!bXoM> zFUKcV6R*wRs!e-Au@aSJ4x&6pk2p#2{E-@^YBdn@%Fq)Mb2Dt54Mm6j0mk_u$g&^=gFCLziGlF9^!9oWTSrgk-5t zD2oL6HZ+aCfYWVU~YSkA1^;U_FQ2Ph0S&~c5pG@FL#gdrj#oRgAMXeK1iB5gBVU7^pP zx4?wHx;jIDW1LQDh7&t5KcchGpB41KGp-i%G*8Hus&(}G)!zQe>sP0*-|Zc|MV~*T zu`(x!0647$0Fp*~1Y@Ys1(&XxN--H1(-FG*44)*)1n2>tVlg8)k+V}ET3G~9fl{2s zSXpH-hpnBb`46-qDrc;a+A?W}(!$0QOcTROI958dHbWA6p;c&5vBy>Arvtk2-Dsx| ziM21r%>Rri;WIYA6>FdQfHV=5w28sY9HH;7NOm!L_wUog53f!S4nL2EPlr#R2B=i? z4CTgHMl(ZIg`@QbrX*G50*jK=XZxfvt;bkR1D1iW#OZ%f+jL(8JT(9<#v7W&PiZCz zzrcwaECpH8l%O$@mxN>}C0G=kq_BW114QFi2s|aB0aOJuLeGS2;U_09HA1H;9jkVf zIU^Z*x&7Y?XwN#1oQp3s=fyGi7Eo(K)Yg=4PGUYKvhhKGZ1nNv%a^*3f6)A#W-CaQ?{|l4 zfRwpJBcdy~PTBgYuMnvR$1x{Dw7_#1)CIi4*Oz#DD6Fr-mQmI~*-UNyuwY;vac}DK z(3Yx-tI8)3neI((2HHZ3W4rqQwIHTnlniZND}$SSwdiUQS9zt`6}DYq7rNk_WHOnf z83rAg3Q-XBxMk;cMiTQ+UL?t2xbyPG_nTUqD}>U8vLZ<;n;=%a*A_(1QiPEx##*g_ zrJfU^N>aVY<8N|kXzj3q4Grx~zdhSRqKIZnWyDBm1vUa=T~NZ6e(k-s6Jkqu0hVak zlBYuJsR~N4QQ{eF1RLm=Od35#Q38#NsVYCApOhW~x)Qjb)ytf-3mO|h8N!JqJkwgV zN3>GEGH930p#wlh6Cq-0O0rmM?s}8PH3r~76HSbd-}Xg&*kK1OFn%lrj-=3!#AyDuRj?w!MC+OYlqn}^D()Ota5TdE-a}=V*#eC}*g!`lrCF?ubH#$C zdRx~&A1iYjZz}w(A6U1zUv6!>9kf`PtY*)w z?0WVaiKN?r)6g$5?6b~cZ&#_AmSSO0BMs=R0Zo-I1SXN$h`hv^Ecrbzy*ettMR}Z5EW=jGQz>dV@0T%X*veN zxdVKf1ySiSTi{D73$+qw10A!JxTy)uFFBn~i81h0NfWc+pdqfnL4W)gW17V@o4Stc zj`ZV**#cZ*R-F-i+-S)+1S*`gM_wy1hHlYqS~c!#R2z; z+BMi~5A1DqAoCqwd&q3rX+J9#C}vTi>}V3B8Q}z#fp?|j(>Y5ynGjC0hzxL~l)FAI zF>JJbLs;xf4IsKWlA~(SoO8OdLO!P7YZzM|yx8(WwYk(&c zno&77A9I$l>HIk71jqX<6Ov;cwxJiey(D3mdK)xnF%r>?#6?0l$~k46N-DGtZ+_1A z6D)-DK?ktRz0NK)JooGGoTc#Q4qV~T$Uk+Egzd#$Hu4UFFYdObcQ~UHBFbj=8{SE1 zE7*W--$SM?Aix8w5hQT{1=O@HT}y7S#;6LY+$B~ZM#%Y&%#vSwJ7YrDURht&2%YR7 znu%di8lk7#wj9p$LsxXl^T;69FFjPNVE3{WyO&MuUbbSVP3wNeN4K)w{l zx>sehzr6CA)gHnXTP>Z7m1fJ=WxM6Oj{cV3!&RC!KGAx!=5?i6^RC{k?_FEkqVcfR z8gy^V_S~y_a~1cKi8-@dv}R_+ROmnuZ+9HMVVAJ+psXTm5NUMHh9Q>*B+U@xvEBi; zX4kPs_Z`cWO@tnc%J0zhdlNB^4q5DqwYpsu3_-o}C4P z$T|sr{_yVgySE4L4o(osF3<($-j;zjFP)9s;l~HBhgwa$3V^K}lL^G(Nr#nMU}HwW zSu%rV(0Wha9Q^#|?Y~P0N@ZlU0SFs;N=4TTxHegpVC+P)5Txv^;YV;FRQ7Vv|A4u# zgl{)KrJtp-6I5zwYQ5d?HMR}AxnllCD9Vcw+IhB}n%^4L5qdVYa^t zQa`~Rk+RIjV3j%#;GJYbqKwE(#?RIG7)p}3+?C8(9HL*$98#0}k+3z&5cM!nU*7B2F0=r`Gr)Ue zB0eQkQwt41q(5Q2uN3S7 zU}T_r$~w(Qs5cCE!l&VGO>By`0p-b%afrSnjI2qTulX12oo)%#Wed6cLL&Cc&+aFpe#PdC7(coTCtvjb?W_Y^1e z4~4gy#9}TaNl{LCN`f*~E1XC;*U!Ba9|GJ1qIoJt3AQd4?C zGR4=qVuo^?HdL&1YHEh=6vP?&A1GBd4?lkTHFVuQ(ZA)^YHUs(k;y`*q1GClTCCKAzMH+?d)rLk1yA)M1g^;YI%;YVY-|L! z)S-H%6^8dkIwo8Vvmg=6VuA2PT7R{Z)H5t}h@rA-$b@l%4EU|GhoJP?&@J662s14s zr4F^)up;vnN$~twx2cwN_2~_}L~J5quhQWonPQL$eC9!SxmG!>(bkK37U_I(ZMG5^(t#VV2BQhz}idN)$mvrp# zG~F|WDa(FVr4L(Zr}*$^Vw?uKw!2NB8-gi2LW2OzjLIl~VWxH;zkaTMTn^{v*T>hu zn?fvSY*TPjBvt0t46mCtWg49QMJCj$jBQ5$t6*#MN;9?HJi94hKZxaTP%Llw{JYWM z;0>RLz1Tr>q?fd8JsWqTIUC}M9j%X5`c>B@V>6+}@s zo)$uCi%yyIR3>xVm=43QxNif5bZ!pgpEx+w6oYqf8IFI#3C<#jUfV#4_u}Aigp8Y{ z@$DF#Qb%wqS#NmMX<�n(sU(=#k&nqw=h;IYeUJgO8K~%QKvua6FmN$a+Z(_Im5H z$aFLa7?;|Os4U5n9FD|?ObDt7>t$!K=ZqLfZ&`$sG6=6z8riMpGQEjCh%?X~=v%b= zic0;l>E~brb`-gq9ep_?{V1U%lYQ;e>(hMG9GqCx=b$A7pp)F4bcJ}`W*b0(M{P{E zCZ&&;G-L-*pI>yXv;^K6Il7o6G@C-WZqRzjtSw@~)bMscvnkC!Y01EZ^!D7<&run} z7Mdd@VPuZa*!9ly7DCXf5g+9{UF-zr+94+s`l4>GVyQ_5XGbsEp1Dg2nV5p zwDAqJqHK@J*)Rq}2_jHm`~NJn(24zKH#%%s5P}{IUA0r1uBkaeprRAp=JL$nWLUEntL{Atc(FHGWt6pQ`SDPo$)-p+CGmGR>YSk zo_7PXH*|AAdz4Ls$gA;23wLz!#}W={@Cfp`WHml%;gkiuQf_vQT%eI!m{YSGHug@F zz)1j6Jz&Yo19Y`LJ-4*0rOU7v7U+^B`gB}<8k@?mO{BlsEbJSKn6K`Xi+3L3nb0in zv6y${W2b1DVfo^QxO`pvXOUxDSA~mPP=Hfgk(m9 zc>8eBiro~{2p*L$%>fd7s^>6Z+b zZ(%bB7m|qx1NG_{!17K-B^{Mgfhx(U0uMs#(wfrjNN*w;BLXtAxED us8^n8+q% zPW$X1{_=~Y3H<};eON!Jwqc6BgU!_Lk^yH)!U`ai`jckUU-B5jGYu2M2KpnNQp+hB zkG2$^#|57fd)lFLNY(}{*g$2SQDSbrwmNP{LAOvwXy@5~+c%YQP`we7V@am-5jyg5 z41$s=j|v?j+aT~%hY{MfY+uKqSqY*;CKY-{ytq>c-cc=6_y}SYTMv9M5snosTPAzp zv5Xdc+ONHzV49xT3~HK+{(1NSwH7p;RSOT!@Dz?zy3Nr;%yE*Cq-W19OU@FZ7+T4U z8M{P>|J)Z&gBk0LXve0}VNQ^{a+83{Lh)7H`_x?D-iT64%Ti7MUwn6F+-F)v??=lefE6K?oO*l&*p(w$H za61weICV?bB(b89x=ASUCy~?&IXEt0lh7_rmVMm*ScncL01!?SnyZ8(nlh8LGE{00cgUCLkqPmDm)uajAblum7wX!+rS~P<{UBC6oYdBD3 zEJaNvPu+!bm7r3;6<19gvhHY@rEo-Jj>ZWyt8^dH{3rFR)EQNY5gLBK6Aquh42R+K z-NDnHN*g}toW+potYrv0adu6mN@aijNm%(b;Pijfz1(+!QpD7K%90eu<;fOP#6P!5Y11MyY z*S)uI?Na=u)8YQdJxlUGi)cnt9R4O)cKtRM=YM`a+sqSoz7X+NX(0?ciZ>WMK3jBn+Wz=jJnGrKSHVT^ zO8#Ep1TrKcoafNyicO}h+DxsigF&()RZP1euXx3cvxR!SUmHZO_YHf}lD&GZ z&Pbh^yUf9@x&;Zh7hu*{nvl0VRsZ(z?RjaS|2h+>lKOky!CXqRYVz5?4%JM*?v`-% zB-h_Q`I_0!AuwFB)>PCt6fG^OwXfZiu7vESU#2NItfq`;y?b!09q`=V_tgu}e}0z? zu9G8w`^;@+Lqp}h1L{>%82@!>XVXgDu3QcL|69%5rEgwE_wG`w^&VTD{!3}FX7cDN z8M;Z}bBLcFcNTvDd>|O16~n>9T}u zrf$>fZgV(9%P_8H?tok{5cz4Y4P$a#kE<;^}p&>5OvM zsafXMTT;6+?VNANPsi8WLcP7@63>PD>pi(3+&FZ)XJkG9U7M)Koa1>pvQ(0^HePLv z*IZ5D@ZKT^+0vYQcg%KK%Sy1C&^9^$x++&G*g?gG%`IQ8tCb#fb?cP=TZh|lAQPXa1 zA^ySvK+84vH5j~^b#B#N7jeC6e(Jha>v-Ai?ru%8Df3oGsw1o3-J#gXzqeoyrc$w% z&*WAx^upgU=2Vhu{Abg`C2PDprmf_IyyIp} zM#y_fc<<9B%8Lag z{^*6_d@H{}I$Gt})U!L?PeCOjV~e)|+}omJI@PIo@Fawg=l z#0>#=4~x(z60KkZHnwI~ZG0I52(>!YT5)OGK(F#@%&q`49=AO`vu*}=mH3#wQX{0H53=K zPNxFEGE$4qMYV`q)YKEy1YRhA7uUCp`)enTzqYPUCcWK*z^Z?I5LlJM4+85!V0}4( z)uG&Z`77^Sw`<9W)+IEX$0&S(>*w^k7KCaNv}=K=r!>1B9*eS-T?=BnFuVK3sAC$h z>62)eEw^UNR5M#X@cTL->iH+X+@yJ6@ycJdhygFlR~k-QCq0zCv;W6Uz;=}@BIzy*4Uqe!zGxsR<7ozy(t7ggKZbATMqW~;|y*V z^3|Fh^(LdM$1}o-H)rdOwq~illSW&mm&rx*RZp^dhSBRV=?z%}QVQK3L$~_C*6@HW z_J4JIzm~Xc8ZIDEIyziz%iNI*osrADfosxZ6{>hW>ioKrkF?cQ=3t*RSA<3I+adYW z`t>Iq!OEZ$*{Z(|(ma8Le!$S?@J-$QwG`QIXCYduoI2nwZ(AFzdfQ+SwmgDu8GM>u zSkM35Xhl>&wl5p9ajf&}o!Vt$;@g?vZGvqn4Hi;jB}CS84z~;RX0GaQW)M5Vo3Al^ zOP0oKLR}omyM*ZgJWIy8cX)!Nks{VXBgV%5QvT1kO0 z&2@fTfXKB~ibZYSK%o(Tcw=v_xVb}uG1;I}6p7fYKpIO#Uk z+pOvlTI1AHH44~s<(g{%R`CYhg`r=+YvI-vx}{pBmy~^FH^FsiUA^bxf!^!T+pF%~ zC$R?ZwPV#MkYUdOLdQBoX03|$!H>|#U)$->-oM867TqLklUAMWA}_&ZdBw@m;$BqH zt$i>_utlrx^0B(GwfGd*lr!}!I_`A>TnA_G29GZ`S<6d8uC@8;-6?Xd`t}Br>&(-| z*Ojb}&UJ>)TyAocVXItq(n~;5$wx3g*TD67UZEyt@k(gzCj9Hv_#? zc-tFUuC-h7!QAPg^zNxr%3DSVgN>caceY zP1ak=e06{C?IpCR-&nH^*IM6FA>qPelNnlHRa~Zm)3@uot4}I9^TM_6DOqya z4^M$a3vZvk$)y<~I+&n@OkAondpC@|AjGCL%Lz}Zl=^aDeJhN+MoC|)q%Y`65=*p} z#L5gWMFfY0o^_Rn+kM>?2y#F~&bvjm>3CWAd zR<#+-xVJD*5dZ&g-g+ zb2eefh8o^y9fNH8->(tCefMF z@D)@|03~{7?~8^8>|OezFo|as0n3~A6~qu7!X3?!9@b+9q)L`|6hq^eRL+nee?3CO zUZtM~>#0PKX;u>0ud|7U=(?!;aL^R|E*!}j&JfGWp6F!8wlIR6nQ)tEM(PYx8KJ=w zbb%8ZV@co!#SAW+)O>GlNkKD$6FEDDi$lrz2JhTm?7RfJtC&I^fbKm){dAq@_z=k;CIxf0mSKrM1UP)%f_Y zy`%RB?|=T)&nT{}8f30iwpqQ^jI?={wbi2vNPJEZnM_C|!;Wd(*?RMXpY*$xsQdb+ zXT@C|wO}$gnxX>oy)6(n*TC`+%h~!^Lapmy>5pW2CsSnz-+LEP=+s6C=A2HtgDwd- z!hfG-g2sfaUs7M)t82NkiY5kxnzwUS@X~~TEH=>v#lVJV4wo}Dp(KgB_+a4@SovzF zSZheU6F0rhYUhuMgv9UdwIoB2OvOjaM1SREs1Z|e15Zk_n8Y4^^i^t)Af)|~O>N%U zL)(FhZDAMg$B!R3hHo>}G~Nt#{-4dwTBmAeibB>dG2=oaUCR#C3||m4ZApei0SV4y zB(x=7feMBfsfb2d&$3dzn5aUJFcaf3IkHB{g++*4n{ z*`w8$)a08 zy?X-nOU2Ae&D#AGR^RFR{3nv^-#AU2UX%z@s}gmTELCA&w+wzNDBSe|mEa1Gsy5z{ zB0q3i<}v~}P<1MNr?1IHqaRRANWRbVx$T6-^gFnUN)@1ybQh1hnty^8{EqM`u@_ko z^tc4(45#l*|3*JJm3gHB)9wEWZf>8LEjCm2GRL~jWD)p5Ss+Ug09W(d3OI|;;~E_R zJ*U8$Mm9Z!H(Q3k1$plly&Gfxri69ZXjgBtyD{efsDQf<xjkD^>A~!=wLkv#s|UpAQ=C8g0X&`;w^SU1ALI|>q_?J zV!3Oo_L~y3RmMVRY@!YOJEu8GXr}sS-k3mf_nVW5&}kagC?(=HS~ zy{t`OyKt(oSIYf&HUF=}Gc@>B5POXCT#<5VtgX|3pPbf8RuP7V0ooRvNGt z8mO^yD2xJxJS0Z2dCeJH`F$%D#X17lis~5R;3+ljiH3 zv#9O8n2Wa8yvPRUPsPC9R}i zw@_#zphS%Z?Qc~>xRA^YvHyBZvq>sXQ!1k7w|vrg7ePSjPV+tRT}uNo85iyEFLK%X zTBdnR`AH#2B$LMbSurIt8MoA+f_?w|`F7)d`g=hN(s-ST78vY;@C45r?-f6_zHEV! z!?pE|*F29-mDp&hVQ+kD{glwG_|*30_X3Mq+lP5u&m_lDy=|ZIgc23feKvtVqw6gu z?aSU*xt>I=sD5or%K1xiYB0TyV?U5^FZjqO`z!Guk3%6~~Kp0~t*3iz7Lr>gjzr}VvqO`A;T8C{FrCa{d|&q#Ex zwZG~Rye{KH)*6g5-oujH4eBxiRV&v>QsUDRTB6BuYVVk7(8M$AZevci^G3^7%!-s( z4VRr!)7S5gp3X7l(D-~*s=-W>Bw~q=e?=%59?<{{$B)oQ1At8jIg7>MiTY2WXwHnT z)&~R5c`4PrRtTU{rykiesdih*e&0Z^bqVCf`dHK8kwC!f5E*3Mq$!2~geu~H%WP!v zsru{3)4$~`_Wvws{Nvzn4zm6<_!}>>QyTxMdQ?NV*1*-(au=q64XOO4udg5fZP_*71&djotpf=rDeda2d9E{!(Dq(cZEpw`^e3^6Pr5 zypQ4IoRd}7`La#}U4Ln-%%rC86|bVr-uCF!wg0;uAghqyV2qq4u;wr|o4&h|0@uQ= z50r*_FXN<}y2&sZ60AE)jfSs1NVjFmEfVG>n#L7SB04JRzaTu+QguQT=RiOxV`}~6 zEIlRJ#pwm+Bjl{P_j~VN2aN?e$3n;%XT@~pFSkmi!a}f!>LYN0@rUV1$B|oRRa+w$ z0(t6sQ98e19Y235!kon+&2I@%LF2`cB9>)(kv4jt;ty#{r9|QwOI#{MePEYT#e=_k z_0Q$5d;53qtU(6=JAmz;=La?F?OznBIzJRNZhf!yNJ-0TYi+e^O7A7f zp}mU0@)|;r4oCP@mw0M)z3;vodLGqtGCu_e{s=t|pKN+x^!Vm1_K@=!`Uco~*DaLL zyhG=AhIc)F1nKw@IU^vS5u3n)X$T^*2K362BHmTcO?^_I!)^%`3H29Kj>F-T@6O45 zOV?3VzN-{bx}kdE@ALM}tW}!yIhkvsszUk|6!*~6-*s-9!)mF@?bim5xtZB3WnWbm zG5yKA%2|K)UU(21#hMGaE@DSN8N=HdTTrG# zD)y!%lcu1(j$9YCzdT6Q0&9-V+QwWp*5d1Pe%8ZGzCQQo`AeZswcnxJy=$!MJ2nOp zy%JP@z&gmFvT6-xgKijS9%W_-MTT1$<_v-cA z*C(%ERXp=wI-vdGS?gKh{Kt$WIpN~^2SApb|4?7+=RbCzJ)Hlzmj@z+Uw_KgBBoY) zB|X$i52=A>n9FeWaA55r?w6%;kw_Ho0~k03YL|CaQmr(c#zcutUStt^{uKVC>2Wcc z&`+q>?_F=Rq{VH$2&q32RB4T&{u$1Sra8;h+OA-&P7YVEvQ@JvnE;e?)kY?9Ou{l! zf^|49gjt&CHIP^-DQiOWGa0m?XumChTA}H_K2?j|U`&c6nWNteoX`m+vC@ix)M4;1 zqIm<#OT{5-Oa&T~2*a^@mJ(E|IhuRnw5vdvo5Qvw)=7`3K##|B;OtlLk5yTkO_9h+ zv>65m6U2!=Ncq=awp; zKL_xUqa+ zp%W_zeE)c8?QT!Q9T4u`S;m@D%?S7guOAyOTASPJ?ALGYy7M8dv@>s*xCw@4YV;#g zWiVfEwuz^@MrQqPIC8mH3bBStQVqR&-?ao)i+Nc|d=+ZBRqurzY<9uUd#Y(-oLAMNuJL_Gusg4e> z2x`o3zF z7m^^W8-Q?B6lEEB+13`uuT5%VZ@<0zMd|927o@o>PJTy^CDVD@8(DgcCwvq2{+7|? z$6j?0yw=1IUDazeX^i#ajD{B(S&>P;O$*NJWv;_^%>E5IUJrfwW^)8PykrOP!9J zW_ckIoPk%Xx=G_C8Tx6iG|2#=11OOZ5(`5tth4KxT3A4eDaNHXV9#F)3&y1rGYP>~ z-@-FEz9Z=g15A8zm6BA+DD6cHtHhsSVQp2?(?xv(!iyhJS|k(n*f(r#;XlzNVOT!j z-9$q&d|4liS_|}sO>BP}=FhhmHaGs~fI#tsl>p^h2)Gh-~f0&XN|^ z>WA#;$L^ATOxI~-+SZTnmo%_eH>Mrkc)Fw;={k+1ZQXdjq=B`%k#=-rXGu5C*J+-_f|pzJj?{3%OG3f|_P4+`FZyj&?gNsE*XArVS4LEGWWrYkXi zM}LB?_lrrrJu_I)Z^qG|h-T3HR+s$GM4~r`d+3~IvAz%iGS~(u%BaLSmDpa;gs4C? zRjUimbSTKNaR?o^S`VE^-gEp9n#JpFjd-g2tCmk|?_+rIyk4{eY|u;Z(7(gE*&LXl zO2Shr3=QHf#N>?dOKNffTb)U7RxpmHBqJP>xtef z*h_o%4ML@3Vda4W6m?nKt${98@kc&3#!zUR41dCcK;_<`o+h~te-i|ZnBkpg&lTCa zRoxY~8CB71W9mk~4=(I*j#Fi+w4hgA8kP!;+rjGk_%x)>Es@C&^IeKu)?&zCJp}DM zJS)Wi-T>=-`;tM|GAH6MfY{76Twvlm8(JyizGRQ3%?C8IK$#UztxrzVD)+f%FUytQp>g&Lqv#InyaNj}LsDy574xLU9c$4bX%Ovt^2 zVxiATc|X_au31*y`Oel$jG!BBAIzau51xx*1|+=j=j$K!Z9A14u{6b5>^5s)J=5>X zDAd8#)xru_)dLflPhAMBX^!!mTv1^0==XJ*A7JGiaFXCTESHN8Zs>sXI{I)-V~Ag-DE$ngXJYOrMI>!9ClA7x+J zYn>vZbACMU?0t=G^o2n&of08!5qLL3y{jt({$)N#y`EKoT;Hb&8{=eCLpUN+Dx@kn z0IzwP%lVR`iYOjCw%l*@e>XlmJbSGf1-=%%BrHe9jqEJZ(^0hx4f0b%RxdXB$`JF zdBfPb!`{6eb+1LWn#)^G=mp7$5Qm(N$*BE+W~EFBH*w?P+S*bS1GgruPU%>VkBuwSRt37R4ugtry96xB4x79oXj{8 zGnT|%Xw}OtK&%1sy7VGEr5QK{f95zMhpUX}!b*#%xv;VB9?Yc7ep?+-jlQoVhDNUU}eaux>ba7ec!(PB)&ti{V`tEm6Q- z$HP_}qBXE`oMFlx}5CEQWYZTHWn(yGC0#nbDPIR-Vu8wQ93@kwH+o z*-|ggwWK#4PR}l-{DLJ#O5U*|lXv6!gGBS%h6LZABhD?jMf+|WZbe31ev^zvTVr>D zdBUbSi~S?~WqAv(6cLOie;mt89WeUt>mPwVmpl(SmlXCD&>;=ahkeJHdL3 z1wnqa+RKVaZB}VNZm0#FpHc0m^6gf3c4{Kbwdb<9t=xnkgXHanP)X8CwyJY7A0gO) z@qB%HeXDHCT(z7vSVxX_$WX|*qgo66mg}PQ22!kBf-P#gA;@&n*jG0F@&~Sioa%&G zL9j1rwoSgTLiL2C zpE<0bR3*h2%!-p^s(3bwdM>#AA3rZ z>}{c*J4q-^sSCo#P-04?DxkCRZJ}O5g@iIS=s3?sTML}z2~|qH>;erCT@x*!y_-*N zsex6<+b#xHC9FX$CCO|A#N0Z`btyofkV#AN2qGcpmisn*MK65#8Jj zsH9K2Uu&Qxv(jxF2&*)4w>ASyh>07u%h7_N4iIWudN;T4L}9aU_YM5x%2AZHn&>>m zg39zLt7oF~?uc8ooUS1MTMlNfCu5e#|LqsUXLb3%{ro}x-^+8ga(<$&Evs6Zr}mAj zrc^FvudQ%Rkz2joP%~*`%2;+@ea_sbu(q9oZLSgeb9Inz1j;iLKJ5ODb>(&DfBnSq zs%#A8{`l7tm96s8>N9kC>#+4L8v-s_HPHx;>G+(o$iFRvNp zUi+zI`}}h@bV)F9ThX*2_|p`F(onpD0)femxC)2ekSHtT*Pl^)c<> zx@&cLAx3uMp)!dIiuBc1(d?>wI+Pog>X(8G}J#!~z&r2V^ zPRDxau|wg{_A4SC{+pZaGGNApd{5*h3=Vt*8M-jo#BK3=U$#p{jZiqae)Hp zO8yn?x4(?;cU9gS;m|1KU#bxvHh8CYBp6=q!^J~ohM{3i4651}R58jMDkS6cw=|{o z!^O=4y6U&4o{9&>^g%KGYbd7Qmfm&03bn6F>x*f=W?gzMopibW2S=>l;fzj*km5Qz z;4=UJaQj7L|9`mqp#R;+b9GhAc3B;6#YFvn-(A>fC+H^nPP3Zfv@hL_hv%Bl^7%i@ z@wGkw`dKpncXppYYvzC6ewhFF@p$`xi_C(@j4$0ETpT_C$tWvUWZBH%V#gShZ(Pj% zA&d81%>7@{vUDza)x#6ar$o9um~Ga!dasGJO4r@}Do#_o0ohWT9krQ+KBstPOeOqj zd8M*UyRq$+9g`Wpp!%dXLiSfV615XytyNo%d#6&SI_S9NAes+M!ce_~jGezoYA?n) zBs?OS#8amn_Kj6_WDY|ZEzX{eC^cU_GCBvSd#Ri8)1qoTRH*#F<&eg5KM{lAar zs-AvF54L~%D_G9vgSN7BPIBUD47OHzjr)NsUMu4u8V_j+x27KSGHubSnd**f^o*Kd zz*p1)+mrH^0k`6nj@ACUH&cDL=|jA#q=CQAiuzrPbiILA^4$%!lJB}4$?G_(T7cNW zxRJN~%Y;Z+)D34=GD0C#f2&uQ_Oe%vo0k+^nV84Ip)8CD_?%~Lxu70(lKa(=AW<(UeI^cna zZ+^d3BV`K3dYVKF?!l=xN>I0b^8*dTHigZl4LE6jX zxNMZPGv_a^)I2;ZKg;z$vkvRK@~@=@F7y99ds;vLHGJ{(LI1m#r>6gz!PYxH{-&_j zy8xj;UccV^pDXHGo3{2>^x8CR;VQ*$BRXIS#CuVK;7YV_YcJmDU?ZbiRIU%IkR6sw zkKUDAhfukX4+WbkVJ&cAMqS3GP&{m`#5re@MJ(}3+gA(qvksN5oAHu_T^h5Hb{d-^bIk|C6)$6&1Y5)uQuL5l@L+bl;f22UPRn_^W*z)UvEu zskN4I*ev>2R3+*ThXv$MX|{KPX`%+fZOOPd)wI+rRkuQ_Rcf|^z@L7}a1DpbyX9E4 zfT-eePvL*xmW00BX9fAs;*@1nQTA@)zlXcqE%DzE@jv(Sw9Ef@X27l3Z~0_4OJ8TP zPJv#R{f1|hK^QSk7~G>*vioLogeGS z_6m@{qUye)WUmqPzNGt9=Voo*aZ^D@ms;S9X)nLVl{%H`=DZO2Pui~yadd|=`lL&_ ziP%RtAzY5o5s3)BAp8|)c~0Wv9B20SCGsifBgC;JkIkJbr`(i2KkgdWYL%*ALhm{K__#xPSAzxN%(54zTXal*!f6w_=Fvq%iQS)axm2KBzVoKHMj zI7(*qUSpi}>V2x0?yq{hjGplq8?m=+y3TMVY^q)|9=8wHvpX6rv|zOSK}y*4n;)S= z&LScNTT%4ow)knR%YS*<=THJtyC2`4^i%pwKVf3o5G|E^%|ZHV1m6mS^{t4$RflV_ z&})v>*CO>QL-oyxy{^%D{V8W$uBzz~Q~FepEIw5t^lOlK7Ar+$_xCp{@AMAn;z3#} z@LGrItC4w2hwGb?c&iN9Vv*N6T3?IQ^9SqO6nYB>=>IK9L5}Gkq%u5>k@;N}I~A&H zKcZ*b+m)dhE+2|Z%rlxzZ)?^7I%tLk;si%C5+jTNIXw&|_3xkLfLcEx*;LLR>0=Fo zPBWaqp@xJCiFzQ8d#G2DNIlf^c)o|KM;J5=1;T-I0nTPfk4YB8aQ+=;kfMXB<-FvJ zCLhW4Ae;GDsopvR?|;~pd{A>w55GnfNrrF~kz6)L9##7A#rdEay7Qm1Ik4RSZ(`i< z@ch@)?MD9R-DeN+Klk!nmG}RU-&Z&pWw_zBcHs6BSRAVA;8~|~fLV#wH@C+v>98V@R z^73%4O16VG2z3J1F9BG{LyzmF$fuSj46n6*Yn>RaCBN|)>#zA)S^vZOTCzLH|1}(L zH{w6GpFZUOznAB#dH-Ye9=gR>K(<}gxJ=u#cjH}8>09}hyf3Z(wQDbys<)`Xb%MN8 zJf@}j172aehhXneXB z8V|PExBRTI{$KOf*Ya7i{_pPYHu8TweerPr8hCoEdZddCEA=^~PaM-VF5DCQNCWb&UZDN?eZ zV45Bg^@6gjneYaoRch$*zMPTl6-kIBaW^$qY2O26$5g#Kj&O1tpfwy+zp&+7Q{mb! z1$?-`q%GXz#sl|ofyrOu0+W7aIscX}Gift$JkfVi3Oqac49VKQ)J?wnVYdH3yQWM3 z4`(Dv=`>@U+_;S;`v3Ox;dU+m&-0z<5Ai?u@@$|(EG6NYK$0On;GlD$aX}LZ>C16+ zj;BO~!3H{+QGrB}>-}^wBT0g$2^(vzfo9V!aBE0AofkQp(1eKKNhmJ!;7K^f=fRUurs{9T=`?uq z{{g;aC@=Yqy02=u2qJDCTIQhMxoFI(GMVi}h z7ur#PXok+995{~7LUc?B6!_R|Z&8C}Z!Z>0DN98-) z0cE0!FbF=&$;mmtm))>zb zFEVKQEXC&p*&=;cWdF_H(aG@-9W(PR41$df^iz?-S%+8V8qRVQjh7|}h9Nr0B2KW- zT}o-jT;CC!c>Nq}xr?(H2_oS`t^~I$EgAZQa25tTAu^Xyy4sHfI>UKx+C5WcLFz+^ zj9iun`z^Q->4n5Xzobc`$XEyxBP^gIP4Sc9ApDu8S1Dc`pVoZ2OlpHq!+5sqV2?FX_wt-cOT z$0_U9T2vE3aKbD-y#*O;BK6ZPYB(h*o%cJawxzTRs4!tk!Y);RBbKH(i(9&4+v|ph zRvRqT?<;*FWik2TZ?Hr0qj?3(cUThihaQt8>0F@BUy7coY0!o}9bGG82^7%u`qzwb zt$m!ScF&OB8OaEVK{*{0t-~--Y1jmv#h9cl6GWbEp|dhy?HOVmoq66QrCR-+afFrT z+K)*tXXp|q=Sa>tE2c9vB@z@?B{C$5m5$*tU?DV@QQ^&%EhGr3&l9iG&j#eN23by= z3Z)bq!9liiVhjv2eS^$kQ%{j!@+rq^VGaVNZGZgb@aLnwS6UhV^|AlUR5&J4!KqZU zHxo2gYd2+?2!bxbz=;|nk{NQ-EOvQu#3R^aA{;*9I5u}X$r+X?fqUK~mSrT;J720y zA!m%!KS->!KQ2NT0U)B%Tv@i|>3_b)N>%%I(m3QEi88>$S|d4&9|?4D7zV*RWsB2n z!jwi|rlO^K>U?yh_=yOK4mpk_jfg-oiwf0a?S8+B9$7n=C`^O>F%hz#+Xj{0BJhMv z3(RBD$5X6kY(FL$#Yvw{`eq}qkEO)Xx!4SXW0n#WVNRS)BJnxNv@1t*=2^w%DtST9 zwv4u&b*=)SnkTTkgjnVXUJk9H9o*ex5~i2ix0=JWqrA|JrQU2fvn8s2`pF+^Dx5G( z5~Sy?nw#CIg3RQEpq%C;p&1eAal)ozt30-!#Yl1-5wRJlzhg2krsYY0yZ`5z9B}Bo z6nM(68xt!*NsI`UGr|=eotQz7AsgxD7Al2}k~LP;DESly!IRfoL4Go_tCZIc76^OQ zLlEN1iVl>}8+o6!RP-oU0+|_Gs$3J?M73QVsa5pJ6GNXTPe$m&$=gGqQ<=am^iuk% znPW$d#E50d9PDZlah&UAr<{xIGP9%)p&dAox7SEV<#%-ldf zVL>Bw!gBPMT#%&B;wLqkRB1v{P;tox#d;ajU(b-xaxwH~huKRLmhU)8*@g9)o@GUn zoGFVqCFz)OD`tg+X$gyvk_Z`-C?$MK;w>Z?q7yV{1-ir;tdc2<>0}P3pyePq3a`q5 zED<@0phS`&DoHA~%qEcih-~^w7M} zI-gs|a3YvO^Mb}i=;Qe~LFR~s5+G6^r5}@oU2Z9w&PbA%GZ4{K$u33j3XfaH36WY) zQ?>4CSVD<$f}>ek$jlnAzVG6&kk(L5%Jr^9WMHSx!pXVsCMV=230j3OxQQgQA2k06 zqFGKzoW+>Oh!rv~z_ryj`9&Cj3u;2J1TqQ~Yu2nv{{z`7MN6k42+#v*^iL4{9>!W9 z)xw&@p)P8wYp5UpP7{)_QZ(O`&KnaAux|lw8Z6AtZfuuq&v+0;G*e5?$McuB<7bkb z5ToZ%VLZJo69Z43-)y)d9o4k)0H%=<^U@ouE$5>|XZ9?TVgbXnN`jij?M%(AoNzf; zBsc?=Ck);YJ>EF8Zdr78p|_U7O+9L?wRT|-0@L0o&~v(MQi}t-sDgF{Zw%4hgnA2- z06sfOaEa%Y4kD#Q!9q)=(zKK+aArpJtjs~l^e~<&M9!S#3bkw1&s3Q!joq%;fn-Xv zjx|fugb1Z0a?-v;@*zy+vQXhwo6$HxnXfNzm`#AE1*(Qo?tOISx{)K?1w~YON7KL_dX1QJ+(w+3|#J5 zIx~}?vwr`A@UgP6=Req$;ta9eN!Hf>D{>OxEoCDEzCl_flB$`Ymte?@M6+q)5CJ5& z(B+IqGi_9;aa0<`B`cB`sd=Q71l1yRM>VGe5>TumTyib zB{c0~U{F-6!RXnu=P!q6&e9Hp1Ea`93BlYA5C$bb9zA&G9_ZGF=R(S?d>DT4qsBHq_`U;P9}ttEFuFODZ2M@ zA!ix<`^SKfaWvS}f=?O8IL{NRxxU(S#pTLE1Clsj6y|O-ou)-<*()xWTmN{xMr_Zc zh5o8qQ%YV4o3QTI{MrJj=>|>4L_jO7kb=g*tCpu6n^oBB zEl_GLox81rccyuJg1xQXF7dwMf-&^^ zXkQ|Zl-wm3iZlM9lQl?N-=osPD5cwjaLz=@1Z>WJ{} zg?&P#kXVY_Gq2A*sQ*zmc6+{$yPoM~i*0j!H9crw?;&4@$=wEYKLJN?gSCB)!f|^7I=fuBR%&_PAR+s;iSyqwbQY zeWY)Xn^lkcrbqu#e5^Wtk2;Xo+yZ7r`$w-t5bT+_2}x73R zPa&iOgtHit>^C;ov1;4laJU_At19}>p;GVlpF2VDFM`ILoonZfJveXOLo`EYrv91T zDl?mHXAq2I=>lhDCYUB6dIej12un%QywXFkFdaPg#e|xfcS9Y&YEU~1(a#JC$uXVI z0FL?c^bE#{;MjKX`xoJk?%($>!|fpW5qwh7Qz>U#09qzv5#kcA-VY*|?T*%oMu5$0r4sOiMZ z^LHP;0L7}xugw>S%&iQu7dzcG#Df%PbV7tQiYOdKv>W?WS|rQBajyfGA`}*!nra%N z19QBhkb3)|*29Kp-vvd&(1VlDZV_3n)^1G{=78qPGe$8oj$<>`gpJzJ+Yuajy0~X! z03teQ(w%Za%THx!3!@fGAta5?wUeuy@#ZvSg)CdJwQ{FOniG@;(MGf*7z!K1;nQa~ zJ7G+PD2Ny+K$}kN?mDsiOo`nS6MZqI+0^dfpRK&MIad2c_@O5ypxQeA;-y{3U%U*T z2Ej*jF!v3?iJT!wLWEx1wWNMBLNVPTi_yU$M4uBJD~Yik!hbg-RbC{?V7NWp*)+DI z9|~=cJosAWrP9}QR;TzTrz@c0=ifj3e$!vJ-M$o@G9lRozY+N3? zK<3Z|(uXb-ZH#t+%%O`gI5EBskRk~MFTaZj2M`;7qiijZzAY8w$%s@3fBjlhHAqTriv3a}*Uqvb1CjD%Hno zbVMf*DopMeC7qr;(aXgnPSi?~B>DmqBFve&a>?j~r`>MUL`8zNln4?&d1A=;{QK~! zA>+1{yrn1y9nRmeB9r0_^?x*9 zbgDgZ=8C>yLLOo{TUb(%h!eT6h!a}k--w70C%r~}7_%Acxi2&Y3WgBkaMP!dv6#@fq@IA$-w@kJn z6hf$pc59jtTna0#IH$Q$fviVE%{dT-nv(&uj9e0K-3CrkZS8thUr-b7q^+1ut6}vH zMKP}l*rm88u-1rw~43-ip)wpnw35a|5TJ| z4IBnF$c+sm0~bJm2Z7klB|nG^7w>-lvWBI-_1rl~ z?A93NplI3ec^z5Cg7Lq(YfTNMwrWhKY!i=F?e-#hW^GlozkpyQT>R{K7aONy>%zF zZ8(KA)P?91EM$KOY5kpAKSDy{DG7oNbV3x0wc&Atp{??2|8$l*dxIr(@#B+U1DA|+ zRBx;2<*w8yhTeDd`ExG_3^-l48lng-jLgM(>Iay+N$wfA%?309(C5!B->QwZ|JD37{1BTTgord8^ zcXZW|-ObW6!w3@5jHK9O$I=%DcFS2AB&)l7=FLW<{XBaX4#7FeCg?){^eh^!8pERd z-4)3$Mz7!hQ!%-mC&aQktSvUlgHOl{%&8hTBj8kTzdQ4xn5kl|AGgO!CdvjV-L~7| zi=mr<*3%!=kd(~gzXj#2yf0l@#z9p}s|B0Q6LYL1gSOCP=Z6vs=!@s!(77+3J+-#T zvt6Y`m!#Vbx9g;zRk%=C~b}-RG90cVDPsv3{L$KwjUcBj@?{(+5A! zgCFO?k7NBfC&pP|Wg(kDHX6@Z(q!C19D_9o(%22}mKjqFG*tR`BokOx`xC}5F^|3N zVHlJ03n)>-o(9>fiBBC}WDXCCjOIBp45XQ+${LWkM>2Fa+<5`04Z*`q%|<7L_0!Cq zPN`?pSv?=aAYqYK+)PRa$^L)#zO_egn@KmH`&S6#12|r|XLMJ0IH>}+Yco0KU?`b>Y#k0OrHBSiJDb}wqI~JT-~b|Bm&_k4mVLg zNVz@fVQC2a%T7HDVt;mwsQtICz4Uda}BcCO4-E%(~aQ4oZiz#-Vw zt0%X`AV#5!ib0&;tMg10-k|LMG@Rd{XP43siS!ZqBpJ#*$+}$_^zu-O@^xv9Tw(P^ zBqtfQdLeRs^Xr)d;|PgzJV%jtl|RG_gE^6WI$laq&1cW0FIaNJ;Ayr`tZ|$x2cnIq zd^g|Cw~TE3bD>ZxT#Xu$)ju+mX_1SaRW|X0n?Jt)@Z-y8ybzInGz}LLz*7G0vCW*y z0prXAMH_VIX|)LSngm$W)F|-j)29x@Kz904BFSx-iu;`0{_fSwA6|TT_44}Fn;(Au zg>;lU<&&bprmKo3*>I}`phjJ?b;#W~nBYXHk+9H9_OSA(RwiP<%XO+xRL%KR@mge$ zcQ13aUUF6B;0)JnmT6zhvCjr^jlYn%9@bX^V<=*9b8K^Qy70Dq$u!*b7C#V?{(0T> z7~bPJ&P9b!MFT|+t9;q30G=zEpi1$fRl_41no?2E)Yl%jTd0KstLki)GM<+zE)=2| zqWh59E}J|le|*o_g|oJ?4S?h$aEdD%(oU2zKj+=AdT~mecqVW4oV#-Q3*ktJX7 zv2b56@3Us!Bq=v+JQrLZwWk%BPf~e6e9I!geb!Uzs0*-zlLW;NxudwQ8FM-EJ};7N zF0=P0j_#tIK@qvZnQd7X9J1W)wnvoMMs}c03C^P+uG;$Zj4u0_k4dSf638?@hqp#4 z#ZIU!`8AegIxDqFGPESajUNUjzvUpvz3h^T$(HF))rT_>Z^Pq1<(}mvPdVEJ1nAsT zm10lLG;+yX*PqVP2-hFZ%#w9eOYz~n@oq?c2>OlTKfZr*M~`GuaCYRGl%zPKF2M@k zJ`AMWOs6li6^$4bnm&@GPcG(JE9SYfm!@CBxe(pD4|JHZtZ%t_T53CFwl|thuli|~ z+eacL-rdGeQGhe;ps?5pmN;(NV$*xY#V6nx)8}zoSY;Tid)p_j2wC7(MwMNd&}q-M znDVo^l)7d|m>lwnl1z?XUQ2`n>oKP{8HXZH?d~ z-k54qTC&JdPxN~2IfdzpDUxJ=$n*DdId-K{Z&f4}r)Z9B2d`XOWOZeD28uCA%B*h% zvZ6i7Z#g}kxv1*)Ahx)-rFZA;P$_T2@&aNx#f1p9Ytkygj3mu-n2L}sb*Dx|bJn;v z3TKb7m7~DrR=zUE@T%>SXT_e%c3B~IqlnmeB5~_JU4~bqceY|n^MZ=FQtoi&+HqO9 zhKkrIL~PhZ>Uqxk@H|Itr8vIJ(HKIwY{H;mB?Hk+)dinck|A(k^b_fKn^Fk2%p zin}hzd-682%h{7m%uI0le5j~FcH10;NEzt=7Ekz}vhDv@X5K7q=R8i3t-U;egUneI4}eG`GkhGv*hi0 zJUO*;6p^@5=$63r+b~I=CQa$yD=Fq#pPx{BBLQ2GOIiqAZLr1;mB?*e(Uy$enw6S%p6gtHM>1YRTZiDjrX8;Nn`yYR329bc zW!0e^7lrN}3a&}IGfu)PB+X6WeO+B$#hc)YUdsNvOhV^#>2>w)aJb1Op1?-DUZ7Ji|IQWg@~<()jW zC@OmUybSCX;rb1+oJDp|A$4$D)fCQyu|NBq-i1DC-ia|vOFJ{WC8aTObMD)_$ojJJ zaSnM+Tf&T?s|VtgRyqR>sAmOn|l#r*d@j&1(h8=P{NX5uCHlSC;# zE%Tyguks^B{?aDeUxERIFZv94vJj4-%JQ3oE|OjRPo&m)4)xi74d~^6Mcn^YS%&)0 zlhB0xKUfJOF0EGe=h0ZQD*9BZxK$2wU9IY8Ey~v9^WVY$rJHLv@xPbl%n_sr!U_A>tCtodw&ts!CM?VI7qWskQQ=r5luANe%-OB;b_#u|6G}~!`Xjz zMXuR@6$|)(3ZneaO*1S2-xPK5|J}wTJ zWG3YXoEJVyl3&RagBvgSI+OS!&GZo|PSQ&+ENj`Va_nETNrjy(1KzlT{`?^yp? zcuy4ip7XE^44`lQS7Z_Yqv@If>;Dw=xcz@K_6@!z-(ce=KvLVWRr9~%@Qz7( zzk>_7PybhI_;1D3!2UN0J$CuOX9GC)@SQw$@ITE6l%rVlQr}yw1AY9jDTXNj0sea; zn$rJQCU0ZkR7YKNaL-Lc{rt~CSho}c`uSfG?SF;={67gzr~h&6pM6rm`;UV9`Tz4G zA%(RLX8)J9di;l?1O8_cI?nzt)`x>t;8-+(|2H=F@h&1jKmXV4zp4iDACu5g_J8(C zfe3JX8pi*0twu%d#c``ZFaN8m!2h~#!u~%A9gY9RqNA`19EJM%-w$t+GPl%0_J2dG z@Be`RnS_qQ|2x-ifQ4aS)XD#$J$9>aq#piP)EfRH`v?3#1x?5QzITrUoFs3v&uT^B zdtT}x|0VX(!+Y$6ft$m8BOH67TO2cHMaskCm^PD0X8lc!KitMRxea}nX0@crs|k4Q zb&MSRw%VAUJ>WJ?qt}>)6;Xu4V!2q-pA_YFi;wS3yr zE%xu|n*?Ll+uJ1|F%s33wyuMSm_dKI1w3FM}9r|3} zG0)c~>BUb!y!-I}KU*dmGFK0v-t`~(DUO3|*eT;({~{Z31>t)$pS&L!HUq#`z1pD#ZzNImU)W%k(% z+?DjAOr1Kr!zpr6ib{d8r)*g!CUS8M*|Kz*+|sI;t(~9Cmx^Ls$}<-5a9OSNO&{F; zz@~fhqSZx*Tdup$2j(K{!{SoDXu0qX1?UF5bNgW>{e=CymdlFeeZ`dr;d)!7$>o#e zN*^yS{vZvO^0xHxA`0E);<8STxDBf_A4LV?0@cR z*5iybGSMf_W-jhHQ@NFP@y|_|B65T!E=?|^EnmKE;tFAbJf@UZ_>SghInD7vvpl#r zTRz<`P6!YFcW9GmIB^(|zqcLcGVMXrW5{Be$-#aUy7{%)SF!DAlFyedydB@S(7edz z$KIHLCZYYve=NOuix}AJ|EcBww*db=5$z!V@sqxT7|1f{gEY8zX)yHhJG{F4Rd4r;@*7Sx202cbrg+3qQ82jj9CH)V@Q;9Xu zU2Jb|iX<3O96C5j!t(s*1qbjgGeD3e7PwG_~fFttT?gz4=TOy6q=6p4)hwfH1C8kGm~GNs`{i;pXPHOijy9h3+*< zlF;!`iG`yL3YCoLL6SkF(C4m;8LK4rpdWYMAul>Wqx{=(ilJ202h*--}i!>e?=}LB1-;oveyuV)5cVi&MkI6C!0H_&a5QOb(Yw~*j_GWq#BlPt81i~ z$kc6wuqA7bWiC})ajiA7U4$KsEmb!bmcB3*?5IV{>2)`ZmT14*0yE zLLxqHo~ol)Ev8Yqgd6s^1b}TWG)1_g%;fj4mv6fsa1%#Pck7C-8ggs%WfH{3=4qXe z-UpbA(GTD%-M6$WBsU!1?EE%O``aGhWm>hQyWyp-w9jR=VI16x{6L@c=D)As{`T_v z=eI&b1h(~Gm0XoMtv&3!%&IJsU<|5XKyH3Z!2i^-ovD&PH;+MCD!i$4E9pX0E%S}{ zBhOp45R;NB;RxK2HK+8YpPQy=T19ga13~uOe1jHU#YLAy5Ynn}Fb7KOuRZR}edurQ z@SAK+uPuvr*-<(nWMLE<>|CGcg(+~xKWO*@Uu!_3UpciMt{RLF!*(M|UW)H(!#0;b zM*xv-O{O{y^!QMCp?T2>!XOPt_;p-zD2FCuGi~KA|!aWk_0Cr6yX|Map(jGO9_A ze53sFx^UAaK}I!!QE0a~-rg=JIM$M2^R01*nY{se1azavEcl;u4(3X0T@xE@q&8ojC2V{tqq< z-zWd6V*U@+Qf0t@PePBq{?oC?=iF&~{;$V@%+XCF7_f)`^;-QGP1a1X|4c$#$A55> zz4s^(+BR5#x-CFtkai3MsY>5l%HM(n-XMdMFcKEypI=C`KVB0kUQ-AD&)+z>UlkCQ ze^w=6qK-KyLHyiX(M{x<>@t!a;gZ0uD2J^Rn*;e&0KVYn-L&jtd-j|jmGq(@Sat_p55P4 zfMSj6SJgXqhtpfU;W3|u{#i__6Qc-U(-VU2<=>%wJrtf;wA2)N!o1B87a3 zQ?3E6QhUe6Vv)Zi_45tloWjv3M5ff4a$aG}d^EQXU=gr)!=p#4{98F?3*k2{0VS13 z4-ap7EIlTrmy55sTxbPb!AZPFrNA^jRB=)l+_mbOFyy+l?0+*;99xh&QQD{c-(~>l zlmBI1^#59_1@S+V5X66KFScNgEQi|9+yd z{snT^rmd^Gp*gmJH4`mON3{%PY00jl+h~D|wXWdB(v~%SxkQ$2nhQnNk-b)yZW#~B z{y1`2e|r7JaB#bpKjIk zKSKfh*CYh_-%e5YgZyuMRupA36ADdLm32)qRAsR=G^E<9ZYyg=S?X9@FHL=Iu3g79 z49!?-s)Mwpp)Z!$vDeNcQxqZp8)%CX2mP-%4_uG_ z*O33sv`nb~ItfAkx6@YoB*^~;`QIunLjE_P;k3W~zda9JU;KY9|C=UjI^cgMA;|xB zPSU{m`5(dm<$(I(O|r-Me^b#!{?}y%__vX ziX~Ibi^xWqRJ26tD*FuBQ3$Bo?kypps&WDXs9 zskUpVE>>h6TaM})va{5ehK!1q*&h)91BkBEMRY;@55)gK{7(-8?W93ulL5W*M(JJm zDE7mfD0CB{QT~~{2~D^x8mEdm5j8bR63u zqlkLujWBU`=d9jV^CS+QqyDBlChUwsct@l?=>L20|JU<>8&Lmc5(5AKnW+C;&j0rO zKfDfHAOEYSnE%s|4e*P9ph{T9MNoqSjm(V5+ z*P?}EF4FJpNWV9OPyz?l=JGwtGte&{a+VfbN^hNKVGT6k>|w0HT9T zYyqL;T+~1o*#mQU3w|SI7S$8##t1FI)v%ma<;ROVyMeTbC^h z$;gqHy6fnQhL#Jw&~($4v5IX&TbgSbEtaxTw9Nhh{2$=|0RIR0zwr+R{9j`y0ROkw z=8uH`6O7`N_~$iV(1H5P?~cO=-H=^=CH)j8>4)%z5YPIJAoXek*a@YZmDltk=62Qp zdcj}Y;J;MMGELC`rXaw7or(Il<@|5S|HHvwL-1d!82_p3rVRW)1sw(dm3>KXc++kb z`~^nb>1YK1``#Km4~~!Lw_*5s1O}{!|8?0gMEsYb0seCm0{qw6NC1HUf->;zVgOz6 zEdl7_aex3$6?6gM3IJD}EA2!6@56xf#ee8x{D*4kfd80=0RM3=;y>U&8tT6*nx$F` zWG)T7)?DP8j&3=~S}bK{DZ7eknn+V+XKk$)vSOQ#VrjOenX+!mi-ldvyzCFae*pdi z@E?Hx82?bfe>8UDG2%a%lq-1FWBfi1Bk`g5D|YG~XvlqtM z)H9qMio!RV4RT|n+zBu6(ie@Jn7G}{r7PPDYLnJBnGLf)mz=1++dQ>5$%7q!T@leb zeLCytZP$?YynC&!v&YQfyC{8l>BXz+CSMx}NGY`!{l57Rcnqc%xgwO&aA*qNM|;jd|oelI1h+HDmfg}=Of zTnF9*tBbEx1Nr8Jpl_H)tp8!)Ka5NK#b`ACOEq;3 z@Ly*m0RsLD@L%j=z<=>A0siZ8;FJLWb+~Q={tIXu+FJe}lK6*FkNj`wx|sjR&>;S6 z8Up;+xrqOO{{s9M;J*O>1^6$(e*yjr^8XwZbamDcqHhTnw6*>>B=HZU(fA+L)MfDh zPeOqIITQ77%lRM6|DzKBFzVxf#Sr;llL7xT4NZpsIrfVJHBvwSk;5NyGTzmu&0Fmr~<04*YQqD2l22st?9<3ON} zL*h0L1kE@h^hMdX*T21a_2!qK-~9ZcsdFpoLQ^gCjrZf(B+Q9%LZmQ(>4~mbGetPj zW+jOQ`t$1J`fHCn^X*_lDt7=HWDsqy|1oi4_xum4Caa?Ur>X|%e^bzw_>X?z2Pl1$ zD1FiZ!9SPvsrvN7-y|uH$+pW0nKP+RsEkAzlA6hDqGesAY!@Y?n&ikg${()_H(e5B zR1+A5cFjd^yPV({iE<*}8h5x!0z*;swm4k8dYc#-iBhBRr2cMKgvUsf75V14!(ww) z)4(BFsQ&{eUYr2=A7Zp#drq!5vG4etHsd4E&inrW0BAq{Q^bFmrULb!CLzFoo|7~% ze*Q=E{}uqyKK@q?UBrKCGQ|H*LJa>|`f3iB0FL=3US#XRO470eoW+B;b8yxT-llQv zu{uW@#s8VCN-+_mV4!{aziQO#zsNGwf1ZQ@|9SemKHxul@t=AAw$u0$J7;9GuEcMG!;WO zY-NEJS9TUia~#<*v12%{<>=TlHOtbFjn|rHtR16hnf(FyFG7I-IynC8WZ+FFghD!L z91-As_%{Z;PdDu>{||rx^~nEwgyv zWHkOmlVua|pOX;aKh9}47(f5p^8XkZNFV>3mgxW0Gm#MZe*&5i|4|4VRdg|BWgH;e z$8N51NmW#D_cf*Gu66~VltVZ@f0=tK`) zzt=2xk(Cc*Sw852ea-(E{@)~cj=y?I>IFCRLUHG>XkHb1_kT;={}mbhKhsd1|GQCH ziY(tTJ39qtsj~bg=Ot#wabk>8T=3bU78K$!kI@ft#uOhf1QRd)K|aNcKibQ2I-4X7 z@8)^KRTEXsI90o+X5E@KTBDd9s&Ywbg5tW$&M|T44VfHWmAlJ>cD{pX^5X|)wio{I zbp`kEzhNkv$p4xO_|HjAoqIG?YahpF%Ds$2h?wYPBsJ+mk$di|6hbaDZoN2>bP~C3 zmzXzUoM`mAG|4S;DY@k~MCiz+A$MooLd-eMxQ$_(=iSp;>s{~uW3Tl*``Q2O^?Sa* z&+q%&du*Z)JwUg+8mJA|Iw<% z_vS=ua*IHfMv86PmYt)vya)Qk6<#K#jq1-@sP(&MOH%zxXKOVDuw0(+v2v$w5f!9g zn1j~~px?VK7Lgzk7!;MQS*C*BE0DeOLl|q=_8qkiiHn_90=eo!QwIDX&;A+Y;anQC zMZ!-$d_%SD5*RQ&kJ-Tp+>rpsoyEbeVzEIe^PyQM*ds;o;QiyB)_O2^O#T1PpvtE2 zPn74&@Gtk zmF3DeI%Dx_!MEQTMBptyoikomOMFs@n~PHWpVN8opd^hdd?;&N3Hw*zPHj`mdTdrg z0KbhA-1IN-1r4-CkurEys<};zbtFLOeq7TJpGfTx_pOmT`}zc9LAI95`nJh zPUrmZzZJR-17%b9Z5A=pxethLR``jmKsh{PXcw2JkC(L9z`8CI2b^9})Msj6`RR`5 zB}&A>*L8c8r4;&b$E?_4v$(o%u`fl!R{e08IEZwA_0y1)(PGV-w%FtbvL@i-^Air= zgO`G8P1P*vk^!>^ZFC00?2eY&{kVCoZQ+Id9rTC2NsEoRgQl#L_r+WSC0W%TtN}H6c z6`LBq<~xB`_fP2~R!pfg&qtgIAtfrvPL>y88_Fbb!XKb8dHq~u`=?CB ze9nRuOy+y+UMQ~9j7+1=JHe|$)#Vr9ve7>9+n5zqfNii3*!k_Bfua)zqBg+aDlK`l zkbQR*3Y-x&g8MF5?w(zMba_}ufjTk>en$b<{=3|zP+7R$BN1zFK1&G_m0paassxsb6z70ZGwp{E z7qo9N5-{taP?-gC>XPtZBhWU0;z2DeT%5El1QF@ zWXuu&-l~Y9yViw0_MF=uskoG0Ovd|{UUQ#FoqEHOG9@cd-jyCOuBpEIW$Z(Jv(sU_ z8#wy0x5QkrAuPRr=F!J$(bTjjy;>asjXZ74Hg^)WP5xCqmRIy$mA}2!cxiwsA&k2D zYx`sWPhIwp%B+&H;Vr#MW^5pfZ^|*}^jhp)426qSmZL#7Kaq9JBOJbqm*%#2)28`o z3#5<9R+%!87!E*Y*9THo!1EQ_zc+2{-l7o44b59^zZoIQqDBJ&7}tNlin;?0!}w~L zA%x^b1gRf5&|4O{jHiI)ZWzAFsM2togG^&!GC$|^J=(#wLS~~bM~`9X3{k>tJh`zU zJZf_@yP-Ia4MKphu!I@V%!H2UeTQfdBhQlYe} z_)EAnk^4OIX}(9&ZPr(+LSt*P&2(RAOh&Ws#94W*xcBK34pF^1fAkgg25cTpo&Qm( znfA2iie4F>y`lQxO3T~G6v9;=z9 zxRitV*~6W!mMg0FG#5r7((l{A3;&TOXqxzkkbV-Is*r8Jkk&I{WlIQu_eU<$x0Y1b z`||niTk9mj@$VqK2b3%pIsqfc;5SG^5Jv(zL6L6BbhFpRHw%Kc{Dix;H6sUXKb?uf z5$7|`mSX-oeyN)#H*JCX{qC zPR{q5a=k|WwhZ(g14|X!%md_}x7!7Ou0v^|tv!wD;RrP?u-I>M+(dG)xZ4^kB<)#ujgrQ_=<1gZ~Bw}S5E{&vwoq1Wj;dOfd zpt05&%#yhVO{v z%JdX?9yN4E(PMG^^R85x57!KxrSEx)HmZkY2hhv)=$I{r(lTuj28HNNU@0;K*|_{P zsQ2yc`9i}9zi-6Hn5PrLj#UUVBn_s9I*7Q z;1PS_sdl-7y3ZLK0?_)C!9BNMxjjgmnn=)0%U^n51c4K7&29Q-qRpQ%mH@VMI+3DB zSTNhoHF$5Td4EBpToIR7iCSktCOqswo?cF+S0{ywE4hsqeIqNj^zJ4|$KH5egi!WCE)U;{S0y#MI<>$`WFpnXK zMqVNq^u9rYu|GxT=TqQ=t%xrc9IscIF%Z9u=22sXW(*oipTE125zHCEiwGdcpaoDs Pp#YdRKT?G<6h!?O^Krrx literal 0 HcmV?d00001 diff --git a/charts/netdata/templates/_helpers.tpl b/charts/netdata/templates/_helpers.tpl index 974543a8..acf8934a 100644 --- a/charts/netdata/templates/_helpers.tpl +++ b/charts/netdata/templates/_helpers.tpl @@ -160,3 +160,31 @@ Return the secret data for the k8s state configuration, when you setup storedTyp {{- end -}} {{- end -}} {{- end -}} + +{{/* +Return the configmap data for the netdata OpenTelemetry configuration. Configmap is the default choice for storing configuration. +*/}} +{{- define "netdata.netdataOpentelemetry.configs.configmap" -}} +{{- range $name, $config := .Values.netdataOpentelemetry.configs -}} +{{- $found := false -}} +{{- if and $config.enabled (eq $config.storedType "configmap") -}} +{{- $found = true -}} +{{- else if and $config.enabled (ne $config.storedType "secret") -}} +{{- $found = true -}} +{{- end -}} +{{- if $found }} +{{ $name }}: {{ tpl $config.data $ | toYaml | indent 4 | trim }} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Return the secret data for the netdata OpenTelemetry configuration, when you setup storedType as a secret. +*/}} +{{- define "netdata.netdataOpentelemetry.configs.secret" -}} +{{- range $name, $config := .Values.netdataOpentelemetry.configs -}} +{{- if and $config.enabled (eq $config.storedType "secret") }} +{{ $name }}: {{ tpl $config.data $ | b64enc }} +{{- end -}} +{{- end -}} +{{- end -}} diff --git a/charts/netdata/templates/netdata-otel/configmap.yaml b/charts/netdata/templates/netdata-otel/configmap.yaml new file mode 100644 index 00000000..5b63f42e --- /dev/null +++ b/charts/netdata/templates/netdata-otel/configmap.yaml @@ -0,0 +1,16 @@ +{{- $configmapOtel := include "netdata.netdataOpentelemetry.configs.configmap" . }} +{{- if and .Values.netdataOpentelemetry.enabled $configmapOtel }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: netdata-conf-otel + namespace: {{ .Release.Namespace }} + labels: + app: {{ template "netdata.name" . }} + chart: {{ template "netdata.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +data: + {{ $configmapOtel | indent 2 }} +{{- end }} diff --git a/charts/netdata/templates/netdata-otel/deployment.yaml b/charts/netdata/templates/netdata-otel/deployment.yaml new file mode 100644 index 00000000..8d8e3fad --- /dev/null +++ b/charts/netdata/templates/netdata-otel/deployment.yaml @@ -0,0 +1,177 @@ +{{- if .Values.netdataOpentelemetry.enabled }} +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ template "netdata.name" . }}-otel + namespace: {{ .Release.Namespace }} + labels: + app: {{ template "netdata.name" . }} + chart: {{ template "netdata.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} + role: otel +spec: + strategy: + type: Recreate + selector: + matchLabels: + app: {{ template "netdata.name" . }} + release: {{ .Release.Name }} + role: otel + template: + metadata: + annotations: + {{- if .Values.netdataOpentelemetry.podAnnotationAppArmor.enabled }} + container.apparmor.security.beta.kubernetes.io/{{ .Chart.Name }}: unconfined + {{- end }} + checksum/config: {{ print (include (print $.Template.BasePath "/netdata-otel/configmap.yaml") .) (include (print $.Template.BasePath "/netdata-otel/secrets.yaml") .) | sha256sum }} +{{- with .Values.netdataOpentelemetry.podAnnotations }} +{{ toYaml . | trim | indent 8 }} +{{- end }} + labels: + app: {{ template "netdata.name" . }} + release: {{ .Release.Name }} + role: otel +{{- with .Values.netdataOpentelemetry.podLabels }} +{{ toYaml . | trim | indent 8 }} +{{- end }} + spec: + securityContext: + fsGroup: 201 + serviceAccountName: {{ .Values.serviceAccount.name }} + restartPolicy: Always + {{- if .Values.netdataOpentelemetry.priorityClassName }} + priorityClassName: "{{ .Values.netdataOpentelemetry.priorityClassName }}" + {{- end }} + {{- if .Values.imagePullSecrets }} + imagePullSecrets: +{{ toYaml .Values.imagePullSecrets | indent 8 }} + {{- end }} + initContainers: + {{- if .Values.sysctlInitContainer.enabled }} + - name: init-sysctl + image: "{{ .Values.initContainersImage.repository }}:{{ .Values.initContainersImage.tag }}" + imagePullPolicy: {{ .Values.initContainersImage.pullPolicy }} + command: +{{ toYaml .Values.sysctlInitContainer.command | indent 12 }} + securityContext: + runAsNonRoot: false + privileged: true + runAsUser: 0 + resources: +{{ toYaml .Values.sysctlInitContainer.resources | indent 12 }} + {{- end }} + containers: + - name: {{ .Chart.Name }} + image: "{{ .Values.image.repository }}:{{ tpl .Values.image.tag . }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + env: + - name: MY_POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: MY_POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + {{- if .Values.netdataOpentelemetry.claiming.enabled }} + - name: NETDATA_CLAIM_URL + value: "{{ .Values.netdataOpentelemetry.claiming.url }}" + {{- if .Values.netdataOpentelemetry.claiming.token }} + - name: NETDATA_CLAIM_TOKEN + value: "{{ .Values.netdataOpentelemetry.claiming.token }}" + {{- end }} + {{- if .Values.netdataOpentelemetry.claiming.rooms }} + - name: NETDATA_CLAIM_ROOMS + value: "{{ .Values.netdataOpentelemetry.claiming.rooms }}" + {{- end }} + {{- end }} + - name: NETDATA_LISTENER_PORT + value: '{{ tpl (.Values.netdataOpentelemetry.port | toString) . }}' + {{- range $key, $value := .Values.netdataOpentelemetry.env }} + - name: {{ $key }} + value: {{ $value | quote }} + {{- end }} + {{- with .Values.netdataOpentelemetry.envFrom }} + envFrom: +{{ toYaml . | indent 12 }} + {{- end }} + ports: + - name: http + containerPort: {{ tpl (.Values.netdataOpentelemetry.port | toString) . }} + protocol: TCP + livenessProbe: + exec: + command: + - /usr/sbin/netdatacli + - ping + initialDelaySeconds: {{ .Values.netdataOpentelemetry.livenessProbe.initialDelaySeconds }} + failureThreshold: {{ .Values.netdataOpentelemetry.livenessProbe.failureThreshold }} + periodSeconds: {{ .Values.netdataOpentelemetry.livenessProbe.periodSeconds }} + successThreshold: {{ .Values.netdataOpentelemetry.livenessProbe.successThreshold }} + timeoutSeconds: {{ .Values.netdataOpentelemetry.livenessProbe.timeoutSeconds }} + readinessProbe: + exec: + command: + - /usr/sbin/netdatacli + - ping + initialDelaySeconds: {{ .Values.netdataOpentelemetry.readinessProbe.initialDelaySeconds }} + failureThreshold: {{ .Values.netdataOpentelemetry.readinessProbe.failureThreshold }} + periodSeconds: {{ .Values.netdataOpentelemetry.readinessProbe.periodSeconds }} + successThreshold: {{ .Values.netdataOpentelemetry.readinessProbe.successThreshold }} + timeoutSeconds: {{ .Values.netdataOpentelemetry.readinessProbe.timeoutSeconds }} + volumeMounts: + - name: os-release + mountPath: /host/etc/os-release + {{- range $name, $config := .Values.netdataOpentelemetry.configs }} + {{- if $config.enabled }} + - name: {{ ternary "configmap" "configsecret" (ne $config.storedType "secret") }} + mountPath: {{ $config.path }} + subPath: {{ $name }} + {{- end }} + {{- end }} + {{- if .Values.netdataOpentelemetry.persistence.enabled }} + - name: varlib + mountPath: /var/lib/netdata + {{- end }} + {{- if .Values.netdataOpentelemetry.extraVolumeMounts -}} +{{ toYaml .Values.netdataOpentelemetry.extraVolumeMounts | nindent 12 }} + {{- end }} + resources: +{{ toYaml .Values.netdataOpentelemetry.resources | indent 12 }} + {{- with .Values.netdataOpentelemetry.nodeSelector }} + nodeSelector: +{{ toYaml . | indent 8 }} + {{- end }} + {{- with .Values.netdataOpentelemetry.affinity }} + affinity: +{{ toYaml . | indent 8 }} + {{- end }} + {{- with .Values.netdataOpentelemetry.tolerations }} + tolerations: +{{ toYaml . | indent 8 }} + {{- end }} + terminationGracePeriodSeconds: {{ .Values.netdataOpentelemetry.terminationGracePeriodSeconds }} + volumes: + - name: os-release + hostPath: + path: /etc/os-release + - name: configmap + configMap: + name: netdata-conf-otel + optional: true + - name: configsecret + secret: + secretName: netdata-conf-otel + optional: true + {{- if .Values.netdataOpentelemetry.persistence.enabled }} + - name: varlib + persistentVolumeClaim: + claimName: {{ template "netdata.name" . }}-otel-varlib + {{- end }} + {{- if .Values.netdataOpentelemetry.extraVolumes }} +{{ toYaml .Values.netdataOpentelemetry.extraVolumes | indent 8}} + {{- end }} + dnsPolicy: {{ .Values.netdataOpentelemetry.dnsPolicy }} +{{- end }} diff --git a/charts/netdata/templates/netdata-otel/persistentvolumeclaim.yaml b/charts/netdata/templates/netdata-otel/persistentvolumeclaim.yaml new file mode 100644 index 00000000..d1edf5ce --- /dev/null +++ b/charts/netdata/templates/netdata-otel/persistentvolumeclaim.yaml @@ -0,0 +1,22 @@ +{{- if and .Values.netdataOpentelemetry.enabled .Values.netdataOpentelemetry.persistence.enabled }} +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: {{ template "netdata.name" . }}-otel-varlib + namespace: {{ .Release.Namespace }} + labels: + app: {{ template "netdata.name" . }} + chart: {{ template "netdata.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} + role: otel +spec: + accessModes: [ "ReadWriteOnce" ] + {{- if (ne "-" .Values.netdataOpentelemetry.persistence.storageclass) }} + storageClassName: "{{ .Values.netdataOpentelemetry.persistence.storageclass }}" + {{- end }} + resources: + requests: + storage: {{ .Values.netdataOpentelemetry.persistence.volumesize }} +{{- end }} diff --git a/charts/netdata/templates/netdata-otel/secrets.yaml b/charts/netdata/templates/netdata-otel/secrets.yaml new file mode 100644 index 00000000..006689ed --- /dev/null +++ b/charts/netdata/templates/netdata-otel/secrets.yaml @@ -0,0 +1,17 @@ +{{- $secretOtel := include "netdata.netdataOpentelemetry.configs.secret" . }} +{{- if and .Values.netdataOpentelemetry.enabled $secretOtel }} +--- +apiVersion: v1 +kind: Secret +metadata: + name: netdata-conf-otel + namespace: {{ .Release.Namespace }} + labels: + app: {{ template "netdata.name" . }} + chart: {{ template "netdata.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +type: Opaque +data: + {{ $secretOtel | indent 2 }} +{{- end }} diff --git a/charts/netdata/templates/netdata-otel/service.yaml b/charts/netdata/templates/netdata-otel/service.yaml new file mode 100644 index 00000000..60c1d67d --- /dev/null +++ b/charts/netdata/templates/netdata-otel/service.yaml @@ -0,0 +1,47 @@ +{{- if .Values.netdataOpentelemetry.enabled }} +--- +apiVersion: v1 +kind: Service +metadata: + name: {{ template "netdata.name" . }}-otel + namespace: {{ .Release.Namespace }} + labels: + app: {{ template "netdata.name" . }} + chart: {{ template "netdata.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} + role: otel + annotations: +{{- with .Values.netdataOpentelemetry.service.annotations }} +{{ toYaml . | trim | indent 4 }} +{{- end }} +spec: + type: {{ .Values.netdataOpentelemetry.service.type }} + {{- if and (eq .Values.netdataOpentelemetry.service.type "LoadBalancer") .Values.netdataOpentelemetry.service.loadBalancerIP }} + loadBalancerIP: {{ .Values.netdataOpentelemetry.service.loadBalancerIP }} + {{- end }} + {{- if and (eq .Values.netdataOpentelemetry.service.type "LoadBalancer") .Values.netdataOpentelemetry.service.loadBalancerSourceRanges }} + loadBalancerSourceRanges: +{{- with .Values.netdataOpentelemetry.service.loadBalancerSourceRanges }} +{{ toYaml . | trim | indent 4 }} +{{- end }} + {{- end }} + {{- if and (eq .Values.netdataOpentelemetry.service.type "LoadBalancer") .Values.netdataOpentelemetry.service.externalTrafficPolicy }} + externalTrafficPolicy: {{ .Values.netdataOpentelemetry.service.externalTrafficPolicy }} + {{- if and (eq .Values.netdataOpentelemetry.service.externalTrafficPolicy "Local") .Values.netdataOpentelemetry.service.healthCheckNodePort }} + healthCheckNodePort: {{ .Values.netdataOpentelemetry.service.healthCheckNodePort }} + {{- end }} + {{- end }} + {{- if and (eq .Values.netdataOpentelemetry.service.type "ClusterIP") .Values.netdataOpentelemetry.service.clusterIP }} + clusterIP: {{ .Values.netdataOpentelemetry.service.clusterIP }} + {{- end }} + ports: + - port: {{ .Values.netdataOpentelemetry.service.port }} + targetPort: http + protocol: TCP + name: http + selector: + app: {{ template "netdata.name" . }} + release: {{ .Release.Name }} + role: otel +{{- end }} diff --git a/charts/netdata/values.yaml b/charts/netdata/values.yaml index 81e851e6..ca32b9b5 100644 --- a/charts/netdata/values.yaml +++ b/charts/netdata/values.yaml @@ -62,7 +62,7 @@ ingress: path: / pathType: Prefix hosts: - - netdata.k8s.local + - netdata.k8s.local ## whole spec is going to be included into ingress spec. ## if you intend to use ingressClassName declaration, remove ingress.class from annotations # spec: @@ -89,7 +89,8 @@ restarter: tag: .auto pullPolicy: Always restartPolicy: Never - resources: {} + resources: + {} # limits: # cpu: 500m # memory: 64Mi @@ -110,7 +111,8 @@ parent: hostname: "netdata-parent" enabled: true port: 19999 - resources: {} + resources: + {} # limits: # cpu: 4 # memory: 4096Mi @@ -145,11 +147,13 @@ parent: priorityClassName: "" - env: {} + env: + {} ## To disable anonymous statistics: # DO_NOT_TRACK: 1 - envFrom: [] + envFrom: + [] ## E.g. to read Netdata Cloud claim token from an existing secret "netdata" set this to: # - secretRef: # name: netdata @@ -246,12 +250,14 @@ parent: child: enabled: true port: "{{ .Values.parent.port }}" - updateStrategy: {} + updateStrategy: + {} # type: RollingUpdate # rollingUpdate: # maxUnavailable: 1 - resources: {} + resources: + {} # limits: # cpu: 4 # memory: 4096Mi @@ -277,8 +283,8 @@ child: nodeSelector: {} tolerations: - - operator: Exists - effect: NoSchedule + - operator: Exists + effect: NoSchedule affinity: {} @@ -361,11 +367,13 @@ child: - name: local url: http://127.0.0.1:10249/metrics - env: {} + env: + {} ## To disable anonymous statistics: # DO_NOT_TRACK: 1 - envFrom: [] + envFrom: + [] ## E.g. to read Netdata Cloud claim token from an existing secret "netdata" set this to: # - secretRef: # name: netdata @@ -378,14 +386,16 @@ child: rooms: "" url: "https://api.netdata.cloud" - extraVolumeMounts: [] + extraVolumeMounts: + [] ## Additional volume mounts for netdata child ## E.g to mount all disks under / to be monitored via the diskspace plugin # - name: hostroot # mountPath: /host/root # readOnly: true # mountPropagation: HostToContainer - extraVolumes: [] + extraVolumes: + [] ## Additional volumes for netdata child ## E.g to mount all disks under / to be monitored via the diskspace plugin # - name: hostroot @@ -397,7 +407,8 @@ k8sState: enabled: true port: "{{ .Values.parent.port }}" - resources: {} + resources: + {} # limits: # cpu: 4 # memory: 4096Mi @@ -507,11 +518,148 @@ k8sState: - name: k8s_state update_every: 1 - env: {} + env: + {} + ## To disable anonymous statistics: + # DO_NOT_TRACK: 1 + + envFrom: + [] + ## E.g. to read Netdata Cloud claim token from an existing secret "netdata" set this to: + # - secretRef: + # name: netdata + ## And create it with: kubectl create secret generic netdata --from-literal="NETDATA_CLAIM_TOKEN=" + ## Also ensure that claim.token is empty + + claiming: + enabled: false + token: "" + rooms: "" + url: "https://api.netdata.cloud" + + extraVolumeMounts: [] + + extraVolumes: [] + +netdataOpentelemetry: + enabled: false + hostname: "netdata-otel" + port: "{{ .Values.parent.port }}" + + ## Service responsible for receiving OTEL logs + service: + type: ClusterIP + port: 4317 + annotations: {} + ## Only to be used with type LoadBalancer + # loadBalancerIP: 10.0.1.69 + # loadBalancerSourceRanges: [] + # externalTrafficPolicy: Local + ## Only to be used with type LoadBalancer and external traffic policy Local + # healthCheckNodePort: + ## Only to be used with type ClusterIP + # clusterIP: 10.1.2.3 + + resources: + {} + # limits: + # cpu: 4 + # memory: 4096Mi + # requests: + # cpu: 4 + # memory: 4096Mi + + livenessProbe: + initialDelaySeconds: 0 + failureThreshold: 3 + periodSeconds: 30 + successThreshold: 1 + timeoutSeconds: 1 + readinessProbe: + initialDelaySeconds: 0 + failureThreshold: 3 + periodSeconds: 30 + successThreshold: 1 + timeoutSeconds: 1 + + terminationGracePeriodSeconds: 30 + + nodeSelector: {} + + tolerations: [] + + affinity: {} + + priorityClassName: "" + + podLabels: {} + + podAnnotationAppArmor: + enabled: true + + podAnnotations: {} + + dnsPolicy: ClusterFirstWithHostNet + + persistence: + enabled: true + ## Set '-' as the storageclass to get a volume from the default storage class. + storageclass: "-" + volumesize: 5Gi + + configs: + netdata: + enabled: true + path: /etc/netdata/netdata.conf + data: | + [global] + hostname = {{ .Values.netdataOpentelemetry.hostname }} + [db] + mode = ram + [web] + bind to = localhost:19999 + [health] + enabled = no + [ml] + enabled = no + [plugins] + timex = no + checks = no + idlejitter = no + tc = no + diskspace = no + proc = no + cgroups = no + enable running new plugins = no + slabinfo = no + perf = no + go.d = yes + ioping = no + ebpf = no + charts.d = no + apps = no + python.d = no + fping = no + stream: + enabled: true + path: /etc/netdata/stream.conf + data: | + [stream] + enabled = {{ ternary "yes" "no" .Values.parent.enabled }} + destination = netdata:{{ .Values.service.port }} + api key = 11111111-2222-3333-4444-555555555555 + timeout seconds = 60 + buffer size bytes = 1048576 + reconnect delay seconds = 5 + initial clock resync iterations = 60 + + env: + {} ## To disable anonymous statistics: # DO_NOT_TRACK: 1 - envFrom: [] + envFrom: + [] ## E.g. to read Netdata Cloud claim token from an existing secret "netdata" set this to: # - secretRef: # name: netdata @@ -527,3 +675,191 @@ k8sState: extraVolumeMounts: [] extraVolumes: [] + +# OpenTelemetry Collector subchart configuration +# This is an optional component that allows to gather logs from k8s cluster. +# If you already have an exporter of any kind, just point it to the netdata-otel service +# Documentation: https://opentelemetry.io/docs/platforms/kubernetes/helm/collector/ +opentelemetryCollector: + # Set to true to enable the OpenTelemetry Collector + enabled: false + + # Deployment mode: daemonset, deployment, or statefulset + mode: daemonset + + # Image configuration + image: + repository: otel/opentelemetry-collector-k8s + + # Presets enable quick configuration for common use cases + presets: + # Collect Kubernetes attributes and add them to logs + kubernetesAttributes: + enabled: true + # Collect logs from Kubernetes pods + logsCollection: + enabled: true + includeCollectorLogs: false + + # OpenTelemetry Collector configuration + config: + receivers: + # Filelog receiver - collects logs from container log files + filelog: + include: + - /var/log/pods/*/*/*.log + exclude: + # Exclude OTel collector's own logs to avoid loop + - /var/log/pods/*/otc-container/*.log + start_at: end + include_file_path: true + include_file_name: false + operators: + # Parse CRI-O/containerd format logs + - type: container + id: container-parser + max_log_size: 102400 + + processors: + # Batch processor - recommended for better performance + batch: + send_batch_size: 1000 + timeout: 10s + send_batch_max_size: 1500 + + # Memory limiter to prevent OOM + memory_limiter: + check_interval: 5s + limit_percentage: 80 + spike_limit_percentage: 25 + + # Resource detection processor + resourcedetection: + detectors: [env, system] + timeout: 5s + + # Kubernetes attributes processor - adds K8s metadata to logs + k8sattributes: + auth_type: "serviceAccount" + passthrough: false + extract: + metadata: + - k8s.namespace.name + - k8s.deployment.name + - k8s.statefulset.name + - k8s.daemonset.name + - k8s.cronjob.name + - k8s.job.name + - k8s.node.name + - k8s.pod.name + - k8s.pod.uid + - k8s.pod.start_time + - k8s.container.name + labels: + - tag_name: app + key: app + from: pod + - tag_name: component + key: component + from: pod + annotations: + - tag_name: annotation.app + key: app + from: pod + pod_association: + - sources: + - from: resource_attribute + name: k8s.pod.ip + - sources: + - from: resource_attribute + name: k8s.pod.uid + - sources: + - from: connection + + exporters: + # OTLP gRPC exporter to your endpoint + otlp: + endpoint: "{{ .Release.Name }}-otel:4317" + tls: + insecure: true + # Uncomment and configure if you need authentication + # headers: + # authorization: "Bearer YOUR_TOKEN" + # api-key: "your-api-key" + + # Retry configuration + retry_on_failure: + enabled: true + initial_interval: 5s + max_interval: 30s + max_elapsed_time: 300s + + # Queue to handle temporary failures + sending_queue: + enabled: true + num_consumers: 10 + queue_size: 1000 + + # Debug exporter for troubleshooting (optional) + # Uncomment to see logs being exported + # debug: + # verbosity: detailed + # sampling_initial: 5 + # sampling_thereafter: 200 + + service: + pipelines: + # Logs pipeline + logs: + receivers: [filelog] + processors: [memory_limiter, k8sattributes, resourcedetection, batch] + exporters: [otlp] + + # Resources + resources: + limits: + cpu: 200m + memory: 256Mi + requests: + cpu: 100m + memory: 128Mi + + # Service account with necessary RBAC permissions + serviceAccount: + create: true + + # RBAC for accessing Kubernetes API + clusterRole: + create: true + rules: + - apiGroups: [""] + resources: ["pods", "namespaces", "nodes"] + verbs: ["get", "list", "watch"] + - apiGroups: ["apps"] + resources: ["replicasets"] + verbs: ["get", "list", "watch"] + + # Tolerations to run on all nodes + tolerations: + - effect: NoSchedule + operator: Exists + - effect: NoExecute + operator: Exists + + # Ports configuration + ports: + otlp: + enabled: true + containerPort: 4317 + servicePort: 4317 + protocol: TCP + otlp-http: + enabled: true + containerPort: 4318 + servicePort: 4318 + protocol: TCP + metrics: + enabled: true + containerPort: 8888 + servicePort: 8888 + protocol: TCP From b2922fab076a18ae8742f0d7a2b93ffa9afbb359 Mon Sep 17 00:00:00 2001 From: Mateusz Date: Fri, 23 Jan 2026 15:59:34 +0100 Subject: [PATCH 02/10] fixing naming, configuration, mounts for netdata-otel feat --- charts/netdata/Chart.yaml | 4 +- .../templates/netdata-otel/deployment.yaml | 4 +- .../netdata-otel/persistentvolumeclaim.yaml | 2 +- .../templates/netdata-otel/service.yaml | 4 +- charts/netdata/values.yaml | 78 ++++++++++--------- 5 files changed, 50 insertions(+), 42 deletions(-) diff --git a/charts/netdata/Chart.yaml b/charts/netdata/Chart.yaml index 4c150044..e7d64098 100644 --- a/charts/netdata/Chart.yaml +++ b/charts/netdata/Chart.yaml @@ -19,7 +19,7 @@ appVersion: v2.8.5 dependencies: - name: opentelemetry-collector - alias: opentelemetryCollector + alias: otel-collector version: "0.115.0" repository: "https://open-telemetry.github.io/opentelemetry-helm-charts" - condition: opentelemetryCollector.enabled + condition: otel-collector.enabled diff --git a/charts/netdata/templates/netdata-otel/deployment.yaml b/charts/netdata/templates/netdata-otel/deployment.yaml index 8d8e3fad..6db1cae3 100644 --- a/charts/netdata/templates/netdata-otel/deployment.yaml +++ b/charts/netdata/templates/netdata-otel/deployment.yaml @@ -133,7 +133,7 @@ spec: {{- end }} {{- if .Values.netdataOpentelemetry.persistence.enabled }} - name: varlib - mountPath: /var/lib/netdata + mountPath: /var/log/netdata/otel {{- end }} {{- if .Values.netdataOpentelemetry.extraVolumeMounts -}} {{ toYaml .Values.netdataOpentelemetry.extraVolumeMounts | nindent 12 }} @@ -168,7 +168,7 @@ spec: {{- if .Values.netdataOpentelemetry.persistence.enabled }} - name: varlib persistentVolumeClaim: - claimName: {{ template "netdata.name" . }}-otel-varlib + claimName: {{ template "netdata.name" . }}-otel-varlog {{- end }} {{- if .Values.netdataOpentelemetry.extraVolumes }} {{ toYaml .Values.netdataOpentelemetry.extraVolumes | indent 8}} diff --git a/charts/netdata/templates/netdata-otel/persistentvolumeclaim.yaml b/charts/netdata/templates/netdata-otel/persistentvolumeclaim.yaml index d1edf5ce..476a4f04 100644 --- a/charts/netdata/templates/netdata-otel/persistentvolumeclaim.yaml +++ b/charts/netdata/templates/netdata-otel/persistentvolumeclaim.yaml @@ -3,7 +3,7 @@ apiVersion: v1 kind: PersistentVolumeClaim metadata: - name: {{ template "netdata.name" . }}-otel-varlib + name: {{ template "netdata.name" . }}-otel-varlog namespace: {{ .Release.Namespace }} labels: app: {{ template "netdata.name" . }} diff --git a/charts/netdata/templates/netdata-otel/service.yaml b/charts/netdata/templates/netdata-otel/service.yaml index 60c1d67d..820e03f2 100644 --- a/charts/netdata/templates/netdata-otel/service.yaml +++ b/charts/netdata/templates/netdata-otel/service.yaml @@ -37,9 +37,9 @@ spec: {{- end }} ports: - port: {{ .Values.netdataOpentelemetry.service.port }} - targetPort: http + targetPort: {{ .Values.netdataOpentelemetry.service.port }} protocol: TCP - name: http + name: otel selector: app: {{ template "netdata.name" . }} release: {{ .Release.Name }} diff --git a/charts/netdata/values.yaml b/charts/netdata/values.yaml index ca32b9b5..a7489307 100644 --- a/charts/netdata/values.yaml +++ b/charts/netdata/values.yaml @@ -89,8 +89,7 @@ restarter: tag: .auto pullPolicy: Always restartPolicy: Never - resources: - {} + resources: {} # limits: # cpu: 500m # memory: 64Mi @@ -111,8 +110,7 @@ parent: hostname: "netdata-parent" enabled: true port: 19999 - resources: - {} + resources: {} # limits: # cpu: 4 # memory: 4096Mi @@ -147,13 +145,11 @@ parent: priorityClassName: "" - env: - {} + env: {} ## To disable anonymous statistics: # DO_NOT_TRACK: 1 - envFrom: - [] + envFrom: [] ## E.g. to read Netdata Cloud claim token from an existing secret "netdata" set this to: # - secretRef: # name: netdata @@ -250,14 +246,12 @@ parent: child: enabled: true port: "{{ .Values.parent.port }}" - updateStrategy: - {} + updateStrategy: {} # type: RollingUpdate # rollingUpdate: # maxUnavailable: 1 - resources: - {} + resources: {} # limits: # cpu: 4 # memory: 4096Mi @@ -367,13 +361,11 @@ child: - name: local url: http://127.0.0.1:10249/metrics - env: - {} + env: {} ## To disable anonymous statistics: # DO_NOT_TRACK: 1 - envFrom: - [] + envFrom: [] ## E.g. to read Netdata Cloud claim token from an existing secret "netdata" set this to: # - secretRef: # name: netdata @@ -386,16 +378,14 @@ child: rooms: "" url: "https://api.netdata.cloud" - extraVolumeMounts: - [] + extraVolumeMounts: [] ## Additional volume mounts for netdata child ## E.g to mount all disks under / to be monitored via the diskspace plugin # - name: hostroot # mountPath: /host/root # readOnly: true # mountPropagation: HostToContainer - extraVolumes: - [] + extraVolumes: [] ## Additional volumes for netdata child ## E.g to mount all disks under / to be monitored via the diskspace plugin # - name: hostroot @@ -407,8 +397,7 @@ k8sState: enabled: true port: "{{ .Values.parent.port }}" - resources: - {} + resources: {} # limits: # cpu: 4 # memory: 4096Mi @@ -518,13 +507,11 @@ k8sState: - name: k8s_state update_every: 1 - env: - {} + env: {} ## To disable anonymous statistics: # DO_NOT_TRACK: 1 - envFrom: - [] + envFrom: [] ## E.g. to read Netdata Cloud claim token from an existing secret "netdata" set this to: # - secretRef: # name: netdata @@ -560,8 +547,7 @@ netdataOpentelemetry: ## Only to be used with type ClusterIP # clusterIP: 10.1.2.3 - resources: - {} + resources: {} # limits: # cpu: 4 # memory: 4096Mi @@ -605,7 +591,7 @@ netdataOpentelemetry: enabled: true ## Set '-' as the storageclass to get a volume from the default storage class. storageclass: "-" - volumesize: 5Gi + volumesize: 10Gi configs: netdata: @@ -631,6 +617,8 @@ netdataOpentelemetry: proc = no cgroups = no enable running new plugins = no + otel = yes + journal-viewer = yes slabinfo = no perf = no go.d = yes @@ -652,14 +640,34 @@ netdataOpentelemetry: buffer size bytes = 1048576 reconnect delay seconds = 5 initial clock resync iterations = 60 - - env: - {} + otel: + enabled: true + path: /etc/netdata/otel.yaml + data: | + endpoint: + path: "0.0.0.0:4317" + tls_cert_path: null + tls_key_path: null + tls_ca_cert_path: null + metrics: + print_flattened: false + buffer_samples: 10 + throttle_charts: 100 + chart_configs_dir: otel.d/v1/metrics + logs: + journal_dir: otel/v1 + size_of_journal_file: "100MB" + number_of_journal_files: 10 + size_of_journal_files: "1GB" + duration_of_journal_files: "7 days" + duration_of_journal_file: "2 hours" + store_otlp_json: false + + env: {} ## To disable anonymous statistics: # DO_NOT_TRACK: 1 - envFrom: - [] + envFrom: [] ## E.g. to read Netdata Cloud claim token from an existing secret "netdata" set this to: # - secretRef: # name: netdata @@ -680,7 +688,7 @@ netdataOpentelemetry: # This is an optional component that allows to gather logs from k8s cluster. # If you already have an exporter of any kind, just point it to the netdata-otel service # Documentation: https://opentelemetry.io/docs/platforms/kubernetes/helm/collector/ -opentelemetryCollector: +otel-collector: # Set to true to enable the OpenTelemetry Collector enabled: false From ac92e27cfa1269556a59a5e07e8ea878424f1eab Mon Sep 17 00:00:00 2001 From: Mateusz Date: Fri, 30 Jan 2026 14:53:52 +0100 Subject: [PATCH 03/10] changes to docs, checks, otel values --- .github/workflows/checks.yml | 19 + charts/netdata/Chart.lock | 6 +- charts/netdata/Chart.yaml | 2 +- charts/netdata/README.md | 2412 +++++++++++++++-- .../opentelemetry-collector-0.115.0.tgz | Bin 35597 -> 0 bytes .../opentelemetry-collector-0.144.0.tgz | Bin 0 -> 31766 bytes .../templates/netdata-otel/service.yaml | 2 +- charts/netdata/values.yaml | 492 +++- generate-documentation.sh | 5 + templates/netdata-README.md.gotmpl | 330 +++ 10 files changed, 3037 insertions(+), 231 deletions(-) delete mode 100644 charts/netdata/charts/opentelemetry-collector-0.115.0.tgz create mode 100644 charts/netdata/charts/opentelemetry-collector-0.144.0.tgz create mode 100755 generate-documentation.sh create mode 100644 templates/netdata-README.md.gotmpl diff --git a/.github/workflows/checks.yml b/.github/workflows/checks.yml index 6c07e190..bc5399ff 100644 --- a/.github/workflows/checks.yml +++ b/.github/workflows/checks.yml @@ -32,6 +32,22 @@ jobs: echo "changed=true" >> $GITHUB_OUTPUT fi + - name: Install helm-docs + run: | + GOBIN=/usr/local/bin/ go install github.com/norwoodj/helm-docs/cmd/helm-docs@v1.14.2 + + - name: Add helm repo for otel + run: | + helm repo add opentelemetry-collector https://open-telemetry.github.io/opentelemetry-helm-charts + + - name: Check documentation is up-to-date + run: | + ./generate-documentation.sh + if ! git diff --exit-code charts/netdata/README.md; then + echo "::error::README.md is out of date. Please run ./generate-documentation.sh and commit the changes." + exit 1 + fi + - name: Run chart-testing (lint) run: ct lint --check-version-increment=false --validate-maintainers=false --target-branch ${{ github.event.repository.default_branch }} @@ -41,3 +57,6 @@ jobs: - name: Run chart-testing (install) run: ct install --target-branch ${{ github.event.repository.default_branch }} + + - name: Run chart-testing (install with OpenTelemetry) + run: ct install --target-branch ${{ github.event.repository.default_branch }} --helm-extra-set-args "--set netdataOpentelemetry.enabled=true --set otel-collector.enabled=true" diff --git a/charts/netdata/Chart.lock b/charts/netdata/Chart.lock index 14245c45..aa7d63d1 100644 --- a/charts/netdata/Chart.lock +++ b/charts/netdata/Chart.lock @@ -1,6 +1,6 @@ dependencies: - name: opentelemetry-collector repository: https://open-telemetry.github.io/opentelemetry-helm-charts - version: 0.115.0 -digest: sha256:64b58dabaaf8b4d9cac1a83f9e80ac632019843b2c42159051ecc5cb9700d8bb -generated: "2026-01-14T17:46:09.646928103+01:00" + version: 0.144.0 +digest: sha256:4386d6f39c3aacd5eeb07d40dcc23404d33001d1c6a90e8843d5fa9bd1b34f24 +generated: "2026-01-29T13:37:43.621411516+01:00" diff --git a/charts/netdata/Chart.yaml b/charts/netdata/Chart.yaml index e7d64098..2217cba0 100644 --- a/charts/netdata/Chart.yaml +++ b/charts/netdata/Chart.yaml @@ -20,6 +20,6 @@ appVersion: v2.8.5 dependencies: - name: opentelemetry-collector alias: otel-collector - version: "0.115.0" + version: "0.144.0" repository: "https://open-telemetry.github.io/opentelemetry-helm-charts" condition: otel-collector.enabled diff --git a/charts/netdata/README.md b/charts/netdata/README.md index db3a71ba..95b02a79 100644 --- a/charts/netdata/README.md +++ b/charts/netdata/README.md @@ -2,9 +2,9 @@ Artifact HUB -Version: 3.7.158 +![Version: 3.7.158](https://img.shields.io/badge/Version-3.7.158-informational?style=flat-square) -AppVersion: v2.8.5 +![AppVersion: v2.8.5](https://img.shields.io/badge/AppVersion-v2.8.5-informational?style=flat-square) _Based on the work of varyumin (https://github.com/varyumin/netdata)_. @@ -67,19 +67,19 @@ Netdata is a comprehensive monitoring solution that requires specific access to ### Required Kubernetes RBAC Resources -| Resource | Verbs | Components & Descriptions | +| Resource | Verbs | Components & Descriptions | |:-------------------|:-----------------|:-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| | pods | get, list, watch | • **service discovery**: Used for discovering services.
• **go.d/k8s_state**: Kubernetes state monitoring.
• **netdata**: Used by cgroup-name.sh and get-kubernetes-labels.sh scripts. | -| services | get, list, watch | • **service discovery**: Used for discovering services. | -| configmaps | get, list, watch | • **service discovery**: Used for discovering services. | -| secrets | get, list, watch | • **service discovery**: Used for discovering services. | -| nodes | get, list, watch | • **go.d/k8s_state**: Kubernetes state monitoring. | -| nodes/metrics | get, list, watch | • **go.d/k8s_kubelet**: Used when querying Kubelet HTTPS endpoint. | -| nodes/proxy | get, list, watch | • **netdata**: Used by cgroup-name.sh when querying Kubelet /pods endpoint. | -| deployments (apps) | get, list, watch | • **go.d/k8s_state**: Kubernetes state monitoring. | -| cronjobs (batch) | get, list, watch | • **go.d/k8s_state**: Kubernetes state monitoring. | -| jobs (batch) | get, list, watch | • **go.d/k8s_state**: Kubernetes state monitoring. | -| namespaces | get | • **go.d/k8s_state**: Kubernetes state monitoring.
• **netdata**: Used by cgroup-name.sh and get-kubernetes-labels.sh scripts. | +| services | get, list, watch | • **service discovery**: Used for discovering services. | +| configmaps | get, list, watch | • **service discovery**: Used for discovering services. | +| secrets | get, list, watch | • **service discovery**: Used for discovering services. | +| nodes | get, list, watch | • **go.d/k8s_state**: Kubernetes state monitoring. | +| nodes/metrics | get, list, watch | • **go.d/k8s_kubelet**: Used when querying Kubelet HTTPS endpoint. | +| nodes/proxy | get, list, watch | • **netdata**: Used by cgroup-name.sh when querying Kubelet /pods endpoint. | +| deployments (apps) | get, list, watch | • **go.d/k8s_state**: Kubernetes state monitoring. | +| cronjobs (batch) | get, list, watch | • **go.d/k8s_state**: Kubernetes state monitoring. | +| jobs (batch) | get, list, watch | • **go.d/k8s_state**: Kubernetes state monitoring. | +| namespaces | get | • **go.d/k8s_state**: Kubernetes state monitoring.
• **netdata**: Used by cgroup-name.sh and get-kubernetes-labels.sh scripts. | @@ -134,175 +134,2219 @@ The command removes all the Kubernetes components associated with the chart and The following table lists the configurable parameters of the netdata chart and their default values. -| Parameter | Description | Default | -|-----------------------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------|-----------------------------------------------------------------------------------------| -| `kubeVersion` | Kubernetes version | Autodetected | -| `replicaCount` | Number of `replicas` for the parent netdata `Deployment` | `1` | -| `imagePullSecrets` | An optional list of references to secrets in the same namespace to use for pulling any of the images | `[]` | -| `image.repository` | Container image repo | `netdata/netdata` | -| `image.tag` | Container image tag | Latest stable netdata release | -| `image.pullPolicy` | Container image pull policy | `Always` | -| `service.type` | Parent service type | `ClusterIP` | -| `service.port` | Parent service port | `19999` | -| `service.loadBalancerIP` | Static LoadBalancer IP, only to be used with service type=LoadBalancer | `""` | -| `service.loadBalancerSourceRanges` | List of allowed IPs for LoadBalancer | `[]` | -| `service.externalTrafficPolicy` | Denotes if this Service desires to route external traffic to node-local or cluster-wide endpoints | `Cluster` | -| `service.healthCheckNodePort` | Specifies the health check node port | Allocated a port from your cluster's NodePort range | -| `service.clusterIP` | Specific cluster IP when service type is cluster IP. Use `None` for headless service | Allocated an IP from your cluster's service IP range | -| `service.annotations` | Additional annotations to add to the service | `{}` | -| `ingress.enabled` | Create Ingress to access the netdata web UI | `true` | -| `ingress.apiVersion` | apiVersion for the Ingress | Depends on Kubernetes version | -| `ingress.annotations` | Associate annotations to the Ingress | `kubernetes.io/ingress.class: nginx` and `kubernetes.io/tls-acme: "true"` | -| `ingress.path` | URL path for the ingress. If changed, a proxy server needs to be configured in front of netdata to translate path from a custom one to a `/` | `/` | -| `ingress.pathType` | pathType for your ingress contrller. Default value is correct for nginx. If you use yor own ingress controller, check the correct value | `Prefix` | -| `ingress.hosts` | URL hostnames for the ingress (they need to resolve to the external IP of the ingress controller) | `netdata.k8s.local` | -| `ingress.spec` | Spec section for ingress object. Everything there will be included into the object on deplyoment | `{}` | -| `ingress.spec.ingressClassName` | Ingress class declaration for Kubernetes version 1.19+. Annotation ingress.class should be removed if this type of declaration is used | `nginx` | -| `rbac.create` | if true, create & use RBAC resources | `true` | -| `rbac.pspEnabled` | Specifies whether a PodSecurityPolicy should be created. | `true` | -| `serviceAccount.create` | if true, create a service account | `true` | -| `serviceAccount.name` | The name of the service account to use. If not set and create is true, a name is generated using the fullname template. | `netdata` | -| `clusterrole.name` | Name of the cluster role linked with the service account | `netdata` | -| `APIKEY` | The key shared between the parent and the child netdata for streaming | `11111111-2222-3333-4444-555555555555` | -| `restarter.enabled` | Install CronJob to update Netdata Pods | `false` | -| `restarter.schedule` | The schedule in Cron format | `00 06 * * *` | -| `restarter.image.repository` | Container image repo | `rancher/kubectl` | -| `restarter.image.tag` | Container image tag if `.auto`, the image tag version of `rancher/kubectl` will reflect the Kubernetes cluster version | `.auto` | -| `restarter.image.pullPolicy` | Container image pull policy | `Always` | -| `restarter.image.restartPolicy` | Container restart policy | `Never` | -| `restarter.image.resources` | Container resources | `{}` | -| `restarter.concurrencyPolicy` | Specifies how to treat concurrent executions of a job | `Forbid` | -| `restarter.startingDeadlineSeconds` | Optional deadline in seconds for starting the job if it misses scheduled time for any reason | `60` | -| `restarter.successfulJobsHistoryLimit` | The number of successful finished jobs to retain | `3` | -| `restarter.failedJobsHistoryLimit` | The number of failed finished jobs to retain | `3` | -| `parent.hostname` | Parent node hostname | `netdata-parent` | -| `parent.enabled` | Install parent Deployment to receive metrics from children nodes | `true` | -| `parent.port` | Parent's listen port | `19999` | -| `parent.resources` | Resources for the parent deployment | `{}` | -| `parent.livenessProbe.initialDelaySeconds` | Number of seconds after the container has started before liveness probes are initiated | `0` | -| `parent.livenessProbe.failureThreshold` | When a liveness probe fails, Kubernetes will try failureThreshold times before giving up. Giving up the liveness probe means restarting the container | `3` | -| `parent.livenessProbe.periodSeconds` | How often (in seconds) to perform the liveness probe | `30` | -| `parent.livenessProbe.successThreshold` | Minimum consecutive successes for the liveness probe to be considered successful after having failed | `1` | -| `parent.livenessProbe.timeoutSeconds` | Number of seconds after which the liveness probe times out | `1` | -| `parent.readinessProbe.initialDelaySeconds` | Number of seconds after the container has started before readiness probes are initiated | `0` | -| `parent.readinessProbe.failureThreshold` | When a readiness probe fails, Kubernetes will try failureThreshold times before giving up. Giving up the readiness probe means marking the Pod Unready | `3` | -| `parent.readinessProbe.periodSeconds` | How often (in seconds) to perform the readiness probe | `30` | -| `parent.readinessProbe.successThreshold` | Minimum consecutive successes for the readiness probe to be considered successful after having failed | `1` | -| `parent.readinessProbe.timeoutSeconds` | Number of seconds after which the readiness probe times out | `1` | -| `parent.terminationGracePeriodSeconds` | Duration in seconds the pod needs to terminate gracefully | `300` | -| `parent.nodeSelector` | Node selector for the parent deployment | `{}` | -| `parent.tolerations` | Tolerations settings for the parent deployment | `[]` | -| `parent.affinity` | Affinity settings for the parent deployment | `{}` | -| `parent.priorityClassName` | Pod priority class name for the parent deployment | `""` | -| `parent.database.persistence` | Whether the parent should use a persistent volume for the DB | `true` | -| `parent.database.storageclass` | The storage class for the persistent volume claim of the parent's database store, mounted to `/var/cache/netdata` | the default storage class | -| `parent.database.volumesize` | The storage space for the PVC of the parent database | `5Gi` | -| `parent.alarms.persistence` | Whether the parent should use a persistent volume for the alarms log | `true` | -| `parent.alarms.storageclass` | The storage class for the persistent volume claim of the parent's alarm log, mounted to `/var/lib/netdata` | the default storage class | -| `parent.alarms.volumesize` | The storage space for the PVC of the parent alarm log | `1Gi` | -| `parent.env` | Set environment parameters for the parent deployment | `{}` | -| `parent.envFrom` | Set environment parameters for the parent deployment from ConfigMap and/or Secrets | `[]` | -| `parent.podLabels` | Additional labels to add to the parent pods | `{}` | -| `parent.podAnnotations` | Additional annotations to add to the parent pods | `{}` | -| `parent.dnsPolicy` | DNS policy for pod | `Default` | -| `parent.configs` | Manage custom parent's configs | See [Configuration files](#configuration-files). | -| `parent.claiming.enabled` | Enable parent claiming for netdata cloud | `false` | -| `parent.claiming.token` | Claim token | `""` | -| `parent.claiming.room` | Comma separated list of claim rooms IDs | `""` | -| `parent.securityContext.runAsUser` | The UID to run the container process | `201` | -| `parent.securityContext.runAsGroup` | The GID to run the container process | `201` | -| `parent.securityContext.fsGroup` | The supplementary group for setting permissions on volumes | `201` | -| `parent.extraInitContainers` | Additional init containers to add to the parent pods | `[]` | -| `parent.extraVolumeMounts` | Additional volumeMounts to add to the parent pods | `[]` | -| `parent.extraVolumes` | Additional volumes to add to the parent pods | `[]` | -| `k8sState.hostname` | K8s state node hostname | `netdata-k8s-state` | -| `k8sState.enabled` | Install this Deployment to gather data from K8s cluster | `true` | -| `k8sState.port` | Listen port | `service.port` (Same as parent's listen port) | -| `k8sState.resources` | Compute resources required by this Deployment | `{}` | -| `k8sState.livenessProbe.initialDelaySeconds` | Number of seconds after the container has started before liveness probes are initiated | `0` | -| `k8sState.livenessProbe.failureThreshold` | When a liveness probe fails, Kubernetes will try failureThreshold times before giving up. Giving up the liveness probe means restarting the container | `3` | -| `k8sState.livenessProbe.periodSeconds` | How often (in seconds) to perform the liveness probe | `30` | -| `k8sState.livenessProbe.successThreshold` | Minimum consecutive successes for the liveness probe to be considered successful after having failed | `1` | -| `k8sState.livenessProbe.timeoutSeconds` | Number of seconds after which the liveness probe times out | `1` | -| `k8sState.readinessProbe.initialDelaySeconds` | Number of seconds after the container has started before readiness probes are initiated | `0` | -| `k8sState.readinessProbe.failureThreshold` | When a readiness probe fails, Kubernetes will try failureThreshold times before giving up. Giving up the readiness probe means marking the Pod Unready | `3` | -| `k8sState.readinessProbe.periodSeconds` | How often (in seconds) to perform the readiness probe | `30` | -| `k8sState.readinessProbe.successThreshold` | Minimum consecutive successes for the readiness probe to be considered successful after having failed | `1` | -| `k8sState.readinessProbe.timeoutSeconds` | Number of seconds after which the readiness probe times out | `1` | -| `k8sState.terminationGracePeriodSeconds` | Duration in seconds the pod needs to terminate gracefully | `30` | -| `k8sState.terminationGracePeriodSeconds` | Duration in seconds the pod needs to terminate gracefully | `300` | -| `k8sState.nodeSelector` | Node selector | `{}` | -| `k8sState.tolerations` | Tolerations settings | `[]` | -| `k8sState.affinity` | Affinity settings | `{}` | -| `k8sState.priorityClassName` | Pod priority class name | `""` | -| `k8sState.podLabels` | Additional labels | `{}` | -| `k8sState.podAnnotations` | Additional annotations | `{}` | -| `k8sState.podAnnotationAppArmor.enabled` | Whether or not to include the AppArmor security annotation | `true` | -| `k8sState.dnsPolicy` | DNS policy for pod | `ClusterFirstWithHostNet` | -| `k8sState.persistence.enabled` | Whether should use a persistent volume for `/var/lib/netdata` | `true` | -| `k8sState.persistence.storageclass` | The storage class for the persistent volume claim of `/var/lib/netdata` | the default storage class | -| `k8sState.persistence.volumesize` | The storage space for the PVC of `/var/lib/netdata` | `1Gi` | -| `k8sState.env` | Set environment parameters | `{}` | -| `k8sState.envFrom` | Set environment parameters from ConfigMap and/or Secrets | `[]` | -| `k8sState.configs` | Manage custom configs | See [Configuration files](#configuration-files). | -| `k8sState.claiming.enabled` | Enable claiming for netdata cloud | `false` | -| `k8sState.claiming.token` | Claim token | `""` | -| `k8sState.claiming.room` | Comma separated list of claim rooms IDs | `""` | -| `k8sState.extraVolumeMounts` | Additional volumeMounts to add to the k8sState pods | `[]` | -| `k8sState.extraVolumes` | Additional volumes to add to the k8sState pods | `[]` | -| `child.enabled` | Install child DaemonSet to gather data from nodes | `true` | -| `child.port` | Children's listen port | `service.port` (Same as parent's listen port) | -| `child.updateStrategy` | An update strategy to replace existing DaemonSet pods with new pods | `{}` | -| `child.resources` | Resources for the child DaemonSet | `{}` | -| `child.livenessProbe.initialDelaySeconds` | Number of seconds after the container has started before liveness probes are initiated | `0` | -| `child.livenessProbe.failureThreshold` | When a liveness probe fails, Kubernetes will try failureThreshold times before giving up. Giving up the liveness probe means restarting the container | `3` | -| `child.livenessProbe.periodSeconds` | How often (in seconds) to perform the liveness probe | `30` | -| `child.livenessProbe.successThreshold` | Minimum consecutive successes for the liveness probe to be considered successful after having failed | `1` | -| `child.livenessProbe.timeoutSeconds` | Number of seconds after which the liveness probe times out | `1` | -| `child.readinessProbe.initialDelaySeconds` | Number of seconds after the container has started before readiness probes are initiated | `0` | -| `child.readinessProbe.failureThreshold` | When a readiness probe fails, Kubernetes will try failureThreshold times before giving up. Giving up the readiness probe means marking the Pod Unready | `3` | -| `child.readinessProbe.periodSeconds` | How often (in seconds) to perform the readiness probe | `30` | -| `child.readinessProbe.successThreshold` | Minimum consecutive successes for the readiness probe to be considered successful after having failed | `1` | -| `child.readinessProbe.timeoutSeconds` | Number of seconds after which the readiness probe times out | `1` | -| `child.terminationGracePeriodSeconds` | Duration in seconds the pod needs to terminate gracefully | `30` | -| `child.nodeSelector` | Node selector for the child daemonsets | `{}` | -| `child.tolerations` | Tolerations settings for the child daemonsets | `- operator: Exists` with `effect: NoSchedule` | -| `child.affinity` | Affinity settings for the child daemonsets | `{}` | -| `child.priorityClassName` | Pod priority class name for the child daemonsets | `""` | -| `child.env` | Set environment parameters for the child daemonset | `{}` | -| `child.envFrom` | Set environment parameters for the child daemonset from ConfigMap and/or Secrets | `[]` | -| `child.podLabels` | Additional labels to add to the child pods | `{}` | -| `child.podAnnotations` | Additional annotations to add to the child pods | `{}` | -| `child.hostNetwork` | Usage of host networking and ports | `true` | -| `child.dnsPolicy` | DNS policy for pod. Should be `ClusterFirstWithHostNet` if `child.hostNetwork = true` | `ClusterFirstWithHostNet` | -| `child.podAnnotationAppArmor.enabled` | Whether or not to include the AppArmor security annotation | `true` | -| `child.persistence.hostPath` | Host node directory for storing child instance data | `/var/lib/netdata-k8s-child` | -| `child.persistence.enabled` | Whether or not to persist `/var/lib/netdata` in the `child.persistence.hostPath`. | `true` | -| `child.podsMetadata.useKubelet` | Send requests to the Kubelet /pods endpoint instead of Kubernetes API server to get pod metadata | `false` | -| `child.podsMetadata.kubeletUrl` | Kubelet URL | `https://localhost:10250` | -| `child.configs` | Manage custom child's configs | See [Configuration files](#configuration-files). | -| `child.claiming.enabled` | Enable child claiming for netdata cloud | `false` | -| `child.claiming.token` | Claim token | `""` | -| `child.claiming.room` | Comma separated list of claim rooms IDs | `""` | -| `child.extraVolumeMounts` | Additional volumeMounts to add to the child pods | `[]` | -| `child.extraVolumes` | Additional volumes to add to the child pods | `[]` | -| `notifications.slack.webhook_url` | Slack webhook URL | `""` | -| `notifications.slack.recipient` | Slack recipient list | `""` | -| `initContainersImage.repository` | Init containers' image repository | `alpine` | -| `initContainersImage.tag` | Init containers' image tag | `latest` | -| `initContainersImage.pullPolicy` | Init containers' image pull policy | `Always` | -| `sysctlInitContainer.enabled` | Enable an init container to modify Kernel settings | `false` | -| `sysctlInitContainer.command` | sysctl init container command to execute | [] | -| `sysctlInitContainer.resources` | sysctl Init container CPU/Memory resource requests/limits | {} | -| `sd.image.repository` | Service-discovery image repo | `netdata/agent-sd` | -| `sd.image.tag` | Service-discovery image tag | Latest stable release (e.g. `v0.2.2`) | -| `sd.image.pullPolicy` | Service-discovery image pull policy | `Always` | -| `sd.child.enabled` | Add service-discovery sidecar container to the netdata child pod definition | `true` | -| `sd.child.resources` | Child service-discovery container CPU/Memory resource requests/limits | `{resources: {limits: {cpu: 50m, memory: 150Mi}, requests: {cpu: 50m, memory: 100Mi}}}` | -| `sd.child.configmap.name` | Child service-discovery ConfigMap name | `netdata-child-sd-config-map` | -| `sd.child.configmap.key` | Child service-discovery ConfigMap key | `config.yml` | -| `sd.child.configmap.from.file` | File to use for child service-discovery configuration generation | `sdconfig/sd-child.yml` | -| `sd.child.configmap.from.value` | Value to use for child service-discovery configuration generation | `{}` | +

General settings

+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
KeyTypeDefaultDescription
replicaCountint
+1
+
+		Number of `replicas` for the parent netdata `Deployment`
deploymentStrategyobject
+{
+  "type": "Recreate"
+}
+
+		Deployment strategy for pod deployments. Recreate is the safest value.
imagePullSecretslist
+[]
+
+		An optional list of references to secrets in the same namespace to use for pulling any of the images
image.repositorystring
+"netdata/netdata"
+
+		Container image repository
image.tagstring
+"{{ .Chart.AppVersion }}"
+
+		Container image tag
image.pullPolicystring
+"Always"
+
+		Container image pull policy
initContainersImage.repositorystring
+"alpine"
+
+		Init containers' image repository
initContainersImage.tagstring
+"latest"
+
+		Init containers' image tag
initContainersImage.pullPolicystring
+"Always"
+
+		Init containers' image pull policy
sysctlInitContainer.enabledbool
+false
+
+		Enable an init container to modify Kernel settings
sysctlInitContainer.commandlist
+[]
+
+		sysctl init container command to execute
sysctlInitContainer.resourcesobject
+{}
+
+		sysctl Init container CPU/Memory resource requests/limits
service.typestring
+"ClusterIP"
+
+		Parent service type
service.portint
+19999
+
+		Parent service port
service.annotationsobject
+{}
+
+		Additional annotations to add to the service
service.loadBalancerIPstring
+""
+
+		Static LoadBalancer IP, only to be used with service type=LoadBalancer
service.loadBalancerSourceRangeslist
+[]
+
+		List of allowed IPs for LoadBalancer
service.externalTrafficPolicystring
+""
+
+		Denotes if this Service desires to route external traffic to node-local or cluster-wide endpoints
service.healthCheckNodePortstring
+null
+
+		Specifies the health check node port (only to be used with type LoadBalancer and external traffic policy Local)
service.clusterIPstring
+""
+
+		Specific cluster IP when service type is cluster IP. Use `None` for headless service
ingress.enabledbool
+true
+
+		Create Ingress to access the netdata web UI
ingress.annotationsobject
+{
+  "kubernetes.io/ingress.class": "nginx",
+  "kubernetes.io/tls-acme": "true"
+}
+
+		Associate annotations to the Ingress
ingress.pathstring
+"/"
+
+		URL path for the ingress. If changed, a proxy server needs to be configured in front of netdata to translate path from a custom one to a `/`
ingress.pathTypestring
+"Prefix"
+
+		pathType for your ingress controller. Default value is correct for nginx. If you use your own ingress controller, check the correct value
ingress.hostslist
+[
+  "netdata.k8s.local"
+]
+
+		URL hostnames for the ingress (they need to resolve to the external IP of the ingress controller)
rbac.createbool
+true
+
+		if true, create & use RBAC resources
rbac.pspEnabledbool
+true
+
+		Specifies whether a PodSecurityPolicy should be created
serviceAccount.createbool
+true
+
+		if true, create a service account
serviceAccount.namestring
+"netdata"
+
+		The name of the service account to use. If not set and create is true, a name is generated using the fullname template
restarter.enabledbool
+false
+
+		Install CronJob to update Netdata Pods
restarter.schedulestring
+"00 06 * * *"
+
+		The schedule in Cron format
restarter.image.repositorystring
+"rancher/kubectl"
+
+		Container image repo
restarter.image.tagstring
+".auto"
+
+		Container image tag. If `.auto`, the image tag version of the rancher/kubectl will reflect the Kubernetes cluster version
restarter.image.pullPolicystring
+"Always"
+
+		Container image pull policy
restarter.restartPolicystring
+"Never"
+
+		Container restart policy
restarter.resourcesobject
+{}
+
+		Container resources
restarter.concurrencyPolicystring
+"Forbid"
+
+		Specifies how to treat concurrent executions of a job
restarter.startingDeadlineSecondsint
+60
+
+		Optional deadline in seconds for starting the job if it misses scheduled time for any reason
restarter.successfulJobsHistoryLimitint
+3
+
+		The number of successful finished jobs to retain
restarter.failedJobsHistoryLimitint
+3
+
+		The number of failed finished jobs to retain
notifications.slack.webhook_urlstring
+""
+
+		Slack webhook URL
notifications.slack.recipientstring
+""
+
+		Slack recipient list
+

Service Discovery

+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
KeyTypeDefaultDescription
sd.image.repositorystring
+"netdata/agent-sd"
+
+		Container image repository
sd.image.tagstring
+"v0.2.10"
+
+		Container image tag
sd.image.pullPolicystring
+"Always"
+
+		Container image pull policy
sd.child.enabledbool
+true
+
+		Add service-discovery sidecar container to the netdata child pod definition
sd.child.configmap.namestring
+"netdata-child-sd-config-map"
+
+		Child service-discovery ConfigMap name
sd.child.configmap.keystring
+"config.yml"
+
+		Child service-discovery ConfigMap key
sd.child.configmap.from.filestring
+""
+
+		File to use for child service-discovery configuration generation
sd.child.configmap.from.valueobject
+{}
+
+		Value to use for child service-discovery configuration generation
sd.child.resourcesobject
+{
+  "limits": {
+    "cpu": "50m",
+    "memory": "150Mi"
+  },
+  "requests": {
+    "cpu": "50m",
+    "memory": "100Mi"
+  }
+}
+
+		Child service-discovery container CPU/Memory resource requests/limits
+

Parent

+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
KeyTypeDefaultDescription
parent.hostnamestring
+"netdata-parent"
+
+		Parent node hostname
parent.enabledbool
+true
+
+		Install parent Deployment to receive metrics from children nodes
parent.portint
+19999
+
+		Parent's listen port
parent.resourcesobject
+{}
+
+		Resources for the parent deployment
parent.livenessProbe.initialDelaySecondsint
+0
+
+		Number of seconds after the container has started before liveness probes are initiated
parent.livenessProbe.failureThresholdint
+3
+
+		When a liveness probe fails, Kubernetes will try failureThreshold times before giving up. Giving up the liveness probe means restarting the container
parent.livenessProbe.periodSecondsint
+30
+
+		How often (in seconds) to perform the liveness probe
parent.livenessProbe.successThresholdint
+1
+
+		Minimum consecutive successes for the liveness probe to be considered successful after having failed
parent.livenessProbe.timeoutSecondsint
+1
+
+		Number of seconds after which the liveness probe times out
parent.readinessProbe.initialDelaySecondsint
+0
+
+		Number of seconds after the container has started before readiness probes are initiated
parent.readinessProbe.failureThresholdint
+3
+
+		When a readiness probe fails, Kubernetes will try failureThreshold times before giving up. Giving up the readiness probe means marking the Pod Unready
parent.readinessProbe.periodSecondsint
+30
+
+		How often (in seconds) to perform the readiness probe
parent.readinessProbe.successThresholdint
+1
+
+		Minimum consecutive successes for the readiness probe to be considered successful after having failed
parent.readinessProbe.timeoutSecondsint
+1
+
+		Number of seconds after which the readiness probe times out
parent.securityContext.runAsUserint
+201
+
+		The UID to run the container process
parent.securityContext.runAsGroupint
+201
+
+		The GID to run the container process
parent.securityContext.fsGroupint
+201
+
+		The supplementary group for setting permissions on volumes
parent.terminationGracePeriodSecondsint
+300
+
+		Duration in seconds the pod needs to terminate gracefully
parent.nodeSelectorobject
+{}
+
+		Node selector for the parent deployment
parent.tolerationslist
+[]
+
+		Tolerations settings for the parent deployment
parent.affinityobject
+{}
+
+		Affinity settings for the parent deployment
parent.priorityClassNamestring
+""
+
+		Pod priority class name for the parent deployment
parent.envobject
+{}
+
+		Set environment parameters for the parent deployment
parent.envFromlist
+[]
+
+		Set environment parameters for the parent deployment from ConfigMap and/or Secrets
parent.podLabelsobject
+{}
+
+		Additional labels to add to the parent pods
parent.podAnnotationsobject
+{}
+
+		Additional annotations to add to the parent pods
parent.dnsPolicystring
+"Default"
+
+		DNS policy for pod
parent.database.persistencebool
+true
+
+		Whether the parent should use a persistent volume for the DB
parent.database.storageclassstring
+"-"
+
+		The storage class for the persistent volume claim of the parent's database store, mounted to `/var/cache/netdata`
parent.database.volumesizestring
+"5Gi"
+
+		The storage space for the PVC of the parent database
parent.alarms.persistencebool
+true
+
+		Whether the parent should use a persistent volume for the alarms log
parent.alarms.storageclassstring
+"-"
+
+		The storage class for the persistent volume claim of the parent's alarm log, mounted to `/var/lib/netdata`
parent.alarms.volumesizestring
+"1Gi"
+
+		The storage space for the PVC of the parent alarm log
parent.configsobject
+See values.yaml for default configuration
+
+		Manage custom parent's configs
parent.claiming.enabledbool
+false
+
+		Enable parent claiming for netdata cloud
parent.claiming.tokenstring
+""
+
+		Claim token
parent.claiming.roomsstring
+""
+
+		Comma separated list of claim rooms IDs
parent.extraVolumeMountslist
+[]
+
+		Additional volumeMounts to add to the parent pods
parent.extraVolumeslist
+[]
+
+		Additional volumes to add to the parent pods
parent.extraInitContainerslist
+[]
+
+		Additional init containers to add to the parent pods
+

Child

+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
KeyTypeDefaultDescription
child.enabledbool
+true
+
+		Install child DaemonSet to gather data from nodes
child.portstring
+"{{ .Values.parent.port }}"
+
+		Children's listen port
child.updateStrategyobject
+{}
+
+		An update strategy to replace existing DaemonSet pods with new pods
child.resourcesobject
+{}
+
+		Resources for the child DaemonSet
child.livenessProbe.initialDelaySecondsint
+0
+
+		Number of seconds after the container has started before liveness probes are initiated
child.livenessProbe.failureThresholdint
+3
+
+		When a liveness probe fails, Kubernetes will try failureThreshold times before giving up. Giving up the liveness probe means restarting the container
child.livenessProbe.successThresholdint
+1
+
+		Minimum consecutive successes for the liveness probe to be considered successful after having failed
child.livenessProbe.timeoutSecondsint
+1
+
+		Number of seconds after which the liveness probe times out
child.readinessProbe.initialDelaySecondsint
+0
+
+		Number of seconds after the container has started before readiness probes are initiated
child.readinessProbe.failureThresholdint
+3
+
+		When a readiness probe fails, Kubernetes will try failureThreshold times before giving up. Giving up the readiness probe means marking the Pod Unready
child.readinessProbe.periodSecondsint
+30
+
+		How often (in seconds) to perform the readiness probe
child.readinessProbe.successThresholdint
+1
+
+		Minimum consecutive successes for the readiness probe to be considered successful after having failed
child.readinessProbe.timeoutSecondsint
+1
+
+		Number of seconds after which the readiness probe times out
child.terminationGracePeriodSecondsint
+30
+
+		Duration in seconds the pod needs to terminate gracefully
child.nodeSelectorobject
+{}
+
+		Node selector for the child daemonsets
child.tolerationslist
+[
+  {
+    "effect": "NoSchedule",
+    "operator": "Exists"
+  }
+]
+
+		Tolerations settings for the child daemonsets
child.affinityobject
+{}
+
+		Affinity settings for the child daemonsets
child.priorityClassNamestring
+""
+
+		Pod priority class name for the child daemonsets
child.podLabelsobject
+{}
+
+		Additional labels to add to the child pods
child.podAnnotationAppArmor.enabledbool
+true
+
+		Whether or not to include the AppArmor security annotation
child.podAnnotationsobject
+{}
+
+		Additional annotations to add to the child pods
child.hostNetworkbool
+true
+
+		Usage of host networking and ports
child.dnsPolicystring
+"ClusterFirstWithHostNet"
+
+		DNS policy for pod. Should be `ClusterFirstWithHostNet` if `child.hostNetwork = true`
child.persistence.enabledbool
+true
+
+		Whether or not to persist `/var/lib/netdata` in the `child.persistence.hostPath`
child.persistence.hostPathstring
+"/var/lib/netdata-k8s-child"
+
+		Host node directory for storing child instance data
child.podsMetadata.useKubeletbool
+false
+
+		Send requests to the Kubelet /pods endpoint instead of Kubernetes API server to get pod metadata
child.podsMetadata.kubeletUrlstring
+"https://localhost:10250"
+
+		Kubelet URL
child.configsobject
+See values.yaml for default configuration
+
+		Manage custom child's configs
child.envobject
+{}
+
+		Set environment parameters for the child daemonset
child.envFromlist
+[]
+
+		Set environment parameters for the child daemonset from ConfigMap and/or Secrets
child.claiming.enabledbool
+false
+
+		Enable child claiming for netdata cloud
child.claiming.tokenstring
+""
+
+		Claim token
child.claiming.roomsstring
+""
+
+		Comma separated list of claim rooms IDs
child.extraVolumeMountslist
+[]
+
+		Additional volumeMounts to add to the child pods
child.extraVolumeslist
+[]
+
+		Additional volumes to add to the child pods
+

Child1.0

+ + + + + + + + + + + + + + + +
KeyTypeDefaultDescription
child.livenessProbe.periodSecondsint
+30
+
+		How often (in seconds) to perform the liveness probe
+

K8s State

+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
KeyTypeDefaultDescription
k8sState.hostnamestring
+"netdata-k8s-state"
+
+		K8s state node hostname
k8sState.enabledbool
+true
+
+		Install this Deployment to gather data from K8s cluster
k8sState.portstring
+"{{ .Values.parent.port }}"
+
+		Listen port
k8sState.resourcesobject
+{}
+
+		Compute resources required by this Deployment
k8sState.livenessProbe.initialDelaySecondsint
+0
+
+		Number of seconds after the container has started before liveness probes are initiated
k8sState.livenessProbe.failureThresholdint
+3
+
+		When a liveness probe fails, Kubernetes will try failureThreshold times before giving up. Giving up the liveness probe means restarting the container
k8sState.livenessProbe.periodSecondsint
+30
+
+		How often (in seconds) to perform the liveness probe
k8sState.livenessProbe.successThresholdint
+1
+
+		Minimum consecutive successes for the liveness probe to be considered successful after having failed
k8sState.livenessProbe.timeoutSecondsint
+1
+
+		Number of seconds after which the liveness probe times out
k8sState.readinessProbe.initialDelaySecondsint
+0
+
+		Number of seconds after the container has started before readiness probes are initiated
k8sState.readinessProbe.failureThresholdint
+3
+
+		When a readiness probe fails, Kubernetes will try failureThreshold times before giving up. Giving up the readiness probe means marking the Pod Unready
k8sState.readinessProbe.periodSecondsint
+30
+
+		How often (in seconds) to perform the readiness probe
k8sState.readinessProbe.successThresholdint
+1
+
+		Minimum consecutive successes for the readiness probe to be considered successful after having failed
k8sState.readinessProbe.timeoutSecondsint
+1
+
+		Number of seconds after which the readiness probe times out
k8sState.terminationGracePeriodSecondsint
+30
+
+		Duration in seconds the pod needs to terminate gracefully
k8sState.nodeSelectorobject
+{}
+
+		Node selector
k8sState.tolerationslist
+[]
+
+		Tolerations settings
k8sState.affinityobject
+{}
+
+		Affinity settings
k8sState.priorityClassNamestring
+""
+
+		Pod priority class name
k8sState.podLabelsobject
+{}
+
+		Additional labels
k8sState.podAnnotationAppArmor.enabledbool
+true
+
+		Whether or not to include the AppArmor security annotation
k8sState.podAnnotationsobject
+{}
+
+		Additional annotations
k8sState.dnsPolicystring
+"ClusterFirstWithHostNet"
+
+		DNS policy for pod
k8sState.persistence.enabledbool
+true
+
+		Whether should use a persistent volume for `/var/lib/netdata`
k8sState.persistence.storageclassstring
+"-"
+
+		The storage class for the persistent volume claim of `/var/lib/netdata`
k8sState.persistence.volumesizestring
+"1Gi"
+
+		The storage space for the PVC of `/var/lib/netdata`
k8sState.envobject
+{}
+
+		Set environment parameters
k8sState.envFromlist
+[]
+
+		Set environment parameters from ConfigMap and/or Secrets
k8sState.configsobject
+See values.yaml for default configuration
+
+		Manage custom configs
k8sState.claiming.enabledbool
+false
+
+		Enable claiming for netdata cloud
k8sState.claiming.tokenstring
+""
+
+		Claim token
k8sState.claiming.roomsstring
+""
+
+		Comma separated list of claim rooms IDs
k8sState.extraVolumeMountslist
+[]
+
+		Additional volumeMounts to add to the k8sState pods
k8sState.extraVolumeslist
+[]
+
+		Additional volumes to add to the k8sState pods
+

Netdata OpenTelemetry

+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
KeyTypeDefaultDescription
netdataOpentelemetry.enabledbool
+false
+
+		Enable the Netdata OpenTelemetry Deployment
netdataOpentelemetry.hostnamestring
+"netdata-otel"
+
+		Hostname for the Netdata OpenTelemetry instance
netdataOpentelemetry.portstring
+"{{ .Values.parent.port }}"
+
+		Listen port
netdataOpentelemetry.service.typestring
+"ClusterIP"
+
+		Service type
netdataOpentelemetry.service.portint
+4317
+
+		Service port
netdataOpentelemetry.service.annotationsobject
+{}
+
+		Service annotations
netdataOpentelemetry.resourcesobject
+{}
+
+		Compute resources required by this Deployment
netdataOpentelemetry.livenessProbe.initialDelaySecondsint
+0
+
+		Number of seconds after the container has started before liveness probes are initiated
netdataOpentelemetry.livenessProbe.failureThresholdint
+3
+
+		When a liveness probe fails, Kubernetes will try failureThreshold times before giving up
netdataOpentelemetry.livenessProbe.periodSecondsint
+30
+
+		How often (in seconds) to perform the liveness probe
netdataOpentelemetry.livenessProbe.successThresholdint
+1
+
+		Minimum consecutive successes for the liveness probe to be considered successful after having failed
netdataOpentelemetry.livenessProbe.timeoutSecondsint
+1
+
+		Number of seconds after which the liveness probe times out
netdataOpentelemetry.readinessProbe.initialDelaySecondsint
+0
+
+		Number of seconds after the container has started before readiness probes are initiated
netdataOpentelemetry.readinessProbe.failureThresholdint
+3
+
+		When a readiness probe fails, Kubernetes will try failureThreshold times before giving up
netdataOpentelemetry.readinessProbe.periodSecondsint
+30
+
+		How often (in seconds) to perform the readiness probe
netdataOpentelemetry.readinessProbe.successThresholdint
+1
+
+		Minimum consecutive successes for the readiness probe to be considered successful after having failed
netdataOpentelemetry.readinessProbe.timeoutSecondsint
+1
+
+		Number of seconds after which the readiness probe times out
netdataOpentelemetry.terminationGracePeriodSecondsint
+30
+
+		Duration in seconds the pod needs to terminate gracefully
netdataOpentelemetry.nodeSelectorobject
+{}
+
+		Node selector
netdataOpentelemetry.tolerationslist
+[]
+
+		Tolerations settings
netdataOpentelemetry.affinityobject
+{}
+
+		Affinity settings
netdataOpentelemetry.priorityClassNamestring
+""
+
+		Pod priority class name
netdataOpentelemetry.podLabelsobject
+{}
+
+		Additional labels
netdataOpentelemetry.podAnnotationAppArmor.enabledbool
+true
+
+		Whether or not to include the AppArmor security annotation
netdataOpentelemetry.podAnnotationsobject
+{}
+
+		Additional annotations
netdataOpentelemetry.dnsPolicystring
+"Default"
+
+		DNS policy for pod
netdataOpentelemetry.persistence.enabledbool
+true
+
+		Whether should use a persistent volume
netdataOpentelemetry.persistence.storageclassstring
+"-"
+
+		The storage class for the persistent volume claim
netdataOpentelemetry.persistence.volumesizestring
+"10Gi"
+
+		The storage space for the PVC
netdataOpentelemetry.configsobject
+See values.yaml for default configuration
+
+		Manage custom configs
netdataOpentelemetry.envobject
+{}
+
+		Set environment parameters
netdataOpentelemetry.envFromlist
+[]
+
+		Set environment parameters from ConfigMap and/or Secrets
netdataOpentelemetry.claiming.enabledbool
+false
+
+		Enable claiming for netdata cloud
netdataOpentelemetry.claiming.tokenstring
+""
+
+		Claim token
netdataOpentelemetry.claiming.roomsstring
+""
+
+		Comma separated list of claim rooms IDs
netdataOpentelemetry.extraVolumeMountslist
+[]
+
+		Additional volumeMounts
netdataOpentelemetry.extraVolumeslist
+[]
+
+		Additional volumes
+

OpenTelemetry Collector

+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
KeyTypeDefaultDescription
otel-collector.enabledbool
+false
+
+		Set to true to enable the OpenTelemetry Collector
otel-collector.modestring
+"daemonset"
+
+		Deployment mode: daemonset, deployment, or statefulset
otel-collector.image.repositorystring
+"otel/opentelemetry-collector-k8s"
+
+		Image repository
otel-collector.presets.kubernetesAttributes.enabledbool
+true
+
+		Enable Kubernetes attributes collection
otel-collector.presets.logsCollection.enabledbool
+true
+
+		Enable logs collection from Kubernetes pods
otel-collector.presets.logsCollection.includeCollectorLogsbool
+false
+
+		Include collector logs in the collection
otel-collector.configobject
+{
+  "exporters": {
+    "otlp": {
+      "endpoint": "{{ .Release.Name }}-otel:4317",
+      "retry_on_failure": {
+        "enabled": true,
+        "initial_interval": "5s",
+        "max_elapsed_time": "300s",
+        "max_interval": "30s"
+      },
+      "sending_queue": {
+        "enabled": true,
+        "num_consumers": 10,
+        "queue_size": 1000
+      },
+      "tls": {
+        "insecure": true
+      }
+    }
+  },
+  "processors": {
+    "batch": {
+      "send_batch_max_size": 1500,
+      "send_batch_size": 1000,
+      "timeout": "10s"
+    },
+    "k8sattributes": {
+      "auth_type": "serviceAccount",
+      "extract": {
+        "annotations": [
+          {
+            "from": "pod",
+            "key": "app",
+            "tag_name": "annotation.app"
+          }
+        ],
+        "labels": [
+          {
+            "from": "pod",
+            "key": "app",
+            "tag_name": "app"
+          },
+          {
+            "from": "pod",
+            "key": "component",
+            "tag_name": "component"
+          }
+        ],
+        "metadata": [
+          "k8s.namespace.name",
+          "k8s.deployment.name",
+          "k8s.statefulset.name",
+          "k8s.daemonset.name",
+          "k8s.cronjob.name",
+          "k8s.job.name",
+          "k8s.node.name",
+          "k8s.pod.name",
+          "k8s.pod.uid",
+          "k8s.pod.start_time",
+          "k8s.container.name"
+        ]
+      },
+      "passthrough": false,
+      "pod_association": [
+        {
+          "sources": [
+            {
+              "from": "resource_attribute",
+              "name": "k8s.pod.ip"
+            }
+          ]
+        },
+        {
+          "sources": [
+            {
+              "from": "resource_attribute",
+              "name": "k8s.pod.uid"
+            }
+          ]
+        },
+        {
+          "sources": [
+            {
+              "from": "connection"
+            }
+          ]
+        }
+      ]
+    },
+    "memory_limiter": {
+      "check_interval": "5s",
+      "limit_percentage": 80,
+      "spike_limit_percentage": 25
+    },
+    "resourcedetection": {
+      "detectors": [
+        "env",
+        "system"
+      ],
+      "timeout": "5s"
+    }
+  },
+  "receivers": {
+    "filelog": {
+      "exclude": [
+        "/var/log/pods/*/otc-container/*.log"
+      ],
+      "include": [
+        "/var/log/pods/*/*/*.log"
+      ],
+      "include_file_name": false,
+      "include_file_path": true,
+      "operators": [
+        {
+          "id": "container-parser",
+          "max_log_size": 102400,
+          "type": "container"
+        }
+      ],
+      "start_at": "end"
+    }
+  },
+  "service": {
+    "pipelines": {
+      "logs": {
+        "exporters": [
+          "otlp"
+        ],
+        "processors": [
+          "memory_limiter",
+          "k8sattributes",
+          "resourcedetection",
+          "batch"
+        ],
+        "receivers": [
+          "filelog"
+        ]
+      }
+    }
+  }
+}
+
+		OpenTelemetry Collector configuration
otel-collector.resourcesobject
+{
+  "limits": {
+    "cpu": "200m",
+    "memory": "256Mi"
+  },
+  "requests": {
+    "cpu": "100m",
+    "memory": "128Mi"
+  }
+}
+
+		Resources
otel-collector.serviceAccount.createbool
+true
+
+		Create service account
otel-collector.clusterRole.createbool
+true
+
+		Create cluster role
otel-collector.clusterRole.ruleslist
+[
+  {
+    "apiGroups": [
+      ""
+    ],
+    "resources": [
+      "pods",
+      "namespaces",
+      "nodes"
+    ],
+    "verbs": [
+      "get",
+      "list",
+      "watch"
+    ]
+  },
+  {
+    "apiGroups": [
+      "apps"
+    ],
+    "resources": [
+      "replicasets"
+    ],
+    "verbs": [
+      "get",
+      "list",
+      "watch"
+    ]
+  }
+]
+
+		Cluster role rules
otel-collector.tolerationslist
+[
+  {
+    "effect": "NoSchedule",
+    "operator": "Exists"
+  },
+  {
+    "effect": "NoExecute",
+    "operator": "Exists"
+  }
+]
+
+		Tolerations to run on all nodes
otel-collector.ports.otlp.enabledbool
+true
+
+		Enable OTLP port
otel-collector.ports.otlp-http.enabledbool
+true
+
+		Enable OTLP HTTP port
otel-collector.ports.metrics.enabledbool
+true
+
+		Enable metrics port
Example to set the parameters from the command line: @@ -431,7 +2475,7 @@ Annotations on pods allow a fine control of the scraping process: - `prometheus.io/scrape`: The default configuration will scrape all pods and, if set to false, this annotation excludes the pod from the scraping process. - `prometheus.io/path`: If the metrics path is not _/metrics_, define it with this annotation. -- `prometheus.io/port`: Scrape the pod on the indicated port instead of the pod’s declared ports. +- `prometheus.io/port`: Scrape the pod on the indicated port instead of the pod's declared ports. #### Configure service discovery @@ -490,7 +2534,7 @@ $ helm install \ ## Contributing -If you want to contribute, we’re humbled! +If you want to contribute, we're humbled! - Take a look at our [Contributing Guidelines](https://github.com/netdata/.github/blob/main/CONTRIBUTING.md). - This repository is under the [Netdata Code Of Conduct](https://github.com/netdata/.github/blob/main/CODE_OF_CONDUCT.md). diff --git a/charts/netdata/charts/opentelemetry-collector-0.115.0.tgz b/charts/netdata/charts/opentelemetry-collector-0.115.0.tgz deleted file mode 100644 index deb9659db707699de675b9caa9263796b0b1aceb..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 35597 zcmV)jK%u`MiwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PMYcbKEwvIC}o(r@(KNb8Pu&I2u`gWbP()71t{=LRvRhlO zl!PHMGl)on0YJ$U#rLz{LgPX3H4nXPXT?-G8WLzU8jVJGqtReF$s|cgN+h56BbFp2 zl8g`bXPC=yj??77Zv1R-Z*M=}-G%>eZ*SNCzx`t8`F{;}U+nJgzIZl#y7OP#!{^&C zhW~}OZ{GCsrw|hJ|JuHBTlLO;BM;8$KM5C75ZXBnGJzJK9foy-%$ z74C(c1^QLTj0glPctilcMRrQ%tQdz8O98pQt2XEYa)Y}4h-H$~aUkb886lkK35~EC zmEgi3vS;CTu=@CS&HoFW6hz#P09ZW#pFQ0fzNpXtr%!ht=Kp;>8|W38;3APok2uWU z4yFi$4RkW20#Si5`uE(IFcmI6D)}c1DJUqE(qr|CL`4A1(PC48ZUzl^iQ17*rKYM>BX3&EE7cbwoor7 zdBWx?$Ssz4Z|tORwOlZZ~{=yFD*8HfXs_wPTP_;5H$*#!wU41j8-5FJd^a5~hXG)`0}aW)S&kRXxnf_l>mV+#O8 zILnw+tp*!FYF#u$2bqur$6KxvfzM?xQk)eyN#=-VO`<3!D1@%U(@>uz@_0r}|wsr-lOyl#z%Cf%!ZPG;U%PAhdz@Z9!oWvuh#%fgdPgQxQVxy*Sq8 z)Pzac6mb#}dO@JLdasJ2oaQ8<8G$OQ57<_7SfC4*6sej9S#17BDJwE*8v2O{sR!|r z%9&yZf_^}5y68g3gmf>xF^k0D+^yt;a&;*Acd%jl(Rck&5+o)P(?lSanQ5cHsYX@* zjNYKutNphc1!--}%n<_xI;YUJI5r&5|Cby7a zFliB$Fy)|O^|cMMkc^Z45~pepPG$t9_!CWw6piN!eL?>qYNi;Xv2;u`5UwPNEv_H3 zNb@rkCZ8fg3~wYfrE&}5B(W5a5m8D55f-QxU+9u1iJIiD1;s>@q!2S=+DY-JBa6UW zHa(_)kP#Yg@9b`Gugvv85yeh4s&l{kWWF?JfPMcBO#;=OzQKFtnV>4Y({(zgL4(Yt zUX2bpQ$)}dS5n^lmJ*3$EOCwK=Pw18N{1{|p}YbhNwm~8G#6E(JIT!^D5V*2tP%M! zI{ImEAMwJh_4`R7B;iL)=>zvU24#VM*~@;}%O#^xR^M~AJEhYG`qzwP_KR7sY(p@) z$S27$kTt<$l4!*WX9x?yB8rvDl(X1USV2hDB4ZT{RCXcsqy@lwBoO(8BMC~2o60c2 z#K;|JJ(7D#a>(MhfWURphjrPgA-B?p65zTW*(*_5Fh^QNQO07jrLfg{p|YjGUUb4{ z!dVK{_YMz`AY9E~mLUv$kq{Zy=aPP{^vjz`u&-m{*siQByiBDv(1xY$q@AH@9)Renl-oMXrv4mK4Tuk{zGa}GN#XFp9(?Q#yNjNY8JkYkor^uiZet$Q6ZI*yzjtjdmOYRZQ+6VXK`Q!bXoM> zFUKcV6R*wRs!e-Au@aSJ4x&6pk2p#2{E-@^YBdn@%Fq)Mb2Dt54Mm6j0mk_u$g&^=gFCLziGlF9^!9oWTSrgk-5t zD2oL6HZ+aCfYWVU~YSkA1^;U_FQ2Ph0S&~c5pG@FL#gdrj#oRgAMXeK1iB5gBVU7^pP zx4?wHx;jIDW1LQDh7&t5KcchGpB41KGp-i%G*8Hus&(}G)!zQe>sP0*-|Zc|MV~*T zu`(x!0647$0Fp*~1Y@Ys1(&XxN--H1(-FG*44)*)1n2>tVlg8)k+V}ET3G~9fl{2s zSXpH-hpnBb`46-qDrc;a+A?W}(!$0QOcTROI958dHbWA6p;c&5vBy>Arvtk2-Dsx| ziM21r%>Rri;WIYA6>FdQfHV=5w28sY9HH;7NOm!L_wUog53f!S4nL2EPlr#R2B=i? z4CTgHMl(ZIg`@QbrX*G50*jK=XZxfvt;bkR1D1iW#OZ%f+jL(8JT(9<#v7W&PiZCz zzrcwaECpH8l%O$@mxN>}C0G=kq_BW114QFi2s|aB0aOJuLeGS2;U_09HA1H;9jkVf zIU^Z*x&7Y?XwN#1oQp3s=fyGi7Eo(K)Yg=4PGUYKvhhKGZ1nNv%a^*3f6)A#W-CaQ?{|l4 zfRwpJBcdy~PTBgYuMnvR$1x{Dw7_#1)CIi4*Oz#DD6Fr-mQmI~*-UNyuwY;vac}DK z(3Yx-tI8)3neI((2HHZ3W4rqQwIHTnlniZND}$SSwdiUQS9zt`6}DYq7rNk_WHOnf z83rAg3Q-XBxMk;cMiTQ+UL?t2xbyPG_nTUqD}>U8vLZ<;n;=%a*A_(1QiPEx##*g_ zrJfU^N>aVY<8N|kXzj3q4Grx~zdhSRqKIZnWyDBm1vUa=T~NZ6e(k-s6Jkqu0hVak zlBYuJsR~N4QQ{eF1RLm=Od35#Q38#NsVYCApOhW~x)Qjb)ytf-3mO|h8N!JqJkwgV zN3>GEGH930p#wlh6Cq-0O0rmM?s}8PH3r~76HSbd-}Xg&*kK1OFn%lrj-=3!#AyDuRj?w!MC+OYlqn}^D()Ota5TdE-a}=V*#eC}*g!`lrCF?ubH#$C zdRx~&A1iYjZz}w(A6U1zUv6!>9kf`PtY*)w z?0WVaiKN?r)6g$5?6b~cZ&#_AmSSO0BMs=R0Zo-I1SXN$h`hv^Ecrbzy*ettMR}Z5EW=jGQz>dV@0T%X*veN zxdVKf1ySiSTi{D73$+qw10A!JxTy)uFFBn~i81h0NfWc+pdqfnL4W)gW17V@o4Stc zj`ZV**#cZ*R-F-i+-S)+1S*`gM_wy1hHlYqS~c!#R2z; z+BMi~5A1DqAoCqwd&q3rX+J9#C}vTi>}V3B8Q}z#fp?|j(>Y5ynGjC0hzxL~l)FAI zF>JJbLs;xf4IsKWlA~(SoO8OdLO!P7YZzM|yx8(WwYk(&c zno&77A9I$l>HIk71jqX<6Ov;cwxJiey(D3mdK)xnF%r>?#6?0l$~k46N-DGtZ+_1A z6D)-DK?ktRz0NK)JooGGoTc#Q4qV~T$Uk+Egzd#$Hu4UFFYdObcQ~UHBFbj=8{SE1 zE7*W--$SM?Aix8w5hQT{1=O@HT}y7S#;6LY+$B~ZM#%Y&%#vSwJ7YrDURht&2%YR7 znu%di8lk7#wj9p$LsxXl^T;69FFjPNVE3{WyO&MuUbbSVP3wNeN4K)w{l zx>sehzr6CA)gHnXTP>Z7m1fJ=WxM6Oj{cV3!&RC!KGAx!=5?i6^RC{k?_FEkqVcfR z8gy^V_S~y_a~1cKi8-@dv}R_+ROmnuZ+9HMVVAJ+psXTm5NUMHh9Q>*B+U@xvEBi; zX4kPs_Z`cWO@tnc%J0zhdlNB^4q5DqwYpsu3_-o}C4P z$T|sr{_yVgySE4L4o(osF3<($-j;zjFP)9s;l~HBhgwa$3V^K}lL^G(Nr#nMU}HwW zSu%rV(0Wha9Q^#|?Y~P0N@ZlU0SFs;N=4TTxHegpVC+P)5Txv^;YV;FRQ7Vv|A4u# zgl{)KrJtp-6I5zwYQ5d?HMR}AxnllCD9Vcw+IhB}n%^4L5qdVYa^t zQa`~Rk+RIjV3j%#;GJYbqKwE(#?RIG7)p}3+?C8(9HL*$98#0}k+3z&5cM!nU*7B2F0=r`Gr)Ue zB0eQkQwt41q(5Q2uN3S7 zU}T_r$~w(Qs5cCE!l&VGO>By`0p-b%afrSnjI2qTulX12oo)%#Wed6cLL&Cc&+aFpe#PdC7(coTCtvjb?W_Y^1e z4~4gy#9}TaNl{LCN`f*~E1XC;*U!Ba9|GJ1qIoJt3AQd4?C zGR4=qVuo^?HdL&1YHEh=6vP?&A1GBd4?lkTHFVuQ(ZA)^YHUs(k;y`*q1GClTCCKAzMH+?d)rLk1yA)M1g^;YI%;YVY-|L! z)S-H%6^8dkIwo8Vvmg=6VuA2PT7R{Z)H5t}h@rA-$b@l%4EU|GhoJP?&@J662s14s zr4F^)up;vnN$~twx2cwN_2~_}L~J5quhQWonPQL$eC9!SxmG!>(bkK37U_I(ZMG5^(t#VV2BQhz}idN)$mvrp# zG~F|WDa(FVr4L(Zr}*$^Vw?uKw!2NB8-gi2LW2OzjLIl~VWxH;zkaTMTn^{v*T>hu zn?fvSY*TPjBvt0t46mCtWg49QMJCj$jBQ5$t6*#MN;9?HJi94hKZxaTP%Llw{JYWM z;0>RLz1Tr>q?fd8JsWqTIUC}M9j%X5`c>B@V>6+}@s zo)$uCi%yyIR3>xVm=43QxNif5bZ!pgpEx+w6oYqf8IFI#3C<#jUfV#4_u}Aigp8Y{ z@$DF#Qb%wqS#NmMX<�n(sU(=#k&nqw=h;IYeUJgO8K~%QKvua6FmN$a+Z(_Im5H z$aFLa7?;|Os4U5n9FD|?ObDt7>t$!K=ZqLfZ&`$sG6=6z8riMpGQEjCh%?X~=v%b= zic0;l>E~brb`-gq9ep_?{V1U%lYQ;e>(hMG9GqCx=b$A7pp)F4bcJ}`W*b0(M{P{E zCZ&&;G-L-*pI>yXv;^K6Il7o6G@C-WZqRzjtSw@~)bMscvnkC!Y01EZ^!D7<&run} z7Mdd@VPuZa*!9ly7DCXf5g+9{UF-zr+94+s`l4>GVyQ_5XGbsEp1Dg2nV5p zwDAqJqHK@J*)Rq}2_jHm`~NJn(24zKH#%%s5P}{IUA0r1uBkaeprRAp=JL$nWLUEntL{Atc(FHGWt6pQ`SDPo$)-p+CGmGR>YSk zo_7PXH*|AAdz4Ls$gA;23wLz!#}W={@Cfp`WHml%;gkiuQf_vQT%eI!m{YSGHug@F zz)1j6Jz&Yo19Y`LJ-4*0rOU7v7U+^B`gB}<8k@?mO{BlsEbJSKn6K`Xi+3L3nb0in zv6y${W2b1DVfo^QxO`pvXOUxDSA~mPP=Hfgk(m9 zc>8eBiro~{2p*L$%>fd7s^>6Z+b zZ(%bB7m|qx1NG_{!17K-B^{Mgfhx(U0uMs#(wfrjNN*w;BLXtAxED us8^n8+q% zPW$X1{_=~Y3H<};eON!Jwqc6BgU!_Lk^yH)!U`ai`jckUU-B5jGYu2M2KpnNQp+hB zkG2$^#|57fd)lFLNY(}{*g$2SQDSbrwmNP{LAOvwXy@5~+c%YQP`we7V@am-5jyg5 z41$s=j|v?j+aT~%hY{MfY+uKqSqY*;CKY-{ytq>c-cc=6_y}SYTMv9M5snosTPAzp zv5Xdc+ONHzV49xT3~HK+{(1NSwH7p;RSOT!@Dz?zy3Nr;%yE*Cq-W19OU@FZ7+T4U z8M{P>|J)Z&gBk0LXve0}VNQ^{a+83{Lh)7H`_x?D-iT64%Ti7MUwn6F+-F)v??=lefE6K?oO*l&*p(w$H za61weICV?bB(b89x=ASUCy~?&IXEt0lh7_rmVMm*ScncL01!?SnyZ8(nlh8LGE{00cgUCLkqPmDm)uajAblum7wX!+rS~P<{UBC6oYdBD3 zEJaNvPu+!bm7r3;6<19gvhHY@rEo-Jj>ZWyt8^dH{3rFR)EQNY5gLBK6Aquh42R+K z-NDnHN*g}toW+potYrv0adu6mN@aijNm%(b;Pijfz1(+!QpD7K%90eu<;fOP#6P!5Y11MyY z*S)uI?Na=u)8YQdJxlUGi)cnt9R4O)cKtRM=YM`a+sqSoz7X+NX(0?ciZ>WMK3jBn+Wz=jJnGrKSHVT^ zO8#Ep1TrKcoafNyicO}h+DxsigF&()RZP1euXx3cvxR!SUmHZO_YHf}lD&GZ z&Pbh^yUf9@x&;Zh7hu*{nvl0VRsZ(z?RjaS|2h+>lKOky!CXqRYVz5?4%JM*?v`-% zB-h_Q`I_0!AuwFB)>PCt6fG^OwXfZiu7vESU#2NItfq`;y?b!09q`=V_tgu}e}0z? zu9G8w`^;@+Lqp}h1L{>%82@!>XVXgDu3QcL|69%5rEgwE_wG`w^&VTD{!3}FX7cDN z8M;Z}bBLcFcNTvDd>|O16~n>9T}u zrf$>fZgV(9%P_8H?tok{5cz4Y4P$a#kE<;^}p&>5OvM zsafXMTT;6+?VNANPsi8WLcP7@63>PD>pi(3+&FZ)XJkG9U7M)Koa1>pvQ(0^HePLv z*IZ5D@ZKT^+0vYQcg%KK%Sy1C&^9^$x++&G*g?gG%`IQ8tCb#fb?cP=TZh|lAQPXa1 zA^ySvK+84vH5j~^b#B#N7jeC6e(Jha>v-Ai?ru%8Df3oGsw1o3-J#gXzqeoyrc$w% z&*WAx^upgU=2Vhu{Abg`C2PDprmf_IyyIp} zM#y_fc<<9B%8Lag z{^*6_d@H{}I$Gt})U!L?PeCOjV~e)|+}omJI@PIo@Fawg=l z#0>#=4~x(z60KkZHnwI~ZG0I52(>!YT5)OGK(F#@%&q`49=AO`vu*}=mH3#wQX{0H53=K zPNxFEGE$4qMYV`q)YKEy1YRhA7uUCp`)enTzqYPUCcWK*z^Z?I5LlJM4+85!V0}4( z)uG&Z`77^Sw`<9W)+IEX$0&S(>*w^k7KCaNv}=K=r!>1B9*eS-T?=BnFuVK3sAC$h z>62)eEw^UNR5M#X@cTL->iH+X+@yJ6@ycJdhygFlR~k-QCq0zCv;W6Uz;=}@BIzy*4Uqe!zGxsR<7ozy(t7ggKZbATMqW~;|y*V z^3|Fh^(LdM$1}o-H)rdOwq~illSW&mm&rx*RZp^dhSBRV=?z%}QVQK3L$~_C*6@HW z_J4JIzm~Xc8ZIDEIyziz%iNI*osrADfosxZ6{>hW>ioKrkF?cQ=3t*RSA<3I+adYW z`t>Iq!OEZ$*{Z(|(ma8Le!$S?@J-$QwG`QIXCYduoI2nwZ(AFzdfQ+SwmgDu8GM>u zSkM35Xhl>&wl5p9ajf&}o!Vt$;@g?vZGvqn4Hi;jB}CS84z~;RX0GaQW)M5Vo3Al^ zOP0oKLR}omyM*ZgJWIy8cX)!Nks{VXBgV%5QvT1kO0 z&2@fTfXKB~ibZYSK%o(Tcw=v_xVb}uG1;I}6p7fYKpIO#Uk z+pOvlTI1AHH44~s<(g{%R`CYhg`r=+YvI-vx}{pBmy~^FH^FsiUA^bxf!^!T+pF%~ zC$R?ZwPV#MkYUdOLdQBoX03|$!H>|#U)$->-oM867TqLklUAMWA}_&ZdBw@m;$BqH zt$i>_utlrx^0B(GwfGd*lr!}!I_`A>TnA_G29GZ`S<6d8uC@8;-6?Xd`t}Br>&(-| z*Ojb}&UJ>)TyAocVXItq(n~;5$wx3g*TD67UZEyt@k(gzCj9Hv_#? zc-tFUuC-h7!QAPg^zNxr%3DSVgN>caceY zP1ak=e06{C?IpCR-&nH^*IM6FA>qPelNnlHRa~Zm)3@uot4}I9^TM_6DOqya z4^M$a3vZvk$)y<~I+&n@OkAondpC@|AjGCL%Lz}Zl=^aDeJhN+MoC|)q%Y`65=*p} z#L5gWMFfY0o^_Rn+kM>?2y#F~&bvjm>3CWAd zR<#+-xVJD*5dZ&g-g+ zb2eefh8o^y9fNH8->(tCefMF z@D)@|03~{7?~8^8>|OezFo|as0n3~A6~qu7!X3?!9@b+9q)L`|6hq^eRL+nee?3CO zUZtM~>#0PKX;u>0ud|7U=(?!;aL^R|E*!}j&JfGWp6F!8wlIR6nQ)tEM(PYx8KJ=w zbb%8ZV@co!#SAW+)O>GlNkKD$6FEDDi$lrz2JhTm?7RfJtC&I^fbKm){dAq@_z=k;CIxf0mSKrM1UP)%f_Y zy`%RB?|=T)&nT{}8f30iwpqQ^jI?={wbi2vNPJEZnM_C|!;Wd(*?RMXpY*$xsQdb+ zXT@C|wO}$gnxX>oy)6(n*TC`+%h~!^Lapmy>5pW2CsSnz-+LEP=+s6C=A2HtgDwd- z!hfG-g2sfaUs7M)t82NkiY5kxnzwUS@X~~TEH=>v#lVJV4wo}Dp(KgB_+a4@SovzF zSZheU6F0rhYUhuMgv9UdwIoB2OvOjaM1SREs1Z|e15Zk_n8Y4^^i^t)Af)|~O>N%U zL)(FhZDAMg$B!R3hHo>}G~Nt#{-4dwTBmAeibB>dG2=oaUCR#C3||m4ZApei0SV4y zB(x=7feMBfsfb2d&$3dzn5aUJFcaf3IkHB{g++*4n{ z*`w8$)a08 zy?X-nOU2Ae&D#AGR^RFR{3nv^-#AU2UX%z@s}gmTELCA&w+wzNDBSe|mEa1Gsy5z{ zB0q3i<}v~}P<1MNr?1IHqaRRANWRbVx$T6-^gFnUN)@1ybQh1hnty^8{EqM`u@_ko z^tc4(45#l*|3*JJm3gHB)9wEWZf>8LEjCm2GRL~jWD)p5Ss+Ug09W(d3OI|;;~E_R zJ*U8$Mm9Z!H(Q3k1$plly&Gfxri69ZXjgBtyD{efsDQf<xjkD^>A~!=wLkv#s|UpAQ=C8g0X&`;w^SU1ALI|>q_?J zV!3Oo_L~y3RmMVRY@!YOJEu8GXr}sS-k3mf_nVW5&}kagC?(=HS~ zy{t`OyKt(oSIYf&HUF=}Gc@>B5POXCT#<5VtgX|3pPbf8RuP7V0ooRvNGt z8mO^yD2xJxJS0Z2dCeJH`F$%D#X17lis~5R;3+ljiH3 zv#9O8n2Wa8yvPRUPsPC9R}i zw@_#zphS%Z?Qc~>xRA^YvHyBZvq>sXQ!1k7w|vrg7ePSjPV+tRT}uNo85iyEFLK%X zTBdnR`AH#2B$LMbSurIt8MoA+f_?w|`F7)d`g=hN(s-ST78vY;@C45r?-f6_zHEV! z!?pE|*F29-mDp&hVQ+kD{glwG_|*30_X3Mq+lP5u&m_lDy=|ZIgc23feKvtVqw6gu z?aSU*xt>I=sD5or%K1xiYB0TyV?U5^FZjqO`z!Guk3%6~~Kp0~t*3iz7Lr>gjzr}VvqO`A;T8C{FrCa{d|&q#Ex zwZG~Rye{KH)*6g5-oujH4eBxiRV&v>QsUDRTB6BuYVVk7(8M$AZevci^G3^7%!-s( z4VRr!)7S5gp3X7l(D-~*s=-W>Bw~q=e?=%59?<{{$B)oQ1At8jIg7>MiTY2WXwHnT z)&~R5c`4PrRtTU{rykiesdih*e&0Z^bqVCf`dHK8kwC!f5E*3Mq$!2~geu~H%WP!v zsru{3)4$~`_Wvws{Nvzn4zm6<_!}>>QyTxMdQ?NV*1*-(au=q64XOO4udg5fZP_*71&djotpf=rDeda2d9E{!(Dq(cZEpw`^e3^6Pr5 zypQ4IoRd}7`La#}U4Ln-%%rC86|bVr-uCF!wg0;uAghqyV2qq4u;wr|o4&h|0@uQ= z50r*_FXN<}y2&sZ60AE)jfSs1NVjFmEfVG>n#L7SB04JRzaTu+QguQT=RiOxV`}~6 zEIlRJ#pwm+Bjl{P_j~VN2aN?e$3n;%XT@~pFSkmi!a}f!>LYN0@rUV1$B|oRRa+w$ z0(t6sQ98e19Y235!kon+&2I@%LF2`cB9>)(kv4jt;ty#{r9|QwOI#{MePEYT#e=_k z_0Q$5d;53qtU(6=JAmz;=La?F?OznBIzJRNZhf!yNJ-0TYi+e^O7A7f zp}mU0@)|;r4oCP@mw0M)z3;vodLGqtGCu_e{s=t|pKN+x^!Vm1_K@=!`Uco~*DaLL zyhG=AhIc)F1nKw@IU^vS5u3n)X$T^*2K362BHmTcO?^_I!)^%`3H29Kj>F-T@6O45 zOV?3VzN-{bx}kdE@ALM}tW}!yIhkvsszUk|6!*~6-*s-9!)mF@?bim5xtZB3WnWbm zG5yKA%2|K)UU(21#hMGaE@DSN8N=HdTTrG# zD)y!%lcu1(j$9YCzdT6Q0&9-V+QwWp*5d1Pe%8ZGzCQQo`AeZswcnxJy=$!MJ2nOp zy%JP@z&gmFvT6-xgKijS9%W_-MTT1$<_v-cA z*C(%ERXp=wI-vdGS?gKh{Kt$WIpN~^2SApb|4?7+=RbCzJ)Hlzmj@z+Uw_KgBBoY) zB|X$i52=A>n9FeWaA55r?w6%;kw_Ho0~k03YL|CaQmr(c#zcutUStt^{uKVC>2Wcc z&`+q>?_F=Rq{VH$2&q32RB4T&{u$1Sra8;h+OA-&P7YVEvQ@JvnE;e?)kY?9Ou{l! zf^|49gjt&CHIP^-DQiOWGa0m?XumChTA}H_K2?j|U`&c6nWNteoX`m+vC@ix)M4;1 zqIm<#OT{5-Oa&T~2*a^@mJ(E|IhuRnw5vdvo5Qvw)=7`3K##|B;OtlLk5yTkO_9h+ zv>65m6U2!=Ncq=awp; zKL_xUqa+ zp%W_zeE)c8?QT!Q9T4u`S;m@D%?S7guOAyOTASPJ?ALGYy7M8dv@>s*xCw@4YV;#g zWiVfEwuz^@MrQqPIC8mH3bBStQVqR&-?ao)i+Nc|d=+ZBRqurzY<9uUd#Y(-oLAMNuJL_Gusg4e> z2x`o3zF z7m^^W8-Q?B6lEEB+13`uuT5%VZ@<0zMd|927o@o>PJTy^CDVD@8(DgcCwvq2{+7|? z$6j?0yw=1IUDazeX^i#ajD{B(S&>P;O$*NJWv;_^%>E5IUJrfwW^)8PykrOP!9J zW_ckIoPk%Xx=G_C8Tx6iG|2#=11OOZ5(`5tth4KxT3A4eDaNHXV9#F)3&y1rGYP>~ z-@-FEz9Z=g15A8zm6BA+DD6cHtHhsSVQp2?(?xv(!iyhJS|k(n*f(r#;XlzNVOT!j z-9$q&d|4liS_|}sO>BP}=FhhmHaGs~fI#tsl>p^h2)Gh-~f0&XN|^ z>WA#;$L^ATOxI~-+SZTnmo%_eH>Mrkc)Fw;={k+1ZQXdjq=B`%k#=-rXGu5C*J+-_f|pzJj?{3%OG3f|_P4+`FZyj&?gNsE*XArVS4LEGWWrYkXi zM}LB?_lrrrJu_I)Z^qG|h-T3HR+s$GM4~r`d+3~IvAz%iGS~(u%BaLSmDpa;gs4C? zRjUimbSTKNaR?o^S`VE^-gEp9n#JpFjd-g2tCmk|?_+rIyk4{eY|u;Z(7(gE*&LXl zO2Shr3=QHf#N>?dOKNffTb)U7RxpmHBqJP>xtef z*h_o%4ML@3Vda4W6m?nKt${98@kc&3#!zUR41dCcK;_<`o+h~te-i|ZnBkpg&lTCa zRoxY~8CB71W9mk~4=(I*j#Fi+w4hgA8kP!;+rjGk_%x)>Es@C&^IeKu)?&zCJp}DM zJS)Wi-T>=-`;tM|GAH6MfY{76Twvlm8(JyizGRQ3%?C8IK$#UztxrzVD)+f%FUytQp>g&Lqv#InyaNj}LsDy574xLU9c$4bX%Ovt^2 zVxiATc|X_au31*y`Oel$jG!BBAIzau51xx*1|+=j=j$K!Z9A14u{6b5>^5s)J=5>X zDAd8#)xru_)dLflPhAMBX^!!mTv1^0==XJ*A7JGiaFXCTESHN8Zs>sXI{I)-V~Ag-DE$ngXJYOrMI>!9ClA7x+J zYn>vZbACMU?0t=G^o2n&of08!5qLL3y{jt({$)N#y`EKoT;Hb&8{=eCLpUN+Dx@kn z0IzwP%lVR`iYOjCw%l*@e>XlmJbSGf1-=%%BrHe9jqEJZ(^0hx4f0b%RxdXB$`JF zdBfPb!`{6eb+1LWn#)^G=mp7$5Qm(N$*BE+W~EFBH*w?P+S*bS1GgruPU%>VkBuwSRt37R4ugtry96xB4x79oXj{8 zGnT|%Xw}OtK&%1sy7VGEr5QK{f95zMhpUX}!b*#%xv;VB9?Yc7ep?+-jlQoVhDNUU}eaux>ba7ec!(PB)&ti{V`tEm6Q- z$HP_}qBXE`oMFlx}5CEQWYZTHWn(yGC0#nbDPIR-Vu8wQ93@kwH+o z*-|ggwWK#4PR}l-{DLJ#O5U*|lXv6!gGBS%h6LZABhD?jMf+|WZbe31ev^zvTVr>D zdBUbSi~S?~WqAv(6cLOie;mt89WeUt>mPwVmpl(SmlXCD&>;=ahkeJHdL3 z1wnqa+RKVaZB}VNZm0#FpHc0m^6gf3c4{Kbwdb<9t=xnkgXHanP)X8CwyJY7A0gO) z@qB%HeXDHCT(z7vSVxX_$WX|*qgo66mg}PQ22!kBf-P#gA;@&n*jG0F@&~Sioa%&G zL9j1rwoSgTLiL2C zpE<0bR3*h2%!-p^s(3bwdM>#AA3rZ z>}{c*J4q-^sSCo#P-04?DxkCRZJ}O5g@iIS=s3?sTML}z2~|qH>;erCT@x*!y_-*N zsex6<+b#xHC9FX$CCO|A#N0Z`btyofkV#AN2qGcpmisn*MK65#8Jj zsH9K2Uu&Qxv(jxF2&*)4w>ASyh>07u%h7_N4iIWudN;T4L}9aU_YM5x%2AZHn&>>m zg39zLt7oF~?uc8ooUS1MTMlNfCu5e#|LqsUXLb3%{ro}x-^+8ga(<$&Evs6Zr}mAj zrc^FvudQ%Rkz2joP%~*`%2;+@ea_sbu(q9oZLSgeb9Inz1j;iLKJ5ODb>(&DfBnSq zs%#A8{`l7tm96s8>N9kC>#+4L8v-s_HPHx;>G+(o$iFRvNp zUi+zI`}}h@bV)F9ThX*2_|p`F(onpD0)femxC)2ekSHtT*Pl^)c<> zx@&cLAx3uMp)!dIiuBc1(d?>wI+Pog>X(8G}J#!~z&r2V^ zPRDxau|wg{_A4SC{+pZaGGNApd{5*h3=Vt*8M-jo#BK3=U$#p{jZiqae)Hp zO8yn?x4(?;cU9gS;m|1KU#bxvHh8CYBp6=q!^J~ohM{3i4651}R58jMDkS6cw=|{o z!^O=4y6U&4o{9&>^g%KGYbd7Qmfm&03bn6F>x*f=W?gzMopibW2S=>l;fzj*km5Qz z;4=UJaQj7L|9`mqp#R;+b9GhAc3B;6#YFvn-(A>fC+H^nPP3Zfv@hL_hv%Bl^7%i@ z@wGkw`dKpncXppYYvzC6ewhFF@p$`xi_C(@j4$0ETpT_C$tWvUWZBH%V#gShZ(Pj% zA&d81%>7@{vUDza)x#6ar$o9um~Ga!dasGJO4r@}Do#_o0ohWT9krQ+KBstPOeOqj zd8M*UyRq$+9g`Wpp!%dXLiSfV615XytyNo%d#6&SI_S9NAes+M!ce_~jGezoYA?n) zBs?OS#8amn_Kj6_WDY|ZEzX{eC^cU_GCBvSd#Ri8)1qoTRH*#F<&eg5KM{lAar zs-AvF54L~%D_G9vgSN7BPIBUD47OHzjr)NsUMu4u8V_j+x27KSGHubSnd**f^o*Kd zz*p1)+mrH^0k`6nj@ACUH&cDL=|jA#q=CQAiuzrPbiILA^4$%!lJB}4$?G_(T7cNW zxRJN~%Y;Z+)D34=GD0C#f2&uQ_Oe%vo0k+^nV84Ip)8CD_?%~Lxu70(lKa(=AW<(UeI^cna zZ+^d3BV`K3dYVKF?!l=xN>I0b^8*dTHigZl4LE6jX zxNMZPGv_a^)I2;ZKg;z$vkvRK@~@=@F7y99ds;vLHGJ{(LI1m#r>6gz!PYxH{-&_j zy8xj;UccV^pDXHGo3{2>^x8CR;VQ*$BRXIS#CuVK;7YV_YcJmDU?ZbiRIU%IkR6sw zkKUDAhfukX4+WbkVJ&cAMqS3GP&{m`#5re@MJ(}3+gA(qvksN5oAHu_T^h5Hb{d-^bIk|C6)$6&1Y5)uQuL5l@L+bl;f22UPRn_^W*z)UvEu zskN4I*ev>2R3+*ThXv$MX|{KPX`%+fZOOPd)wI+rRkuQ_Rcf|^z@L7}a1DpbyX9E4 zfT-eePvL*xmW00BX9fAs;*@1nQTA@)zlXcqE%DzE@jv(Sw9Ef@X27l3Z~0_4OJ8TP zPJv#R{f1|hK^QSk7~G>*vioLogeGS z_6m@{qUye)WUmqPzNGt9=Voo*aZ^D@ms;S9X)nLVl{%H`=DZO2Pui~yadd|=`lL&_ ziP%RtAzY5o5s3)BAp8|)c~0Wv9B20SCGsifBgC;JkIkJbr`(i2KkgdWYL%*ALhm{K__#xPSAzxN%(54zTXal*!f6w_=Fvq%iQS)axm2KBzVoKHMj zI7(*qUSpi}>V2x0?yq{hjGplq8?m=+y3TMVY^q)|9=8wHvpX6rv|zOSK}y*4n;)S= z&LScNTT%4ow)knR%YS*<=THJtyC2`4^i%pwKVf3o5G|E^%|ZHV1m6mS^{t4$RflV_ z&})v>*CO>QL-oyxy{^%D{V8W$uBzz~Q~FepEIw5t^lOlK7Ar+$_xCp{@AMAn;z3#} z@LGrItC4w2hwGb?c&iN9Vv*N6T3?IQ^9SqO6nYB>=>IK9L5}Gkq%u5>k@;N}I~A&H zKcZ*b+m)dhE+2|Z%rlxzZ)?^7I%tLk;si%C5+jTNIXw&|_3xkLfLcEx*;LLR>0=Fo zPBWaqp@xJCiFzQ8d#G2DNIlf^c)o|KM;J5=1;T-I0nTPfk4YB8aQ+=;kfMXB<-FvJ zCLhW4Ae;GDsopvR?|;~pd{A>w55GnfNrrF~kz6)L9##7A#rdEay7Qm1Ik4RSZ(`i< z@ch@)?MD9R-DeN+Klk!nmG}RU-&Z&pWw_zBcHs6BSRAVA;8~|~fLV#wH@C+v>98V@R z^73%4O16VG2z3J1F9BG{LyzmF$fuSj46n6*Yn>RaCBN|)>#zA)S^vZOTCzLH|1}(L zH{w6GpFZUOznAB#dH-Ye9=gR>K(<}gxJ=u#cjH}8>09}hyf3Z(wQDbys<)`Xb%MN8 zJf@}j172aehhXneXB z8V|PExBRTI{$KOf*Ya7i{_pPYHu8TweerPr8hCoEdZddCEA=^~PaM-VF5DCQNCWb&UZDN?eZ zV45Bg^@6gjneYaoRch$*zMPTl6-kIBaW^$qY2O26$5g#Kj&O1tpfwy+zp&+7Q{mb! z1$?-`q%GXz#sl|ofyrOu0+W7aIscX}Gift$JkfVi3Oqac49VKQ)J?wnVYdH3yQWM3 z4`(Dv=`>@U+_;S;`v3Ox;dU+m&-0z<5Ai?u@@$|(EG6NYK$0On;GlD$aX}LZ>C16+ zj;BO~!3H{+QGrB}>-}^wBT0g$2^(vzfo9V!aBE0AofkQp(1eKKNhmJ!;7K^f=fRUurs{9T=`?uq z{{g;aC@=Yqy02=u2qJDCTIQhMxoFI(GMVi}h z7ur#PXok+995{~7LUc?B6!_R|Z&8C}Z!Z>0DN98-) z0cE0!FbF=&$;mmtm))>zb zFEVKQEXC&p*&=;cWdF_H(aG@-9W(PR41$df^iz?-S%+8V8qRVQjh7|}h9Nr0B2KW- zT}o-jT;CC!c>Nq}xr?(H2_oS`t^~I$EgAZQa25tTAu^Xyy4sHfI>UKx+C5WcLFz+^ zj9iun`z^Q->4n5Xzobc`$XEyxBP^gIP4Sc9ApDu8S1Dc`pVoZ2OlpHq!+5sqV2?FX_wt-cOT z$0_U9T2vE3aKbD-y#*O;BK6ZPYB(h*o%cJawxzTRs4!tk!Y);RBbKH(i(9&4+v|ph zRvRqT?<;*FWik2TZ?Hr0qj?3(cUThihaQt8>0F@BUy7coY0!o}9bGG82^7%u`qzwb zt$m!ScF&OB8OaEVK{*{0t-~--Y1jmv#h9cl6GWbEp|dhy?HOVmoq66QrCR-+afFrT z+K)*tXXp|q=Sa>tE2c9vB@z@?B{C$5m5$*tU?DV@QQ^&%EhGr3&l9iG&j#eN23by= z3Z)bq!9liiVhjv2eS^$kQ%{j!@+rq^VGaVNZGZgb@aLnwS6UhV^|AlUR5&J4!KqZU zHxo2gYd2+?2!bxbz=;|nk{NQ-EOvQu#3R^aA{;*9I5u}X$r+X?fqUK~mSrT;J720y zA!m%!KS->!KQ2NT0U)B%Tv@i|>3_b)N>%%I(m3QEi88>$S|d4&9|?4D7zV*RWsB2n z!jwi|rlO^K>U?yh_=yOK4mpk_jfg-oiwf0a?S8+B9$7n=C`^O>F%hz#+Xj{0BJhMv z3(RBD$5X6kY(FL$#Yvw{`eq}qkEO)Xx!4SXW0n#WVNRS)BJnxNv@1t*=2^w%DtST9 zwv4u&b*=)SnkTTkgjnVXUJk9H9o*ex5~i2ix0=JWqrA|JrQU2fvn8s2`pF+^Dx5G( z5~Sy?nw#CIg3RQEpq%C;p&1eAal)ozt30-!#Yl1-5wRJlzhg2krsYY0yZ`5z9B}Bo z6nM(68xt!*NsI`UGr|=eotQz7AsgxD7Al2}k~LP;DESly!IRfoL4Go_tCZIc76^OQ zLlEN1iVl>}8+o6!RP-oU0+|_Gs$3J?M73QVsa5pJ6GNXTPe$m&$=gGqQ<=am^iuk% znPW$d#E50d9PDZlah&UAr<{xIGP9%)p&dAox7SEV<#%-ldf zVL>Bw!gBPMT#%&B;wLqkRB1v{P;tox#d;ajU(b-xaxwH~huKRLmhU)8*@g9)o@GUn zoGFVqCFz)OD`tg+X$gyvk_Z`-C?$MK;w>Z?q7yV{1-ir;tdc2<>0}P3pyePq3a`q5 zED<@0phS`&DoHA~%qEcih-~^w7M} zI-gs|a3YvO^Mb}i=;Qe~LFR~s5+G6^r5}@oU2Z9w&PbA%GZ4{K$u33j3XfaH36WY) zQ?>4CSVD<$f}>ek$jlnAzVG6&kk(L5%Jr^9WMHSx!pXVsCMV=230j3OxQQgQA2k06 zqFGKzoW+>Oh!rv~z_ryj`9&Cj3u;2J1TqQ~Yu2nv{{z`7MN6k42+#v*^iL4{9>!W9 z)xw&@p)P8wYp5UpP7{)_QZ(O`&KnaAux|lw8Z6AtZfuuq&v+0;G*e5?$McuB<7bkb z5ToZ%VLZJo69Z43-)y)d9o4k)0H%=<^U@ouE$5>|XZ9?TVgbXnN`jij?M%(AoNzf; zBsc?=Ck);YJ>EF8Zdr78p|_U7O+9L?wRT|-0@L0o&~v(MQi}t-sDgF{Zw%4hgnA2- z06sfOaEa%Y4kD#Q!9q)=(zKK+aArpJtjs~l^e~<&M9!S#3bkw1&s3Q!joq%;fn-Xv zjx|fugb1Z0a?-v;@*zy+vQXhwo6$HxnXfNzm`#AE1*(Qo?tOISx{)K?1w~YON7KL_dX1QJ+(w+3|#J5 zIx~}?vwr`A@UgP6=Req$;ta9eN!Hf>D{>OxEoCDEzCl_flB$`Ymte?@M6+q)5CJ5& z(B+IqGi_9;aa0<`B`cB`sd=Q71l1yRM>VGe5>TumTyib zB{c0~U{F-6!RXnu=P!q6&e9Hp1Ea`93BlYA5C$bb9zA&G9_ZGF=R(S?d>DT4qsBHq_`U;P9}ttEFuFODZ2M@ zA!ix<`^SKfaWvS}f=?O8IL{NRxxU(S#pTLE1Clsj6y|O-ou)-<*()xWTmN{xMr_Zc zh5o8qQ%YV4o3QTI{MrJj=>|>4L_jO7kb=g*tCpu6n^oBB zEl_GLox81rccyuJg1xQXF7dwMf-&^^ zXkQ|Zl-wm3iZlM9lQl?N-=osPD5cwjaLz=@1Z>WJ{} zg?&P#kXVY_Gq2A*sQ*zmc6+{$yPoM~i*0j!H9crw?;&4@$=wEYKLJN?gSCB)!f|^7I=fuBR%&_PAR+s;iSyqwbQY zeWY)Xn^lkcrbqu#e5^Wtk2;Xo+yZ7r`$w-t5bT+_2}x73R zPa&iOgtHit>^C;ov1;4laJU_At19}>p;GVlpF2VDFM`ILoonZfJveXOLo`EYrv91T zDl?mHXAq2I=>lhDCYUB6dIej12un%QywXFkFdaPg#e|xfcS9Y&YEU~1(a#JC$uXVI z0FL?c^bE#{;MjKX`xoJk?%($>!|fpW5qwh7Qz>U#09qzv5#kcA-VY*|?T*%oMu5$0r4sOiMZ z^LHP;0L7}xugw>S%&iQu7dzcG#Df%PbV7tQiYOdKv>W?WS|rQBajyfGA`}*!nra%N z19QBhkb3)|*29Kp-vvd&(1VlDZV_3n)^1G{=78qPGe$8oj$<>`gpJzJ+Yuajy0~X! z03teQ(w%Za%THx!3!@fGAta5?wUeuy@#ZvSg)CdJwQ{FOniG@;(MGf*7z!K1;nQa~ zJ7G+PD2Ny+K$}kN?mDsiOo`nS6MZqI+0^dfpRK&MIad2c_@O5ypxQeA;-y{3U%U*T z2Ej*jF!v3?iJT!wLWEx1wWNMBLNVPTi_yU$M4uBJD~Yik!hbg-RbC{?V7NWp*)+DI z9|~=cJosAWrP9}QR;TzTrz@c0=ifj3e$!vJ-M$o@G9lRozY+N3? zK<3Z|(uXb-ZH#t+%%O`gI5EBskRk~MFTaZj2M`;7qiijZzAY8w$%s@3fBjlhHAqTriv3a}*Uqvb1CjD%Hno zbVMf*DopMeC7qr;(aXgnPSi?~B>DmqBFve&a>?j~r`>MUL`8zNln4?&d1A=;{QK~! zA>+1{yrn1y9nRmeB9r0_^?x*9 zbgDgZ=8C>yLLOo{TUb(%h!eT6h!a}k--w70C%r~}7_%Acxi2&Y3WgBkaMP!dv6#@fq@IA$-w@kJn z6hf$pc59jtTna0#IH$Q$fviVE%{dT-nv(&uj9e0K-3CrkZS8thUr-b7q^+1ut6}vH zMKP}l*rm88u-1rw~43-ip)wpnw35a|5TJ| z4IBnF$c+sm0~bJm2Z7klB|nG^7w>-lvWBI-_1rl~ z?A93NplI3ec^z5Cg7Lq(YfTNMwrWhKY!i=F?e-#hW^GlozkpyQT>R{K7aONy>%zF zZ8(KA)P?91EM$KOY5kpAKSDy{DG7oNbV3x0wc&Atp{??2|8$l*dxIr(@#B+U1DA|+ zRBx;2<*w8yhTeDd`ExG_3^-l48lng-jLgM(>Iay+N$wfA%?309(C5!B->QwZ|JD37{1BTTgord8^ zcXZW|-ObW6!w3@5jHK9O$I=%DcFS2AB&)l7=FLW<{XBaX4#7FeCg?){^eh^!8pERd z-4)3$Mz7!hQ!%-mC&aQktSvUlgHOl{%&8hTBj8kTzdQ4xn5kl|AGgO!CdvjV-L~7| zi=mr<*3%!=kd(~gzXj#2yf0l@#z9p}s|B0Q6LYL1gSOCP=Z6vs=!@s!(77+3J+-#T zvt6Y`m!#Vbx9g;zRk%=C~b}-RG90cVDPsv3{L$KwjUcBj@?{(+5A! zgCFO?k7NBfC&pP|Wg(kDHX6@Z(q!C19D_9o(%22}mKjqFG*tR`BokOx`xC}5F^|3N zVHlJ03n)>-o(9>fiBBC}WDXCCjOIBp45XQ+${LWkM>2Fa+<5`04Z*`q%|<7L_0!Cq zPN`?pSv?=aAYqYK+)PRa$^L)#zO_egn@KmH`&S6#12|r|XLMJ0IH>}+Yco0KU?`b>Y#k0OrHBSiJDb}wqI~JT-~b|Bm&_k4mVLg zNVz@fVQC2a%T7HDVt;mwsQtICz4Uda}BcCO4-E%(~aQ4oZiz#-Vw zt0%X`AV#5!ib0&;tMg10-k|LMG@Rd{XP43siS!ZqBpJ#*$+}$_^zu-O@^xv9Tw(P^ zBqtfQdLeRs^Xr)d;|PgzJV%jtl|RG_gE^6WI$laq&1cW0FIaNJ;Ayr`tZ|$x2cnIq zd^g|Cw~TE3bD>ZxT#Xu$)ju+mX_1SaRW|X0n?Jt)@Z-y8ybzInGz}LLz*7G0vCW*y z0prXAMH_VIX|)LSngm$W)F|-j)29x@Kz904BFSx-iu;`0{_fSwA6|TT_44}Fn;(Au zg>;lU<&&bprmKo3*>I}`phjJ?b;#W~nBYXHk+9H9_OSA(RwiP<%XO+xRL%KR@mge$ zcQ13aUUF6B;0)JnmT6zhvCjr^jlYn%9@bX^V<=*9b8K^Qy70Dq$u!*b7C#V?{(0T> z7~bPJ&P9b!MFT|+t9;q30G=zEpi1$fRl_41no?2E)Yl%jTd0KstLki)GM<+zE)=2| zqWh59E}J|le|*o_g|oJ?4S?h$aEdD%(oU2zKj+=AdT~mecqVW4oV#-Q3*ktJX7 zv2b56@3Us!Bq=v+JQrLZwWk%BPf~e6e9I!geb!Uzs0*-zlLW;NxudwQ8FM-EJ};7N zF0=P0j_#tIK@qvZnQd7X9J1W)wnvoMMs}c03C^P+uG;$Zj4u0_k4dSf638?@hqp#4 z#ZIU!`8AegIxDqFGPESajUNUjzvUpvz3h^T$(HF))rT_>Z^Pq1<(}mvPdVEJ1nAsT zm10lLG;+yX*PqVP2-hFZ%#w9eOYz~n@oq?c2>OlTKfZr*M~`GuaCYRGl%zPKF2M@k zJ`AMWOs6li6^$4bnm&@GPcG(JE9SYfm!@CBxe(pD4|JHZtZ%t_T53CFwl|thuli|~ z+eacL-rdGeQGhe;ps?5pmN;(NV$*xY#V6nx)8}zoSY;Tid)p_j2wC7(MwMNd&}q-M znDVo^l)7d|m>lwnl1z?XUQ2`n>oKP{8HXZH?d~ z-k54qTC&JdPxN~2IfdzpDUxJ=$n*DdId-K{Z&f4}r)Z9B2d`XOWOZeD28uCA%B*h% zvZ6i7Z#g}kxv1*)Ahx)-rFZA;P$_T2@&aNx#f1p9Ytkygj3mu-n2L}sb*Dx|bJn;v z3TKb7m7~DrR=zUE@T%>SXT_e%c3B~IqlnmeB5~_JU4~bqceY|n^MZ=FQtoi&+HqO9 zhKkrIL~PhZ>Uqxk@H|Itr8vIJ(HKIwY{H;mB?Hk+)dinck|A(k^b_fKn^Fk2%p zin}hzd-682%h{7m%uI0le5j~FcH10;NEzt=7Ekz}vhDv@X5K7q=R8i3t-U;egUneI4}eG`GkhGv*hi0 zJUO*;6p^@5=$63r+b~I=CQa$yD=Fq#pPx{BBLQ2GOIiqAZLr1;mB?*e(Uy$enw6S%p6gtHM>1YRTZiDjrX8;Nn`yYR329bc zW!0e^7lrN}3a&}IGfu)PB+X6WeO+B$#hc)YUdsNvOhV^#>2>w)aJb1Op1?-DUZ7Ji|IQWg@~<()jW zC@OmUybSCX;rb1+oJDp|A$4$D)fCQyu|NBq-i1DC-ia|vOFJ{WC8aTObMD)_$ojJJ zaSnM+Tf&T?s|VtgRyqR>sAmOn|l#r*d@j&1(h8=P{NX5uCHlSC;# zE%Tyguks^B{?aDeUxERIFZv94vJj4-%JQ3oE|OjRPo&m)4)xi74d~^6Mcn^YS%&)0 zlhB0xKUfJOF0EGe=h0ZQD*9BZxK$2wU9IY8Ey~v9^WVY$rJHLv@xPbl%n_sr!U_A>tCtodw&ts!CM?VI7qWskQQ=r5luANe%-OB;b_#u|6G}~!`Xjz zMXuR@6$|)(3ZneaO*1S2-xPK5|J}wTJ zWG3YXoEJVyl3&RagBvgSI+OS!&GZo|PSQ&+ENj`Va_nETNrjy(1KzlT{`?^yp? zcuy4ip7XE^44`lQS7Z_Yqv@If>;Dw=xcz@K_6@!z-(ce=KvLVWRr9~%@Qz7( zzk>_7PybhI_;1D3!2UN0J$CuOX9GC)@SQw$@ITE6l%rVlQr}yw1AY9jDTXNj0sea; zn$rJQCU0ZkR7YKNaL-Lc{rt~CSho}c`uSfG?SF;={67gzr~h&6pM6rm`;UV9`Tz4G zA%(RLX8)J9di;l?1O8_cI?nzt)`x>t;8-+(|2H=F@h&1jKmXV4zp4iDACu5g_J8(C zfe3JX8pi*0twu%d#c``ZFaN8m!2h~#!u~%A9gY9RqNA`19EJM%-w$t+GPl%0_J2dG z@Be`RnS_qQ|2x-ifQ4aS)XD#$J$9>aq#piP)EfRH`v?3#1x?5QzITrUoFs3v&uT^B zdtT}x|0VX(!+Y$6ft$m8BOH67TO2cHMaskCm^PD0X8lc!KitMRxea}nX0@crs|k4Q zb&MSRw%VAUJ>WJ?qt}>)6;Xu4V!2q-pA_YFi;wS3yr zE%xu|n*?Ll+uJ1|F%s33wyuMSm_dKI1w3FM}9r|3} zG0)c~>BUb!y!-I}KU*dmGFK0v-t`~(DUO3|*eT;({~{Z31>t)$pS&L!HUq#`z1pD#ZzNImU)W%k(% z+?DjAOr1Kr!zpr6ib{d8r)*g!CUS8M*|Kz*+|sI;t(~9Cmx^Ls$}<-5a9OSNO&{F; zz@~fhqSZx*Tdup$2j(K{!{SoDXu0qX1?UF5bNgW>{e=CymdlFeeZ`dr;d)!7$>o#e zN*^yS{vZvO^0xHxA`0E);<8STxDBf_A4LV?0@cR z*5iybGSMf_W-jhHQ@NFP@y|_|B65T!E=?|^EnmKE;tFAbJf@UZ_>SghInD7vvpl#r zTRz<`P6!YFcW9GmIB^(|zqcLcGVMXrW5{Be$-#aUy7{%)SF!DAlFyedydB@S(7edz z$KIHLCZYYve=NOuix}AJ|EcBww*db=5$z!V@sqxT7|1f{gEY8zX)yHhJG{F4Rd4r;@*7Sx202cbrg+3qQ82jj9CH)V@Q;9Xu zU2Jb|iX<3O96C5j!t(s*1qbjgGeD3e7PwG_~fFttT?gz4=TOy6q=6p4)hwfH1C8kGm~GNs`{i;pXPHOijy9h3+*< zlF;!`iG`yL3YCoLL6SkF(C4m;8LK4rpdWYMAul>Wqx{=(ilJ202h*--}i!>e?=}LB1-;oveyuV)5cVi&MkI6C!0H_&a5QOb(Yw~*j_GWq#BlPt81i~ z$kc6wuqA7bWiC})ajiA7U4$KsEmb!bmcB3*?5IV{>2)`ZmT14*0yE zLLxqHo~ol)Ev8Yqgd6s^1b}TWG)1_g%;fj4mv6fsa1%#Pck7C-8ggs%WfH{3=4qXe z-UpbA(GTD%-M6$WBsU!1?EE%O``aGhWm>hQyWyp-w9jR=VI16x{6L@c=D)As{`T_v z=eI&b1h(~Gm0XoMtv&3!%&IJsU<|5XKyH3Z!2i^-ovD&PH;+MCD!i$4E9pX0E%S}{ zBhOp45R;NB;RxK2HK+8YpPQy=T19ga13~uOe1jHU#YLAy5Ynn}Fb7KOuRZR}edurQ z@SAK+uPuvr*-<(nWMLE<>|CGcg(+~xKWO*@Uu!_3UpciMt{RLF!*(M|UW)H(!#0;b zM*xv-O{O{y^!QMCp?T2>!XOPt_;p-zD2FCuGi~KA|!aWk_0Cr6yX|Map(jGO9_A ze53sFx^UAaK}I!!QE0a~-rg=JIM$M2^R01*nY{se1azavEcl;u4(3X0T@xE@q&8ojC2V{tqq< z-zWd6V*U@+Qf0t@PePBq{?oC?=iF&~{;$V@%+XCF7_f)`^;-QGP1a1X|4c$#$A55> zz4s^(+BR5#x-CFtkai3MsY>5l%HM(n-XMdMFcKEypI=C`KVB0kUQ-AD&)+z>UlkCQ ze^w=6qK-KyLHyiX(M{x<>@t!a;gZ0uD2J^Rn*;e&0KVYn-L&jtd-j|jmGq(@Sat_p55P4 zfMSj6SJgXqhtpfU;W3|u{#i__6Qc-U(-VU2<=>%wJrtf;wA2)N!o1B87a3 zQ?3E6QhUe6Vv)Zi_45tloWjv3M5ff4a$aG}d^EQXU=gr)!=p#4{98F?3*k2{0VS13 z4-ap7EIlTrmy55sTxbPb!AZPFrNA^jRB=)l+_mbOFyy+l?0+*;99xh&QQD{c-(~>l zlmBI1^#59_1@S+V5X66KFScNgEQi|9+yd z{snT^rmd^Gp*gmJH4`mON3{%PY00jl+h~D|wXWdB(v~%SxkQ$2nhQnNk-b)yZW#~B z{y1`2e|r7JaB#bpKjIk zKSKfh*CYh_-%e5YgZyuMRupA36ADdLm32)qRAsR=G^E<9ZYyg=S?X9@FHL=Iu3g79 z49!?-s)Mwpp)Z!$vDeNcQxqZp8)%CX2mP-%4_uG_ z*O33sv`nb~ItfAkx6@YoB*^~;`QIunLjE_P;k3W~zda9JU;KY9|C=UjI^cgMA;|xB zPSU{m`5(dm<$(I(O|r-Me^b#!{?}y%__vX ziX~Ibi^xWqRJ26tD*FuBQ3$Bo?kypps&WDXs9 zskUpVE>>h6TaM})va{5ehK!1q*&h)91BkBEMRY;@55)gK{7(-8?W93ulL5W*M(JJm zDE7mfD0CB{QT~~{2~D^x8mEdm5j8bR63u zqlkLujWBU`=d9jV^CS+QqyDBlChUwsct@l?=>L20|JU<>8&Lmc5(5AKnW+C;&j0rO zKfDfHAOEYSnE%s|4e*P9ph{T9MNoqSjm(V5+ z*P?}EF4FJpNWV9OPyz?l=JGwtGte&{a+VfbN^hNKVGT6k>|w0HT9T zYyqL;T+~1o*#mQU3w|SI7S$8##t1FI)v%ma<;ROVyMeTbC^h z$;gqHy6fnQhL#Jw&~($4v5IX&TbgSbEtaxTw9Nhh{2$=|0RIR0zwr+R{9j`y0ROkw z=8uH`6O7`N_~$iV(1H5P?~cO=-H=^=CH)j8>4)%z5YPIJAoXek*a@YZmDltk=62Qp zdcj}Y;J;MMGELC`rXaw7or(Il<@|5S|HHvwL-1d!82_p3rVRW)1sw(dm3>KXc++kb z`~^nb>1YK1``#Km4~~!Lw_*5s1O}{!|8?0gMEsYb0seCm0{qw6NC1HUf->;zVgOz6 zEdl7_aex3$6?6gM3IJD}EA2!6@56xf#ee8x{D*4kfd80=0RM3=;y>U&8tT6*nx$F` zWG)T7)?DP8j&3=~S}bK{DZ7eknn+V+XKk$)vSOQ#VrjOenX+!mi-ldvyzCFae*pdi z@E?Hx82?bfe>8UDG2%a%lq-1FWBfi1Bk`g5D|YG~XvlqtM z)H9qMio!RV4RT|n+zBu6(ie@Jn7G}{r7PPDYLnJBnGLf)mz=1++dQ>5$%7q!T@leb zeLCytZP$?YynC&!v&YQfyC{8l>BXz+CSMx}NGY`!{l57Rcnqc%xgwO&aA*qNM|;jd|oelI1h+HDmfg}=Of zTnF9*tBbEx1Nr8Jpl_H)tp8!)Ka5NK#b`ACOEq;3 z@Ly*m0RsLD@L%j=z<=>A0siZ8;FJLWb+~Q={tIXu+FJe}lK6*FkNj`wx|sjR&>;S6 z8Up;+xrqOO{{s9M;J*O>1^6$(e*yjr^8XwZbamDcqHhTnw6*>>B=HZU(fA+L)MfDh zPeOqIITQ77%lRM6|DzKBFzVxf#Sr;llL7xT4NZpsIrfVJHBvwSk;5NyGTzmu&0Fmr~<04*YQqD2l22st?9<3ON} zL*h0L1kE@h^hMdX*T21a_2!qK-~9ZcsdFpoLQ^gCjrZf(B+Q9%LZmQ(>4~mbGetPj zW+jOQ`t$1J`fHCn^X*_lDt7=HWDsqy|1oi4_xum4Caa?Ur>X|%e^bzw_>X?z2Pl1$ zD1FiZ!9SPvsrvN7-y|uH$+pW0nKP+RsEkAzlA6hDqGesAY!@Y?n&ikg${()_H(e5B zR1+A5cFjd^yPV({iE<*}8h5x!0z*;swm4k8dYc#-iBhBRr2cMKgvUsf75V14!(ww) z)4(BFsQ&{eUYr2=A7Zp#drq!5vG4etHsd4E&inrW0BAq{Q^bFmrULb!CLzFoo|7~% ze*Q=E{}uqyKK@q?UBrKCGQ|H*LJa>|`f3iB0FL=3US#XRO470eoW+B;b8yxT-llQv zu{uW@#s8VCN-+_mV4!{aziQO#zsNGwf1ZQ@|9SemKHxul@t=AAw$u0$J7;9GuEcMG!;WO zY-NEJS9TUia~#<*v12%{<>=TlHOtbFjn|rHtR16hnf(FyFG7I-IynC8WZ+FFghD!L z91-As_%{Z;PdDu>{||rx^~nEwgyv zWHkOmlVua|pOX;aKh9}47(f5p^8XkZNFV>3mgxW0Gm#MZe*&5i|4|4VRdg|BWgH;e z$8N51NmW#D_cf*Gu66~VltVZ@f0=tK`) zzt=2xk(Cc*Sw852ea-(E{@)~cj=y?I>IFCRLUHG>XkHb1_kT;={}mbhKhsd1|GQCH ziY(tTJ39qtsj~bg=Ot#wabk>8T=3bU78K$!kI@ft#uOhf1QRd)K|aNcKibQ2I-4X7 z@8)^KRTEXsI90o+X5E@KTBDd9s&Ywbg5tW$&M|T44VfHWmAlJ>cD{pX^5X|)wio{I zbp`kEzhNkv$p4xO_|HjAoqIG?YahpF%Ds$2h?wYPBsJ+mk$di|6hbaDZoN2>bP~C3 zmzXzUoM`mAG|4S;DY@k~MCiz+A$MooLd-eMxQ$_(=iSp;>s{~uW3Tl*``Q2O^?Sa* z&+q%&du*Z)JwUg+8mJA|Iw<% z_vS=ua*IHfMv86PmYt)vya)Qk6<#K#jq1-@sP(&MOH%zxXKOVDuw0(+v2v$w5f!9g zn1j~~px?VK7Lgzk7!;MQS*C*BE0DeOLl|q=_8qkiiHn_90=eo!QwIDX&;A+Y;anQC zMZ!-$d_%SD5*RQ&kJ-Tp+>rpsoyEbeVzEIe^PyQM*ds;o;QiyB)_O2^O#T1PpvtE2 zPn74&@Gtk zmF3DeI%Dx_!MEQTMBptyoikomOMFs@n~PHWpVN8opd^hdd?;&N3Hw*zPHj`mdTdrg z0KbhA-1IN-1r4-CkurEys<};zbtFLOeq7TJpGfTx_pOmT`}zc9LAI95`nJh zPUrmZzZJR-17%b9Z5A=pxethLR``jmKsh{PXcw2JkC(L9z`8CI2b^9})Msj6`RR`5 zB}&A>*L8c8r4;&b$E?_4v$(o%u`fl!R{e08IEZwA_0y1)(PGV-w%FtbvL@i-^Air= zgO`G8P1P*vk^!>^ZFC00?2eY&{kVCoZQ+Id9rTC2NsEoRgQl#L_r+WSC0W%TtN}H6c z6`LBq<~xB`_fP2~R!pfg&qtgIAtfrvPL>y88_Fbb!XKb8dHq~u`=?CB ze9nRuOy+y+UMQ~9j7+1=JHe|$)#Vr9ve7>9+n5zqfNii3*!k_Bfua)zqBg+aDlK`l zkbQR*3Y-x&g8MF5?w(zMba_}ufjTk>en$b<{=3|zP+7R$BN1zFK1&G_m0paassxsb6z70ZGwp{E z7qo9N5-{taP?-gC>XPtZBhWU0;z2DeT%5El1QF@ zWXuu&-l~Y9yViw0_MF=uskoG0Ovd|{UUQ#FoqEHOG9@cd-jyCOuBpEIW$Z(Jv(sU_ z8#wy0x5QkrAuPRr=F!J$(bTjjy;>asjXZ74Hg^)WP5xCqmRIy$mA}2!cxiwsA&k2D zYx`sWPhIwp%B+&H;Vr#MW^5pfZ^|*}^jhp)426qSmZL#7Kaq9JBOJbqm*%#2)28`o z3#5<9R+%!87!E*Y*9THo!1EQ_zc+2{-l7o44b59^zZoIQqDBJ&7}tNlin;?0!}w~L zA%x^b1gRf5&|4O{jHiI)ZWzAFsM2togG^&!GC$|^J=(#wLS~~bM~`9X3{k>tJh`zU zJZf_@yP-Ia4MKphu!I@V%!H2UeTQfdBhQlYe} z_)EAnk^4OIX}(9&ZPr(+LSt*P&2(RAOh&Ws#94W*xcBK34pF^1fAkgg25cTpo&Qm( znfA2iie4F>y`lQxO3T~G6v9;=z9 zxRitV*~6W!mMg0FG#5r7((l{A3;&TOXqxzkkbV-Is*r8Jkk&I{WlIQu_eU<$x0Y1b z`||niTk9mj@$VqK2b3%pIsqfc;5SG^5Jv(zL6L6BbhFpRHw%Kc{Dix;H6sUXKb?uf z5$7|`mSX-oeyN)#H*JCX{qC zPR{q5a=k|WwhZ(g14|X!%md_}x7!7Ou0v^|tv!wD;RrP?u-I>M+(dG)xZ4^kB<)#ujgrQ_=<1gZ~Bw}S5E{&vwoq1Wj;dOfd zpt05&%#yhVO{v z%JdX?9yN4E(PMG^^R85x57!KxrSEx)HmZkY2hhv)=$I{r(lTuj28HNNU@0;K*|_{P zsQ2yc`9i}9zi-6Hn5PrLj#UUVBn_s9I*7Q z;1PS_sdl-7y3ZLK0?_)C!9BNMxjjgmnn=)0%U^n51c4K7&29Q-qRpQ%mH@VMI+3DB zSTNhoHF$5Td4EBpToIR7iCSktCOqswo?cF+S0{ywE4hsqeIqNj^zJ4|$KH5egi!WCE)U;{S0y#MI<>$`WFpnXK zMqVNq^u9rYu|GxT=TqQ=t%xrc9IscIF%Z9u=22sXW(*oipTE125zHCEiwGdcpaoDs Pp#YdRKT?G<6h!?O^Krrx diff --git a/charts/netdata/charts/opentelemetry-collector-0.144.0.tgz b/charts/netdata/charts/opentelemetry-collector-0.144.0.tgz new file mode 100644 index 0000000000000000000000000000000000000000..258e0f8879e6f6a5ae4d4607f51eda0e650c1fae GIT binary patch literal 31766 zcmV)TK(W6ciwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0POwybK^F$IEtU2^;h7?+0WQHmSlS#nN@A}`}KHc6W^VOukB>- zRw`vfBqU)?5)1&^qd0T__FHH?2$G;g`86{+W~wF@2{amwMx)VabhDgfk|ZQ0k}n1k zOA-=E#zzNp%;j)_)8xNy{p{@Q?7VpP4F12fvs3^7&Ubq+{%iO7?$c+_cV4{M+5NAb z-4{F0zxyw=bNi-OKZTH(|JTl~+p2f&D|v8Ee694BuR=Q#WZNjIQnNXAv`0Jh~Au~WQ^ug=3+b=Rrqa4*{DY& z1-JD(O=qKo&6ucu8mM=J3||iOY}QLL%_OE7;bPnypbV=f|Wfv)B>nu9nHIgSVtb5=OmKJLXmp-v!0|HJc@AUV+{ZnBOJpojB-u{ zQBAqVt9WgrNg>g}{`>bIPJK9>r0kOPHVlAjr6D?;s^N5~Lus6-PU39Q+dzUux(n(} z5XLqDh;WuMsaoxA0I7A+Av(;2Bsku7l?Z$;dy(R-z)7+|G;0z?F+m}86(;9|qbVgx zERZOa00oXzAA1|f6M3rNWpipcus|7!h!B`BhCPj&821p`KnJ#(QhBR5@ip%X&dm)@8~VsznF@=>`ul>9r|F#Q;~ekchN6Nzae5X;Q8 z(ce^~s((grP-|8XA%sY#L`6JCQ=A9_uV@w}MNFKA@s`bm|9u0!QI%*mLsH44D^4X5 zD4LV#B4<=hEt;XxCFY}qPDV_UBx1=3&6$uWrW}ASh6dJqCW(d<&2ctUfNaB0grXu0 z4`)nnBf((OA}V3ZLBr~62(pljlYRO^Xyw77BeqewzMQooH0&e)Y+GY0Loo{wtaUsyhRNcjuX)D!tQn zTBbpR%%xt9jyO|9&=glv-uspkiDN8rjp!FI1(r&OEL5Sq0w77W)HO60RiZn|&88@& z8E~u-`7t_vwSRzkVb=PCq!5zuW2W?hha7{lz@Y5qpzP&}(I~6$yV|YNX#@RhPBQz& ztXH-nm|WzeYiF96mPfyhS% zT`3@LGQ$uPBY8~w`$=-d;B?k#~wNDXhizkAR(6|X<5K8UWzkQ?w)x6z}wG+M`qg}mu)ppwV44j4gg@ahPkiX z2&07Hm~cdlBC0mEg2*CQxa1so1;s^aWV!oMw`A@*>Zbhi`PLBaLBX-zsr#;bJ|V0a zkEu`%yahOKtU7P-SZiYhtWlA{Ig5oxT)-}!M*b3{#}+IRc0Y+Tq;`+xwsl5evj;F# zeq*!YXp*qWD8)1z*-p7XOm9cWZ}wlm zdoxVqjTy-Z$C5bS98|XKVxWde=~kCCCh=en`>hr1TaMssDk64C_(JorBC7r?$j_)p6E>!=;i)m-xcMy`lw+<`um7;Q>k5N}P`QWFinjgk6P1Bx?5K2jmo zzVpC=)g~_3cxa;u=u<52S$(H0`tGNbQ@gpXO^d3T=#pZkd5{HYMlpKANrD$ol$5Jh z1D#26zmS+qZ*qW5Nfdd`xD?Lb26_(&Pi^_q%AT6<+KK|Z!t9c8)0G8I69v?E`#o66 z`~4bW^k^qo(o2GJtfn19Q6VHteL`6zz+9-&WN@^APJaCG)7#gj#8)zGQe-h~@v#Br z$rT^mwvz8u8r~3~k#Yj`Fmx6Bq50)#I+;W|@1oEWf zu(#3MK&L+*o}dp$r-vWjqr(&Q=Knc*bA0&j&HK~+w`l+UYjpC{tN-iG!6`cZfLSf?r6wIH4TXp3AVhOMIT@W-~`QK zF%?zwqk?B@bG6KvLSyvHuVyK>r&;}vgO~_8z=fRm%{Qb;K1O}PQi9YcB~;XB&74d0 z2xhF>qMh|z-<9y!01doKA3H*`{jUM5_BdUs|E!C*fp|xV`_QVGmkZsUpsm2&5zY>j zk8p1Ty~3h(g;KNlq_(=yY&Jxv3=t72k>Qp~nhA-sNZTQ=uhFMZ+hCTzzCK5PW1P;Y zVt=zT{T-cu`lO)$gK6_PQZ{F=6zD1utp$UmtN(8_O763>Z z?J+E3W*+Hbh{>dwjnVZd_#{atz^>pKD&_5J~m0qdU&4gYO_>prqshUz+V4Kq*eT<}5uSp@T`jZhQ?P!-G=Jr}NpS58~h2%V*LVm44pbidsBivrrWM^Wz3aA?ri z&GijD4I(EzBALW9GDa_VLQRRBUXZg;gL}`{YS0JdH@o+|hnzZKM)N7k2rU+d_xBDJ;CEGy_&gvRwTK7!nOgW2JDGd!ffO>bPUke}m0s0S{ zoGo{YLEd8^m2+lyM^ptHVeEIUFrr_^1zo1zMnf2FayK4B2 znyM?fPTBgk{U!oY>?VZ8CNGktj;CE+n)o+I!GGpV1h5ShRN%+R^}D`gDZG3st{K2u zC~O&jyWLn3Ef`oCdmj1~8E;EfMR4U4ECU`1D^kT4QnRp)>R$?C=-#KOZL}J`>*Y!+tytuH{?{5_UPV5i6?ARf6AoM{uCw9q?oDlQ~FU`AK-72#0U(Z+VqAr zVQ~Vy3C0(XXr)$a&@P)phk%SGLd4RPWU=1vYj+vf7=Q!)JxQ!>LW9)44&aMqZ6yjE zNprc_M&}kMqU|;3j`yu+5oj;I()UC(yo)5T&ifB`h@77esKtjT=>3ON^zO~^4{u&; z6RHL?7Yjtag{>=()#53@;HygXkmh6*y8|av% zG>Zw>ELd&|>U#So<4AxUP{bw)3()%}G3Sh8&m!F`W@1 zJ@p);jAa9u78>Pk-A*|I3PU|Mrt&5yGtA>eZTZ*~5Q3UpszqG}8U;8 z?AzPiw8=*j6;drzJwr-0WLas_g|qg3J~NPvrnDbLtjJ`$h24}xSQl*C*+W)!?X)jiK35B$vI~+KQuU(p z)M&{WM_DLH{S9=&QsU-5%r434Y(~t^Ta`5KsSXn7LgH-l=cWF1% zc4%=NQ)Bc7j6ra#Ka8n#0}T+)=?|P0x$(1A3g(k1=1*th@V@0N7Ej8b8H zP-I|~j8x5SM252=nq5-C_%^!05)Yh%ngDPDAWVzISxW&iLkooClnO8gpgbvNG&2O} zBv~Mq+2$Ocz4{A{I4A&bvP(?}_v;^=rSRq+&X%E(pS2^eCI5Xk@(vt?@3*CQIHOY{ z%4QB4_HJmaw*hX6M@;Vx0S~M=hr~T7pyW+ytaRr_Mu|eD7vmAwhMYChC_}Zkb0%c% zm9>73(dogFnb8)dF?zaV%i%mfaz$r6j|^gi(&pI(yO%-iUN*6N8N^N-9R?Mv@5*MK z)wj~Dds{Z^UX{)M^xA7y+nhVLTAHgX&6cmrcFT7y{Vna$U79sk_Ik7Cb){MJuHLL~ zQC-=hv8vV@bZ^V{+^c$X72}_|7hxT&%*-(EX0h+SiGE~PaFnI?i*~E1(KYgsOKW1! z5aY3S`(-Ru@f?Q{C+VyHe0BbI{7sxW{3{siS|cP!!!fja+qX z*mJ*qB^-vc^sn`t`coE@9w*?|d;rERwA<@(qS%FHKT;tXU%XXweT;T@dcFE)tG9vP zQUP0TQ23CbF^Mp@b8~oas^x*(78r%R{JFtmz^8@pl@IQTCbJ%QSLA1G?6SGy%2^UmIl10Qh zW}2&!`rs%oB2BNdITVwOk{A)r%}u#L+pZ(Sp6Wn@4{I;m*l-!o+yjf=jtw`;qN;m? zsnDgDbfVse0TT1_?@;6Q*M zp+KxK7cJCJR>&Gg@5~kHh-E^pLiCb=XD8f+a@IQykD28}=?_X9QsvaD1+CBVr4rSm zh$2E_OA7<)bk2#Gvn007zP9EipAN=OnCU113`r&QGquXiIF87)P%B!I>jUzM!_#!n z6s9cuL6trV&`$B;55!nSw1<-Q4Mi|z$7s}peN<(XKQmLik6%7lZ&VgP65VVYHqGNGwe2^@`-R36PD>~tpDA($7-y#+nz0uN>{#eJDEyRHl7wj znk!UFE0f8>Hl{D`RqWF}gmi#BW3Mv<=5l%`c%~p|R zJq5}@g!V@JNOxdh(HQs4I~o} z2LWDg8qsnCDih%#RFF0XgdocH;=lDmF_a(z4YbwJG7ETq!#C&PZQRBH#82gs{FV0p zn}REi;sZl*aEky4_S{F$IcrwdQWr;a-z&z}& z)~{NzcF`Q%#rE9P{hA_ z>I8g$2Fp=pvr_xDVQ?|m zwZOC5;!(YeeO!C5&1tWx;04@le^taYQr>+4@k*!uX^hq9@@BQbYNl8*rP=-^riuD6 zMtk}l{`gad%eT7<6I@6pA`H~4V*txL6_voTN(HKfjqQ05f=g>kvtxabWOf=5JJG#R z%J_t+ErW4PL*|~_!O>4YNt)2#f!;^;3!odO*gH5ml zPZ?*4_4)+2EKEca;nc2oHe!X2P4&(XV3D&}yep$Zl~crqCITklEJ;`al8{6nj~}p1a+U}s5fppR*%dna z`9L@oaH4}hpO{8Zh&28%36UfoA}5H{4&RHhwmaN=`af!hxN{HrbBXFPQ7_bd)@Zd2 zzhe8>x~VZbCKA)ky+4U?;=S$}$AJ=JJzCOo*X8$q^|l?>K_xQDlPPEE6BH%55boTk z0;g^-F!6eIWE!;{kEGq6gLw#!V(r>)*~gti4$Ha!v(RafFH#yqZe0zFX`hju5RI}Hv|)H!rQFdLdp*|@S0FLk%~gO=uW zq&*-8&V$E#f(*=u%Uz`@gM+Bi@ttF?YSMTeyYB1Tkl6y1Rhq${uHQN&1l-s&GG9~4 z+b=-5ic_`UimRqA0q*XlrEo-JjwT5+YR&-B{FVAuD&4BY814RbZ@By7<#2cS;@Rlw zUZo8mG(?4?S!f7badu6mYR~iLW3FgsZ%mha#0#<*qv}Ap7`h5*Wt+fq!Z8r!Fsppf z_LOmLvob*a2usm#zK+>U^xaN0wEJ_BA%^z5L%=|g7T{>}2*Bilog0XYd{8!am z#iITmw88A{3=c()t?VLt=qqy=yfG?w`bu{{8)vQ)?aAjReSqj_fF$$iv`qFaBW|6# zJHy?b(cUv#rZTeL;O_1{edfbyc;RYEvV|o6U@18$>x>L*l^4;?nFCO#1Jj8R|L#Y3a9_IcS z_2DwdXru;wUMcNFzt`gFD^pF zwHGU*FBdsc4GLY+efqS$ygbb$nGx<)Fn{S_c4J+s5dE#d z3B)r)IM21?Z?`5>R&AzM*1;fIkye=2PcY=Y^b!q~Z+)wg_qt!@P;W3Qxr4f(SEJ5* zZ-7d-_+=@JhE=kdtC>p}$ThucnizPEsRHk-(U&XV+MDd$?6Rg?W~(=n6^b^m)>p&Q znQH=-ygn6#+vlu(K2?kNLz!;w9#g8ezgO9vU|i2?b0cga3a+27r;J(v@Z(PTdv4j2 zK$e@eIwN%kpE6gE>J}vCS%O((2}9m8R{h(X$xvgwysOI-Ty=o?sKM(C}Op=?*)!GaSrbxLvtP4RJXi{)wK zMY&8ZCGJD?9-QP|C?uPig=N*UCdy+Ar5k+;a#Srg*i z7Bw>^e6}iPrm5RBQH88?(JG9qA%q~f6F6U+9NSFJ&Dl@FGJW+I&vcq+cXs~alJF}| zAp)f0?qK=y09QMkb;KX8#4bVq5MpbpMT=%jv4uuk+q@ft6elw(WcxC;YzCD9MsHGE z;@M5A>7buCsab|UT~WI-?HYzqc;EmlGesI#Hh{H2QK9}aP zSP$s5P~+C!Z3`n+tKW2#mIZ(9-j7}laNpi5sGegO@|YLZvj{InVXr^-A$xA ziYqqRUf|9L-&3^{d_|9%yP5#;mkt10y_L8H!#4wqc0EHCH>>7HC+%9t3t)PGi=d5) z+8wEuz^V6#Vk5-rl9SR(#d?I(uJvjGmF}cxz8DKnO^8J9scmiZGCY;KtD9M`yj38_&oRAl#9-Lk3x&_ZhjRxmXh%7 zs6|~Ge)}bv*Vi(CSAw4|gBCszuR9%-AyaP+%U&Y7H6R-(`PP7})9KnOQVot5rTJFc zR)twwM4`tj-rH6Cd*_dI|4v5`srA99Pm~u+NdHUiJqns%%$FeR_#{T5bK87QQo?aE zFu~An%Tp$MK`8kUZwD(!29|IUVUqu5K^D`=)oDsgeJT>6(5EC zt(wqWaFbP}MPv7(Hs8C#9*6_lwvsh(@cFBtAIb7Y5UQa+Zv>(q$n$1+EQ`^3BZ%P@ z=KeK=7TLO{fh#QV?`(rwjpzKx@9Ti5M_vAWljf1dD}UAeX}s9Zj|{#Jh)02rkpJy# z;P&OI(?a|oydj^r-CbJh<&X!iY%Q%&&!^V4o|gcvbC*mKvbD;aG-3C5-sv)aEpf7N zZ8UG$``N{OUx1dZV}22ndCY(Ho@He94Sbhgth4WrpJJ@D6N;B(EL5j5*~&`IJY=0K zhrPB|cs0S{>bOdzf5%?+1ym ze|ux1biJ>5rL=V*a!oJqMX+);4E}8)_`&kqVBN8kvWLknJxPOs*zb%pn&Thgr2caC zUrw01PDd6&%e8}j+FY%c!4E@f69bhJZ$9D{%9#Q>i2t$@ zhiRTbj9!=-<~C%*qHCXD*CR&z*#KI(?Qy^ZZ-WgkxAG!4@~cK}S!V*Dnj~583}Ok^ zX72UcnhP(nvJvm%%N0{)zKFXKRv{t1k_JmD(Fu{Y&S1ieQ!|CgS2Kt$H%x9Yd@Gju z8$w-vnP$oI-v;pBx$ME0#3g6f=q{GT_NF^I8K6~^t3g^qKT~pDD%!rRrlr^G6=gco zRX;7%^;%n@c7$782DOU{V#=*jL`<=j>WC?~o>HQpuxg^86~tSvrkGNlloiul>$fF{ ztX5wvy6sAgS7M1OV@tItH2P^HXSi>7t)z(?YFZ6Z-BgC`hp$smuTYq3=-otIw=Zrr z;CCmkmrK7jIPM-*@vLU&Yt_ViHP|heWNQ~V8nymU8m zPw>*%-Kf4zdUum~yF5eQjnHYNse2${b{E`aa_QZMlPWp*)^Rym=1F3c?1k(x-*7Tj zFgHe!Fk9yVd$Z~bm|AGvjp$9ixDN-*UiniKW4u+4;m|!Y}Q`dEUbHdlPe(r- z@4r5L|HClV8K!6^BrhV9H_{+avRM7qGu_2mj5bxDH_30V-%5P=>AttNTFaE#zuOD> zM%t~dFcDSBua9tESKX~|bLZMn!~3jnSeyP2Y6NiKJzHbW*(Hr_&it|gDiAagM$EQo z5}FUI87ha?bZ4-jQ#6xklV&BV{x$6_v|Gj3+<8O>9MY{QlvHm;VG?R7D*ABH3=V!d zl5?CPmXRSkN(dIjWID5j5u|-Vl0lhT4=a5geTyz}LSrmRnd(t!4l;Sf(VXB!&d(sV zHu`o{cDdyGIToN$xpI9+2a~eQxStKnMjWSmm7(tCUbotz8E`r$sD(ih@GmmUywLg1 zSr`WS2Tf|URFUh0yfW^HZ`jP5?>HRrc)BhVauFrZN2%yPdXT+`2id|C~1RQYQfBF zG(`oZU|1pm4doLTbjv$U;TI*QV=!$S7sSj8tXiT{J z1=$*1HCI>>#lTRqVZjPs9-M57Ep$mS@Zq^b<{V8aN#Zs}Sh`?UzS=n$ysKVb1bpTuUK_LZ0hMLQ=@KSYs4n5I1-$KGP|KRiO&b0a`JRHY@aMv!xHU zwbibHmXeI4l{M|&eRWCKhOV&HBJWqX)CH|tW4;2Vr9wwitPmF6DV$c-jQb&R*~mlC zxZc_tM6OZe&ZrFOmhY9sriF)~Z>6aYNXO|VB*}0Zc-HiZ* z^toz0?MXT(DZ4B+u4y3)PKM|w$O9YhBq~$qwl~kUJrLRTq`yKbu{#4rK$FRnvdodP zUM!H(yh{7vhNcQ!XSHns1WAI^LKZkl7KnUQI~ICLd=*svdC&X*)%Kq=GZHdSZrH|h z`_HrIFTShUfA)6vUOa!a|2)K_I1Stm2oZBsU9a9}PZz>gm77J*0G; zhzP+r{6c7eCRj%Eu`?W#k2&L#@UdrBR`A9Zqq9wdq#Yeb@N-g3D`l+69HZ-No1Fa~ z6&W=J{pQO>Yb7LeV9~irTfWw!c|ER~>lGrB{TrtV+U!h*8=|y@{y-VcVvt8&+~x zktEAGtAtgh*_;W@H&!nip6#GNz`}x{x@NXK*dB!2s4!7Gewzw#&^6vJh)v^9K@)%l#yu{Q(}i*O+4*d z>C>xb_PenK3g@{Z1!$ng%Aqjs>BATAPzNE-m^{m| zoR85+eVht-9l5pj3`_%;I2ohe9sN;69Oo6=bd(q6kAz|GG(>ysmA_*uF3Mj@rxFVx zN$MNA!N(&eXDKT(d8PwuRt@3pUl1CgQA{pJ-!@<8oJFDcVj)7Wd6A7So{CY#GKpzM zcpNHqiTNm@lTpl~3&NL`FpE(TgAC`j_bHaq{7f!#GDe)t$j3ZDp{alpH5!E9s)leO znHggL^@L{ARGy_&M9pvcwDB&2=wo}$_rQ0724XTP!tXD08GJ3%JWzgG2olMp@qS*+ zh)gDd8dR{qzId_Ic%S}OkfI)QYk)ElfT1+31TPxz6+Z=E24LhuGTv;D=h2xG8-W^v zL_w$JoI4^>KU9O)ZY7yCzPm=?z4%AF}~Si5?=QF{SNGQ?BZ+W zxBIR=e#u)fyT7rXW8?4jbzT1`3A`ldSp1VL4A{O|$@^Q?4|auj8Q*Ng%PoMX&$(J! z{=N#Lt|Wvj4Lrf_dRB-)udEZhZY1Eso-x^i+Exjg=mCJ+3ghol|Kg=MGl-T3?MQyC zEaP@9&fIO&4ok3C*bLnk_>)&r>xX*V_pt0&aNcTcdA}sBBMLG!kaLOFL8k#4RJ-@4 zys@-aN6TwOwjYjQt8Mpw<(h_5;uE;Bgf_t)VXB!cfo`3dF&zCx)CaV#`ZNyU9!MXn z%!K>U$HLsy;R37ZjK(qN=rk^`d%G7tKAIW zs$Bl6D3~5qwf3>Buj+e~XU2hdqwDKxk4)_n3$#pYz0qew{y;(+3(;&T7Afl=zat@QFW+=(l4q14V*sz^X19e`wy?*oE;v0 z8t?AxJ>Tiyj0MAH&O2s7eX4pZ{!4;*-Vy)79f0+i4=l4D=c#RG!e&jT^K3oK4c4H& zLw0q&>HM14Yaqv&>JgriCQZ7Zq<3QEFmD7LzdBN0HC%Q^O<%t|dOF9HL*t8ax%+04 zBoRw|{3}Ai@Q4OrIDU+NF#yJu@_mK<%DC&O0(St$}tzDWF}yxo-+-=g6BTEj?>tCI{*;n#}t1& zOW5p8(BBET>3*|<9FRIAV(Elt(BH|8jnzwz#X2sTtIhZAP26U+TPn}1-Y(i5W#mr^>YkoBrL20WduMyA@~Vutx$^XV$17#@po^CRyN>o(N!GG~E#E-WU6}hA zZsweH5$9!{2D-i+Z{sh|WZ&uLz+H|`-S~2!1LV1Q-*k-JlCP=8E&EGiFj=ZjY2sZDRC>jk65nSe zyF9zZe2gmUMX#|R%CQh~&RH>=`@0>rqs2n7i0X_0=5C@1CsZzzs;#k$Gj!&9Q6721 zHtOP~80IV<()^A96*OKBDPmcs_ef^jt@uOQQcRMhqOADJOiCn8%IpnE=wUWniL(8|oYo%dYhOB;}a7SAGVVhdZ zr%^Naev%xqSf`0X?!IaL+VucQJTumfZ@$^}To*3L;tV`x#%Oc+?UwgNPpO>w$W<;$ z-xymjF;)pJxQn=BysvA%>PY*l%Q=B15wWShcsFI-juPtZm2N5=F)o`byw2(qx>T#b zm~#5^`!^S4v90T@N?JU!Z+?zX1c}Ebcz|Ig7uTfv=3= z-Ha{huR|*KXC#xR;G79rLbAU+NYw&sj?LQp=c-flmv`J(_vild4*V`&3Z1Fo9uJz^ z#;WcQVGz+PLFETH90Jo5fKr;#!MxT7<4&2R0GuwzsILnT)e=ux`Puq}UX}iP-cm9^ z{nu~azBzsKdi}HLu)9gviWudjQlO!ix+&lo>^7wCiJ3GzzZ_l1R#(#T|2kryD`IxKaL#?sE)NHC#JkBwf!|s>< z^l9XvEUm-18~_;LcDt~ul1j#N8WSb3c#%cu#Z&l`rYFU8N9|ckmd;cPuH=w*!9HPclpb3d^ zAqWyIC8$&|H1|UMY#m+`!Yh+lC$^*lZB7=z*{|Q9sIoMhA(4}4YuG!SB2IK{egI-L zF=3+6!#gTnP*WY{R3Hq<8*DpsMtSxh@E5Tk-TW{`TEBOhKgRI_^n}bfO?RH4C610N z8p!ZilWbVVnjh3&u8Ev=x&4b6{6+L@uymu{#l@0cg=Io-bd>}&mH;)fFv5mibSc=e zuQAF{s~qBb*LK#i{mKhsEcZ_v;jq;o%=}^pd77@@# zR{M?X4x4LvtIG?cO_>bZ<$XRi8#GDw^W0M9)2ANJ^IFEy(CfqpBPtZPn9 zC@JKhjt7&424uPJ#26TYm2%AGfKA73`71gJ{2=5zUIA9MaqA_aLnk_{5q_*Rm%pyG znq6P(OQ5Y~?7pXYFSIc|P7LF%JwfUmI|z2&>G_=;#|+;$!C2#Cl_z~s8sCC(bj zaO9HA6k-i6rn;MX-?nO1i+Q!%1qO^&t?czj-8g7uK5!2)V((tI6`l}@t2Ju-oq?~7<%J~3 zsuLg_A!SttCb6}J@f(wx)$>QFeo^YZ z8`Im>n5;1xp5y)?}N8%8`m9r}6J1Ll8QhQ-QQCR_((t36}y0LbJS( z2!dm&Ro�k_^3CC{415&>@t_2#JLu7S?G5O)V@S&lTfR?|Cm?3Jb=C?>1S8J_dzTE4@9CLkM_|8&0;tg2UT|1J5`%XoKuMt`ny(hsX#PU zs|(Jw-^PhC2%Q9X53PZqa{N!4#p|7>c&hvBz^Ap3K0J6{FTwyD^wLMn?{IF;6Q-z= zc9jZ4gLoS;IVb#z3OH(TI+H%%U>wazMmVIDHNFGu980MRFnw;awq5O z4#}yhcwi7J4GWzI3Q*K#ZMR0cRK*^-X*NSc+vM;S76dByNA+aRb@*E#V8k5nJ%6Fd z)~@PyIGI#MZ;YuM{Q;P;hYOslok{?`>e8@MXxt4}H^-+Tb?%5vzEkc>LqDut_@}Ic;8Y!NUqasO8 zNW_VDgss1`_hyV&;?T>#v{#cU&9kO%$7rE5Dt)L{NCq)APbwu&*#$9Y#^Dp9W%V?o zI)>o^%Ov?I>s>7E@F&%Rp}toLI%h)eClm{P+06U71{uxT>tYm$Ip*X@-)yS569zw+ zJ2xIY=amddcn-}s4_6V2ED^CZ#aZl5bYRib?@GVYkvC|e3fI*u5SY)LQ|fgi3VNyF znDfdNDy_Q-F+hWXF7rJsuOm(pynr=z*;NefLS9E7E?(^OnegGOZdNP%0X>@R=XDSa z$6)L)xw}$+Ys)(;>K4w!%h<<@Y+w8&2p^*z|J4uLjd#aK+1ChzQ$)1Rj~A`Iud$83 zClu2e5iYwOyc?tb^)&(`G+&^8-)c#&@3VwWaI&Q#9FrLpQWYG5X+6#5VntC!6ptM> zBAnz*P|5fLefsqOZ+v!m_N!{(7l!z_@mb=TXS@%&=k!Ap(5(jA{$CNg8gTADn$sF% zpK;eRR!W)r&5pW&DKBXtlWMaf6U=9i^}@1*WS4dS_ILk2I|0Z$H^lnz`t0z?d8C6u z{U4lF0zZT8{FqFufs4x%(J{K*t$czCM-T-^>FfopC9ajGAX||aU^A2leQ6l}r3X)2 zzM#^CsNZH?n;3qNa}vRwq4(u=y+%7XBYBgqYK5&3HgtbZA5j}}6oUNl;oX~eZx7!c zo^GMd%}w{o9+rr$A(+*~)=(d#Y}wn*eqTx`)vk0~T7C0jqkYr7Y2EjOThh^rA_9xj zo9t3l%M8owC0#{z7_1sEZ(^0hx4M<(%Rxe?Bw9oX`H`^;hrN3{ZeNRPHCMNs&`XjL zA&xkkka76RWu?rJW>iv~yjI%635i%1t9G=={sRu^9VG)rE5dU%;N_#;ila`jy#l*R zp(S`#f!z=zNmIfKxdNqXsUEu-er#@c%@mooo>$WlJ*pl_}1nDRqatc2oc&R$;4-E!19zv-%pTP<{# zGq(fe&I4bAb<4TC6xvO3y7lZ`4)3ODi6TE;- zCudtdZ+6xw193Ns9Ll@>ulKHH`uauga`LW(+j+<Q&ht53t2UdLZ3x_!rCgkAk%L-{o^49`B}QO1umXWm6U{I zAN%)h;7OJcUf$L7e%=mh&Js3ToaAaXJz$xT9NUB)tsmEH@$>mqt@i&hcP=?g2#Blo z+gR@Zv-AABXZ83$yH8&{`u{x0Q!X}}!3(z_R0IA3%T5mi#lxAVTi`ZNFqa}wO}-r{ zx@tY_SS79Fq;LP1hq!!#qaiNjoN?p&Zi1POE_ZtuG>gaRprmcjk7v7v>QTQ$ZuAd7 zp6GR_WP2{^Mk$+~1=ks$A#gn~Xd@`-bv;(1zGLQPKwS#2?iW5rkZbXREYPM}+6=gF ztm?VdL_e@{#BOrF3xu2T`Ri7sY?IBcr`6-2f#rYhQZz)e z5Pg(J-rx4J+JNe1N9BdN-&|V&(J8GZ{dBZceD`9m! z${J}azed`L1YWY3lz)swP9pWo4i2OeD@&UWE6!K@3a*4QU-G3=RimhcABH!^cUAP! z4F{)f+@0KjX39$vKBD%kceUW2n4~i{H*9_4KGYii51T+6CK&pS8^DERBEkvHW}#+4 zYfziaBxkWLtGHs#8L>*psV%C#_RaGvyYE+}dwols{g559+*j!c` zQ*NL-20PX&+ixHdyYDI2+W$>V%$+s2fh+cZd%I8T`@g;KcJ?0ke-H6I?*Bg5{?7!k zy8Sk=5_IcfcY}d=Tz9=e?9#;j?ipD^j3cp?*Gq=Fhfs5;fBXHtC~ScBfq{Qgk22o9 ziPq~<2vsAHubcSx@qXx6_jFkQ1GlW#Yh%Uwzw=%F{^#D_&htn6?}I$oor8_Fo!{1C zwuMh|n~P<+B-#o$TnVd*v^A49B$;LB?xO52*HGIjIP)E&Ke~f-BT(LL@?j5dEpykI z|MldV9B}5YI~D|M%>Nsn{&rda z8~IGCHo z&T~;(v|dBO6C(e->U+Zkb{96Thc#k}oJ3j-T~alQKT;tXU%aI$tzXb;7SPay=kkY8 zie)r^TghSDiO9{IFRk9+9lUT|f~^1;?E`QkIhJI$82fk2JZ|SKNmwC=!jwb(W0oW| zoBgC+2-+{Mn2Ovl?k=(TFK>8}rS?<%yZR$l#~cdUnPNt%mNGk-!ME;J3g&IS<}^bQ z`nQ2P4$`XFhCVS~*5Oy~A9QT8p4y?MfqDk!Tk~%N`I~a^`hdK25kWw9{-ZMHNvy{^ zl=!wf4^`RMSYjv%=~Z>9z7M5e3&q(-eJ#uTsBevXJ-HXRCogmc6?{I|Bk z@?_40d{5*R;}?}lhR=|U|niD*vZ zA|bqb>A&*26aEjOU;CQ1&VBXOtJaVHBM<$o*8kz|=sTRzDG^fKWDl_F{AYLPyN3VA zqy6_`p6lycRO0GztC=_$3|#hID`2H4|5@%Y^ESv~*fIll49kA7Cn|GgJ` z&l>UnUp#%B{}1ta=fBIgg`148JRe@}J_0ueD^`TEnbGB*F(&-zF2NkJc;8)u`7>G; ztO5-^JjHxQq>EP^vbL!Ann+!`?viCWP4yOJOKEl-G70#c;*~L#@W<7a$}(YNi&u6+ z=J=B85EKa6U*$;Du4o3U28}yTc{dLJdpUg~E2@YNcc*QECiUlNXI#QWGv^N#p0ySUW^cX0I6UD6`T zi-#h_a?Bf4s75gHpy4>C3Ia|lcb;2zrA_wxOk1DT>p#tAoQNAK{^nWb|FN^XSNH#V z_Wb$d`u`Bmbv@*n9&A6AH`pl52W`*DImwBqG1yw=95{5vYh@fnV<9i$*3^T3rfmmm zZn;}jeWNBA@D;Vd_N2@P<5s-Vus&Ef&EPj%KE&%vx{jNysNV$S$}O~#Z*HlTeA9N2 zu#TZI0K^W)txiimkBf{&-Ed|lI37avw|aF6m%VPJ(Nl0`VtON!1_{cKYRQ~4A#2uT zQw+ZNCS6Dvq)0F14`NOB=-2intN?$HTK1z-a#A67S=G9t?OS5JdR&Gb6jso#GW;HU)(D-Uqs@3a% z9#8J~{Ac&+ci%P7f1W+A{}1s5&VOK9R8s+Ts&0i;P-+H2;Ez9LxQ0XJ-D)fX zAgXvgkSpldC86*4=^+1EoU)86%HEIv|L(J$#{JK|NB^IPdBXDlof+^(jKlI%YQqP| zI=4ez_8Xp28^VZj!XV#yd28UvLHaY_8||{)^U1CBT`jimXRqgc4!*LzouW~V-|86_ zI&f%v4u;P?3qRk}LH=`=5;-S@;Kj{SKrEO4yU%v&`v2bE?#`qC*MmHD)z1yK+UWYm zk9A~w1<0RKb?+$IYs7pg=|0mjg`0WBD(L7^OKdUW@@u3qt5lE46c>pE`$;$-lA}A6 z(YKz;L&O2X3E^^#j!8u5CE>3*%X1Q+yaLzpMPv zw9$3G$rQYZ6%!G0nrk+0nM;|A@n}?;a6`&QF^j~g zTzzOJ3D0mcaD_%22ET#H+A5yh1^M@z*7X~YK^un}&1DT9)tbwhR$Cr}*pn%w#3W6rqjy4n*{`b>~4K2yDW zT=A>CX(^=m%>Dhi;@>Tou3YhheEPWR--KTuSN*%-*yXE!kX;{F{^rW>bL->Ee>WWZ ze;1@6C-iqx;m-zZ{-%nZ2}RGpw|$Lpjw31;=v%ZieCf04?rJu@!aSqd>?`EbB}@u* zL31n+Cpemu7-0l7)GS(Z<~^|^v_D8lHk0!&iWT9~i=eX%CvfE@p+cfQC`WzNuPoJl z)c0gzA5|~7Xc!8F16Swt6OzTi<^KT5s_1TNIoy^BWs+&`HgdUAeTihg4a5Jpj5OR}vPSpOa0~S%FNmKYpmvFLN$7u*#O%*}M0iurhwyC! zI~nidoK-O6_<%y zVCjQt+!*cJyi=O5NQ?GU4JuX4J?<)3=RE07fhfk|-ylW)h-4m}JZ;~|esd{AH z+WqP-MUYilPxZ9%qBwRX+hGVooq+WeG)sACvtEjP3^ZYQE%+@sF@hz(@*5t@pU(Op z*4aYuA^zX)?#|Oj{J-7D_}>rmTsQMSSJT5TPXQfD)x1jEvngwDru21AUi-P#zp(yb zsd|SBTr0?X)#F^~$FE-o{%?Ld%l}*40aar>_r;_9e~721eBH_bP?Jk-mq==# zZ+VgAqyp{FY)R;}7(8AjS#gzwthhk3iaP^T2^?6}pl|}COS740kM~}#Na(O$4Es@A6r({y+O}uaW=h>ErtUFwb>M{wF_n^NIveC#L9K z5XgzhB~RejIxW22Z?NRr8) zSyH6rAi*>}Ch7%cSu@}jLS1U;@xGdq>@`Va~xgZ z84<(Y20EQnfkct(6KydkNrGkxo9LyVX0vTDYe;%YAhNRe9%pfH17&2USG&!elPUd3 zVm)F0duxb3WXS@t3~DNrz#TrJ85#D5uTRcSB;%yFfeu)jvJCxvaDrmWMQ=Exas>Zs z^n1g}?|cOR+86WLNd04fipy+N0-E6HqR7#dCPehU9g3^G_w8_kFM8h&Wvc#WoX&dR z{=dBq^fTs^6#^Z;ej|FroU{LsNcM&_CU~TabM~L!@KQu9CZitth|@eFLN#`%Nn2!8 zN+M)W{Ub)bZ%1cmBEz|uGkJD4`u3r1C~foq;KTdVVE(kD3K$%+bLdbBPXEX56B(8Tz51G3oX8lLSR`?Pwzzl5?Vda)~(kt)QGB zj3z~z+i#cJP=IKL&Y>I_j?RbZgb*n3OS6$*H?0fxjLLa20V}`aPR~=i%B*UI8UT1P znj~y8N-@pqjJsiQq1kK;O&Le5;HZ3OJD|3xV%Y0_$Rgr(&visV|46(IAMLybodZn> z;$%iLqIL`M5TSpw0!29U-j+2c3&e{Inm$kQ1wppRz!f?8asT-At^ zVQ+7UOk!eJ`-wp3IL}SH=c+77eJGKUt1_^M1vf-`A+gY}Xp$&07J|eG3#dp_JR?Zr znL^IEx(|C#hv=AGQgWr6XPgs}GwsjMNdkS%m{P20rntcv*kWtD3Kh8c z7Jvtl2H`iLM!{?3*nGK7D;9d$%n+f&DZ<&p&1*cJl1Puenpt{m#Wuq6e-xKj-y1CKYzCSxc)!L zvw=S3Bs;Yn;H@J+s>u#2L9cgOo%}Qt5+{j3zqC}og{<1@(F|P_6T&m1w}VDra${}T82 zY#wn-j&+u-wgML~Mc*`LdJ4xt-}lW0NhqL6{I5CTT46a?sGcKzn353^gFZVUTJ2$= z1+ghQk1vP07I`@n^N*ntJ;|MEdcMy|Y&e0W4E|8paR?OyTMkMIC zO3FwQE49Sq*+OW>q{5qC+ei>npITm}9}LJ74YHhT;k$?BTpAf<1_qhYmY!8Vyg`6`^eV8*5*=|INg5G> zVipyOV}LTZ(LBqY4UDER?F}YG$U$z~Q#&1jr({-O9*Y5 zC5|q{Rjo(E37khEmN|NtBWp+p z*}hDQh4R2xGnlq%7n-lsn+>S?JPmujZ{KK@`rENx*SvPHK-jB31hKF7-907q#@;6_6g|q7K;~xm zRjwj#p4zUC)w=ubw}w97emh1VPTw8@oyrT!LoW!ZnmBgUNQ_vPEMO-tB93#tP?b}W zU1gT^Lug0S-Zrz1ey8~b&7iseU@{{dZOS>PQwgtTJdd_?MKz2LyG_Xq{>UY3L3*G; z*j5-0u=50NwZ^ZT8xyw^CL}n3k{xDT$CV ziBiI6B;H1XAv#41R-h}K!6KQmm`)e4d9)k^;Sp3BkR>7~5tK+0L?ubZwmHvHqwQCN zj}_P#gydCDe@z99n?E5To=Q1o)vJtU116KaWY}>z10r`u=6yv785SBNMHhHcvat73 z^PGE8$@=H8uqSYuVaxNlT8sJ_Acbqi56^E9K@ZIfttGl;3@3sqG%smPgbvn#6J#!B zC;=jMM1u)Q*wwb8>6|2aIRg<*mF!aVuJE{JoFP)nX{wez4NE97PH;3Y3z=Et)%T4e z7SbA;Nx9yYh>YyiSvoln+~kB9M!lf$1;dhL_JighK{U$=iL)5<7_ma;1sKCZlV1#b zV6>VNEP;#y#hNv%(*IBfrD$np1Oa*|jrs|K-@{m|qgq&#c&Lk->Kf`V|DXv;SSgxs zOXrQL1~{+)w+t5M5H_|;wzu67MKo7S&My})@5VAEIUz>R@$Th{k*CdXHH?>zYI?f? zn<*par8idF&Z>#d?d>JS0)}ao1T~A>xtduy;c}r!a1JWZu=gX;)KDjk<#q#a6fd&`OmK98XlAr_+kXsOKQs|A8wyQ(_JGGBO5#b7trG4M7g6)<1;JLx>T(AB{)H36Jq16A$0?vw)h3bwP z1{%?t20!fe-VA42XZB4OzQn&`MPl?ugFVnybs6wgs*RCQp5y4bnW_W#?(XJkt3F}K zWS4qFp>pLPpy~)Va6EHk>aF_~{nO1`wW{eA;T$$4=jE=%KQcMOlw18z6}D^|kPn~@ znqRA??skt##kT~Dg^8X-W3}N;lzLA{+&JRn9i+m>U4{5%@(I2InlTu5(YSvZHrc zRm`opsMj$&T6{r}P^$$9^gO}ltg}wO9`Fh*c7~oXDlsDhb_Rl26}(ibpq-i~HSEF4 z`J{c}g!y9G4iFMm9<2{-cm;C^pDV3eDI@1K+=aG1H7Ao=<*oK&P*m#6`1$h}FL%$K zWoXztG@5sm5X?nYD7pcBB9z!MQqgJ>+rX!#u43B_C|GVuejtUy6J(ZNMvz%TTG3?* zF-EP_TDdcVJ&hBEwFdotk!nJVzm@9$zSO!R5$K4shzP-W%O=3HL1;^(56AlRmYQwO zVr_MY-KCY!@D~`tI1vzk1mO||JqKB8V}6FrNJ>!L={};mISA7xx3szSUcs|;lpP;9 z_+RhVL2IEYN!b{^XOfK3!5n8ZMRmrt9s_g-!|26JQTF~EiHPMy^m>OGVmv0Wi%V%n zQ~G;T8t0r|(uB;2(XIR;JASo)fFPn@Ntu%3Zj?Bg5>B#+jBuprKEQ>XXYlXuBR;{= zXiLjI%n8DIo>0y7)t)OR$6RWXINK@a&RvA2MQYhAE>~MW0E9+t-=l@miY0?h$q?KO zTyVnL`lsmzO~yn(E3A-$#>9@3f#yt0sxym#^9K+P(#5EjXB?YF*y}A&YOOtDsDt;m zQ}pC|sNFW{zTw=B^z!7)JRbFoxKj$9AuASwMHDN|OrLdVmwgaZ{@oA|nsOxfljO+y*?WDfeDy9K_}k&|3Q-mwyuyOS z=rt9Q+L|o7Ee?fbDTb)j$wG-|s0-AwCZzw5y(evM+sJZ0^H=oBQ)^2_QUou_+No4I zw$|}(l&Cz)q^4Xh6C|1P+!wgTg06C2}s=|f94OvC`?0ORX?x~|MB~)_rJXRkOhMkB)S=aLz|ZXY4nMq12bIAmr&iFP^TQneFZ+VCECUk><78M*B zw$8FR;!+VbB}{7rP_$6`yHuRs)$~Kr%!{N!ZhprGE)F1F=wOh?Cy=TA*(?$MXkz^% zs%xqE(m0Dpi2Px?P*k==tA-iH-6&$wxK7l10$5ohBCuz#TP_Q)hZ`4Y{ zl!XEJBY*-P&%;E-Agq(g)YaAvb&eLxxQd0I8RWboQ&!?ADq51lPjcQG>$HR}vW` zj940@PrqHFuGYG_b}Z;B_^Rx`sKjtZ1dz7_eSl zzN07~kd7FYj@yAM9Pw19ek!-;EW2@f{Zo0&s_XqdwjN|htkQt)W+ZxzD0d$qHvy=P z2*Nf>pzYdQ43sz7D{WkcxSx2$jh1bhciuNm%!K()$m@;_MS6d>iX%E4hPLmU$CUgQ zIx(P%A3I@NP(K9?($>KM+5Q%Ia#v&!1fvRdUsx4d+iVquhJQ0PI0QeWrmK3|C&9uL&U zrrKDUKN6+bkalE6q;ZBiwT^#hvn-hjiLpp=POsKJc%#BGm<2d;@c2o4W>nLhrD{sm zQK!|NRCeH;XTCBsuu{+2ecg^ykg$P3_QD}D+M_-s!_Z+9?Lzts z7?LbLm8(PRPb?r)Ag>+6lmOXFE+#lj1gT#E)+!AX2v8p!Fh7guCp+}cnv^D$yru{ZA%S(~%zsjK}{H3(P!fHNCdiY^hJwKika~c=cgA>W5C#%jLCUcIGW- zGKGtD*({SVCI}W_7v!NoUx@5^ z!gXSn5^h#GZfrm()=^MfC?^ocCT~M1&LG&}5j;jzDHxkon7KiELIFvHu^0?ja zde(JG#%yyaUdtSc*J^r7=f;1wYqj4w8z$n06Z6txR_M_VV>Y1g2RgWq!UG48@1lVf z3RjH%Flw?l5RAzDH09G-4(!0}WBOB1D4UCZ^Dsk{rZ#A@w}Qzu@x$v0@>zV+836Kd zKhO(&dD3j-`d*$Ym~;KEwIA4Px+58IPYE{xpZXa25KgB&2o(@19D+$h-A4^=Gm&D9 zB1=MfgNgE#{(5nK@$P z*{RlP5*`OU;eo3H;*9A?Pfs<-p1v#|DP!9{)K@l`=T;;)NcL|1 zB#@4iZCSp)tB%68XkvG&nd>jK{+C$XS``-3d;!_43sDKKeoW-e`oRq>LgZ7Fa6ecS zK1+3Qec@9C+F`=cm50RGM!iyf6yP8=XAlb3FD020d1LO zL46zfiBgQB1(a~5qBtL%9KgIDjy44|nXMeLlb*cnh>xd!9FDn6NtB2BKsppTO!Xvf zYPPcgy(1w=0R`c{$%r$LvlJtq3M(uHBbgKpIC`+W8~u~?0v%12k;nhe7^48$4+26p zspHHsf+}H-HsdIY)sY63DZPNE^1J< zo_SuU_pq{GBs!>$4h`Au8nW9{WLKx|T!-KU4v%riVToIMWPT~Z^lbrx#l64DKnK693Es~gmyunP_d^Oo>&+&%&8D#CFj9^ zgQjaNqX3#X4P#{E7&8DfR*qd1P#?4(?)cFPfH3+sML{Bc5aG>B1p( zrcVe=Ntp!Gq1yf+97C|NB92fVWM#>Vr(E-5sdjPFYkGvVeMK_PwI!IB1V?S3A4mDh zbZD=fazB>U)kl;-V~#>Y(FMwwKaz}T=mN#zF4!oOshC>82vhYiAJDzDlTcDYS4EwU zj;s(3T>}n@2~qjs2I+4sBygQ(o(&a5N5pTgfK= zoacyeld(%wsPzUZ1sMSw{2Bv@2u5S{g+IFxS)9rNYy3b@u>QRqm{)%iGQITE$;vk+ zA0<3p`HCS|KSQjmdZ#*(cwqN}xKRIP(_{aM|7b5`N4Jnr0_4L<)hqBC0y3p{1T34e zAty=J=H8XWS4eJ+7pO*H8W$*OJkXXGQ^En~M$z}XxL=cgqjc?kA`7N8VrHc%A0UTB9JyS zDVzgRh>#33i}@{2wAsK2s+CJGrnMd&T~)oNYh7x&L+zLrV0C%Sqa*e^XOr-H0;0WE z572T$1}(E6cC8xpP6+T$3EB`+OAc6*s-Z}e$vhmqIsf_m>io@s!dcVBj7ug3<&(r} zMcVX+na&Dg)dA8k4z80S7FUwJg>YFO03t!Yw>Pqk+Mo&~wRaOZ`F@U_s#8BRG?!LljXsDOT; zkYMYpQ2m#L1KR=1(A>oB-kcU@NfWUK678=J6A-lY^I=9Ql?7B+NReu(Muyk1A3b-n zo|R;R!L(d)AKJrSPs`oCKJ8*Uiv}j_*9vof5a3CfBq~Xn?`{%I7+)t`N^rkwZzL2} zfb1DakXY!v8Z{%9@J#C8!?=c0H}Ni$V4#Oon|B?Fp&x0n%{5z$vP8*Sku3zUV1qyY zU|+rrm|VoE{~2UWJ7JOJ=d1RQ%v!fdYw#qR>`E{$NB)d6{+Z~w4p4(#fKlo|2LJeD z!2TwZ@H&jGiRuS7`0~ZcPQ^u_Zg>rMLuInTeVH~qxNFad^=C|`{xz@Fp0O*grdT*0 za~PpfU+KDemaqEodEU289R1zW7RKLa97PGl+Je_ zi6lK^-HvyP3imH2l^z^61Zq&@k|5GlhoWsaSZd3DGC7*?sqcWJwS|G+GO!6XxZHt* zjU@f_dQA_ElVZ%~_@|@MplA$C_pg8Ocz$;N%Rdy5r;CVdPzTY)=}ppT{7*AU%3QOBa~ zI`%-$cWKD!w>o<}&fbo*x8rC#&J`I8G%XZksQ2n9OSp}7miV9z0yQ?rTcOMwj zgS73-WgEP#Hpnm%*T?Nv+dKB!$E_3RX~S!@JKAg8@Z(ryG1e70el{_iI1_2gtZj_#CdnG6p@J-(;7IWj&15*N3X#X!Y{p{p#iQ?^yZ- zl;eg!3y<|6p@`+6XJ{B-e|&NEKcs# zgTY{hVL&}@GAMXKDsCM4XFG*mzrRm4=&6_yR=wdfD_S<~&KXs4y@cm@?6t?B%i$a$)aQd|0aC zfrjSg)U)>6(BT$sqrkSibV>^6S?hLX3|l!aYspIg#z-F0VZKZVvia6D(jH!ADqhJV-?q-E>FVknZf&#Aax znGpkL_AzB*SkEbegWfKD z0L-DZ2l>v-)pZ3Qivzu`&zihROdB@p1(!!@G!yd)*8vt+X)c{pGet+8t*}6j;<9G! zl%c;lmFg_jy1~(H?ie)bRF2t}>UILTdl-+fv5oY@G9}nt0=jHIhe-Chn<$pAex@|O zk!y|e3@7wnx-=GwiCb+Fwiaq~Mk2QOrh_22!X>>vk?BExa0=qB7=EBV%TizJQWXfW zlBarxrz(w{h2!$*bWu-va577lO)Um+F2ZXF%10REA74D1;x9@HR=*rFnerLB1anCc zBF5l;TVHj9UBMd~;DRD^&K+~kIbNFHibf&jd>heWy_aQ{tM7^$3bMUn!TLOCS@t2B z45wL?`Y~79fw9;XEO8FmqT@Ywl16yKaXd#0%WY$xw+)=zw&NhTtMsD8V^=K3f=!dH zI-SDd0Ehw;9lA;l(r6{2-TFxY7C=7@Y4@xQ;)lqX1ImTF5^!G^tkJ!+1;%#@ed$|X za_=n5WwjM$0(B%q8|-X02yeeq@{V(-)w+vfe&L_fx`6{fcCM{inpO+mnEbsjK;+O9 zJsyW6W4a9JS(f` zmhC~h*!L1n;o6~6*M=3wU^%tfqYo{!TQDQBh7MCHTuAbuPKxHN&H6CTo&qcPBA8gnl_0(w& zbse>p@?@%`F$y{Cl0v~O0$~+NgQvL)B@RSCWB>4@&^Q4VjXW@49l$zW8(FjVOo^FT zZSroS25?&)gop_AH#5Tj*}i|UH|?+Uo{zz)1>`QfZz-Rdcn`K3bkOIzSYS znmJ3l)v9vg0+^@0v94U36{?y3@ulVjGr*tEu+{|KkEV+}pq0bqGS5U{1Jfr$rq5;7 zjcU1D+-T0v(B25a7Qmzn;zX&4M$IqGSl_H@E{ikZ$|X1Zs5OY83G8s=^+KhKWO2%q z8HCFy4dKpb1+spsuXHSs|0dK19Ct#52OU99YgyOQ2TGg8e{nt z;0GnYgo3XU%YfV63f0}!K+c~*C~w@q;cl6QO!*Xl&9S)(Mpwb8+}W`Yin-LCE4}LO zR6imF>x~8TfAw~j`2K2y@6?L>xZD|6v32E*%WYeJ)AC!kS}rJU)}~uk#5U(zRE2KU zO3iYdTSUgX_lw5?Ym;!OaxOu{sc7$9SO@wnpqrvK07{6 zviKNZrT;ah7~NQ}YdGa1Q`EgBEwCB$-6sf_o%@k};Sn&>UCPENX*HEvaVMAK+!NW& zts-m1E>>QcTIF2=Q>5_=RooVdm10KvHU!_ywr&%t|Yw6 zg^)0}KhvF%TdDuC%xXCbk8Rph!$HD(jIp}@ORLrHxAXO1+O1BvyRZMUi&iG2PpPCz7l19|WX^jw-o74Ool+ zts?*TPWpTN-${Gg_`XPUJuFcL9(MjK@ZWk=9wz>; z#s5y*E6V@<-d_ISNqf@x|EQdA-~O@&|BX`kxca~6bxZue)jQea|1O$M;8r5&nGQtf z0iJoS!qWP!Q;0`PL03Bne^n-+tEZTGZqueW{+2;PpMFvO8(!QzoqgpPY?}$`UmL>r zZB<)E|H00#v{I8-cRxn3PX6n4i}GK)zo-AZX-}KHLvoaQiV9yNms?s0!!a*mGU@7f zY+7jP4bmN}9)5@N=nDLw%>2eyWWaU!-#sbGfBnwh{@AV4!-|6+dJ^t^aeO>;4FZ0bZxI_Y>gZ2)fkjpU^GXbMVx8t22)EJv^KQPXi zhNe58i)lGfd6_5L9s)pr#twY^m-^X_>MBvD(r^~>2AP)b zEdZ>+|8~nO>Hprzp8xNpJ#G2_p7ddfCA7x00rz#}OZf|o7+;6+=NfbG&Bq~9E>pE) zo1dp6Q>#s?^w6eb>MEZjG2OOJRn6BJk>BB(c!8qX7aBufh9f6gBR2<}eevyz*;lM! z*(%noq`aESY5T$4k4HS9FPER4YNhjY&rpNJir&}ni~eAnTXX)|AEnE8hE@^fCWhte zaR;QBa{Sxrq_7nHYTZJ2~(m_44S{*Tx9I(z!Ri}oGre`^@P z*WU4`)mGrYh=K-js0NSckLdsLivAz(q_vO#*h%{a?Y}lFAQy*kMp+t%?*{=|0r0Mo zi+_H){PoSJcb8wzPESw&q=9O8#Q!Xb9@GC@&i`re?Y}!|e@gtPTOSbZ@tK~9ef!|% zR5ooDCH1d^Gj>2`-h=OiT&%!hSf$8%8{7!WJ7IWE&jJ#1^n-J_W3`%X;0ez z<5ZTmQ20gzA)=~V?XY0!`3}Q1x8By{KcysVNk9QiW3$x2wfg@_(f-@__VM4lY2OO| z6BJ%753AUt`+eFy@qeSR@U{HERpkHuPIqtr+ev%c_P;#=c_qf0PwjTd)P9@yo|7h`_t!}CQPupwn<^P?uZ-)Qds{qdd8uwIS zEA0;WpAC7$A0h&5uK#!1`~1({v~Pv~6BO=6fGxMX;Xe{yKTVTxn5BF}DzKja7xTZm z-QM2+x0CiQ;Xgv*D+7glD)8{O9{(e8Eo~Y5$Ke0nPQS$e+k5}tPTIGE{|~-dc25{8 z+e-Ww!%bOzWm|*)Ub~e4(Q3E$_P?F9CyoD6IOj2!@=`(K8KiH9Y3N69c;qks&PO5+ zbeV@4PeKux-+DE3A&dE~Q)6)NXO{4*Ny6nsL;>EpgIDW8biv!iAMwk4XI(YGBu!^; zIhB>d42RQ~r!VnO%<`LXKT0S6R;0!c!tG96W}^|8vM}-L9FnU+!Z6>6YTZ+xz=pcGI4C{h#8kUV9;K-}Y_a_H9e;{{sL3|Nnj` JjMxAy0|0T$e60Wg literal 0 HcmV?d00001 diff --git a/charts/netdata/templates/netdata-otel/service.yaml b/charts/netdata/templates/netdata-otel/service.yaml index 820e03f2..04235225 100644 --- a/charts/netdata/templates/netdata-otel/service.yaml +++ b/charts/netdata/templates/netdata-otel/service.yaml @@ -3,7 +3,7 @@ apiVersion: v1 kind: Service metadata: - name: {{ template "netdata.name" . }}-otel + name: {{ .Release.Name }}-otel namespace: {{ .Release.Namespace }} labels: app: {{ template "netdata.name" . }} diff --git a/charts/netdata/values.yaml b/charts/netdata/values.yaml index a7489307..ebe5a08e 100644 --- a/charts/netdata/values.yaml +++ b/charts/netdata/values.yaml @@ -1,28 +1,58 @@ +# -- Number of `replicas` for the parent netdata `Deployment` +# @section -- General settings replicaCount: 1 +# -- Deployment strategy for pod deployments. Recreate is the safest value. +# @section -- General settings deploymentStrategy: type: Recreate +# -- An optional list of references to secrets in the same namespace to use for pulling any of the images +# @section -- General settings imagePullSecrets: [] image: + # -- Container image repository + # @section -- General settings repository: netdata/netdata + # -- Container image tag + # @section -- General settings tag: "{{ .Chart.AppVersion }}" + # -- Container image pull policy + # @section -- General settings pullPolicy: Always sd: image: + # -- Container image repository + # @section -- Service Discovery repository: netdata/agent-sd + # -- Container image tag + # @section -- Service Discovery tag: v0.2.10 + # -- Container image pull policy + # @section -- Service Discovery pullPolicy: Always child: + # -- Add service-discovery sidecar container to the netdata child pod definition + # @section -- Service Discovery enabled: true configmap: + # -- Child service-discovery ConfigMap name + # @section -- Service Discovery name: netdata-child-sd-config-map + # -- Child service-discovery ConfigMap key + # @section -- Service Discovery key: config.yml # if 'from' is {} the ConfigMap is not generated from: + # -- File to use for child service-discovery configuration generation + # @section -- Service Discovery file: "" + # -- Value to use for child service-discovery configuration generation + # @section -- Service Discovery value: {} + # -- Child service-discovery container CPU/Memory resource requests/limits + # @section -- Service Discovery resources: limits: cpu: 50m @@ -32,35 +62,70 @@ sd: memory: 100Mi initContainersImage: + # -- Init containers' image repository + # @section -- General settings repository: alpine + # -- Init containers' image tag + # @section -- General settings tag: latest + # -- Init containers' image pull policy + # @section -- General settings pullPolicy: Always sysctlInitContainer: + # -- Enable an init container to modify Kernel settings + # @section -- General settings enabled: false + # -- sysctl init container command to execute + # @section -- General settings command: [] + # -- sysctl Init container CPU/Memory resource requests/limits + # @section -- General settings resources: {} service: + # -- Parent service type + # @section -- General settings type: ClusterIP + # -- Parent service port + # @section -- General settings port: 19999 + # -- Additional annotations to add to the service + # @section -- General settings annotations: {} - ## Only to be used with type LoadBalancer - # loadBalancerIP: 10.0.1.69 - # loadBalancerSourceRanges: [] - # externalTrafficPolicy: Local - ## Only to be used with type LoadBalancer and external traffic policy Local - # healthCheckNodePort: - ## Only to be used with type ClusterIP - # clusterIP: 10.1.2.3 + # -- Static LoadBalancer IP, only to be used with service type=LoadBalancer + # @section -- General settings + loadBalancerIP: "" + # -- List of allowed IPs for LoadBalancer + # @section -- General settings + loadBalancerSourceRanges: [] + # -- Denotes if this Service desires to route external traffic to node-local or cluster-wide endpoints + # @section -- General settings + externalTrafficPolicy: "" + # -- Specifies the health check node port (only to be used with type LoadBalancer and external traffic policy Local) + # @section -- General settings + healthCheckNodePort: null + # -- Specific cluster IP when service type is cluster IP. Use `None` for headless service + # @section -- General settings + clusterIP: "" ingress: + # -- Create Ingress to access the netdata web UI + # @section -- General settings enabled: true + # -- Associate annotations to the Ingress + # @section -- General settings annotations: kubernetes.io/ingress.class: nginx kubernetes.io/tls-acme: "true" + # -- URL path for the ingress. If changed, a proxy server needs to be configured in front of netdata to translate path from a custom one to a `/` + # @section -- General settings path: / + # -- pathType for your ingress controller. Default value is correct for nginx. If you use your own ingress controller, check the correct value + # @section -- General settings pathType: Prefix + # -- URL hostnames for the ingress (they need to resolve to the external IP of the ingress controller) + # @section -- General settings hosts: - netdata.k8s.local ## whole spec is going to be included into ingress spec. @@ -73,22 +138,43 @@ ingress: # - netdata.k8s.local rbac: + # -- if true, create & use RBAC resources + # @section -- General settings create: true + # -- Specifies whether a PodSecurityPolicy should be created + # @section -- General settings pspEnabled: true serviceAccount: + # -- if true, create a service account + # @section -- General settings create: true + # -- The name of the service account to use. If not set and create is true, a name is generated using the fullname template + # @section -- General settings name: netdata restarter: + # -- Install CronJob to update Netdata Pods + # @section -- General settings enabled: false + # -- The schedule in Cron format + # @section -- General settings schedule: "00 06 * * *" image: + # -- Container image repo + # @section -- General settings repository: rancher/kubectl - # if `.auto`, the image tag version of the rancher/kubectl will reflect the Kubernetes cluster version + # -- Container image tag. If `.auto`, the image tag version of the rancher/kubectl will reflect the Kubernetes cluster version + # @section -- General settings tag: .auto + # -- Container image pull policy + # @section -- General settings pullPolicy: Always + # -- Container restart policy + # @section -- General settings restartPolicy: Never + # -- Container resources + # @section -- General settings resources: {} # limits: # cpu: 500m @@ -96,20 +182,40 @@ restarter: # requests: # cpu: 250m # memory: 32Mi + # -- Specifies how to treat concurrent executions of a job + # @section -- General settings concurrencyPolicy: Forbid + # -- Optional deadline in seconds for starting the job if it misses scheduled time for any reason + # @section -- General settings startingDeadlineSeconds: 60 + # -- The number of successful finished jobs to retain + # @section -- General settings successfulJobsHistoryLimit: 3 + # -- The number of failed finished jobs to retain + # @section -- General settings failedJobsHistoryLimit: 3 notifications: slack: + # -- Slack webhook URL + # @section -- General settings webhook_url: "" + # -- Slack recipient list + # @section -- General settings recipient: "" parent: + # -- Parent node hostname + # @section -- Parent hostname: "netdata-parent" + # -- Install parent Deployment to receive metrics from children nodes + # @section -- Parent enabled: true + # -- Parent's listen port + # @section -- Parent port: 19999 + # -- Resources for the parent deployment + # @section -- Parent resources: {} # limits: # cpu: 4 @@ -119,36 +225,76 @@ parent: # memory: 4096Mi livenessProbe: + # -- Number of seconds after the container has started before liveness probes are initiated + # @section -- Parent initialDelaySeconds: 0 + # -- When a liveness probe fails, Kubernetes will try failureThreshold times before giving up. Giving up the liveness probe means restarting the container + # @section -- Parent failureThreshold: 3 + # -- How often (in seconds) to perform the liveness probe + # @section -- Parent periodSeconds: 30 + # -- Minimum consecutive successes for the liveness probe to be considered successful after having failed + # @section -- Parent successThreshold: 1 + # -- Number of seconds after which the liveness probe times out + # @section -- Parent timeoutSeconds: 1 readinessProbe: + # -- Number of seconds after the container has started before readiness probes are initiated + # @section -- Parent initialDelaySeconds: 0 + # -- When a readiness probe fails, Kubernetes will try failureThreshold times before giving up. Giving up the readiness probe means marking the Pod Unready + # @section -- Parent failureThreshold: 3 + # -- How often (in seconds) to perform the readiness probe + # @section -- Parent periodSeconds: 30 + # -- Minimum consecutive successes for the readiness probe to be considered successful after having failed + # @section -- Parent successThreshold: 1 + # -- Number of seconds after which the readiness probe times out + # @section -- Parent timeoutSeconds: 1 securityContext: + # -- The UID to run the container process + # @section -- Parent runAsUser: 201 + # -- The GID to run the container process + # @section -- Parent runAsGroup: 201 + # -- The supplementary group for setting permissions on volumes + # @section -- Parent fsGroup: 201 + # -- Duration in seconds the pod needs to terminate gracefully + # @section -- Parent terminationGracePeriodSeconds: 300 + # -- Node selector for the parent deployment + # @section -- Parent nodeSelector: {} + # -- Tolerations settings for the parent deployment + # @section -- Parent tolerations: [] + # -- Affinity settings for the parent deployment + # @section -- Parent affinity: {} + # -- Pod priority class name for the parent deployment + # @section -- Parent priorityClassName: "" + # -- Set environment parameters for the parent deployment + # @section -- Parent env: {} ## To disable anonymous statistics: # DO_NOT_TRACK: 1 + # -- Set environment parameters for the parent deployment from ConfigMap and/or Secrets + # @section -- Parent envFrom: [] ## E.g. to read Netdata Cloud claim token from an existing secret "netdata" set this to: # - secretRef: @@ -156,24 +302,43 @@ parent: ## And create it with: kubectl create secret generic netdata --from-literal="NETDATA_CLAIM_TOKEN=" ## Also ensure that claim.token is empty + # -- Additional labels to add to the parent pods + # @section -- Parent podLabels: {} + # -- Additional annotations to add to the parent pods + # @section -- Parent podAnnotations: {} + # -- DNS policy for pod + # @section -- Parent dnsPolicy: Default database: + # -- Whether the parent should use a persistent volume for the DB + # @section -- Parent persistence: true - ## Set '-' as the storageclass to get a volume from the default storage class. + # -- The storage class for the persistent volume claim of the parent's database store, mounted to `/var/cache/netdata` + # @section -- Parent storageclass: "-" + # -- The storage space for the PVC of the parent database + # @section -- Parent volumesize: 5Gi alarms: + # -- Whether the parent should use a persistent volume for the alarms log + # @section -- Parent persistence: true - ## Set '-' as the storageclass to get a volume from the default storage class. + # -- The storage class for the persistent volume claim of the parent's alarm log, mounted to `/var/lib/netdata` + # @section -- Parent storageclass: "-" + # -- The storage space for the PVC of the parent alarm log + # @section -- Parent volumesize: 1Gi + # -- Manage custom parent's configs + # @default -- See values.yaml for default configuration + # @section -- Parent configs: netdata: enabled: true @@ -232,25 +397,45 @@ parent: to: sysadmin claiming: + # -- Enable parent claiming for netdata cloud + # @section -- Parent enabled: false + # -- Claim token + # @section -- Parent token: "" + # -- Comma separated list of claim rooms IDs + # @section -- Parent rooms: "" url: "https://api.netdata.cloud" + # -- Additional volumeMounts to add to the parent pods + # @section -- Parent extraVolumeMounts: [] + # -- Additional volumes to add to the parent pods + # @section -- Parent extraVolumes: [] + # -- Additional init containers to add to the parent pods + # @section -- Parent extraInitContainers: [] child: + # -- Install child DaemonSet to gather data from nodes + # @section -- Child enabled: true + # -- Children's listen port + # @section -- Child port: "{{ .Values.parent.port }}" + # -- An update strategy to replace existing DaemonSet pods with new pods + # @section -- Child updateStrategy: {} # type: RollingUpdate # rollingUpdate: # maxUnavailable: 1 + # -- Resources for the child DaemonSet + # @section -- Child resources: {} # limits: # cpu: 4 @@ -260,49 +445,100 @@ child: # memory: 4096Mi livenessProbe: + # -- Number of seconds after the container has started before liveness probes are initiated + # @section -- Child initialDelaySeconds: 0 + # -- When a liveness probe fails, Kubernetes will try failureThreshold times before giving up. Giving up the liveness probe means restarting the container + # @section -- Child failureThreshold: 3 + # -- How often (in seconds) to perform the liveness probe + # @section -- Child1.0 periodSeconds: 30 + # -- Minimum consecutive successes for the liveness probe to be considered successful after having failed + # @section -- Child successThreshold: 1 + # -- Number of seconds after which the liveness probe times out + # @section -- Child timeoutSeconds: 1 readinessProbe: + # -- Number of seconds after the container has started before readiness probes are initiated + # @section -- Child initialDelaySeconds: 0 + # -- When a readiness probe fails, Kubernetes will try failureThreshold times before giving up. Giving up the readiness probe means marking the Pod Unready + # @section -- Child failureThreshold: 3 + # -- How often (in seconds) to perform the readiness probe + # @section -- Child periodSeconds: 30 + # -- Minimum consecutive successes for the readiness probe to be considered successful after having failed + # @section -- Child successThreshold: 1 + # -- Number of seconds after which the readiness probe times out + # @section -- Child timeoutSeconds: 1 + # -- Duration in seconds the pod needs to terminate gracefully + # @section -- Child terminationGracePeriodSeconds: 30 + # -- Node selector for the child daemonsets + # @section -- Child nodeSelector: {} + # -- Tolerations settings for the child daemonsets + # @section -- Child tolerations: - operator: Exists effect: NoSchedule + # -- Affinity settings for the child daemonsets + # @section -- Child affinity: {} + # -- Pod priority class name for the child daemonsets + # @section -- Child priorityClassName: "" + # -- Additional labels to add to the child pods + # @section -- Child podLabels: {} podAnnotationAppArmor: + # -- Whether or not to include the AppArmor security annotation + # @section -- Child enabled: true + # -- Additional annotations to add to the child pods + # @section -- Child podAnnotations: {} + # -- Usage of host networking and ports + # @section -- Child hostNetwork: true + # -- DNS policy for pod. Should be `ClusterFirstWithHostNet` if `child.hostNetwork = true` + # @section -- Child dnsPolicy: ClusterFirstWithHostNet persistence: + # -- Whether or not to persist `/var/lib/netdata` in the `child.persistence.hostPath` + # @section -- Child enabled: true + # -- Host node directory for storing child instance data + # @section -- Child hostPath: /var/lib/netdata-k8s-child podsMetadata: + # -- Send requests to the Kubelet /pods endpoint instead of Kubernetes API server to get pod metadata + # @section -- Child useKubelet: false + # -- Kubelet URL + # @section -- Child kubeletUrl: "https://localhost:10250" + # -- Manage custom child's configs + # @default -- See values.yaml for default configuration + # @section -- Child configs: netdata: enabled: true @@ -361,10 +597,14 @@ child: - name: local url: http://127.0.0.1:10249/metrics + # -- Set environment parameters for the child daemonset + # @section -- Child env: {} ## To disable anonymous statistics: # DO_NOT_TRACK: 1 + # -- Set environment parameters for the child daemonset from ConfigMap and/or Secrets + # @section -- Child envFrom: [] ## E.g. to read Netdata Cloud claim token from an existing secret "netdata" set this to: # - secretRef: @@ -373,11 +613,19 @@ child: ## Also ensure that claim.token is empty claiming: + # -- Enable child claiming for netdata cloud + # @section -- Child enabled: false + # -- Claim token + # @section -- Child token: "" + # -- Comma separated list of claim rooms IDs + # @section -- Child rooms: "" url: "https://api.netdata.cloud" + # -- Additional volumeMounts to add to the child pods + # @section -- Child extraVolumeMounts: [] ## Additional volume mounts for netdata child ## E.g to mount all disks under / to be monitored via the diskspace plugin @@ -385,6 +633,8 @@ child: # mountPath: /host/root # readOnly: true # mountPropagation: HostToContainer + # -- Additional volumes to add to the child pods + # @section -- Child extraVolumes: [] ## Additional volumes for netdata child ## E.g to mount all disks under / to be monitored via the diskspace plugin @@ -393,10 +643,18 @@ child: # path: / k8sState: + # -- K8s state node hostname + # @section -- K8s State hostname: "netdata-k8s-state" + # -- Install this Deployment to gather data from K8s cluster + # @section -- K8s State enabled: true + # -- Listen port + # @section -- K8s State port: "{{ .Values.parent.port }}" + # -- Compute resources required by this Deployment + # @section -- K8s State resources: {} # limits: # cpu: 4 @@ -406,43 +664,104 @@ k8sState: # memory: 4096Mi livenessProbe: + # -- Number of seconds after the container has started before liveness probes are initiated + # @section -- K8s State initialDelaySeconds: 0 + # -- When a liveness probe fails, Kubernetes will try failureThreshold times before giving up. Giving up the liveness probe means restarting the container + # @section -- K8s State failureThreshold: 3 + # -- How often (in seconds) to perform the liveness probe + # @section -- K8s State periodSeconds: 30 + # -- Minimum consecutive successes for the liveness probe to be considered successful after having failed + # @section -- K8s State successThreshold: 1 + # -- Number of seconds after which the liveness probe times out + # @section -- K8s State timeoutSeconds: 1 readinessProbe: + # -- Number of seconds after the container has started before readiness probes are initiated + # @section -- K8s State initialDelaySeconds: 0 + # -- When a readiness probe fails, Kubernetes will try failureThreshold times before giving up. Giving up the readiness probe means marking the Pod Unready + # @section -- K8s State failureThreshold: 3 + # -- How often (in seconds) to perform the readiness probe + # @section -- K8s State periodSeconds: 30 + # -- Minimum consecutive successes for the readiness probe to be considered successful after having failed + # @section -- K8s State successThreshold: 1 + # -- Number of seconds after which the readiness probe times out + # @section -- K8s State timeoutSeconds: 1 + # -- Duration in seconds the pod needs to terminate gracefully + # @section -- K8s State terminationGracePeriodSeconds: 30 + # -- Node selector + # @section -- K8s State nodeSelector: {} + # -- Tolerations settings + # @section -- K8s State tolerations: [] + # -- Affinity settings + # @section -- K8s State affinity: {} + # -- Pod priority class name + # @section -- K8s State priorityClassName: "" + # -- Additional labels + # @section -- K8s State podLabels: {} podAnnotationAppArmor: + # -- Whether or not to include the AppArmor security annotation + # @section -- K8s State enabled: true + # -- Additional annotations + # @section -- K8s State podAnnotations: {} + # -- DNS policy for pod + # @section -- K8s State dnsPolicy: ClusterFirstWithHostNet persistence: + # -- Whether should use a persistent volume for `/var/lib/netdata` + # @section -- K8s State enabled: true - ## Set '-' as the storageclass to get a volume from the default storage class. + # -- The storage class for the persistent volume claim of `/var/lib/netdata` + # @section -- K8s State storageclass: "-" + # -- The storage space for the PVC of `/var/lib/netdata` + # @section -- K8s State volumesize: 1Gi + # -- Set environment parameters + # @section -- K8s State + env: {} + ## To disable anonymous statistics: + # DO_NOT_TRACK: 1 + + # -- Set environment parameters from ConfigMap and/or Secrets + # @section -- K8s State + envFrom: [] + ## E.g. to read Netdata Cloud claim token from an existing secret "netdata" set this to: + # - secretRef: + # name: netdata + ## And create it with: kubectl create secret generic netdata --from-literal="NETDATA_CLAIM_TOKEN=" + ## Also ensure that claim.token is empty + + # -- Manage custom configs + # @default -- See values.yaml for default configuration + # @section -- K8s State configs: netdata: enabled: true @@ -507,36 +826,47 @@ k8sState: - name: k8s_state update_every: 1 - env: {} - ## To disable anonymous statistics: - # DO_NOT_TRACK: 1 - - envFrom: [] - ## E.g. to read Netdata Cloud claim token from an existing secret "netdata" set this to: - # - secretRef: - # name: netdata - ## And create it with: kubectl create secret generic netdata --from-literal="NETDATA_CLAIM_TOKEN=" - ## Also ensure that claim.token is empty - claiming: + # -- Enable claiming for netdata cloud + # @section -- K8s State enabled: false + # -- Claim token + # @section -- K8s State token: "" + # -- Comma separated list of claim rooms IDs + # @section -- K8s State rooms: "" url: "https://api.netdata.cloud" + # -- Additional volumeMounts to add to the k8sState pods + # @section -- K8s State extraVolumeMounts: [] + # -- Additional volumes to add to the k8sState pods + # @section -- K8s State extraVolumes: [] netdataOpentelemetry: + # -- Enable the Netdata OpenTelemetry Deployment + # @section -- Netdata OpenTelemetry enabled: false + # -- Hostname for the Netdata OpenTelemetry instance + # @section -- Netdata OpenTelemetry hostname: "netdata-otel" + # -- Listen port + # @section -- Netdata OpenTelemetry port: "{{ .Values.parent.port }}" - ## Service responsible for receiving OTEL logs + ## Service responsible for receiving OTEL metrics and logs service: + # -- Service type + # @section -- Netdata OpenTelemetry type: ClusterIP + # -- Service port + # @section -- Netdata OpenTelemetry port: 4317 + # -- Service annotations + # @section -- Netdata OpenTelemetry annotations: {} ## Only to be used with type LoadBalancer # loadBalancerIP: 10.0.1.69 @@ -547,6 +877,8 @@ netdataOpentelemetry: ## Only to be used with type ClusterIP # clusterIP: 10.1.2.3 + # -- Compute resources required by this Deployment + # @section -- Netdata OpenTelemetry resources: {} # limits: # cpu: 4 @@ -556,43 +888,89 @@ netdataOpentelemetry: # memory: 4096Mi livenessProbe: + # -- Number of seconds after the container has started before liveness probes are initiated + # @section -- Netdata OpenTelemetry initialDelaySeconds: 0 + # -- When a liveness probe fails, Kubernetes will try failureThreshold times before giving up + # @section -- Netdata OpenTelemetry failureThreshold: 3 + # -- How often (in seconds) to perform the liveness probe + # @section -- Netdata OpenTelemetry periodSeconds: 30 + # -- Minimum consecutive successes for the liveness probe to be considered successful after having failed + # @section -- Netdata OpenTelemetry successThreshold: 1 + # -- Number of seconds after which the liveness probe times out + # @section -- Netdata OpenTelemetry timeoutSeconds: 1 readinessProbe: + # -- Number of seconds after the container has started before readiness probes are initiated + # @section -- Netdata OpenTelemetry initialDelaySeconds: 0 + # -- When a readiness probe fails, Kubernetes will try failureThreshold times before giving up + # @section -- Netdata OpenTelemetry failureThreshold: 3 + # -- How often (in seconds) to perform the readiness probe + # @section -- Netdata OpenTelemetry periodSeconds: 30 + # -- Minimum consecutive successes for the readiness probe to be considered successful after having failed + # @section -- Netdata OpenTelemetry successThreshold: 1 + # -- Number of seconds after which the readiness probe times out + # @section -- Netdata OpenTelemetry timeoutSeconds: 1 + # -- Duration in seconds the pod needs to terminate gracefully + # @section -- Netdata OpenTelemetry terminationGracePeriodSeconds: 30 + # -- Node selector + # @section -- Netdata OpenTelemetry nodeSelector: {} + # -- Tolerations settings + # @section -- Netdata OpenTelemetry tolerations: [] + # -- Affinity settings + # @section -- Netdata OpenTelemetry affinity: {} + # -- Pod priority class name + # @section -- Netdata OpenTelemetry priorityClassName: "" + # -- Additional labels + # @section -- Netdata OpenTelemetry podLabels: {} podAnnotationAppArmor: + # -- Whether or not to include the AppArmor security annotation + # @section -- Netdata OpenTelemetry enabled: true + # -- Additional annotations + # @section -- Netdata OpenTelemetry podAnnotations: {} - dnsPolicy: ClusterFirstWithHostNet + # -- DNS policy for pod + # @section -- Netdata OpenTelemetry + dnsPolicy: Default persistence: + # -- Whether should use a persistent volume + # @section -- Netdata OpenTelemetry enabled: true - ## Set '-' as the storageclass to get a volume from the default storage class. + # -- The storage class for the persistent volume claim + # @section -- Netdata OpenTelemetry storageclass: "-" + # -- The storage space for the PVC + # @section -- Netdata OpenTelemetry volumesize: 10Gi + # -- Manage custom configs + # @default -- See values.yaml for default configuration + # @section -- Netdata OpenTelemetry configs: netdata: enabled: true @@ -628,6 +1006,8 @@ netdataOpentelemetry: apps = no python.d = no fping = no + [logs] + level = debug stream: enabled: true path: /etc/netdata/stream.conf @@ -663,10 +1043,14 @@ netdataOpentelemetry: duration_of_journal_file: "2 hours" store_otlp_json: false + # -- Set environment parameters + # @section -- Netdata OpenTelemetry env: {} ## To disable anonymous statistics: # DO_NOT_TRACK: 1 + # -- Set environment parameters from ConfigMap and/or Secrets + # @section -- Netdata OpenTelemetry envFrom: [] ## E.g. to read Netdata Cloud claim token from an existing secret "netdata" set this to: # - secretRef: @@ -675,13 +1059,23 @@ netdataOpentelemetry: ## Also ensure that claim.token is empty claiming: + # -- Enable claiming for netdata cloud + # @section -- Netdata OpenTelemetry enabled: false + # -- Claim token + # @section -- Netdata OpenTelemetry token: "" + # -- Comma separated list of claim rooms IDs + # @section -- Netdata OpenTelemetry rooms: "" url: "https://api.netdata.cloud" + # -- Additional volumeMounts + # @section -- Netdata OpenTelemetry extraVolumeMounts: [] + # -- Additional volumes + # @section -- Netdata OpenTelemetry extraVolumes: [] # OpenTelemetry Collector subchart configuration @@ -689,27 +1083,38 @@ netdataOpentelemetry: # If you already have an exporter of any kind, just point it to the netdata-otel service # Documentation: https://opentelemetry.io/docs/platforms/kubernetes/helm/collector/ otel-collector: - # Set to true to enable the OpenTelemetry Collector + # -- Set to true to enable the OpenTelemetry Collector + # @section -- OpenTelemetry Collector enabled: false - # Deployment mode: daemonset, deployment, or statefulset + # -- Deployment mode: daemonset, deployment, or statefulset + # @section -- OpenTelemetry Collector mode: daemonset # Image configuration image: + # -- Image repository + # @section -- OpenTelemetry Collector repository: otel/opentelemetry-collector-k8s # Presets enable quick configuration for common use cases presets: # Collect Kubernetes attributes and add them to logs kubernetesAttributes: + # -- Enable Kubernetes attributes collection + # @section -- OpenTelemetry Collector enabled: true # Collect logs from Kubernetes pods logsCollection: + # -- Enable logs collection from Kubernetes pods + # @section -- OpenTelemetry Collector enabled: true + # -- Include collector logs in the collection + # @section -- OpenTelemetry Collector includeCollectorLogs: false - # OpenTelemetry Collector configuration + # -- OpenTelemetry Collector configuration + # @section -- OpenTelemetry Collector config: receivers: # Filelog receiver - collects logs from container log files @@ -790,10 +1195,6 @@ otel-collector: endpoint: "{{ .Release.Name }}-otel:4317" tls: insecure: true - # Uncomment and configure if you need authentication - # headers: - # authorization: "Bearer YOUR_TOKEN" - # api-key: "your-api-key" # Retry configuration retry_on_failure: @@ -808,13 +1209,6 @@ otel-collector: num_consumers: 10 queue_size: 1000 - # Debug exporter for troubleshooting (optional) - # Uncomment to see logs being exported - # debug: - # verbosity: detailed - # sampling_initial: 5 - # sampling_thereafter: 200 - service: pipelines: # Logs pipeline @@ -823,7 +1217,8 @@ otel-collector: processors: [memory_limiter, k8sattributes, resourcedetection, batch] exporters: [otlp] - # Resources + # -- Resources + # @section -- OpenTelemetry Collector resources: limits: cpu: 200m @@ -834,11 +1229,17 @@ otel-collector: # Service account with necessary RBAC permissions serviceAccount: + # -- Create service account + # @section -- OpenTelemetry Collector create: true # RBAC for accessing Kubernetes API clusterRole: + # -- Create cluster role + # @section -- OpenTelemetry Collector create: true + # -- Cluster role rules + # @section -- OpenTelemetry Collector rules: - apiGroups: [""] resources: ["pods", "namespaces", "nodes"] @@ -847,7 +1248,8 @@ otel-collector: resources: ["replicasets"] verbs: ["get", "list", "watch"] - # Tolerations to run on all nodes + # -- Tolerations to run on all nodes + # @section -- OpenTelemetry Collector tolerations: - effect: NoSchedule operator: Exists @@ -857,16 +1259,22 @@ otel-collector: # Ports configuration ports: otlp: + # -- Enable OTLP port + # @section -- OpenTelemetry Collector enabled: true containerPort: 4317 servicePort: 4317 protocol: TCP otlp-http: + # -- Enable OTLP HTTP port + # @section -- OpenTelemetry Collector enabled: true containerPort: 4318 servicePort: 4318 protocol: TCP metrics: + # -- Enable metrics port + # @section -- OpenTelemetry Collector enabled: true containerPort: 8888 servicePort: 8888 diff --git a/generate-documentation.sh b/generate-documentation.sh new file mode 100755 index 00000000..aecc69dc --- /dev/null +++ b/generate-documentation.sh @@ -0,0 +1,5 @@ +#!/usr/bin/env bash + +set -euo pipefail + +helm-docs -t "./templates/netdata-README.md.gotmpl" -g "charts/netdata" --ignore-non-descriptions --sort-values-order file diff --git a/templates/netdata-README.md.gotmpl b/templates/netdata-README.md.gotmpl new file mode 100644 index 00000000..7a0b29eb --- /dev/null +++ b/templates/netdata-README.md.gotmpl @@ -0,0 +1,330 @@ +# Netdata Helm chart for Kubernetes deployments + +Artifact HUB + +{{ template "chart.versionBadge" . }} + +{{ template "chart.appVersionBadge" . }} + +_Based on the work of varyumin (https://github.com/varyumin/netdata)_. + +## Introduction + +This chart bootstraps a [Netdata](https://github.com/netdata/netdata) deployment on a [Kubernetes](http://kubernetes.io) +cluster using the [Helm](https://helm.sh) package manager. + +By default, the chart installs: + +- A Netdata child pod on each node of a cluster, using a `Daemonset` +- A Netdata k8s state monitoring pod on one node, using a `Deployment`. This virtual node is called `netdata-k8s-state`. +- A Netdata parent pod on one node, using a `Deployment`. This virtual node is called `netdata-parent`. + +Disabled by default: + +- A Netdata restarter `CronJob`. Its main purpose is to automatically update Netdata when using nightly releases. + +The child pods and the state pod function as headless collectors that collect and forward +all the metrics to the parent pod. The parent pod uses persistent volumes to store metrics and alarms, handle alarm +notifications, and provide the Netdata UI to view metrics using an ingress controller. + +Please validate that the settings are suitable for your cluster before using them in production. + +## Prerequisites + +- A working cluster running Kubernetes v1.9 or newer. +- The [kubectl](https://kubernetes.io/docs/reference/kubectl/overview/) command line tool, + within [one minor version difference](https://kubernetes.io/docs/tasks/tools/install-kubectl/#before-you-begin) of + your cluster, on an administrative system. +- The [Helm package manager](https://helm.sh/) v3.8.0 or newer on the same administrative system. + +## Required Resources and Permissions + +Netdata is a comprehensive monitoring solution that requires specific access to host resources to function effectively. By design, monitoring solutions like Netdata need visibility into various system components to collect metrics and provide insights. The following mounts, privileges, and capabilities are essential for Netdata's operation, and applying restrictive security profiles or limiting these accesses may significantly impact functionality or render the monitoring solution ineffective. + +
+See required mounts, privileges and RBAC resources + +### Required Mounts + +| Mount | Type | Node | Components & Descriptions | +|:-----------------------------------------------------------|:----------------------------:|:-----------------------:|:------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| `/` | hostPath | child | • **diskspace.plugin**: Host mount points monitoring. | +| `/proc` | hostPath | child | • **proc.plugin**: Host system monitoring (CPU, memory, network interfaces, disks, etc.). | +| `/sys` | hostPath | child | • **cgroups.plugin**: Docker containers monitoring and name resolution. | +| `/var/log` | hostPath | child | • **systemd-journal.plugin**: Viewing, exploring and analyzing systemd journal logs. | +| `/etc/os-release` | hostPath | child, parent, k8sState | • **netdata**: Host info detection. | +| `/etc/passwd`, `/etc/group` | hostPath | child | • **apps.plugin**: Monitoring of host system resource usage by each user and user group. | +| `{{ "{{" }} .Values.child.persistence.hostPath {{ "}}" }}/var/lib/netdata` | hostPath (DirectoryOrCreate) | child | • **netdata**: Persistence of Netdata's /var/lib/netdata directory which contains netdata public unique ID and other files that should persist across container recreations. Without persistence, a new netdata unique ID is generated for each child on every container recreation, causing children to appear as new nodes on the Parent instance. | + +### Required Privileges and Capabilities + +| Privilege/Capability | Node | Components & Descriptions | +|:---------------------|:-----:|:-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| Host Network Mode | child | • **proc.plugin**: Host system networking stack monitoring.
• **go.d.plugin**: Monitoring applications running on the host and inside containers.
• **local-listeners**: Discovering local services/applications. Map open (listening) ports to running services/applications.
• **network-viewer.plugin**: Discovering all current network sockets and building a network-map. | +| Host PID Mode | child | • **cgroups.plugin**: Container network interfaces monitoring. Map virtual interfaces in the system namespace to interfaces inside containers. | +| SYS_ADMIN | child | • **cgroups.plugin**: Container network interfaces monitoring. Map virtual interfaces in the system namespace to interfaces inside containers.
• **network-viewer.plugin**: Discovering all current network sockets and building a network-map. | +| SYS_PTRACE | child | • **local-listeners**: Discovering local services/applications. Map open (listening) ports to running services/applications. | + +### Required Kubernetes RBAC Resources + +| Resource | Verbs | Components & Descriptions | +|:-------------------|:-----------------|:-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| pods | get, list, watch | • **service discovery**: Used for discovering services.
• **go.d/k8s_state**: Kubernetes state monitoring.
• **netdata**: Used by cgroup-name.sh and get-kubernetes-labels.sh scripts. | +| services | get, list, watch | • **service discovery**: Used for discovering services. | +| configmaps | get, list, watch | • **service discovery**: Used for discovering services. | +| secrets | get, list, watch | • **service discovery**: Used for discovering services. | +| nodes | get, list, watch | • **go.d/k8s_state**: Kubernetes state monitoring. | +| nodes/metrics | get, list, watch | • **go.d/k8s_kubelet**: Used when querying Kubelet HTTPS endpoint. | +| nodes/proxy | get, list, watch | • **netdata**: Used by cgroup-name.sh when querying Kubelet /pods endpoint. | +| deployments (apps) | get, list, watch | • **go.d/k8s_state**: Kubernetes state monitoring. | +| cronjobs (batch) | get, list, watch | • **go.d/k8s_state**: Kubernetes state monitoring. | +| jobs (batch) | get, list, watch | • **go.d/k8s_state**: Kubernetes state monitoring. | +| namespaces | get | • **go.d/k8s_state**: Kubernetes state monitoring.
• **netdata**: Used by cgroup-name.sh and get-kubernetes-labels.sh scripts. | + +
+ +## Installing the Helm chart + +You can install the Helm chart via our Helm repository, or by cloning this repository. + +### Installing via our Helm repository (recommended) + +To use Netdata's Helm repository, run the following commands: + +```bash +helm repo add netdata https://netdata.github.io/helmchart/ +helm install netdata netdata/netdata +``` + +**See our [install Netdata on Kubernetes](https://github.com/netdata/netdata/blob/master/packaging/installer/methods/kubernetes.md) +documentation for detailed installation and configuration instructions.** The remainder of this document assumes you +installed the Helm chart by cloning this repository, and thus uses slightly different `helm install`/`helm upgrade` +commands. + +### Install by cloning the repository + +Clone the repository locally. + +```console +git clone https://github.com/netdata/helmchart.git netdata-helmchart +``` + +To install the chart with the release name `netdata`: + +```console +helm install netdata ./netdata-helmchart/charts/netdata +``` + +The command deploys ingress on the Kubernetes cluster in the default configuration. The [configuration](#configuration) +section lists the parameters that can be configured during installation. + +> **Tip**: List all releases using `helm list`. + +## Uninstalling the Chart + +To uninstall/delete the `my-release` deployment: + +```console + helm delete netdata +``` + +The command removes all the Kubernetes components associated with the chart and deletes the release. + +## Configuration + +The following table lists the configurable parameters of the netdata chart and their default values. + +{{ template "chart.valuesTableHtml" . }} + +Example to set the parameters from the command line: + +```console +$ helm install ./netdata --name my-release \ + --set notifications.slack.webhook_url=MySlackAPIURL \ + --set notifications.slack.recipient="@MyUser MyChannel" +``` + +Another example, to set a different ingress controller. + +By default `kubernetes.io/ingress.class` set to use `nginx` as an ingress controller, but you can set `Traefik` as your +ingress controller by setting `ingress.annotations`. + +``` +$ helm install ./netdata --name my-release \ + --set ingress.annotations=kubernetes.io/ingress.class: traefik +``` + +Alternatively to passing each variable in the command line, a YAML file that specifies the values for the parameters can +be provided while installing the chart. For example, + +```console +$ helm install ./netdata --name my-release -f values.yaml +``` + +> **Tip**: You can use the default values.yaml + +> **Note:**: To opt out of anonymous statistics, set the `DO_NOT_TRACK` +> environment variable to non-zero or non-empty value in +`parent.env` / `child.env` configuration (e.g.,: `DO_NOT_TRACK: 1`) +> or uncomment the line in `values.yml`. + +### Configuration files + +| Parameter | Description | Default | +|-----------------------------------|---------------------------------------------------------------------------------------|-------------------------------------------------------------------------------------------------------------------------------| +| `parent.configs.netdata` | Contents of the parent's `netdata.conf` | `memory mode = dbengine` | +| `parent.configs.stream` | Contents of the parent's `stream.conf` | Store child data, accept all connections, and issue alarms for child data. | +| `parent.configs.health` | Contents of `health_alarm_notify.conf` | Email disabled, a sample of the required settings for Slack notifications | +| `parent.configs.exporting` | Contents of `exporting.conf` | Disabled | +| `k8sState.configs.netdata` | Contents of `netdata.conf` | No persistent storage, no alarms | +| `k8sState.configs.stream` | Contents of `stream.conf` | Send metrics to the parent at netdata:{{ "{{" }} service.port {{ "}}" }} | +| `k8sState.configs.exporting` | Contents of `exporting.conf` | Disabled | +| `k8sState.configs.go.d` | Contents of `go.d.conf` | Only k8s_state enabled | +| `k8sState.configs.go.d-k8s_state` | Contents of `go.d/k8s_state.conf` | k8s_state configuration | +| `child.configs.netdata` | Contents of the child's `netdata.conf` | No persistent storage, no alarms, no UI | +| `child.configs.stream` | Contents of the child's `stream.conf` | Send metrics to the parent at netdata:{{ "{{" }} service.port {{ "}}" }} | +| `child.configs.exporting` | Contents of the child's `exporting.conf` | Disabled | +| `child.configs.kubelet` | Contents of the child's `go.d/k8s_kubelet.conf` that drives the kubelet collector | Update metrics every sec, do not retry to detect the endpoint, look for the kubelet metrics at http://127.0.0.1:10255/metrics | +| `child.configs.kubeproxy` | Contents of the child's `go.d/k8s_kubeproxy.conf` that drives the kubeproxy collector | Update metrics every sec, do not retry to detect the endpoint, look for the coredns metrics at http://127.0.0.1:10249/metrics | + +To deploy additional netdata user configuration files, you will need to add similar entries to either +the `parent.configs` or the `child.configs` arrays. Regardless of whether you add config files that reside directly +under `/etc/netdata` or in a subdirectory such as `/etc/netdata/go.d`, you can use the already provided configurations +as reference. For reference, the `parent.configs` the array includes an `example` alarm that would get triggered if the +python.d `example` module was enabled. Whenever you pass the sensitive data to your configuration like the database +credential, you can take an option to put it into the Kubernetes Secret by specifying `storedType: secret` in the +selected configuration. By default, all the configurations will be placed in the Kubernetes configmap. + +Note that in this chart's default configuration, the parent performs the health checks and triggers alarms but collects little data. As a result, the only other configuration files that might make sense to add to the parent are +the alarm and alarm template definitions, under `/etc/netdata/health.d`. + +> **Tip**: Do pay attention to the indentation of the config file contents, as it matters for the parsing of the `yaml` file. Note that the first line under `var: |` +> must be indented with two more spaces relative to the preceding line: + +``` + data: |- + config line 1 #Need those two spaces + config line 2 #No problem indenting more here +``` + +### Persistent volumes + +There are two different persistent volumes on `parent` node by design (not counting any Configmap/Secret mounts). Both +can be used, but they don't have to be. Keep in mind that whenever persistent volumes for `parent` are not used, all the +data for specific PV is lost in case of pod removal. + +1. database (`/var/cache/netdata`) - all metrics data is stored here. Performance of this volume affects query timings. +2. alarms (`/var/lib/netdata`) - alarm log, if not persistent pod recreation will result in parent appearing as a new + node in `netdata.cloud` (due to `./registry/` and `./cloud.d/` being removed). + +In case of `child` instance it is a bit simpler. By default, hostPath: `/var/lib/netdata-k8s-child` is mounted on child +in: `/var/lib/netdata`. You can disable it, but this option is pretty much required in a real life scenario, as without +it each pod deletion will result in a new replication node for a parent. + +### Service discovery and supported services + +Netdata's [service discovery](https://github.com/netdata/agent-service-discovery/), which is installed as part of the +Helm chart installation, finds what services are running on a cluster's pods, converts that into configuration files, +and exports them, so they can be monitored. + +#### Applications + +Service discovery currently supports the following applications via their associated collector: + +- [ActiveMQ](https://github.com/netdata/netdata/blob/master/src/go/plugin/go.d/collector/activemq/README.md) +- [Apache](https://github.com/netdata/netdata/blob/master/src/go/plugin/go.d/collector/apache/README.md) +- [Bind](https://github.com/netdata/netdata/blob/master/src/go/plugin/go.d/collector/bind/README.md) +- [CockroachDB](https://github.com/netdata/netdata/blob/master/src/go/plugin/go.d/collector/cockroachdb/README.md) +- [Consul](https://github.com/netdata/netdata/blob/master/src/go/plugin/go.d/collector/consul/README.md) +- [CoreDNS](https://github.com/netdata/netdata/blob/master/src/go/plugin/go.d/collector/coredns/README.md) +- [Elasticsearch](https://github.com/netdata/netdata/blob/master/src/go/plugin/go.d/collector/elasticsearch/README.md) +- [Fluentd](https://github.com/netdata/netdata/blob/master/src/go/plugin/go.d/collector/fluentd/README.md) +- [FreeRADIUS](https://github.com/netdata/netdata/blob/master/src/go/plugin/go.d/collector/freeradius/README.md) +- [HDFS](https://github.com/netdata/netdata/blob/master/src/go/plugin/go.d/collector/hdfs/README.md) +- [Lighttpd](https://github.com/netdata/netdata/blob/master/src/go/plugin/go.d/collector/lighttpd/README.md) +- [Logstash](https://github.com/netdata/netdata/blob/master/src/go/plugin/go.d/collector/logstash/README.md) +- [MySQL](https://github.com/netdata/netdata/blob/master/src/go/plugin/go.d/collector/mysql/README.md) +- [NGINX](https://github.com/netdata/netdata/blob/master/src/go/plugin/go.d/collector/nginx/README.md) +- [OpenVPN](https://github.com/netdata/netdata/blob/master/src/go/plugin/go.d/collector/openvpn/README.md) +- [PHP-FPM](https://github.com/netdata/netdata/blob/master/src/go/plugin/go.d/collector/phpfpm/README.md) +- [RabbitMQ](https://github.com/netdata/netdata/blob/master/src/go/plugin/go.d/collector/rabbitmq/README.md) +- [Tengine](https://github.com/netdata/netdata/blob/master/src/go/plugin/go.d/collector/tengine/README.md) +- [Unbound](https://github.com/netdata/netdata/blob/master/src/go/plugin/go.d/collector/unbound/README.md) +- [VerneMQ](https://github.com/netdata/netdata/blob/master/src/go/plugin/go.d/collector/vernemq/README.md) +- [ZooKeeper](https://github.com/netdata/netdata/blob/master/src/go/plugin/go.d/collector/zookeeper/README.md) + +#### Prometheus endpoints + +Service discovery supports Prometheus endpoints via +the [Prometheus](https://github.com/netdata/netdata/blob/master/src/go/plugin/go.d/collector/prometheus/README.md) collector. + +Annotations on pods allow a fine control of the scraping process: + +- `prometheus.io/scrape`: The default configuration will scrape all pods and, if set to false, this annotation excludes + the pod from the scraping process. +- `prometheus.io/path`: If the metrics path is not _/metrics_, define it with this annotation. +- `prometheus.io/port`: Scrape the pod on the indicated port instead of the pod's declared ports. + +#### Configure service discovery + +If your cluster runs services on non-default ports or uses non-default names, you may need to configure service +discovery to start collecting metrics from your services. You have to edit +the [default ConfigMap](https://github.com/netdata/helmchart/blob/master/sdconfig/child.yml) that is shipped with the +Helmchart and deploy that to your cluster. + +First, copy `netdata-helmchart/sdconfig/child.yml` to a new location outside the `netdata-helmchart` directory. The +destination can be anywhere you like, but the following examples assume it resides next to the `netdata-helmchart` +directory. + +```bash +cp netdata-helmchart/sdconfig/child.yml . +``` + +Edit the new `child.yml` file according to your needs. See +the [Helm chart configuration](https://github.com/netdata/helmchart#configuration) and the file itself for details. You +can then run +`helm install`/`helm upgrade` with the `--set-file` argument to use your configured `child.yml` file instead of the +default, changing the path if you copied it elsewhere. + +```bash +helm install --set-file sd.child.configmap.from.value=./child.yml netdata ./netdata-helmchart/charts/netdata +helm upgrade --set-file sd.child.configmap.from.value=./child.yml netdata ./netdata-helmchart/charts/netdata +``` + +Now that you pushed an edited ConfigMap to your cluster, service discovery should find and set up metrics collection +from your non-default service. + +### Custom pod labels and annotations + +Occasionally, you will want to add +specific [labels](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/) +and [annotations](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/) to the parent and/or +child pods. You might want to do this to tell other applications on the cluster how to treat your pods, or simply to +categorize applications on your cluster. You can label and annotate the parent and child pods by using the `podLabels` +and `podAnnotations` dictionaries under the `parent` and `child` objects, respectively. + +For example, suppose you're installing Netdata on all your database nodes, and you'd like the child pods to be labeled +with `workload: database` so that you're able to recognize this. + +At the same time, say you've configured [chaoskube](https://github.com/helm/charts/tree/master/stable/chaoskube) to kill +all pods annotated with `chaoskube.io/enabled: true`, and you'd like chaoskube to be enabled for the parent pod but not +the childs. + +You would do this by installing as: + +```console +$ helm install \ + --set child.podLabels.workload=database \ + --set 'child.podAnnotations.chaoskube\.io/enabled=false' \ + --set 'parent.podAnnotations.chaoskube\.io/enabled=true' \ + netdata ./netdata-helmchart/charts/netdata +``` + +## Contributing + +If you want to contribute, we're humbled! + +- Take a look at our [Contributing Guidelines](https://github.com/netdata/.github/blob/main/CONTRIBUTING.md). +- This repository is under the [Netdata Code Of Conduct](https://github.com/netdata/.github/blob/main/CODE_OF_CONDUCT.md). +- Chat about your contribution and let us help you in + our [forum](https://community.netdata.cloud/c/agent-development/9)! From 4b1dbb216e28f01cf9a2bca6ac9cf054b78cb1b3 Mon Sep 17 00:00:00 2001 From: Mateusz Date: Fri, 30 Jan 2026 15:27:02 +0100 Subject: [PATCH 04/10] fixing deployment template for otel --- charts/netdata/templates/netdata-otel/deployment.yaml | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/charts/netdata/templates/netdata-otel/deployment.yaml b/charts/netdata/templates/netdata-otel/deployment.yaml index 6db1cae3..5b4ef4cd 100644 --- a/charts/netdata/templates/netdata-otel/deployment.yaml +++ b/charts/netdata/templates/netdata-otel/deployment.yaml @@ -37,8 +37,6 @@ spec: {{ toYaml . | trim | indent 8 }} {{- end }} spec: - securityContext: - fsGroup: 201 serviceAccountName: {{ .Values.serviceAccount.name }} restartPolicy: Always {{- if .Values.netdataOpentelemetry.priorityClassName }} @@ -101,6 +99,9 @@ spec: - name: http containerPort: {{ tpl (.Values.netdataOpentelemetry.port | toString) . }} protocol: TCP + - name: otel + containerPort: {{ tpl (.Values.netdataOpentelemetry.service.port | toString) . }} + protocol: TCP livenessProbe: exec: command: @@ -132,7 +133,7 @@ spec: {{- end }} {{- end }} {{- if .Values.netdataOpentelemetry.persistence.enabled }} - - name: varlib + - name: varlog mountPath: /var/log/netdata/otel {{- end }} {{- if .Values.netdataOpentelemetry.extraVolumeMounts -}} @@ -166,7 +167,7 @@ spec: secretName: netdata-conf-otel optional: true {{- if .Values.netdataOpentelemetry.persistence.enabled }} - - name: varlib + - name: varlog persistentVolumeClaim: claimName: {{ template "netdata.name" . }}-otel-varlog {{- end }} From 45d2cb366a52903652bb696ecc9aaa067246cd42 Mon Sep 17 00:00:00 2001 From: Mateusz Date: Fri, 30 Jan 2026 15:49:25 +0100 Subject: [PATCH 05/10] Removing debug log level from otel, testing doc checks --- charts/netdata/values.yaml | 12 +++++------- 1 file changed, 5 insertions(+), 7 deletions(-) diff --git a/charts/netdata/values.yaml b/charts/netdata/values.yaml index ebe5a08e..288ab631 100644 --- a/charts/netdata/values.yaml +++ b/charts/netdata/values.yaml @@ -403,7 +403,7 @@ parent: # -- Claim token # @section -- Parent token: "" - # -- Comma separated list of claim rooms IDs + # -- Comma separated list of claim rooms IDs. Empty value = All nodes room only # @section -- Parent rooms: "" url: "https://api.netdata.cloud" @@ -619,7 +619,7 @@ child: # -- Claim token # @section -- Child token: "" - # -- Comma separated list of claim rooms IDs + # -- Comma separated list of claim rooms IDs. Empty value = All nodes room only # @section -- Child rooms: "" url: "https://api.netdata.cloud" @@ -833,7 +833,7 @@ k8sState: # -- Claim token # @section -- K8s State token: "" - # -- Comma separated list of claim rooms IDs + # -- Comma separated list of claim rooms IDs. Empty value = All nodes room only # @section -- K8s State rooms: "" url: "https://api.netdata.cloud" @@ -1006,8 +1006,6 @@ netdataOpentelemetry: apps = no python.d = no fping = no - [logs] - level = debug stream: enabled: true path: /etc/netdata/stream.conf @@ -1065,7 +1063,7 @@ netdataOpentelemetry: # -- Claim token # @section -- Netdata OpenTelemetry token: "" - # -- Comma separated list of claim rooms IDs + # -- Comma separated list of claim rooms IDs. Empty value = All nodes room only # @section -- Netdata OpenTelemetry rooms: "" url: "https://api.netdata.cloud" @@ -1079,7 +1077,7 @@ netdataOpentelemetry: extraVolumes: [] # OpenTelemetry Collector subchart configuration -# This is an optional component that allows to gather logs from k8s cluster. +# This is an optional component that allows to gather logs from k8s cluster (in this configuration). # If you already have an exporter of any kind, just point it to the netdata-otel service # Documentation: https://opentelemetry.io/docs/platforms/kubernetes/helm/collector/ otel-collector: From 0c55758f6eabf5afbbbb0b86241ddb3e4b722095 Mon Sep 17 00:00:00 2001 From: Mateusz Date: Fri, 30 Jan 2026 15:54:19 +0100 Subject: [PATCH 06/10] Updating documentation --- charts/netdata/README.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/charts/netdata/README.md b/charts/netdata/README.md index 95b02a79..4e7b2383 100644 --- a/charts/netdata/README.md +++ b/charts/netdata/README.md @@ -971,7 +971,7 @@ false "" - Comma separated list of claim rooms IDs + Comma separated list of claim rooms IDs. Empty value = All nodes room only parent.extraVolumeMounts @@ -1311,7 +1311,7 @@ false "" - Comma separated list of claim rooms IDs + Comma separated list of claim rooms IDs. Empty value = All nodes room only child.extraVolumeMounts @@ -1648,7 +1648,7 @@ false "" - Comma separated list of claim rooms IDs + Comma separated list of claim rooms IDs. Empty value = All nodes room only k8sState.extraVolumeMounts @@ -1992,7 +1992,7 @@ false "" - Comma separated list of claim rooms IDs + Comma separated list of claim rooms IDs. Empty value = All nodes room only netdataOpentelemetry.extraVolumeMounts From d0bd6a1873607260a1e50b26a323973b87877c60 Mon Sep 17 00:00:00 2001 From: Mateusz Date: Fri, 30 Jan 2026 16:03:53 +0100 Subject: [PATCH 07/10] values table in non-html --- charts/netdata/README.md | 2465 +++------------------------- templates/netdata-README.md.gotmpl | 2 +- 2 files changed, 253 insertions(+), 2214 deletions(-) diff --git a/charts/netdata/README.md b/charts/netdata/README.md index 4e7b2383..3319a59e 100644 --- a/charts/netdata/README.md +++ b/charts/netdata/README.md @@ -134,2219 +134,258 @@ The command removes all the Kubernetes components associated with the chart and The following table lists the configurable parameters of the netdata chart and their default values. -

General settings

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
KeyTypeDefaultDescription
replicaCountint
-1
-
-		Number of `replicas` for the parent netdata `Deployment`
deploymentStrategyobject
-{
-  "type": "Recreate"
-}
-
-		Deployment strategy for pod deployments. Recreate is the safest value.
imagePullSecretslist
-[]
-
-		An optional list of references to secrets in the same namespace to use for pulling any of the images
image.repositorystring
-"netdata/netdata"
-
-		Container image repository
image.tagstring
-"{{ .Chart.AppVersion }}"
-
-		Container image tag
image.pullPolicystring
-"Always"
-
-		Container image pull policy
initContainersImage.repositorystring
-"alpine"
-
-		Init containers' image repository
initContainersImage.tagstring
-"latest"
-
-		Init containers' image tag
initContainersImage.pullPolicystring
-"Always"
-
-		Init containers' image pull policy
sysctlInitContainer.enabledbool
-false
-
-		Enable an init container to modify Kernel settings
sysctlInitContainer.commandlist
-[]
-
-		sysctl init container command to execute
sysctlInitContainer.resourcesobject
-{}
-
-		sysctl Init container CPU/Memory resource requests/limits
service.typestring
-"ClusterIP"
-
-		Parent service type
service.portint
-19999
-
-		Parent service port
service.annotationsobject
-{}
-
-		Additional annotations to add to the service
service.loadBalancerIPstring
-""
-
-		Static LoadBalancer IP, only to be used with service type=LoadBalancer
service.loadBalancerSourceRangeslist
-[]
-
-		List of allowed IPs for LoadBalancer
service.externalTrafficPolicystring
-""
-
-		Denotes if this Service desires to route external traffic to node-local or cluster-wide endpoints
service.healthCheckNodePortstring
-null
-
-		Specifies the health check node port (only to be used with type LoadBalancer and external traffic policy Local)
service.clusterIPstring
-""
-
-		Specific cluster IP when service type is cluster IP. Use `None` for headless service
ingress.enabledbool
-true
-
-		Create Ingress to access the netdata web UI
ingress.annotationsobject
-{
-  "kubernetes.io/ingress.class": "nginx",
-  "kubernetes.io/tls-acme": "true"
-}
-
-		Associate annotations to the Ingress
ingress.pathstring
-"/"
-
-		URL path for the ingress. If changed, a proxy server needs to be configured in front of netdata to translate path from a custom one to a `/`
ingress.pathTypestring
-"Prefix"
-
-		pathType for your ingress controller. Default value is correct for nginx. If you use your own ingress controller, check the correct value
ingress.hostslist
-[
-  "netdata.k8s.local"
-]
-
-		URL hostnames for the ingress (they need to resolve to the external IP of the ingress controller)
rbac.createbool
-true
-
-		if true, create & use RBAC resources
rbac.pspEnabledbool
-true
-
-		Specifies whether a PodSecurityPolicy should be created
serviceAccount.createbool
-true
-
-		if true, create a service account
serviceAccount.namestring
-"netdata"
-
-		The name of the service account to use. If not set and create is true, a name is generated using the fullname template
restarter.enabledbool
-false
-
-		Install CronJob to update Netdata Pods
restarter.schedulestring
-"00 06 * * *"
-
-		The schedule in Cron format
restarter.image.repositorystring
-"rancher/kubectl"
-
-		Container image repo
restarter.image.tagstring
-".auto"
-
-		Container image tag. If `.auto`, the image tag version of the rancher/kubectl will reflect the Kubernetes cluster version
restarter.image.pullPolicystring
-"Always"
-
-		Container image pull policy
restarter.restartPolicystring
-"Never"
-
-		Container restart policy
restarter.resourcesobject
-{}
-
-		Container resources
restarter.concurrencyPolicystring
-"Forbid"
-
-		Specifies how to treat concurrent executions of a job
restarter.startingDeadlineSecondsint
-60
-
-		Optional deadline in seconds for starting the job if it misses scheduled time for any reason
restarter.successfulJobsHistoryLimitint
-3
-
-		The number of successful finished jobs to retain
restarter.failedJobsHistoryLimitint
-3
-
-		The number of failed finished jobs to retain
notifications.slack.webhook_urlstring
-""
-
-		Slack webhook URL
notifications.slack.recipientstring
-""
-
-		Slack recipient list
-

Service Discovery

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
KeyTypeDefaultDescription
sd.image.repositorystring
-"netdata/agent-sd"
-
-		Container image repository
sd.image.tagstring
-"v0.2.10"
-
-		Container image tag
sd.image.pullPolicystring
-"Always"
-
-		Container image pull policy
sd.child.enabledbool
-true
-
-		Add service-discovery sidecar container to the netdata child pod definition
sd.child.configmap.namestring
-"netdata-child-sd-config-map"
-
-		Child service-discovery ConfigMap name
sd.child.configmap.keystring
-"config.yml"
-
-		Child service-discovery ConfigMap key
sd.child.configmap.from.filestring
-""
-
-		File to use for child service-discovery configuration generation
sd.child.configmap.from.valueobject
-{}
-
-		Value to use for child service-discovery configuration generation
sd.child.resourcesobject
-{
-  "limits": {
-    "cpu": "50m",
-    "memory": "150Mi"
-  },
-  "requests": {
-    "cpu": "50m",
-    "memory": "100Mi"
-  }
-}
-
-		Child service-discovery container CPU/Memory resource requests/limits
-

Parent

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
KeyTypeDefaultDescription
parent.hostnamestring
-"netdata-parent"
-
-		Parent node hostname
parent.enabledbool
-true
-
-		Install parent Deployment to receive metrics from children nodes
parent.portint
-19999
-
-		Parent's listen port
parent.resourcesobject
-{}
-
-		Resources for the parent deployment
parent.livenessProbe.initialDelaySecondsint
-0
-
-		Number of seconds after the container has started before liveness probes are initiated
parent.livenessProbe.failureThresholdint
-3
-
-		When a liveness probe fails, Kubernetes will try failureThreshold times before giving up. Giving up the liveness probe means restarting the container
parent.livenessProbe.periodSecondsint
-30
-
-		How often (in seconds) to perform the liveness probe
parent.livenessProbe.successThresholdint
-1
-
-		Minimum consecutive successes for the liveness probe to be considered successful after having failed
parent.livenessProbe.timeoutSecondsint
-1
-
-		Number of seconds after which the liveness probe times out
parent.readinessProbe.initialDelaySecondsint
-0
-
-		Number of seconds after the container has started before readiness probes are initiated
parent.readinessProbe.failureThresholdint
-3
-
-		When a readiness probe fails, Kubernetes will try failureThreshold times before giving up. Giving up the readiness probe means marking the Pod Unready
parent.readinessProbe.periodSecondsint
-30
-
-		How often (in seconds) to perform the readiness probe
parent.readinessProbe.successThresholdint
-1
-
-		Minimum consecutive successes for the readiness probe to be considered successful after having failed
parent.readinessProbe.timeoutSecondsint
-1
-
-		Number of seconds after which the readiness probe times out
parent.securityContext.runAsUserint
-201
-
-		The UID to run the container process
parent.securityContext.runAsGroupint
-201
-
-		The GID to run the container process
parent.securityContext.fsGroupint
-201
-
-		The supplementary group for setting permissions on volumes
parent.terminationGracePeriodSecondsint
-300
-
-		Duration in seconds the pod needs to terminate gracefully
parent.nodeSelectorobject
-{}
-
-		Node selector for the parent deployment
parent.tolerationslist
-[]
-
-		Tolerations settings for the parent deployment
parent.affinityobject
-{}
-
-		Affinity settings for the parent deployment
parent.priorityClassNamestring
-""
-
-		Pod priority class name for the parent deployment
parent.envobject
-{}
-
-		Set environment parameters for the parent deployment
parent.envFromlist
-[]
-
-		Set environment parameters for the parent deployment from ConfigMap and/or Secrets
parent.podLabelsobject
-{}
-
-		Additional labels to add to the parent pods
parent.podAnnotationsobject
-{}
-
-		Additional annotations to add to the parent pods
parent.dnsPolicystring
-"Default"
-
-		DNS policy for pod
parent.database.persistencebool
-true
-
-		Whether the parent should use a persistent volume for the DB
parent.database.storageclassstring
-"-"
-
-		The storage class for the persistent volume claim of the parent's database store, mounted to `/var/cache/netdata`
parent.database.volumesizestring
-"5Gi"
-
-		The storage space for the PVC of the parent database
parent.alarms.persistencebool
-true
-
-		Whether the parent should use a persistent volume for the alarms log
parent.alarms.storageclassstring
-"-"
-
-		The storage class for the persistent volume claim of the parent's alarm log, mounted to `/var/lib/netdata`
parent.alarms.volumesizestring
-"1Gi"
-
-		The storage space for the PVC of the parent alarm log
parent.configsobject
-See values.yaml for default configuration
-
-		Manage custom parent's configs
parent.claiming.enabledbool
-false
-
-		Enable parent claiming for netdata cloud
parent.claiming.tokenstring
-""
-
-		Claim token
parent.claiming.roomsstring
-""
-
-		Comma separated list of claim rooms IDs. Empty value = All nodes room only
parent.extraVolumeMountslist
-[]
-
-		Additional volumeMounts to add to the parent pods
parent.extraVolumeslist
-[]
-
-		Additional volumes to add to the parent pods
parent.extraInitContainerslist
-[]
-
-		Additional init containers to add to the parent pods
-

Child

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
KeyTypeDefaultDescription
child.enabledbool
-true
-
-		Install child DaemonSet to gather data from nodes
child.portstring
-"{{ .Values.parent.port }}"
-
-		Children's listen port
child.updateStrategyobject
-{}
-
-		An update strategy to replace existing DaemonSet pods with new pods
child.resourcesobject
-{}
-
-		Resources for the child DaemonSet
child.livenessProbe.initialDelaySecondsint
-0
-
-		Number of seconds after the container has started before liveness probes are initiated
child.livenessProbe.failureThresholdint
-3
-
-		When a liveness probe fails, Kubernetes will try failureThreshold times before giving up. Giving up the liveness probe means restarting the container
child.livenessProbe.successThresholdint
-1
-
-		Minimum consecutive successes for the liveness probe to be considered successful after having failed
child.livenessProbe.timeoutSecondsint
-1
-
-		Number of seconds after which the liveness probe times out
child.readinessProbe.initialDelaySecondsint
-0
-
-		Number of seconds after the container has started before readiness probes are initiated
child.readinessProbe.failureThresholdint
-3
-
-		When a readiness probe fails, Kubernetes will try failureThreshold times before giving up. Giving up the readiness probe means marking the Pod Unready
child.readinessProbe.periodSecondsint
-30
-
-		How often (in seconds) to perform the readiness probe
child.readinessProbe.successThresholdint
-1
-
-		Minimum consecutive successes for the readiness probe to be considered successful after having failed
child.readinessProbe.timeoutSecondsint
-1
-
-		Number of seconds after which the readiness probe times out
child.terminationGracePeriodSecondsint
-30
-
-		Duration in seconds the pod needs to terminate gracefully
child.nodeSelectorobject
-{}
-
-		Node selector for the child daemonsets
child.tolerationslist
-[
-  {
-    "effect": "NoSchedule",
-    "operator": "Exists"
-  }
-]
-
-		Tolerations settings for the child daemonsets
child.affinityobject
-{}
-
-		Affinity settings for the child daemonsets
child.priorityClassNamestring
-""
-
-		Pod priority class name for the child daemonsets
child.podLabelsobject
-{}
-
-		Additional labels to add to the child pods
child.podAnnotationAppArmor.enabledbool
-true
-
-		Whether or not to include the AppArmor security annotation
child.podAnnotationsobject
-{}
-
-		Additional annotations to add to the child pods
child.hostNetworkbool
-true
-
-		Usage of host networking and ports
child.dnsPolicystring
-"ClusterFirstWithHostNet"
-
-		DNS policy for pod. Should be `ClusterFirstWithHostNet` if `child.hostNetwork = true`
child.persistence.enabledbool
-true
-
-		Whether or not to persist `/var/lib/netdata` in the `child.persistence.hostPath`
child.persistence.hostPathstring
-"/var/lib/netdata-k8s-child"
-
-		Host node directory for storing child instance data
child.podsMetadata.useKubeletbool
-false
-
-		Send requests to the Kubelet /pods endpoint instead of Kubernetes API server to get pod metadata
child.podsMetadata.kubeletUrlstring
-"https://localhost:10250"
-
-		Kubelet URL
child.configsobject
-See values.yaml for default configuration
-
-		Manage custom child's configs
child.envobject
-{}
-
-		Set environment parameters for the child daemonset
child.envFromlist
-[]
-
-		Set environment parameters for the child daemonset from ConfigMap and/or Secrets
child.claiming.enabledbool
-false
-
-		Enable child claiming for netdata cloud
child.claiming.tokenstring
-""
-
-		Claim token
child.claiming.roomsstring
-""
-
-		Comma separated list of claim rooms IDs. Empty value = All nodes room only
child.extraVolumeMountslist
-[]
-
-		Additional volumeMounts to add to the child pods
child.extraVolumeslist
-[]
-
-		Additional volumes to add to the child pods
-

Child1.0

- - - - - - - - - - - - - - - -
KeyTypeDefaultDescription
child.livenessProbe.periodSecondsint
-30
-
-		How often (in seconds) to perform the liveness probe
-

K8s State

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
KeyTypeDefaultDescription
k8sState.hostnamestring
-"netdata-k8s-state"
-
-		K8s state node hostname
k8sState.enabledbool
-true
-
-		Install this Deployment to gather data from K8s cluster
k8sState.portstring
-"{{ .Values.parent.port }}"
-
-		Listen port
k8sState.resourcesobject
-{}
-
-		Compute resources required by this Deployment
k8sState.livenessProbe.initialDelaySecondsint
-0
-
-		Number of seconds after the container has started before liveness probes are initiated
k8sState.livenessProbe.failureThresholdint
-3
-
-		When a liveness probe fails, Kubernetes will try failureThreshold times before giving up. Giving up the liveness probe means restarting the container
k8sState.livenessProbe.periodSecondsint
-30
-
-		How often (in seconds) to perform the liveness probe
k8sState.livenessProbe.successThresholdint
-1
-
-		Minimum consecutive successes for the liveness probe to be considered successful after having failed
k8sState.livenessProbe.timeoutSecondsint
-1
-
-		Number of seconds after which the liveness probe times out
k8sState.readinessProbe.initialDelaySecondsint
-0
-
-		Number of seconds after the container has started before readiness probes are initiated
k8sState.readinessProbe.failureThresholdint
-3
-
-		When a readiness probe fails, Kubernetes will try failureThreshold times before giving up. Giving up the readiness probe means marking the Pod Unready
k8sState.readinessProbe.periodSecondsint
-30
-
-		How often (in seconds) to perform the readiness probe
k8sState.readinessProbe.successThresholdint
-1
-
-		Minimum consecutive successes for the readiness probe to be considered successful after having failed
k8sState.readinessProbe.timeoutSecondsint
-1
-
-		Number of seconds after which the readiness probe times out
k8sState.terminationGracePeriodSecondsint
-30
-
-		Duration in seconds the pod needs to terminate gracefully
k8sState.nodeSelectorobject
-{}
-
-		Node selector
k8sState.tolerationslist
-[]
-
-		Tolerations settings
k8sState.affinityobject
-{}
-
-		Affinity settings
k8sState.priorityClassNamestring
-""
-
-		Pod priority class name
k8sState.podLabelsobject
-{}
-
-		Additional labels
k8sState.podAnnotationAppArmor.enabledbool
-true
-
-		Whether or not to include the AppArmor security annotation
k8sState.podAnnotationsobject
-{}
-
-		Additional annotations
k8sState.dnsPolicystring
-"ClusterFirstWithHostNet"
-
-		DNS policy for pod
k8sState.persistence.enabledbool
-true
-
-		Whether should use a persistent volume for `/var/lib/netdata`
k8sState.persistence.storageclassstring
-"-"
-
-		The storage class for the persistent volume claim of `/var/lib/netdata`
k8sState.persistence.volumesizestring
-"1Gi"
-
-		The storage space for the PVC of `/var/lib/netdata`
k8sState.envobject
-{}
-
-		Set environment parameters
k8sState.envFromlist
-[]
-
-		Set environment parameters from ConfigMap and/or Secrets
k8sState.configsobject
-See values.yaml for default configuration
-
-		Manage custom configs
k8sState.claiming.enabledbool
-false
-
-		Enable claiming for netdata cloud
k8sState.claiming.tokenstring
-""
-
-		Claim token
k8sState.claiming.roomsstring
-""
-
-		Comma separated list of claim rooms IDs. Empty value = All nodes room only
k8sState.extraVolumeMountslist
-[]
-
-		Additional volumeMounts to add to the k8sState pods
k8sState.extraVolumeslist
-[]
-
-		Additional volumes to add to the k8sState pods
-

Netdata OpenTelemetry

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
KeyTypeDefaultDescription
netdataOpentelemetry.enabledbool
-false
-
-		Enable the Netdata OpenTelemetry Deployment
netdataOpentelemetry.hostnamestring
-"netdata-otel"
-
-		Hostname for the Netdata OpenTelemetry instance
netdataOpentelemetry.portstring
-"{{ .Values.parent.port }}"
-
-		Listen port
netdataOpentelemetry.service.typestring
-"ClusterIP"
-
-		Service type
netdataOpentelemetry.service.portint
-4317
-
-		Service port
netdataOpentelemetry.service.annotationsobject
-{}
-
-		Service annotations
netdataOpentelemetry.resourcesobject
-{}
-
-		Compute resources required by this Deployment
netdataOpentelemetry.livenessProbe.initialDelaySecondsint
-0
-
-		Number of seconds after the container has started before liveness probes are initiated
netdataOpentelemetry.livenessProbe.failureThresholdint
-3
-
-		When a liveness probe fails, Kubernetes will try failureThreshold times before giving up
netdataOpentelemetry.livenessProbe.periodSecondsint
-30
-
-		How often (in seconds) to perform the liveness probe
netdataOpentelemetry.livenessProbe.successThresholdint
-1
-
-		Minimum consecutive successes for the liveness probe to be considered successful after having failed
netdataOpentelemetry.livenessProbe.timeoutSecondsint
-1
-
-		Number of seconds after which the liveness probe times out
netdataOpentelemetry.readinessProbe.initialDelaySecondsint
-0
-
-		Number of seconds after the container has started before readiness probes are initiated
netdataOpentelemetry.readinessProbe.failureThresholdint
-3
-
-		When a readiness probe fails, Kubernetes will try failureThreshold times before giving up
netdataOpentelemetry.readinessProbe.periodSecondsint
-30
-
-		How often (in seconds) to perform the readiness probe
netdataOpentelemetry.readinessProbe.successThresholdint
-1
-
-		Minimum consecutive successes for the readiness probe to be considered successful after having failed
netdataOpentelemetry.readinessProbe.timeoutSecondsint
-1
-
-		Number of seconds after which the readiness probe times out
netdataOpentelemetry.terminationGracePeriodSecondsint
-30
-
-		Duration in seconds the pod needs to terminate gracefully
netdataOpentelemetry.nodeSelectorobject
-{}
-
-		Node selector
netdataOpentelemetry.tolerationslist
-[]
-
-		Tolerations settings
netdataOpentelemetry.affinityobject
-{}
-
-		Affinity settings
netdataOpentelemetry.priorityClassNamestring
-""
-
-		Pod priority class name
netdataOpentelemetry.podLabelsobject
-{}
-
-		Additional labels
netdataOpentelemetry.podAnnotationAppArmor.enabledbool
-true
-
-		Whether or not to include the AppArmor security annotation
netdataOpentelemetry.podAnnotationsobject
-{}
-
-		Additional annotations
netdataOpentelemetry.dnsPolicystring
-"Default"
-
-		DNS policy for pod
netdataOpentelemetry.persistence.enabledbool
-true
-
-		Whether should use a persistent volume
netdataOpentelemetry.persistence.storageclassstring
-"-"
-
-		The storage class for the persistent volume claim
netdataOpentelemetry.persistence.volumesizestring
-"10Gi"
-
-		The storage space for the PVC
netdataOpentelemetry.configsobject
-See values.yaml for default configuration
-
-		Manage custom configs
netdataOpentelemetry.envobject
-{}
-
-		Set environment parameters
netdataOpentelemetry.envFromlist
-[]
-
-		Set environment parameters from ConfigMap and/or Secrets
netdataOpentelemetry.claiming.enabledbool
-false
-
-		Enable claiming for netdata cloud
netdataOpentelemetry.claiming.tokenstring
-""
-
-		Claim token
netdataOpentelemetry.claiming.roomsstring
-""
-
-		Comma separated list of claim rooms IDs. Empty value = All nodes room only
netdataOpentelemetry.extraVolumeMountslist
-[]
-
-		Additional volumeMounts
netdataOpentelemetry.extraVolumeslist
-[]
-
-		Additional volumes
-

OpenTelemetry Collector

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
KeyTypeDefaultDescription
otel-collector.enabledbool
-false
-
-		Set to true to enable the OpenTelemetry Collector
otel-collector.modestring
-"daemonset"
-
-		Deployment mode: daemonset, deployment, or statefulset
otel-collector.image.repositorystring
-"otel/opentelemetry-collector-k8s"
-
-		Image repository
otel-collector.presets.kubernetesAttributes.enabledbool
-true
-
-		Enable Kubernetes attributes collection
otel-collector.presets.logsCollection.enabledbool
-true
-
-		Enable logs collection from Kubernetes pods
otel-collector.presets.logsCollection.includeCollectorLogsbool
-false
-
-		Include collector logs in the collection
otel-collector.configobject
-{
-  "exporters": {
-    "otlp": {
-      "endpoint": "{{ .Release.Name }}-otel:4317",
-      "retry_on_failure": {
-        "enabled": true,
-        "initial_interval": "5s",
-        "max_elapsed_time": "300s",
-        "max_interval": "30s"
-      },
-      "sending_queue": {
-        "enabled": true,
-        "num_consumers": 10,
-        "queue_size": 1000
-      },
-      "tls": {
-        "insecure": true
-      }
-    }
-  },
-  "processors": {
-    "batch": {
-      "send_batch_max_size": 1500,
-      "send_batch_size": 1000,
-      "timeout": "10s"
-    },
-    "k8sattributes": {
-      "auth_type": "serviceAccount",
-      "extract": {
-        "annotations": [
-          {
-            "from": "pod",
-            "key": "app",
-            "tag_name": "annotation.app"
-          }
-        ],
-        "labels": [
-          {
-            "from": "pod",
-            "key": "app",
-            "tag_name": "app"
-          },
-          {
-            "from": "pod",
-            "key": "component",
-            "tag_name": "component"
-          }
-        ],
-        "metadata": [
-          "k8s.namespace.name",
-          "k8s.deployment.name",
-          "k8s.statefulset.name",
-          "k8s.daemonset.name",
-          "k8s.cronjob.name",
-          "k8s.job.name",
-          "k8s.node.name",
-          "k8s.pod.name",
-          "k8s.pod.uid",
-          "k8s.pod.start_time",
-          "k8s.container.name"
-        ]
-      },
-      "passthrough": false,
-      "pod_association": [
-        {
-          "sources": [
-            {
-              "from": "resource_attribute",
-              "name": "k8s.pod.ip"
-            }
-          ]
-        },
-        {
-          "sources": [
-            {
-              "from": "resource_attribute",
-              "name": "k8s.pod.uid"
-            }
-          ]
-        },
-        {
-          "sources": [
-            {
-              "from": "connection"
-            }
-          ]
-        }
-      ]
-    },
-    "memory_limiter": {
-      "check_interval": "5s",
-      "limit_percentage": 80,
-      "spike_limit_percentage": 25
-    },
-    "resourcedetection": {
-      "detectors": [
-        "env",
-        "system"
-      ],
-      "timeout": "5s"
-    }
-  },
-  "receivers": {
-    "filelog": {
-      "exclude": [
-        "/var/log/pods/*/otc-container/*.log"
-      ],
-      "include": [
-        "/var/log/pods/*/*/*.log"
-      ],
-      "include_file_name": false,
-      "include_file_path": true,
-      "operators": [
-        {
-          "id": "container-parser",
-          "max_log_size": 102400,
-          "type": "container"
-        }
-      ],
-      "start_at": "end"
-    }
-  },
-  "service": {
-    "pipelines": {
-      "logs": {
-        "exporters": [
-          "otlp"
-        ],
-        "processors": [
-          "memory_limiter",
-          "k8sattributes",
-          "resourcedetection",
-          "batch"
-        ],
-        "receivers": [
-          "filelog"
-        ]
-      }
-    }
-  }
-}
-
-		OpenTelemetry Collector configuration
otel-collector.resourcesobject
-{
-  "limits": {
-    "cpu": "200m",
-    "memory": "256Mi"
-  },
-  "requests": {
-    "cpu": "100m",
-    "memory": "128Mi"
-  }
-}
-
-		Resources
otel-collector.serviceAccount.createbool
-true
-
-		Create service account
otel-collector.clusterRole.createbool
-true
-
-		Create cluster role
otel-collector.clusterRole.ruleslist
-[
-  {
-    "apiGroups": [
-      ""
-    ],
-    "resources": [
-      "pods",
-      "namespaces",
-      "nodes"
-    ],
-    "verbs": [
-      "get",
-      "list",
-      "watch"
-    ]
-  },
-  {
-    "apiGroups": [
-      "apps"
-    ],
-    "resources": [
-      "replicasets"
-    ],
-    "verbs": [
-      "get",
-      "list",
-      "watch"
-    ]
-  }
-]
-
-		Cluster role rules
otel-collector.tolerationslist
-[
-  {
-    "effect": "NoSchedule",
-    "operator": "Exists"
-  },
-  {
-    "effect": "NoExecute",
-    "operator": "Exists"
-  }
-]
-
-		Tolerations to run on all nodes
otel-collector.ports.otlp.enabledbool
-true
-
-		Enable OTLP port
otel-collector.ports.otlp-http.enabledbool
-true
-
-		Enable OTLP HTTP port
otel-collector.ports.metrics.enabledbool
-true
-
-		Enable metrics port
+### General settings + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| replicaCount | int | `1` | Number of `replicas` for the parent netdata `Deployment` | +| deploymentStrategy | object | `{"type":"Recreate"}` | Deployment strategy for pod deployments. Recreate is the safest value. | +| imagePullSecrets | list | `[]` | An optional list of references to secrets in the same namespace to use for pulling any of the images | +| image.repository | string | `"netdata/netdata"` | Container image repository | +| image.tag | string | `"{{ .Chart.AppVersion }}"` | Container image tag | +| image.pullPolicy | string | `"Always"` | Container image pull policy | +| initContainersImage.repository | string | `"alpine"` | Init containers' image repository | +| initContainersImage.tag | string | `"latest"` | Init containers' image tag | +| initContainersImage.pullPolicy | string | `"Always"` | Init containers' image pull policy | +| sysctlInitContainer.enabled | bool | `false` | Enable an init container to modify Kernel settings | +| sysctlInitContainer.command | list | `[]` | sysctl init container command to execute | +| sysctlInitContainer.resources | object | `{}` | sysctl Init container CPU/Memory resource requests/limits | +| service.type | string | `"ClusterIP"` | Parent service type | +| service.port | int | `19999` | Parent service port | +| service.annotations | object | `{}` | Additional annotations to add to the service | +| service.loadBalancerIP | string | `""` | Static LoadBalancer IP, only to be used with service type=LoadBalancer | +| service.loadBalancerSourceRanges | list | `[]` | List of allowed IPs for LoadBalancer | +| service.externalTrafficPolicy | string | `""` | Denotes if this Service desires to route external traffic to node-local or cluster-wide endpoints | +| service.healthCheckNodePort | string | `nil` | Specifies the health check node port (only to be used with type LoadBalancer and external traffic policy Local) | +| service.clusterIP | string | `""` | Specific cluster IP when service type is cluster IP. Use `None` for headless service | +| ingress.enabled | bool | `true` | Create Ingress to access the netdata web UI | +| ingress.annotations | object | `{"kubernetes.io/ingress.class":"nginx","kubernetes.io/tls-acme":"true"}` | Associate annotations to the Ingress | +| ingress.path | string | `"/"` | URL path for the ingress. If changed, a proxy server needs to be configured in front of netdata to translate path from a custom one to a `/` | +| ingress.pathType | string | `"Prefix"` | pathType for your ingress controller. Default value is correct for nginx. If you use your own ingress controller, check the correct value | +| ingress.hosts | list | `["netdata.k8s.local"]` | URL hostnames for the ingress (they need to resolve to the external IP of the ingress controller) | +| rbac.create | bool | `true` | if true, create & use RBAC resources | +| rbac.pspEnabled | bool | `true` | Specifies whether a PodSecurityPolicy should be created | +| serviceAccount.create | bool | `true` | if true, create a service account | +| serviceAccount.name | string | `"netdata"` | The name of the service account to use. If not set and create is true, a name is generated using the fullname template | +| restarter.enabled | bool | `false` | Install CronJob to update Netdata Pods | +| restarter.schedule | string | `"00 06 * * *"` | The schedule in Cron format | +| restarter.image.repository | string | `"rancher/kubectl"` | Container image repo | +| restarter.image.tag | string | `".auto"` | Container image tag. If `.auto`, the image tag version of the rancher/kubectl will reflect the Kubernetes cluster version | +| restarter.image.pullPolicy | string | `"Always"` | Container image pull policy | +| restarter.restartPolicy | string | `"Never"` | Container restart policy | +| restarter.resources | object | `{}` | Container resources | +| restarter.concurrencyPolicy | string | `"Forbid"` | Specifies how to treat concurrent executions of a job | +| restarter.startingDeadlineSeconds | int | `60` | Optional deadline in seconds for starting the job if it misses scheduled time for any reason | +| restarter.successfulJobsHistoryLimit | int | `3` | The number of successful finished jobs to retain | +| restarter.failedJobsHistoryLimit | int | `3` | The number of failed finished jobs to retain | +| notifications.slack.webhook_url | string | `""` | Slack webhook URL | +| notifications.slack.recipient | string | `""` | Slack recipient list | + +### Service Discovery + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| sd.image.repository | string | `"netdata/agent-sd"` | Container image repository | +| sd.image.tag | string | `"v0.2.10"` | Container image tag | +| sd.image.pullPolicy | string | `"Always"` | Container image pull policy | +| sd.child.enabled | bool | `true` | Add service-discovery sidecar container to the netdata child pod definition | +| sd.child.configmap.name | string | `"netdata-child-sd-config-map"` | Child service-discovery ConfigMap name | +| sd.child.configmap.key | string | `"config.yml"` | Child service-discovery ConfigMap key | +| sd.child.configmap.from.file | string | `""` | File to use for child service-discovery configuration generation | +| sd.child.configmap.from.value | object | `{}` | Value to use for child service-discovery configuration generation | +| sd.child.resources | object | `{"limits":{"cpu":"50m","memory":"150Mi"},"requests":{"cpu":"50m","memory":"100Mi"}}` | Child service-discovery container CPU/Memory resource requests/limits | + +### Parent + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| parent.hostname | string | `"netdata-parent"` | Parent node hostname | +| parent.enabled | bool | `true` | Install parent Deployment to receive metrics from children nodes | +| parent.port | int | `19999` | Parent's listen port | +| parent.resources | object | `{}` | Resources for the parent deployment | +| parent.livenessProbe.initialDelaySeconds | int | `0` | Number of seconds after the container has started before liveness probes are initiated | +| parent.livenessProbe.failureThreshold | int | `3` | When a liveness probe fails, Kubernetes will try failureThreshold times before giving up. Giving up the liveness probe means restarting the container | +| parent.livenessProbe.periodSeconds | int | `30` | How often (in seconds) to perform the liveness probe | +| parent.livenessProbe.successThreshold | int | `1` | Minimum consecutive successes for the liveness probe to be considered successful after having failed | +| parent.livenessProbe.timeoutSeconds | int | `1` | Number of seconds after which the liveness probe times out | +| parent.readinessProbe.initialDelaySeconds | int | `0` | Number of seconds after the container has started before readiness probes are initiated | +| parent.readinessProbe.failureThreshold | int | `3` | When a readiness probe fails, Kubernetes will try failureThreshold times before giving up. Giving up the readiness probe means marking the Pod Unready | +| parent.readinessProbe.periodSeconds | int | `30` | How often (in seconds) to perform the readiness probe | +| parent.readinessProbe.successThreshold | int | `1` | Minimum consecutive successes for the readiness probe to be considered successful after having failed | +| parent.readinessProbe.timeoutSeconds | int | `1` | Number of seconds after which the readiness probe times out | +| parent.securityContext.runAsUser | int | `201` | The UID to run the container process | +| parent.securityContext.runAsGroup | int | `201` | The GID to run the container process | +| parent.securityContext.fsGroup | int | `201` | The supplementary group for setting permissions on volumes | +| parent.terminationGracePeriodSeconds | int | `300` | Duration in seconds the pod needs to terminate gracefully | +| parent.nodeSelector | object | `{}` | Node selector for the parent deployment | +| parent.tolerations | list | `[]` | Tolerations settings for the parent deployment | +| parent.affinity | object | `{}` | Affinity settings for the parent deployment | +| parent.priorityClassName | string | `""` | Pod priority class name for the parent deployment | +| parent.env | object | `{}` | Set environment parameters for the parent deployment | +| parent.envFrom | list | `[]` | Set environment parameters for the parent deployment from ConfigMap and/or Secrets | +| parent.podLabels | object | `{}` | Additional labels to add to the parent pods | +| parent.podAnnotations | object | `{}` | Additional annotations to add to the parent pods | +| parent.dnsPolicy | string | `"Default"` | DNS policy for pod | +| parent.database.persistence | bool | `true` | Whether the parent should use a persistent volume for the DB | +| parent.database.storageclass | string | `"-"` | The storage class for the persistent volume claim of the parent's database store, mounted to `/var/cache/netdata` | +| parent.database.volumesize | string | `"5Gi"` | The storage space for the PVC of the parent database | +| parent.alarms.persistence | bool | `true` | Whether the parent should use a persistent volume for the alarms log | +| parent.alarms.storageclass | string | `"-"` | The storage class for the persistent volume claim of the parent's alarm log, mounted to `/var/lib/netdata` | +| parent.alarms.volumesize | string | `"1Gi"` | The storage space for the PVC of the parent alarm log | +| parent.configs | object | See values.yaml for default configuration | Manage custom parent's configs | +| parent.claiming.enabled | bool | `false` | Enable parent claiming for netdata cloud | +| parent.claiming.token | string | `""` | Claim token | +| parent.claiming.rooms | string | `""` | Comma separated list of claim rooms IDs. Empty value = All nodes room only | +| parent.extraVolumeMounts | list | `[]` | Additional volumeMounts to add to the parent pods | +| parent.extraVolumes | list | `[]` | Additional volumes to add to the parent pods | +| parent.extraInitContainers | list | `[]` | Additional init containers to add to the parent pods | + +### Child + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| child.enabled | bool | `true` | Install child DaemonSet to gather data from nodes | +| child.port | string | `"{{ .Values.parent.port }}"` | Children's listen port | +| child.updateStrategy | object | `{}` | An update strategy to replace existing DaemonSet pods with new pods | +| child.resources | object | `{}` | Resources for the child DaemonSet | +| child.livenessProbe.initialDelaySeconds | int | `0` | Number of seconds after the container has started before liveness probes are initiated | +| child.livenessProbe.failureThreshold | int | `3` | When a liveness probe fails, Kubernetes will try failureThreshold times before giving up. Giving up the liveness probe means restarting the container | +| child.livenessProbe.successThreshold | int | `1` | Minimum consecutive successes for the liveness probe to be considered successful after having failed | +| child.livenessProbe.timeoutSeconds | int | `1` | Number of seconds after which the liveness probe times out | +| child.readinessProbe.initialDelaySeconds | int | `0` | Number of seconds after the container has started before readiness probes are initiated | +| child.readinessProbe.failureThreshold | int | `3` | When a readiness probe fails, Kubernetes will try failureThreshold times before giving up. Giving up the readiness probe means marking the Pod Unready | +| child.readinessProbe.periodSeconds | int | `30` | How often (in seconds) to perform the readiness probe | +| child.readinessProbe.successThreshold | int | `1` | Minimum consecutive successes for the readiness probe to be considered successful after having failed | +| child.readinessProbe.timeoutSeconds | int | `1` | Number of seconds after which the readiness probe times out | +| child.terminationGracePeriodSeconds | int | `30` | Duration in seconds the pod needs to terminate gracefully | +| child.nodeSelector | object | `{}` | Node selector for the child daemonsets | +| child.tolerations | list | `[{"effect":"NoSchedule","operator":"Exists"}]` | Tolerations settings for the child daemonsets | +| child.affinity | object | `{}` | Affinity settings for the child daemonsets | +| child.priorityClassName | string | `""` | Pod priority class name for the child daemonsets | +| child.podLabels | object | `{}` | Additional labels to add to the child pods | +| child.podAnnotationAppArmor.enabled | bool | `true` | Whether or not to include the AppArmor security annotation | +| child.podAnnotations | object | `{}` | Additional annotations to add to the child pods | +| child.hostNetwork | bool | `true` | Usage of host networking and ports | +| child.dnsPolicy | string | `"ClusterFirstWithHostNet"` | DNS policy for pod. Should be `ClusterFirstWithHostNet` if `child.hostNetwork = true` | +| child.persistence.enabled | bool | `true` | Whether or not to persist `/var/lib/netdata` in the `child.persistence.hostPath` | +| child.persistence.hostPath | string | `"/var/lib/netdata-k8s-child"` | Host node directory for storing child instance data | +| child.podsMetadata.useKubelet | bool | `false` | Send requests to the Kubelet /pods endpoint instead of Kubernetes API server to get pod metadata | +| child.podsMetadata.kubeletUrl | string | `"https://localhost:10250"` | Kubelet URL | +| child.configs | object | See values.yaml for default configuration | Manage custom child's configs | +| child.env | object | `{}` | Set environment parameters for the child daemonset | +| child.envFrom | list | `[]` | Set environment parameters for the child daemonset from ConfigMap and/or Secrets | +| child.claiming.enabled | bool | `false` | Enable child claiming for netdata cloud | +| child.claiming.token | string | `""` | Claim token | +| child.claiming.rooms | string | `""` | Comma separated list of claim rooms IDs. Empty value = All nodes room only | +| child.extraVolumeMounts | list | `[]` | Additional volumeMounts to add to the child pods | +| child.extraVolumes | list | `[]` | Additional volumes to add to the child pods | + +### Child1.0 + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| child.livenessProbe.periodSeconds | int | `30` | How often (in seconds) to perform the liveness probe | + +### K8s State + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| k8sState.hostname | string | `"netdata-k8s-state"` | K8s state node hostname | +| k8sState.enabled | bool | `true` | Install this Deployment to gather data from K8s cluster | +| k8sState.port | string | `"{{ .Values.parent.port }}"` | Listen port | +| k8sState.resources | object | `{}` | Compute resources required by this Deployment | +| k8sState.livenessProbe.initialDelaySeconds | int | `0` | Number of seconds after the container has started before liveness probes are initiated | +| k8sState.livenessProbe.failureThreshold | int | `3` | When a liveness probe fails, Kubernetes will try failureThreshold times before giving up. Giving up the liveness probe means restarting the container | +| k8sState.livenessProbe.periodSeconds | int | `30` | How often (in seconds) to perform the liveness probe | +| k8sState.livenessProbe.successThreshold | int | `1` | Minimum consecutive successes for the liveness probe to be considered successful after having failed | +| k8sState.livenessProbe.timeoutSeconds | int | `1` | Number of seconds after which the liveness probe times out | +| k8sState.readinessProbe.initialDelaySeconds | int | `0` | Number of seconds after the container has started before readiness probes are initiated | +| k8sState.readinessProbe.failureThreshold | int | `3` | When a readiness probe fails, Kubernetes will try failureThreshold times before giving up. Giving up the readiness probe means marking the Pod Unready | +| k8sState.readinessProbe.periodSeconds | int | `30` | How often (in seconds) to perform the readiness probe | +| k8sState.readinessProbe.successThreshold | int | `1` | Minimum consecutive successes for the readiness probe to be considered successful after having failed | +| k8sState.readinessProbe.timeoutSeconds | int | `1` | Number of seconds after which the readiness probe times out | +| k8sState.terminationGracePeriodSeconds | int | `30` | Duration in seconds the pod needs to terminate gracefully | +| k8sState.nodeSelector | object | `{}` | Node selector | +| k8sState.tolerations | list | `[]` | Tolerations settings | +| k8sState.affinity | object | `{}` | Affinity settings | +| k8sState.priorityClassName | string | `""` | Pod priority class name | +| k8sState.podLabels | object | `{}` | Additional labels | +| k8sState.podAnnotationAppArmor.enabled | bool | `true` | Whether or not to include the AppArmor security annotation | +| k8sState.podAnnotations | object | `{}` | Additional annotations | +| k8sState.dnsPolicy | string | `"ClusterFirstWithHostNet"` | DNS policy for pod | +| k8sState.persistence.enabled | bool | `true` | Whether should use a persistent volume for `/var/lib/netdata` | +| k8sState.persistence.storageclass | string | `"-"` | The storage class for the persistent volume claim of `/var/lib/netdata` | +| k8sState.persistence.volumesize | string | `"1Gi"` | The storage space for the PVC of `/var/lib/netdata` | +| k8sState.env | object | `{}` | Set environment parameters | +| k8sState.envFrom | list | `[]` | Set environment parameters from ConfigMap and/or Secrets | +| k8sState.configs | object | See values.yaml for default configuration | Manage custom configs | +| k8sState.claiming.enabled | bool | `false` | Enable claiming for netdata cloud | +| k8sState.claiming.token | string | `""` | Claim token | +| k8sState.claiming.rooms | string | `""` | Comma separated list of claim rooms IDs. Empty value = All nodes room only | +| k8sState.extraVolumeMounts | list | `[]` | Additional volumeMounts to add to the k8sState pods | +| k8sState.extraVolumes | list | `[]` | Additional volumes to add to the k8sState pods | + +### Netdata OpenTelemetry + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| netdataOpentelemetry.enabled | bool | `false` | Enable the Netdata OpenTelemetry Deployment | +| netdataOpentelemetry.hostname | string | `"netdata-otel"` | Hostname for the Netdata OpenTelemetry instance | +| netdataOpentelemetry.port | string | `"{{ .Values.parent.port }}"` | Listen port | +| netdataOpentelemetry.service.type | string | `"ClusterIP"` | Service type | +| netdataOpentelemetry.service.port | int | `4317` | Service port | +| netdataOpentelemetry.service.annotations | object | `{}` | Service annotations | +| netdataOpentelemetry.resources | object | `{}` | Compute resources required by this Deployment | +| netdataOpentelemetry.livenessProbe.initialDelaySeconds | int | `0` | Number of seconds after the container has started before liveness probes are initiated | +| netdataOpentelemetry.livenessProbe.failureThreshold | int | `3` | When a liveness probe fails, Kubernetes will try failureThreshold times before giving up | +| netdataOpentelemetry.livenessProbe.periodSeconds | int | `30` | How often (in seconds) to perform the liveness probe | +| netdataOpentelemetry.livenessProbe.successThreshold | int | `1` | Minimum consecutive successes for the liveness probe to be considered successful after having failed | +| netdataOpentelemetry.livenessProbe.timeoutSeconds | int | `1` | Number of seconds after which the liveness probe times out | +| netdataOpentelemetry.readinessProbe.initialDelaySeconds | int | `0` | Number of seconds after the container has started before readiness probes are initiated | +| netdataOpentelemetry.readinessProbe.failureThreshold | int | `3` | When a readiness probe fails, Kubernetes will try failureThreshold times before giving up | +| netdataOpentelemetry.readinessProbe.periodSeconds | int | `30` | How often (in seconds) to perform the readiness probe | +| netdataOpentelemetry.readinessProbe.successThreshold | int | `1` | Minimum consecutive successes for the readiness probe to be considered successful after having failed | +| netdataOpentelemetry.readinessProbe.timeoutSeconds | int | `1` | Number of seconds after which the readiness probe times out | +| netdataOpentelemetry.terminationGracePeriodSeconds | int | `30` | Duration in seconds the pod needs to terminate gracefully | +| netdataOpentelemetry.nodeSelector | object | `{}` | Node selector | +| netdataOpentelemetry.tolerations | list | `[]` | Tolerations settings | +| netdataOpentelemetry.affinity | object | `{}` | Affinity settings | +| netdataOpentelemetry.priorityClassName | string | `""` | Pod priority class name | +| netdataOpentelemetry.podLabels | object | `{}` | Additional labels | +| netdataOpentelemetry.podAnnotationAppArmor.enabled | bool | `true` | Whether or not to include the AppArmor security annotation | +| netdataOpentelemetry.podAnnotations | object | `{}` | Additional annotations | +| netdataOpentelemetry.dnsPolicy | string | `"Default"` | DNS policy for pod | +| netdataOpentelemetry.persistence.enabled | bool | `true` | Whether should use a persistent volume | +| netdataOpentelemetry.persistence.storageclass | string | `"-"` | The storage class for the persistent volume claim | +| netdataOpentelemetry.persistence.volumesize | string | `"10Gi"` | The storage space for the PVC | +| netdataOpentelemetry.configs | object | See values.yaml for default configuration | Manage custom configs | +| netdataOpentelemetry.env | object | `{}` | Set environment parameters | +| netdataOpentelemetry.envFrom | list | `[]` | Set environment parameters from ConfigMap and/or Secrets | +| netdataOpentelemetry.claiming.enabled | bool | `false` | Enable claiming for netdata cloud | +| netdataOpentelemetry.claiming.token | string | `""` | Claim token | +| netdataOpentelemetry.claiming.rooms | string | `""` | Comma separated list of claim rooms IDs. Empty value = All nodes room only | +| netdataOpentelemetry.extraVolumeMounts | list | `[]` | Additional volumeMounts | +| netdataOpentelemetry.extraVolumes | list | `[]` | Additional volumes | + +### OpenTelemetry Collector + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| otel-collector.enabled | bool | `false` | Set to true to enable the OpenTelemetry Collector | +| otel-collector.mode | string | `"daemonset"` | Deployment mode: daemonset, deployment, or statefulset | +| otel-collector.image.repository | string | `"otel/opentelemetry-collector-k8s"` | Image repository | +| otel-collector.presets.kubernetesAttributes.enabled | bool | `true` | Enable Kubernetes attributes collection | +| otel-collector.presets.logsCollection.enabled | bool | `true` | Enable logs collection from Kubernetes pods | +| otel-collector.presets.logsCollection.includeCollectorLogs | bool | `false` | Include collector logs in the collection | +| otel-collector.config | object | `{"exporters":{"otlp":{"endpoint":"{{ .Release.Name }}-otel:4317","retry_on_failure":{"enabled":true,"initial_interval":"5s","max_elapsed_time":"300s","max_interval":"30s"},"sending_queue":{"enabled":true,"num_consumers":10,"queue_size":1000},"tls":{"insecure":true}}},"processors":{"batch":{"send_batch_max_size":1500,"send_batch_size":1000,"timeout":"10s"},"k8sattributes":{"auth_type":"serviceAccount","extract":{"annotations":[{"from":"pod","key":"app","tag_name":"annotation.app"}],"labels":[{"from":"pod","key":"app","tag_name":"app"},{"from":"pod","key":"component","tag_name":"component"}],"metadata":["k8s.namespace.name","k8s.deployment.name","k8s.statefulset.name","k8s.daemonset.name","k8s.cronjob.name","k8s.job.name","k8s.node.name","k8s.pod.name","k8s.pod.uid","k8s.pod.start_time","k8s.container.name"]},"passthrough":false,"pod_association":[{"sources":[{"from":"resource_attribute","name":"k8s.pod.ip"}]},{"sources":[{"from":"resource_attribute","name":"k8s.pod.uid"}]},{"sources":[{"from":"connection"}]}]},"memory_limiter":{"check_interval":"5s","limit_percentage":80,"spike_limit_percentage":25},"resourcedetection":{"detectors":["env","system"],"timeout":"5s"}},"receivers":{"filelog":{"exclude":["/var/log/pods/*/otc-container/*.log"],"include":["/var/log/pods/*/*/*.log"],"include_file_name":false,"include_file_path":true,"operators":[{"id":"container-parser","max_log_size":102400,"type":"container"}],"start_at":"end"}},"service":{"pipelines":{"logs":{"exporters":["otlp"],"processors":["memory_limiter","k8sattributes","resourcedetection","batch"],"receivers":["filelog"]}}}}` | OpenTelemetry Collector configuration | +| otel-collector.resources | object | `{"limits":{"cpu":"200m","memory":"256Mi"},"requests":{"cpu":"100m","memory":"128Mi"}}` | Resources | +| otel-collector.serviceAccount.create | bool | `true` | Create service account | +| otel-collector.clusterRole.create | bool | `true` | Create cluster role | +| otel-collector.clusterRole.rules | list | `[{"apiGroups":[""],"resources":["pods","namespaces","nodes"],"verbs":["get","list","watch"]},{"apiGroups":["apps"],"resources":["replicasets"],"verbs":["get","list","watch"]}]` | Cluster role rules | +| otel-collector.tolerations | list | `[{"effect":"NoSchedule","operator":"Exists"},{"effect":"NoExecute","operator":"Exists"}]` | Tolerations to run on all nodes | +| otel-collector.ports.otlp.enabled | bool | `true` | Enable OTLP port | +| otel-collector.ports.otlp-http.enabled | bool | `true` | Enable OTLP HTTP port | +| otel-collector.ports.metrics.enabled | bool | `true` | Enable metrics port | Example to set the parameters from the command line: diff --git a/templates/netdata-README.md.gotmpl b/templates/netdata-README.md.gotmpl index 7a0b29eb..373a47b7 100644 --- a/templates/netdata-README.md.gotmpl +++ b/templates/netdata-README.md.gotmpl @@ -134,7 +134,7 @@ The command removes all the Kubernetes components associated with the chart and The following table lists the configurable parameters of the netdata chart and their default values. -{{ template "chart.valuesTableHtml" . }} +{{ template "chart.valuesTable" . }} Example to set the parameters from the command line: From 138f84e3d2d9b0ce66087507a7bcc34a3c9b0613 Mon Sep 17 00:00:00 2001 From: Mateusz Date: Fri, 30 Jan 2026 16:09:57 +0100 Subject: [PATCH 08/10] removing long desc from some values --- charts/netdata/README.md | 2230 ++++++++++++++++++++++++---- charts/netdata/values.yaml | 31 +- templates/netdata-README.md.gotmpl | 2 +- 3 files changed, 1996 insertions(+), 267 deletions(-) diff --git a/charts/netdata/README.md b/charts/netdata/README.md index 3319a59e..9e4917b0 100644 --- a/charts/netdata/README.md +++ b/charts/netdata/README.md @@ -134,258 +134,1984 @@ The command removes all the Kubernetes components associated with the chart and The following table lists the configurable parameters of the netdata chart and their default values. -### General settings - -| Key | Type | Default | Description | -|-----|------|---------|-------------| -| replicaCount | int | `1` | Number of `replicas` for the parent netdata `Deployment` | -| deploymentStrategy | object | `{"type":"Recreate"}` | Deployment strategy for pod deployments. Recreate is the safest value. | -| imagePullSecrets | list | `[]` | An optional list of references to secrets in the same namespace to use for pulling any of the images | -| image.repository | string | `"netdata/netdata"` | Container image repository | -| image.tag | string | `"{{ .Chart.AppVersion }}"` | Container image tag | -| image.pullPolicy | string | `"Always"` | Container image pull policy | -| initContainersImage.repository | string | `"alpine"` | Init containers' image repository | -| initContainersImage.tag | string | `"latest"` | Init containers' image tag | -| initContainersImage.pullPolicy | string | `"Always"` | Init containers' image pull policy | -| sysctlInitContainer.enabled | bool | `false` | Enable an init container to modify Kernel settings | -| sysctlInitContainer.command | list | `[]` | sysctl init container command to execute | -| sysctlInitContainer.resources | object | `{}` | sysctl Init container CPU/Memory resource requests/limits | -| service.type | string | `"ClusterIP"` | Parent service type | -| service.port | int | `19999` | Parent service port | -| service.annotations | object | `{}` | Additional annotations to add to the service | -| service.loadBalancerIP | string | `""` | Static LoadBalancer IP, only to be used with service type=LoadBalancer | -| service.loadBalancerSourceRanges | list | `[]` | List of allowed IPs for LoadBalancer | -| service.externalTrafficPolicy | string | `""` | Denotes if this Service desires to route external traffic to node-local or cluster-wide endpoints | -| service.healthCheckNodePort | string | `nil` | Specifies the health check node port (only to be used with type LoadBalancer and external traffic policy Local) | -| service.clusterIP | string | `""` | Specific cluster IP when service type is cluster IP. Use `None` for headless service | -| ingress.enabled | bool | `true` | Create Ingress to access the netdata web UI | -| ingress.annotations | object | `{"kubernetes.io/ingress.class":"nginx","kubernetes.io/tls-acme":"true"}` | Associate annotations to the Ingress | -| ingress.path | string | `"/"` | URL path for the ingress. If changed, a proxy server needs to be configured in front of netdata to translate path from a custom one to a `/` | -| ingress.pathType | string | `"Prefix"` | pathType for your ingress controller. Default value is correct for nginx. If you use your own ingress controller, check the correct value | -| ingress.hosts | list | `["netdata.k8s.local"]` | URL hostnames for the ingress (they need to resolve to the external IP of the ingress controller) | -| rbac.create | bool | `true` | if true, create & use RBAC resources | -| rbac.pspEnabled | bool | `true` | Specifies whether a PodSecurityPolicy should be created | -| serviceAccount.create | bool | `true` | if true, create a service account | -| serviceAccount.name | string | `"netdata"` | The name of the service account to use. If not set and create is true, a name is generated using the fullname template | -| restarter.enabled | bool | `false` | Install CronJob to update Netdata Pods | -| restarter.schedule | string | `"00 06 * * *"` | The schedule in Cron format | -| restarter.image.repository | string | `"rancher/kubectl"` | Container image repo | -| restarter.image.tag | string | `".auto"` | Container image tag. If `.auto`, the image tag version of the rancher/kubectl will reflect the Kubernetes cluster version | -| restarter.image.pullPolicy | string | `"Always"` | Container image pull policy | -| restarter.restartPolicy | string | `"Never"` | Container restart policy | -| restarter.resources | object | `{}` | Container resources | -| restarter.concurrencyPolicy | string | `"Forbid"` | Specifies how to treat concurrent executions of a job | -| restarter.startingDeadlineSeconds | int | `60` | Optional deadline in seconds for starting the job if it misses scheduled time for any reason | -| restarter.successfulJobsHistoryLimit | int | `3` | The number of successful finished jobs to retain | -| restarter.failedJobsHistoryLimit | int | `3` | The number of failed finished jobs to retain | -| notifications.slack.webhook_url | string | `""` | Slack webhook URL | -| notifications.slack.recipient | string | `""` | Slack recipient list | - -### Service Discovery - -| Key | Type | Default | Description | -|-----|------|---------|-------------| -| sd.image.repository | string | `"netdata/agent-sd"` | Container image repository | -| sd.image.tag | string | `"v0.2.10"` | Container image tag | -| sd.image.pullPolicy | string | `"Always"` | Container image pull policy | -| sd.child.enabled | bool | `true` | Add service-discovery sidecar container to the netdata child pod definition | -| sd.child.configmap.name | string | `"netdata-child-sd-config-map"` | Child service-discovery ConfigMap name | -| sd.child.configmap.key | string | `"config.yml"` | Child service-discovery ConfigMap key | -| sd.child.configmap.from.file | string | `""` | File to use for child service-discovery configuration generation | -| sd.child.configmap.from.value | object | `{}` | Value to use for child service-discovery configuration generation | -| sd.child.resources | object | `{"limits":{"cpu":"50m","memory":"150Mi"},"requests":{"cpu":"50m","memory":"100Mi"}}` | Child service-discovery container CPU/Memory resource requests/limits | - -### Parent - -| Key | Type | Default | Description | -|-----|------|---------|-------------| -| parent.hostname | string | `"netdata-parent"` | Parent node hostname | -| parent.enabled | bool | `true` | Install parent Deployment to receive metrics from children nodes | -| parent.port | int | `19999` | Parent's listen port | -| parent.resources | object | `{}` | Resources for the parent deployment | -| parent.livenessProbe.initialDelaySeconds | int | `0` | Number of seconds after the container has started before liveness probes are initiated | -| parent.livenessProbe.failureThreshold | int | `3` | When a liveness probe fails, Kubernetes will try failureThreshold times before giving up. Giving up the liveness probe means restarting the container | -| parent.livenessProbe.periodSeconds | int | `30` | How often (in seconds) to perform the liveness probe | -| parent.livenessProbe.successThreshold | int | `1` | Minimum consecutive successes for the liveness probe to be considered successful after having failed | -| parent.livenessProbe.timeoutSeconds | int | `1` | Number of seconds after which the liveness probe times out | -| parent.readinessProbe.initialDelaySeconds | int | `0` | Number of seconds after the container has started before readiness probes are initiated | -| parent.readinessProbe.failureThreshold | int | `3` | When a readiness probe fails, Kubernetes will try failureThreshold times before giving up. Giving up the readiness probe means marking the Pod Unready | -| parent.readinessProbe.periodSeconds | int | `30` | How often (in seconds) to perform the readiness probe | -| parent.readinessProbe.successThreshold | int | `1` | Minimum consecutive successes for the readiness probe to be considered successful after having failed | -| parent.readinessProbe.timeoutSeconds | int | `1` | Number of seconds after which the readiness probe times out | -| parent.securityContext.runAsUser | int | `201` | The UID to run the container process | -| parent.securityContext.runAsGroup | int | `201` | The GID to run the container process | -| parent.securityContext.fsGroup | int | `201` | The supplementary group for setting permissions on volumes | -| parent.terminationGracePeriodSeconds | int | `300` | Duration in seconds the pod needs to terminate gracefully | -| parent.nodeSelector | object | `{}` | Node selector for the parent deployment | -| parent.tolerations | list | `[]` | Tolerations settings for the parent deployment | -| parent.affinity | object | `{}` | Affinity settings for the parent deployment | -| parent.priorityClassName | string | `""` | Pod priority class name for the parent deployment | -| parent.env | object | `{}` | Set environment parameters for the parent deployment | -| parent.envFrom | list | `[]` | Set environment parameters for the parent deployment from ConfigMap and/or Secrets | -| parent.podLabels | object | `{}` | Additional labels to add to the parent pods | -| parent.podAnnotations | object | `{}` | Additional annotations to add to the parent pods | -| parent.dnsPolicy | string | `"Default"` | DNS policy for pod | -| parent.database.persistence | bool | `true` | Whether the parent should use a persistent volume for the DB | -| parent.database.storageclass | string | `"-"` | The storage class for the persistent volume claim of the parent's database store, mounted to `/var/cache/netdata` | -| parent.database.volumesize | string | `"5Gi"` | The storage space for the PVC of the parent database | -| parent.alarms.persistence | bool | `true` | Whether the parent should use a persistent volume for the alarms log | -| parent.alarms.storageclass | string | `"-"` | The storage class for the persistent volume claim of the parent's alarm log, mounted to `/var/lib/netdata` | -| parent.alarms.volumesize | string | `"1Gi"` | The storage space for the PVC of the parent alarm log | -| parent.configs | object | See values.yaml for default configuration | Manage custom parent's configs | -| parent.claiming.enabled | bool | `false` | Enable parent claiming for netdata cloud | -| parent.claiming.token | string | `""` | Claim token | -| parent.claiming.rooms | string | `""` | Comma separated list of claim rooms IDs. Empty value = All nodes room only | -| parent.extraVolumeMounts | list | `[]` | Additional volumeMounts to add to the parent pods | -| parent.extraVolumes | list | `[]` | Additional volumes to add to the parent pods | -| parent.extraInitContainers | list | `[]` | Additional init containers to add to the parent pods | - -### Child - -| Key | Type | Default | Description | -|-----|------|---------|-------------| -| child.enabled | bool | `true` | Install child DaemonSet to gather data from nodes | -| child.port | string | `"{{ .Values.parent.port }}"` | Children's listen port | -| child.updateStrategy | object | `{}` | An update strategy to replace existing DaemonSet pods with new pods | -| child.resources | object | `{}` | Resources for the child DaemonSet | -| child.livenessProbe.initialDelaySeconds | int | `0` | Number of seconds after the container has started before liveness probes are initiated | -| child.livenessProbe.failureThreshold | int | `3` | When a liveness probe fails, Kubernetes will try failureThreshold times before giving up. Giving up the liveness probe means restarting the container | -| child.livenessProbe.successThreshold | int | `1` | Minimum consecutive successes for the liveness probe to be considered successful after having failed | -| child.livenessProbe.timeoutSeconds | int | `1` | Number of seconds after which the liveness probe times out | -| child.readinessProbe.initialDelaySeconds | int | `0` | Number of seconds after the container has started before readiness probes are initiated | -| child.readinessProbe.failureThreshold | int | `3` | When a readiness probe fails, Kubernetes will try failureThreshold times before giving up. Giving up the readiness probe means marking the Pod Unready | -| child.readinessProbe.periodSeconds | int | `30` | How often (in seconds) to perform the readiness probe | -| child.readinessProbe.successThreshold | int | `1` | Minimum consecutive successes for the readiness probe to be considered successful after having failed | -| child.readinessProbe.timeoutSeconds | int | `1` | Number of seconds after which the readiness probe times out | -| child.terminationGracePeriodSeconds | int | `30` | Duration in seconds the pod needs to terminate gracefully | -| child.nodeSelector | object | `{}` | Node selector for the child daemonsets | -| child.tolerations | list | `[{"effect":"NoSchedule","operator":"Exists"}]` | Tolerations settings for the child daemonsets | -| child.affinity | object | `{}` | Affinity settings for the child daemonsets | -| child.priorityClassName | string | `""` | Pod priority class name for the child daemonsets | -| child.podLabels | object | `{}` | Additional labels to add to the child pods | -| child.podAnnotationAppArmor.enabled | bool | `true` | Whether or not to include the AppArmor security annotation | -| child.podAnnotations | object | `{}` | Additional annotations to add to the child pods | -| child.hostNetwork | bool | `true` | Usage of host networking and ports | -| child.dnsPolicy | string | `"ClusterFirstWithHostNet"` | DNS policy for pod. Should be `ClusterFirstWithHostNet` if `child.hostNetwork = true` | -| child.persistence.enabled | bool | `true` | Whether or not to persist `/var/lib/netdata` in the `child.persistence.hostPath` | -| child.persistence.hostPath | string | `"/var/lib/netdata-k8s-child"` | Host node directory for storing child instance data | -| child.podsMetadata.useKubelet | bool | `false` | Send requests to the Kubelet /pods endpoint instead of Kubernetes API server to get pod metadata | -| child.podsMetadata.kubeletUrl | string | `"https://localhost:10250"` | Kubelet URL | -| child.configs | object | See values.yaml for default configuration | Manage custom child's configs | -| child.env | object | `{}` | Set environment parameters for the child daemonset | -| child.envFrom | list | `[]` | Set environment parameters for the child daemonset from ConfigMap and/or Secrets | -| child.claiming.enabled | bool | `false` | Enable child claiming for netdata cloud | -| child.claiming.token | string | `""` | Claim token | -| child.claiming.rooms | string | `""` | Comma separated list of claim rooms IDs. Empty value = All nodes room only | -| child.extraVolumeMounts | list | `[]` | Additional volumeMounts to add to the child pods | -| child.extraVolumes | list | `[]` | Additional volumes to add to the child pods | - -### Child1.0 - -| Key | Type | Default | Description | -|-----|------|---------|-------------| -| child.livenessProbe.periodSeconds | int | `30` | How often (in seconds) to perform the liveness probe | - -### K8s State - -| Key | Type | Default | Description | -|-----|------|---------|-------------| -| k8sState.hostname | string | `"netdata-k8s-state"` | K8s state node hostname | -| k8sState.enabled | bool | `true` | Install this Deployment to gather data from K8s cluster | -| k8sState.port | string | `"{{ .Values.parent.port }}"` | Listen port | -| k8sState.resources | object | `{}` | Compute resources required by this Deployment | -| k8sState.livenessProbe.initialDelaySeconds | int | `0` | Number of seconds after the container has started before liveness probes are initiated | -| k8sState.livenessProbe.failureThreshold | int | `3` | When a liveness probe fails, Kubernetes will try failureThreshold times before giving up. Giving up the liveness probe means restarting the container | -| k8sState.livenessProbe.periodSeconds | int | `30` | How often (in seconds) to perform the liveness probe | -| k8sState.livenessProbe.successThreshold | int | `1` | Minimum consecutive successes for the liveness probe to be considered successful after having failed | -| k8sState.livenessProbe.timeoutSeconds | int | `1` | Number of seconds after which the liveness probe times out | -| k8sState.readinessProbe.initialDelaySeconds | int | `0` | Number of seconds after the container has started before readiness probes are initiated | -| k8sState.readinessProbe.failureThreshold | int | `3` | When a readiness probe fails, Kubernetes will try failureThreshold times before giving up. Giving up the readiness probe means marking the Pod Unready | -| k8sState.readinessProbe.periodSeconds | int | `30` | How often (in seconds) to perform the readiness probe | -| k8sState.readinessProbe.successThreshold | int | `1` | Minimum consecutive successes for the readiness probe to be considered successful after having failed | -| k8sState.readinessProbe.timeoutSeconds | int | `1` | Number of seconds after which the readiness probe times out | -| k8sState.terminationGracePeriodSeconds | int | `30` | Duration in seconds the pod needs to terminate gracefully | -| k8sState.nodeSelector | object | `{}` | Node selector | -| k8sState.tolerations | list | `[]` | Tolerations settings | -| k8sState.affinity | object | `{}` | Affinity settings | -| k8sState.priorityClassName | string | `""` | Pod priority class name | -| k8sState.podLabels | object | `{}` | Additional labels | -| k8sState.podAnnotationAppArmor.enabled | bool | `true` | Whether or not to include the AppArmor security annotation | -| k8sState.podAnnotations | object | `{}` | Additional annotations | -| k8sState.dnsPolicy | string | `"ClusterFirstWithHostNet"` | DNS policy for pod | -| k8sState.persistence.enabled | bool | `true` | Whether should use a persistent volume for `/var/lib/netdata` | -| k8sState.persistence.storageclass | string | `"-"` | The storage class for the persistent volume claim of `/var/lib/netdata` | -| k8sState.persistence.volumesize | string | `"1Gi"` | The storage space for the PVC of `/var/lib/netdata` | -| k8sState.env | object | `{}` | Set environment parameters | -| k8sState.envFrom | list | `[]` | Set environment parameters from ConfigMap and/or Secrets | -| k8sState.configs | object | See values.yaml for default configuration | Manage custom configs | -| k8sState.claiming.enabled | bool | `false` | Enable claiming for netdata cloud | -| k8sState.claiming.token | string | `""` | Claim token | -| k8sState.claiming.rooms | string | `""` | Comma separated list of claim rooms IDs. Empty value = All nodes room only | -| k8sState.extraVolumeMounts | list | `[]` | Additional volumeMounts to add to the k8sState pods | -| k8sState.extraVolumes | list | `[]` | Additional volumes to add to the k8sState pods | - -### Netdata OpenTelemetry - -| Key | Type | Default | Description | -|-----|------|---------|-------------| -| netdataOpentelemetry.enabled | bool | `false` | Enable the Netdata OpenTelemetry Deployment | -| netdataOpentelemetry.hostname | string | `"netdata-otel"` | Hostname for the Netdata OpenTelemetry instance | -| netdataOpentelemetry.port | string | `"{{ .Values.parent.port }}"` | Listen port | -| netdataOpentelemetry.service.type | string | `"ClusterIP"` | Service type | -| netdataOpentelemetry.service.port | int | `4317` | Service port | -| netdataOpentelemetry.service.annotations | object | `{}` | Service annotations | -| netdataOpentelemetry.resources | object | `{}` | Compute resources required by this Deployment | -| netdataOpentelemetry.livenessProbe.initialDelaySeconds | int | `0` | Number of seconds after the container has started before liveness probes are initiated | -| netdataOpentelemetry.livenessProbe.failureThreshold | int | `3` | When a liveness probe fails, Kubernetes will try failureThreshold times before giving up | -| netdataOpentelemetry.livenessProbe.periodSeconds | int | `30` | How often (in seconds) to perform the liveness probe | -| netdataOpentelemetry.livenessProbe.successThreshold | int | `1` | Minimum consecutive successes for the liveness probe to be considered successful after having failed | -| netdataOpentelemetry.livenessProbe.timeoutSeconds | int | `1` | Number of seconds after which the liveness probe times out | -| netdataOpentelemetry.readinessProbe.initialDelaySeconds | int | `0` | Number of seconds after the container has started before readiness probes are initiated | -| netdataOpentelemetry.readinessProbe.failureThreshold | int | `3` | When a readiness probe fails, Kubernetes will try failureThreshold times before giving up | -| netdataOpentelemetry.readinessProbe.periodSeconds | int | `30` | How often (in seconds) to perform the readiness probe | -| netdataOpentelemetry.readinessProbe.successThreshold | int | `1` | Minimum consecutive successes for the readiness probe to be considered successful after having failed | -| netdataOpentelemetry.readinessProbe.timeoutSeconds | int | `1` | Number of seconds after which the readiness probe times out | -| netdataOpentelemetry.terminationGracePeriodSeconds | int | `30` | Duration in seconds the pod needs to terminate gracefully | -| netdataOpentelemetry.nodeSelector | object | `{}` | Node selector | -| netdataOpentelemetry.tolerations | list | `[]` | Tolerations settings | -| netdataOpentelemetry.affinity | object | `{}` | Affinity settings | -| netdataOpentelemetry.priorityClassName | string | `""` | Pod priority class name | -| netdataOpentelemetry.podLabels | object | `{}` | Additional labels | -| netdataOpentelemetry.podAnnotationAppArmor.enabled | bool | `true` | Whether or not to include the AppArmor security annotation | -| netdataOpentelemetry.podAnnotations | object | `{}` | Additional annotations | -| netdataOpentelemetry.dnsPolicy | string | `"Default"` | DNS policy for pod | -| netdataOpentelemetry.persistence.enabled | bool | `true` | Whether should use a persistent volume | -| netdataOpentelemetry.persistence.storageclass | string | `"-"` | The storage class for the persistent volume claim | -| netdataOpentelemetry.persistence.volumesize | string | `"10Gi"` | The storage space for the PVC | -| netdataOpentelemetry.configs | object | See values.yaml for default configuration | Manage custom configs | -| netdataOpentelemetry.env | object | `{}` | Set environment parameters | -| netdataOpentelemetry.envFrom | list | `[]` | Set environment parameters from ConfigMap and/or Secrets | -| netdataOpentelemetry.claiming.enabled | bool | `false` | Enable claiming for netdata cloud | -| netdataOpentelemetry.claiming.token | string | `""` | Claim token | -| netdataOpentelemetry.claiming.rooms | string | `""` | Comma separated list of claim rooms IDs. Empty value = All nodes room only | -| netdataOpentelemetry.extraVolumeMounts | list | `[]` | Additional volumeMounts | -| netdataOpentelemetry.extraVolumes | list | `[]` | Additional volumes | - -### OpenTelemetry Collector - -| Key | Type | Default | Description | -|-----|------|---------|-------------| -| otel-collector.enabled | bool | `false` | Set to true to enable the OpenTelemetry Collector | -| otel-collector.mode | string | `"daemonset"` | Deployment mode: daemonset, deployment, or statefulset | -| otel-collector.image.repository | string | `"otel/opentelemetry-collector-k8s"` | Image repository | -| otel-collector.presets.kubernetesAttributes.enabled | bool | `true` | Enable Kubernetes attributes collection | -| otel-collector.presets.logsCollection.enabled | bool | `true` | Enable logs collection from Kubernetes pods | -| otel-collector.presets.logsCollection.includeCollectorLogs | bool | `false` | Include collector logs in the collection | -| otel-collector.config | object | `{"exporters":{"otlp":{"endpoint":"{{ .Release.Name }}-otel:4317","retry_on_failure":{"enabled":true,"initial_interval":"5s","max_elapsed_time":"300s","max_interval":"30s"},"sending_queue":{"enabled":true,"num_consumers":10,"queue_size":1000},"tls":{"insecure":true}}},"processors":{"batch":{"send_batch_max_size":1500,"send_batch_size":1000,"timeout":"10s"},"k8sattributes":{"auth_type":"serviceAccount","extract":{"annotations":[{"from":"pod","key":"app","tag_name":"annotation.app"}],"labels":[{"from":"pod","key":"app","tag_name":"app"},{"from":"pod","key":"component","tag_name":"component"}],"metadata":["k8s.namespace.name","k8s.deployment.name","k8s.statefulset.name","k8s.daemonset.name","k8s.cronjob.name","k8s.job.name","k8s.node.name","k8s.pod.name","k8s.pod.uid","k8s.pod.start_time","k8s.container.name"]},"passthrough":false,"pod_association":[{"sources":[{"from":"resource_attribute","name":"k8s.pod.ip"}]},{"sources":[{"from":"resource_attribute","name":"k8s.pod.uid"}]},{"sources":[{"from":"connection"}]}]},"memory_limiter":{"check_interval":"5s","limit_percentage":80,"spike_limit_percentage":25},"resourcedetection":{"detectors":["env","system"],"timeout":"5s"}},"receivers":{"filelog":{"exclude":["/var/log/pods/*/otc-container/*.log"],"include":["/var/log/pods/*/*/*.log"],"include_file_name":false,"include_file_path":true,"operators":[{"id":"container-parser","max_log_size":102400,"type":"container"}],"start_at":"end"}},"service":{"pipelines":{"logs":{"exporters":["otlp"],"processors":["memory_limiter","k8sattributes","resourcedetection","batch"],"receivers":["filelog"]}}}}` | OpenTelemetry Collector configuration | -| otel-collector.resources | object | `{"limits":{"cpu":"200m","memory":"256Mi"},"requests":{"cpu":"100m","memory":"128Mi"}}` | Resources | -| otel-collector.serviceAccount.create | bool | `true` | Create service account | -| otel-collector.clusterRole.create | bool | `true` | Create cluster role | -| otel-collector.clusterRole.rules | list | `[{"apiGroups":[""],"resources":["pods","namespaces","nodes"],"verbs":["get","list","watch"]},{"apiGroups":["apps"],"resources":["replicasets"],"verbs":["get","list","watch"]}]` | Cluster role rules | -| otel-collector.tolerations | list | `[{"effect":"NoSchedule","operator":"Exists"},{"effect":"NoExecute","operator":"Exists"}]` | Tolerations to run on all nodes | -| otel-collector.ports.otlp.enabled | bool | `true` | Enable OTLP port | -| otel-collector.ports.otlp-http.enabled | bool | `true` | Enable OTLP HTTP port | -| otel-collector.ports.metrics.enabled | bool | `true` | Enable metrics port | +

General settings

+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
KeyTypeDefaultDescription
replicaCountint
+1
+
+		Number of `replicas` for the parent netdata `Deployment`
deploymentStrategy.typestring
+"Recreate"
+
+		Deployment strategy for pod deployments. Recreate is the safest value.
imagePullSecretslist
+[]
+
+		An optional list of references to secrets in the same namespace to use for pulling any of the images
image.repositorystring
+"netdata/netdata"
+
+		Container image repository
image.tagstring
+"{{ .Chart.AppVersion }}"
+
+		Container image tag
image.pullPolicystring
+"Always"
+
+		Container image pull policy
initContainersImage.repositorystring
+"alpine"
+
+		Init containers' image repository
initContainersImage.tagstring
+"latest"
+
+		Init containers' image tag
initContainersImage.pullPolicystring
+"Always"
+
+		Init containers' image pull policy
sysctlInitContainer.enabledbool
+false
+
+		Enable an init container to modify Kernel settings
sysctlInitContainer.commandlist
+[]
+
+		sysctl init container command to execute
sysctlInitContainer.resourcesobject
+{}
+
+		sysctl Init container CPU/Memory resource requests/limits
service.typestring
+"ClusterIP"
+
+		Parent service type
service.portint
+19999
+
+		Parent service port
service.annotationsobject
+{}
+
+		Additional annotations to add to the service
service.loadBalancerIPstring
+""
+
+		Static LoadBalancer IP, only to be used with service type=LoadBalancer
service.loadBalancerSourceRangeslist
+[]
+
+		List of allowed IPs for LoadBalancer
service.externalTrafficPolicystring
+""
+
+		Denotes if this Service desires to route external traffic to node-local or cluster-wide endpoints
service.healthCheckNodePortstring
+null
+
+		Specifies the health check node port (only to be used with type LoadBalancer and external traffic policy Local)
service.clusterIPstring
+""
+
+		Specific cluster IP when service type is cluster IP. Use `None` for headless service
ingress.enabledbool
+true
+
+		Create Ingress to access the netdata web UI
ingress.annotationsobject
+See values.yaml for defaults
+
+		Associate annotations to the Ingress
ingress.pathstring
+"/"
+
+		URL path for the ingress. If changed, a proxy server needs to be configured in front of netdata to translate path from a custom one to a `/`
ingress.pathTypestring
+"Prefix"
+
+		pathType for your ingress controller. Default value is correct for nginx. If you use your own ingress controller, check the correct value
ingress.hosts[0]string
+"netdata.k8s.local"
+
+		URL hostnames for the ingress (they need to resolve to the external IP of the ingress controller)
rbac.createbool
+true
+
+		if true, create & use RBAC resources
rbac.pspEnabledbool
+true
+
+		Specifies whether a PodSecurityPolicy should be created
serviceAccount.createbool
+true
+
+		if true, create a service account
serviceAccount.namestring
+"netdata"
+
+		The name of the service account to use. If not set and create is true, a name is generated using the fullname template
restarter.enabledbool
+false
+
+		Install CronJob to update Netdata Pods
restarter.schedulestring
+"00 06 * * *"
+
+		The schedule in Cron format
restarter.image.repositorystring
+"rancher/kubectl"
+
+		Container image repo
restarter.image.tagstring
+".auto"
+
+		Container image tag. If `.auto`, the image tag version of the rancher/kubectl will reflect the Kubernetes cluster version
restarter.image.pullPolicystring
+"Always"
+
+		Container image pull policy
restarter.restartPolicystring
+"Never"
+
+		Container restart policy
restarter.resourcesobject
+{}
+
+		Container resources
restarter.concurrencyPolicystring
+"Forbid"
+
+		Specifies how to treat concurrent executions of a job
restarter.startingDeadlineSecondsint
+60
+
+		Optional deadline in seconds for starting the job if it misses scheduled time for any reason
restarter.successfulJobsHistoryLimitint
+3
+
+		The number of successful finished jobs to retain
restarter.failedJobsHistoryLimitint
+3
+
+		The number of failed finished jobs to retain
notifications.slack.webhook_urlstring
+""
+
+		Slack webhook URL
notifications.slack.recipientstring
+""
+
+		Slack recipient list
+

Service Discovery

+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
KeyTypeDefaultDescription
sd.image.repositorystring
+"netdata/agent-sd"
+
+		Container image repository
sd.image.tagstring
+"v0.2.10"
+
+		Container image tag
sd.image.pullPolicystring
+"Always"
+
+		Container image pull policy
sd.child.enabledbool
+true
+
+		Add service-discovery sidecar container to the netdata child pod definition
sd.child.configmap.namestring
+"netdata-child-sd-config-map"
+
+		Child service-discovery ConfigMap name
sd.child.configmap.keystring
+"config.yml"
+
+		Child service-discovery ConfigMap key
sd.child.configmap.from.filestring
+""
+
+		File to use for child service-discovery configuration generation
sd.child.configmap.from.valueobject
+{}
+
+		Value to use for child service-discovery configuration generation
sd.child.resourcesobject
+See values.yaml for defaults
+
+		Child service-discovery container CPU/Memory resource requests/limits
+

Parent

+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
KeyTypeDefaultDescription
parent.hostnamestring
+"netdata-parent"
+
+		Parent node hostname
parent.enabledbool
+true
+
+		Install parent Deployment to receive metrics from children nodes
parent.portint
+19999
+
+		Parent's listen port
parent.resourcesobject
+{}
+
+		Resources for the parent deployment
parent.livenessProbe.initialDelaySecondsint
+0
+
+		Number of seconds after the container has started before liveness probes are initiated
parent.livenessProbe.failureThresholdint
+3
+
+		When a liveness probe fails, Kubernetes will try failureThreshold times before giving up. Giving up the liveness probe means restarting the container
parent.livenessProbe.periodSecondsint
+30
+
+		How often (in seconds) to perform the liveness probe
parent.livenessProbe.successThresholdint
+1
+
+		Minimum consecutive successes for the liveness probe to be considered successful after having failed
parent.livenessProbe.timeoutSecondsint
+1
+
+		Number of seconds after which the liveness probe times out
parent.readinessProbe.initialDelaySecondsint
+0
+
+		Number of seconds after the container has started before readiness probes are initiated
parent.readinessProbe.failureThresholdint
+3
+
+		When a readiness probe fails, Kubernetes will try failureThreshold times before giving up. Giving up the readiness probe means marking the Pod Unready
parent.readinessProbe.periodSecondsint
+30
+
+		How often (in seconds) to perform the readiness probe
parent.readinessProbe.successThresholdint
+1
+
+		Minimum consecutive successes for the readiness probe to be considered successful after having failed
parent.readinessProbe.timeoutSecondsint
+1
+
+		Number of seconds after which the readiness probe times out
parent.securityContext.runAsUserint
+201
+
+		The UID to run the container process
parent.securityContext.runAsGroupint
+201
+
+		The GID to run the container process
parent.securityContext.fsGroupint
+201
+
+		The supplementary group for setting permissions on volumes
parent.terminationGracePeriodSecondsint
+300
+
+		Duration in seconds the pod needs to terminate gracefully
parent.nodeSelectorobject
+{}
+
+		Node selector for the parent deployment
parent.tolerationslist
+[]
+
+		Tolerations settings for the parent deployment
parent.affinityobject
+{}
+
+		Affinity settings for the parent deployment
parent.priorityClassNamestring
+""
+
+		Pod priority class name for the parent deployment
parent.envobject
+{}
+
+		Set environment parameters for the parent deployment
parent.envFromlist
+[]
+
+		Set environment parameters for the parent deployment from ConfigMap and/or Secrets
parent.podLabelsobject
+{}
+
+		Additional labels to add to the parent pods
parent.podAnnotationsobject
+{}
+
+		Additional annotations to add to the parent pods
parent.dnsPolicystring
+"Default"
+
+		DNS policy for pod
parent.database.persistencebool
+true
+
+		Whether the parent should use a persistent volume for the DB
parent.database.storageclassstring
+"-"
+
+		The storage class for the persistent volume claim of the parent's database store, mounted to `/var/cache/netdata`
parent.database.volumesizestring
+"5Gi"
+
+		The storage space for the PVC of the parent database
parent.alarms.persistencebool
+true
+
+		Whether the parent should use a persistent volume for the alarms log
parent.alarms.storageclassstring
+"-"
+
+		The storage class for the persistent volume claim of the parent's alarm log, mounted to `/var/lib/netdata`
parent.alarms.volumesizestring
+"1Gi"
+
+		The storage space for the PVC of the parent alarm log
parent.configsobject
+See values.yaml for defaults
+
+		Manage custom parent's configs
parent.claiming.enabledbool
+false
+
+		Enable parent claiming for netdata cloud
parent.claiming.tokenstring
+""
+
+		Claim token
parent.claiming.roomsstring
+""
+
+		Comma separated list of claim rooms IDs. Empty value = All nodes room only
parent.extraVolumeMountslist
+[]
+
+		Additional volumeMounts to add to the parent pods
parent.extraVolumeslist
+[]
+
+		Additional volumes to add to the parent pods
parent.extraInitContainerslist
+[]
+
+		Additional init containers to add to the parent pods
+

Child

+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
KeyTypeDefaultDescription
child.enabledbool
+true
+
+		Install child DaemonSet to gather data from nodes
child.portstring
+"{{ .Values.parent.port }}"
+
+		Children's listen port
child.updateStrategyobject
+{}
+
+		An update strategy to replace existing DaemonSet pods with new pods
child.resourcesobject
+{}
+
+		Resources for the child DaemonSet
child.livenessProbe.initialDelaySecondsint
+0
+
+		Number of seconds after the container has started before liveness probes are initiated
child.livenessProbe.failureThresholdint
+3
+
+		When a liveness probe fails, Kubernetes will try failureThreshold times before giving up. Giving up the liveness probe means restarting the container
child.livenessProbe.successThresholdint
+1
+
+		Minimum consecutive successes for the liveness probe to be considered successful after having failed
child.livenessProbe.timeoutSecondsint
+1
+
+		Number of seconds after which the liveness probe times out
child.readinessProbe.initialDelaySecondsint
+0
+
+		Number of seconds after the container has started before readiness probes are initiated
child.readinessProbe.failureThresholdint
+3
+
+		When a readiness probe fails, Kubernetes will try failureThreshold times before giving up. Giving up the readiness probe means marking the Pod Unready
child.readinessProbe.periodSecondsint
+30
+
+		How often (in seconds) to perform the readiness probe
child.readinessProbe.successThresholdint
+1
+
+		Minimum consecutive successes for the readiness probe to be considered successful after having failed
child.readinessProbe.timeoutSecondsint
+1
+
+		Number of seconds after which the readiness probe times out
child.terminationGracePeriodSecondsint
+30
+
+		Duration in seconds the pod needs to terminate gracefully
child.nodeSelectorobject
+{}
+
+		Node selector for the child daemonsets
child.tolerationslist
+See values.yaml for defaults
+
+		Tolerations settings for the child daemonsets
child.affinityobject
+{}
+
+		Affinity settings for the child daemonsets
child.priorityClassNamestring
+""
+
+		Pod priority class name for the child daemonsets
child.podLabelsobject
+{}
+
+		Additional labels to add to the child pods
child.podAnnotationAppArmor.enabledbool
+true
+
+		Whether or not to include the AppArmor security annotation
child.podAnnotationsobject
+{}
+
+		Additional annotations to add to the child pods
child.hostNetworkbool
+true
+
+		Usage of host networking and ports
child.dnsPolicystring
+"ClusterFirstWithHostNet"
+
+		DNS policy for pod. Should be `ClusterFirstWithHostNet` if `child.hostNetwork = true`
child.persistence.enabledbool
+true
+
+		Whether or not to persist `/var/lib/netdata` in the `child.persistence.hostPath`
child.persistence.hostPathstring
+"/var/lib/netdata-k8s-child"
+
+		Host node directory for storing child instance data
child.podsMetadata.useKubeletbool
+false
+
+		Send requests to the Kubelet /pods endpoint instead of Kubernetes API server to get pod metadata
child.podsMetadata.kubeletUrlstring
+"https://localhost:10250"
+
+		Kubelet URL
child.configsobject
+See values.yaml for defaults
+
+		Manage custom child's configs
child.envobject
+{}
+
+		Set environment parameters for the child daemonset
child.envFromlist
+[]
+
+		Set environment parameters for the child daemonset from ConfigMap and/or Secrets
child.claiming.enabledbool
+false
+
+		Enable child claiming for netdata cloud
child.claiming.tokenstring
+""
+
+		Claim token
child.claiming.roomsstring
+""
+
+		Comma separated list of claim rooms IDs. Empty value = All nodes room only
child.extraVolumeMountslist
+[]
+
+		Additional volumeMounts to add to the child pods
child.extraVolumeslist
+[]
+
+		Additional volumes to add to the child pods
+

Child1.0

+ + + + + + + + + + + + + + + +
KeyTypeDefaultDescription
child.livenessProbe.periodSecondsint
+30
+
+		How often (in seconds) to perform the liveness probe
+

K8s State

+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
KeyTypeDefaultDescription
k8sState.hostnamestring
+"netdata-k8s-state"
+
+		K8s state node hostname
k8sState.enabledbool
+true
+
+		Install this Deployment to gather data from K8s cluster
k8sState.portstring
+"{{ .Values.parent.port }}"
+
+		Listen port
k8sState.resourcesobject
+{}
+
+		Compute resources required by this Deployment
k8sState.livenessProbe.initialDelaySecondsint
+0
+
+		Number of seconds after the container has started before liveness probes are initiated
k8sState.livenessProbe.failureThresholdint
+3
+
+		When a liveness probe fails, Kubernetes will try failureThreshold times before giving up. Giving up the liveness probe means restarting the container
k8sState.livenessProbe.periodSecondsint
+30
+
+		How often (in seconds) to perform the liveness probe
k8sState.livenessProbe.successThresholdint
+1
+
+		Minimum consecutive successes for the liveness probe to be considered successful after having failed
k8sState.livenessProbe.timeoutSecondsint
+1
+
+		Number of seconds after which the liveness probe times out
k8sState.readinessProbe.initialDelaySecondsint
+0
+
+		Number of seconds after the container has started before readiness probes are initiated
k8sState.readinessProbe.failureThresholdint
+3
+
+		When a readiness probe fails, Kubernetes will try failureThreshold times before giving up. Giving up the readiness probe means marking the Pod Unready
k8sState.readinessProbe.periodSecondsint
+30
+
+		How often (in seconds) to perform the readiness probe
k8sState.readinessProbe.successThresholdint
+1
+
+		Minimum consecutive successes for the readiness probe to be considered successful after having failed
k8sState.readinessProbe.timeoutSecondsint
+1
+
+		Number of seconds after which the readiness probe times out
k8sState.terminationGracePeriodSecondsint
+30
+
+		Duration in seconds the pod needs to terminate gracefully
k8sState.nodeSelectorobject
+{}
+
+		Node selector
k8sState.tolerationslist
+[]
+
+		Tolerations settings
k8sState.affinityobject
+{}
+
+		Affinity settings
k8sState.priorityClassNamestring
+""
+
+		Pod priority class name
k8sState.podLabelsobject
+{}
+
+		Additional labels
k8sState.podAnnotationAppArmor.enabledbool
+true
+
+		Whether or not to include the AppArmor security annotation
k8sState.podAnnotationsobject
+{}
+
+		Additional annotations
k8sState.dnsPolicystring
+"ClusterFirstWithHostNet"
+
+		DNS policy for pod
k8sState.persistence.enabledbool
+true
+
+		Whether should use a persistent volume for `/var/lib/netdata`
k8sState.persistence.storageclassstring
+"-"
+
+		The storage class for the persistent volume claim of `/var/lib/netdata`
k8sState.persistence.volumesizestring
+"1Gi"
+
+		The storage space for the PVC of `/var/lib/netdata`
k8sState.envobject
+{}
+
+		Set environment parameters
k8sState.envFromlist
+[]
+
+		Set environment parameters from ConfigMap and/or Secrets
k8sState.configsobject
+See values.yaml for defaults
+
+		Manage custom configs
k8sState.claiming.enabledbool
+false
+
+		Enable claiming for netdata cloud
k8sState.claiming.tokenstring
+""
+
+		Claim token
k8sState.claiming.roomsstring
+""
+
+		Comma separated list of claim rooms IDs. Empty value = All nodes room only
k8sState.extraVolumeMountslist
+[]
+
+		Additional volumeMounts to add to the k8sState pods
k8sState.extraVolumeslist
+[]
+
+		Additional volumes to add to the k8sState pods
+

Netdata OpenTelemetry

+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
KeyTypeDefaultDescription
netdataOpentelemetry.enabledbool
+false
+
+		Enable the Netdata OpenTelemetry Deployment
netdataOpentelemetry.hostnamestring
+"netdata-otel"
+
+		Hostname for the Netdata OpenTelemetry instance
netdataOpentelemetry.portstring
+"{{ .Values.parent.port }}"
+
+		Listen port
netdataOpentelemetry.service.typestring
+"ClusterIP"
+
+		Service type
netdataOpentelemetry.service.portint
+4317
+
+		Service port
netdataOpentelemetry.service.annotationsobject
+{}
+
+		Service annotations
netdataOpentelemetry.resourcesobject
+{}
+
+		Compute resources required by this Deployment
netdataOpentelemetry.livenessProbe.initialDelaySecondsint
+0
+
+		Number of seconds after the container has started before liveness probes are initiated
netdataOpentelemetry.livenessProbe.failureThresholdint
+3
+
+		When a liveness probe fails, Kubernetes will try failureThreshold times before giving up
netdataOpentelemetry.livenessProbe.periodSecondsint
+30
+
+		How often (in seconds) to perform the liveness probe
netdataOpentelemetry.livenessProbe.successThresholdint
+1
+
+		Minimum consecutive successes for the liveness probe to be considered successful after having failed
netdataOpentelemetry.livenessProbe.timeoutSecondsint
+1
+
+		Number of seconds after which the liveness probe times out
netdataOpentelemetry.readinessProbe.initialDelaySecondsint
+0
+
+		Number of seconds after the container has started before readiness probes are initiated
netdataOpentelemetry.readinessProbe.failureThresholdint
+3
+
+		When a readiness probe fails, Kubernetes will try failureThreshold times before giving up
netdataOpentelemetry.readinessProbe.periodSecondsint
+30
+
+		How often (in seconds) to perform the readiness probe
netdataOpentelemetry.readinessProbe.successThresholdint
+1
+
+		Minimum consecutive successes for the readiness probe to be considered successful after having failed
netdataOpentelemetry.readinessProbe.timeoutSecondsint
+1
+
+		Number of seconds after which the readiness probe times out
netdataOpentelemetry.terminationGracePeriodSecondsint
+30
+
+		Duration in seconds the pod needs to terminate gracefully
netdataOpentelemetry.nodeSelectorobject
+{}
+
+		Node selector
netdataOpentelemetry.tolerationslist
+[]
+
+		Tolerations settings
netdataOpentelemetry.affinityobject
+{}
+
+		Affinity settings
netdataOpentelemetry.priorityClassNamestring
+""
+
+		Pod priority class name
netdataOpentelemetry.podLabelsobject
+{}
+
+		Additional labels
netdataOpentelemetry.podAnnotationAppArmor.enabledbool
+true
+
+		Whether or not to include the AppArmor security annotation
netdataOpentelemetry.podAnnotationsobject
+{}
+
+		Additional annotations
netdataOpentelemetry.dnsPolicystring
+"Default"
+
+		DNS policy for pod
netdataOpentelemetry.persistence.enabledbool
+true
+
+		Whether should use a persistent volume
netdataOpentelemetry.persistence.storageclassstring
+"-"
+
+		The storage class for the persistent volume claim
netdataOpentelemetry.persistence.volumesizestring
+"10Gi"
+
+		The storage space for the PVC
netdataOpentelemetry.configsobject
+See values.yaml for defaults
+
+		Manage custom configs
netdataOpentelemetry.envobject
+{}
+
+		Set environment parameters
netdataOpentelemetry.envFromlist
+[]
+
+		Set environment parameters from ConfigMap and/or Secrets
netdataOpentelemetry.claiming.enabledbool
+false
+
+		Enable claiming for netdata cloud
netdataOpentelemetry.claiming.tokenstring
+""
+
+		Claim token
netdataOpentelemetry.claiming.roomsstring
+""
+
+		Comma separated list of claim rooms IDs. Empty value = All nodes room only
netdataOpentelemetry.extraVolumeMountslist
+[]
+
+		Additional volumeMounts
netdataOpentelemetry.extraVolumeslist
+[]
+
+		Additional volumes
+

OpenTelemetry Collector

+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
KeyTypeDefaultDescription
otel-collector.enabledbool
+false
+
+		Set to true to enable the OpenTelemetry Collector
otel-collector.modestring
+"daemonset"
+
+		Deployment mode: daemonset, deployment, or statefulset
otel-collector.image.repositorystring
+"otel/opentelemetry-collector-k8s"
+
+		Image repository
otel-collector.presets.kubernetesAttributes.enabledbool
+true
+
+		Enable Kubernetes attributes collection
otel-collector.presets.logsCollection.enabledbool
+true
+
+		Enable logs collection from Kubernetes pods
otel-collector.presets.logsCollection.includeCollectorLogsbool
+false
+
+		Include collector logs in the collection
otel-collector.configobject
+See values.yaml for defaults
+
+		OpenTelemetry Collector configuration
otel-collector.resourcesobject
+See values.yaml for defaults
+
+		Resources
otel-collector.serviceAccount.createbool
+true
+
+		Create service account
otel-collector.clusterRole.createbool
+true
+
+		Create cluster role
otel-collector.clusterRole.ruleslist
+See values.yaml for defaults
+
+		Cluster role rules
otel-collector.tolerationslist
+See values.yaml for defaults
+
+		Tolerations to run on all nodes
Example to set the parameters from the command line: diff --git a/charts/netdata/values.yaml b/charts/netdata/values.yaml index 288ab631..9669654b 100644 --- a/charts/netdata/values.yaml +++ b/charts/netdata/values.yaml @@ -1,9 +1,9 @@ # -- Number of `replicas` for the parent netdata `Deployment` # @section -- General settings replicaCount: 1 -# -- Deployment strategy for pod deployments. Recreate is the safest value. -# @section -- General settings deploymentStrategy: + # -- Deployment strategy for pod deployments. Recreate is the safest value. + # @section -- General settings type: Recreate # -- An optional list of references to secrets in the same namespace to use for pulling any of the images @@ -52,6 +52,7 @@ sd: # @section -- Service Discovery value: {} # -- Child service-discovery container CPU/Memory resource requests/limits + # @default -- See values.yaml for defaults # @section -- Service Discovery resources: limits: @@ -114,6 +115,7 @@ ingress: # @section -- General settings enabled: true # -- Associate annotations to the Ingress + # @default -- See values.yaml for defaults # @section -- General settings annotations: kubernetes.io/ingress.class: nginx @@ -124,9 +126,9 @@ ingress: # -- pathType for your ingress controller. Default value is correct for nginx. If you use your own ingress controller, check the correct value # @section -- General settings pathType: Prefix - # -- URL hostnames for the ingress (they need to resolve to the external IP of the ingress controller) - # @section -- General settings hosts: + # -- URL hostnames for the ingress (they need to resolve to the external IP of the ingress controller) + # @section -- General settings - netdata.k8s.local ## whole spec is going to be included into ingress spec. ## if you intend to use ingressClassName declaration, remove ingress.class from annotations @@ -337,7 +339,7 @@ parent: volumesize: 1Gi # -- Manage custom parent's configs - # @default -- See values.yaml for default configuration + # @default -- See values.yaml for defaults # @section -- Parent configs: netdata: @@ -486,6 +488,7 @@ child: nodeSelector: {} # -- Tolerations settings for the child daemonsets + # @default -- See values.yaml for defaults # @section -- Child tolerations: - operator: Exists @@ -537,7 +540,7 @@ child: kubeletUrl: "https://localhost:10250" # -- Manage custom child's configs - # @default -- See values.yaml for default configuration + # @default -- See values.yaml for defaults # @section -- Child configs: netdata: @@ -760,7 +763,7 @@ k8sState: ## Also ensure that claim.token is empty # -- Manage custom configs - # @default -- See values.yaml for default configuration + # @default -- See values.yaml for defaults # @section -- K8s State configs: netdata: @@ -969,7 +972,7 @@ netdataOpentelemetry: volumesize: 10Gi # -- Manage custom configs - # @default -- See values.yaml for default configuration + # @default -- See values.yaml for defaults # @section -- Netdata OpenTelemetry configs: netdata: @@ -1112,6 +1115,7 @@ otel-collector: includeCollectorLogs: false # -- OpenTelemetry Collector configuration + # @default -- See values.yaml for defaults # @section -- OpenTelemetry Collector config: receivers: @@ -1216,6 +1220,7 @@ otel-collector: exporters: [otlp] # -- Resources + # @default -- See values.yaml for defaults # @section -- OpenTelemetry Collector resources: limits: @@ -1237,6 +1242,7 @@ otel-collector: # @section -- OpenTelemetry Collector create: true # -- Cluster role rules + # @default -- See values.yaml for defaults # @section -- OpenTelemetry Collector rules: - apiGroups: [""] @@ -1247,6 +1253,7 @@ otel-collector: verbs: ["get", "list", "watch"] # -- Tolerations to run on all nodes + # @default -- See values.yaml for defaults # @section -- OpenTelemetry Collector tolerations: - effect: NoSchedule @@ -1255,24 +1262,20 @@ otel-collector: operator: Exists # Ports configuration + # @default -- See values.yaml for defaults + # @section -- OpenTelemetry Collector ports: otlp: - # -- Enable OTLP port - # @section -- OpenTelemetry Collector enabled: true containerPort: 4317 servicePort: 4317 protocol: TCP otlp-http: - # -- Enable OTLP HTTP port - # @section -- OpenTelemetry Collector enabled: true containerPort: 4318 servicePort: 4318 protocol: TCP metrics: - # -- Enable metrics port - # @section -- OpenTelemetry Collector enabled: true containerPort: 8888 servicePort: 8888 diff --git a/templates/netdata-README.md.gotmpl b/templates/netdata-README.md.gotmpl index 373a47b7..7a0b29eb 100644 --- a/templates/netdata-README.md.gotmpl +++ b/templates/netdata-README.md.gotmpl @@ -134,7 +134,7 @@ The command removes all the Kubernetes components associated with the chart and The following table lists the configurable parameters of the netdata chart and their default values. -{{ template "chart.valuesTable" . }} +{{ template "chart.valuesTableHtml" . }} Example to set the parameters from the command line: From 595e55a7e46f106a5294928fd506709226cfc2a6 Mon Sep 17 00:00:00 2001 From: Mateusz Date: Mon, 2 Feb 2026 11:54:31 +0100 Subject: [PATCH 09/10] changes to workflows - release and checks install steps in cheks now wait for resources, archive is no longer in the branch - it is pulled during the tests and release. --- .github/workflows/checks.yml | 4 + .github/workflows/release.yml | 13 +++ charts/netdata/README.md | 74 +++++++++++++----- .../opentelemetry-collector-0.144.0.tgz | Bin 31766 -> 0 bytes charts/netdata/values.yaml | 25 +++--- 5 files changed, 87 insertions(+), 29 deletions(-) delete mode 100644 charts/netdata/charts/opentelemetry-collector-0.144.0.tgz diff --git a/.github/workflows/checks.yml b/.github/workflows/checks.yml index bc5399ff..9bd3b119 100644 --- a/.github/workflows/checks.yml +++ b/.github/workflows/checks.yml @@ -40,6 +40,10 @@ jobs: run: | helm repo add opentelemetry-collector https://open-telemetry.github.io/opentelemetry-helm-charts + - name: Build chart dependencies + run: | + helm dependency build charts/netdata + - name: Check documentation is up-to-date run: | ./generate-documentation.sh diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index a6b53dbc..482465c8 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -29,6 +29,19 @@ jobs: git config --global user.name Netdatabot git config --global user.email bot@netdata.cloud + - name: Set up Helm + uses: azure/setup-helm@v4 + with: + version: v3.12.0 + + - name: Add helm repo for dependencies + run: | + helm repo add opentelemetry-collector https://open-telemetry.github.io/opentelemetry-helm-charts + + - name: Build chart dependencies + run: | + helm dependency build charts/netdata + - name: Get current version id: get_current_var run: echo "current_version=$(.github/scripts/update_versions.py get_chart_version)" >> $GITHUB_OUTPUT diff --git a/charts/netdata/README.md b/charts/netdata/README.md index 9e4917b0..20351ef8 100644 --- a/charts/netdata/README.md +++ b/charts/netdata/README.md @@ -1049,6 +1049,15 @@ true When a liveness probe fails, Kubernetes will try failureThreshold times before giving up. Giving up the liveness probe means restarting the container + + child.livenessProbe.periodSeconds + int + 
+30
+
+ + How often (in seconds) to perform the liveness probe + child.livenessProbe.successThreshold int @@ -1312,26 +1321,6 @@ false -

Child1.0

- - - - - - - - - - - - - - - -
KeyTypeDefaultDescription
child.livenessProbe.periodSecondsint
-30
-
-		How often (in seconds) to perform the liveness probe

K8s State

@@ -1712,6 +1701,51 @@ false + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/charts/netdata/charts/opentelemetry-collector-0.144.0.tgz b/charts/netdata/charts/opentelemetry-collector-0.144.0.tgz deleted file mode 100644 index 258e0f8879e6f6a5ae4d4607f51eda0e650c1fae..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 31766 zcmV)TK(W6ciwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0POwybK^F$IEtU2^;h7?+0WQHmSlS#nN@A}`}KHc6W^VOukB>- zRw`vfBqU)?5)1&^qd0T__FHH?2$G;g`86{+W~wF@2{amwMx)VabhDgfk|ZQ0k}n1k zOA-=E#zzNp%;j)_)8xNy{p{@Q?7VpP4F12fvs3^7&Ubq+{%iO7?$c+_cV4{M+5NAb z-4{F0zxyw=bNi-OKZTH(|JTl~+p2f&D|v8Ee694BuR=Q#WZNjIQnNXAv`0Jh~Au~WQ^ug=3+b=Rrqa4*{DY& z1-JD(O=qKo&6ucu8mM=J3||iOY}QLL%_OE7;bPnypbV=f|Wfv)B>nu9nHIgSVtb5=OmKJLXmp-v!0|HJc@AUV+{ZnBOJpojB-u{ zQBAqVt9WgrNg>g}{`>bIPJK9>r0kOPHVlAjr6D?;s^N5~Lus6-PU39Q+dzUux(n(} z5XLqDh;WuMsaoxA0I7A+Av(;2Bsku7l?Z$;dy(R-z)7+|G;0z?F+m}86(;9|qbVgx zERZOa00oXzAA1|f6M3rNWpipcus|7!h!B`BhCPj&821p`KnJ#(QhBR5@ip%X&dm)@8~VsznF@=>`ul>9r|F#Q;~ekchN6Nzae5X;Q8 z(ce^~s((grP-|8XA%sY#L`6JCQ=A9_uV@w}MNFKA@s`bm|9u0!QI%*mLsH44D^4X5 zD4LV#B4<=hEt;XxCFY}qPDV_UBx1=3&6$uWrW}ASh6dJqCW(d<&2ctUfNaB0grXu0 z4`)nnBf((OA}V3ZLBr~62(pljlYRO^Xyw77BeqewzMQooH0&e)Y+GY0Loo{wtaUsyhRNcjuX)D!tQn zTBbpR%%xt9jyO|9&=glv-uspkiDN8rjp!FI1(r&OEL5Sq0w77W)HO60RiZn|&88@& z8E~u-`7t_vwSRzkVb=PCq!5zuW2W?hha7{lz@Y5qpzP&}(I~6$yV|YNX#@RhPBQz& ztXH-nm|WzeYiF96mPfyhS% zT`3@LGQ$uPBY8~w`$=-d;B?k#~wNDXhizkAR(6|X<5K8UWzkQ?w)x6z}wG+M`qg}mu)ppwV44j4gg@ahPkiX z2&07Hm~cdlBC0mEg2*CQxa1so1;s^aWV!oMw`A@*>Zbhi`PLBaLBX-zsr#;bJ|V0a zkEu`%yahOKtU7P-SZiYhtWlA{Ig5oxT)-}!M*b3{#}+IRc0Y+Tq;`+xwsl5evj;F# zeq*!YXp*qWD8)1z*-p7XOm9cWZ}wlm zdoxVqjTy-Z$C5bS98|XKVxWde=~kCCCh=en`>hr1TaMssDk64C_(JorBC7r?$j_)p6E>!=;i)m-xcMy`lw+<`um7;Q>k5N}P`QWFinjgk6P1Bx?5K2jmo zzVpC=)g~_3cxa;u=u<52S$(H0`tGNbQ@gpXO^d3T=#pZkd5{HYMlpKANrD$ol$5Jh z1D#26zmS+qZ*qW5Nfdd`xD?Lb26_(&Pi^_q%AT6<+KK|Z!t9c8)0G8I69v?E`#o66 z`~4bW^k^qo(o2GJtfn19Q6VHteL`6zz+9-&WN@^APJaCG)7#gj#8)zGQe-h~@v#Br z$rT^mwvz8u8r~3~k#Yj`Fmx6Bq50)#I+;W|@1oEWf zu(#3MK&L+*o}dp$r-vWjqr(&Q=Knc*bA0&j&HK~+w`l+UYjpC{tN-iG!6`cZfLSf?r6wIH4TXp3AVhOMIT@W-~`QK zF%?zwqk?B@bG6KvLSyvHuVyK>r&;}vgO~_8z=fRm%{Qb;K1O}PQi9YcB~;XB&74d0 z2xhF>qMh|z-<9y!01doKA3H*`{jUM5_BdUs|E!C*fp|xV`_QVGmkZsUpsm2&5zY>j zk8p1Ty~3h(g;KNlq_(=yY&Jxv3=t72k>Qp~nhA-sNZTQ=uhFMZ+hCTzzCK5PW1P;Y zVt=zT{T-cu`lO)$gK6_PQZ{F=6zD1utp$UmtN(8_O763>Z z?J+E3W*+Hbh{>dwjnVZd_#{atz^>pKD&_5J~m0qdU&4gYO_>prqshUz+V4Kq*eT<}5uSp@T`jZhQ?P!-G=Jr}NpS58~h2%V*LVm44pbidsBivrrWM^Wz3aA?ri z&GijD4I(EzBALW9GDa_VLQRRBUXZg;gL}`{YS0JdH@o+|hnzZKM)N7k2rU+d_xBDJ;CEGy_&gvRwTK7!nOgW2JDGd!ffO>bPUke}m0s0S{ zoGo{YLEd8^m2+lyM^ptHVeEIUFrr_^1zo1zMnf2FayK4B2 znyM?fPTBgk{U!oY>?VZ8CNGktj;CE+n)o+I!GGpV1h5ShRN%+R^}D`gDZG3st{K2u zC~O&jyWLn3Ef`oCdmj1~8E;EfMR4U4ECU`1D^kT4QnRp)>R$?C=-#KOZL}J`>*Y!+tytuH{?{5_UPV5i6?ARf6AoM{uCw9q?oDlQ~FU`AK-72#0U(Z+VqAr zVQ~Vy3C0(XXr)$a&@P)phk%SGLd4RPWU=1vYj+vf7=Q!)JxQ!>LW9)44&aMqZ6yjE zNprc_M&}kMqU|;3j`yu+5oj;I()UC(yo)5T&ifB`h@77esKtjT=>3ON^zO~^4{u&; z6RHL?7Yjtag{>=()#53@;HygXkmh6*y8|av% zG>Zw>ELd&|>U#So<4AxUP{bw)3()%}G3Sh8&m!F`W@1 zJ@p);jAa9u78>Pk-A*|I3PU|Mrt&5yGtA>eZTZ*~5Q3UpszqG}8U;8 z?AzPiw8=*j6;drzJwr-0WLas_g|qg3J~NPvrnDbLtjJ`$h24}xSQl*C*+W)!?X)jiK35B$vI~+KQuU(p z)M&{WM_DLH{S9=&QsU-5%r434Y(~t^Ta`5KsSXn7LgH-l=cWF1% zc4%=NQ)Bc7j6ra#Ka8n#0}T+)=?|P0x$(1A3g(k1=1*th@V@0N7Ej8b8H zP-I|~j8x5SM252=nq5-C_%^!05)Yh%ngDPDAWVzISxW&iLkooClnO8gpgbvNG&2O} zBv~Mq+2$Ocz4{A{I4A&bvP(?}_v;^=rSRq+&X%E(pS2^eCI5Xk@(vt?@3*CQIHOY{ z%4QB4_HJmaw*hX6M@;Vx0S~M=hr~T7pyW+ytaRr_Mu|eD7vmAwhMYChC_}Zkb0%c% zm9>73(dogFnb8)dF?zaV%i%mfaz$r6j|^gi(&pI(yO%-iUN*6N8N^N-9R?Mv@5*MK z)wj~Dds{Z^UX{)M^xA7y+nhVLTAHgX&6cmrcFT7y{Vna$U79sk_Ik7Cb){MJuHLL~ zQC-=hv8vV@bZ^V{+^c$X72}_|7hxT&%*-(EX0h+SiGE~PaFnI?i*~E1(KYgsOKW1! z5aY3S`(-Ru@f?Q{C+VyHe0BbI{7sxW{3{siS|cP!!!fja+qX z*mJ*qB^-vc^sn`t`coE@9w*?|d;rERwA<@(qS%FHKT;tXU%XXweT;T@dcFE)tG9vP zQUP0TQ23CbF^Mp@b8~oas^x*(78r%R{JFtmz^8@pl@IQTCbJ%QSLA1G?6SGy%2^UmIl10Qh zW}2&!`rs%oB2BNdITVwOk{A)r%}u#L+pZ(Sp6Wn@4{I;m*l-!o+yjf=jtw`;qN;m? zsnDgDbfVse0TT1_?@;6Q*M zp+KxK7cJCJR>&Gg@5~kHh-E^pLiCb=XD8f+a@IQykD28}=?_X9QsvaD1+CBVr4rSm zh$2E_OA7<)bk2#Gvn007zP9EipAN=OnCU113`r&QGquXiIF87)P%B!I>jUzM!_#!n z6s9cuL6trV&`$B;55!nSw1<-Q4Mi|z$7s}peN<(XKQmLik6%7lZ&VgP65VVYHqGNGwe2^@`-R36PD>~tpDA($7-y#+nz0uN>{#eJDEyRHl7wj znk!UFE0f8>Hl{D`RqWF}gmi#BW3Mv<=5l%`c%~p|R zJq5}@g!V@JNOxdh(HQs4I~o} z2LWDg8qsnCDih%#RFF0XgdocH;=lDmF_a(z4YbwJG7ETq!#C&PZQRBH#82gs{FV0p zn}REi;sZl*aEky4_S{F$IcrwdQWr;a-z&z}& z)~{NzcF`Q%#rE9P{hA_ z>I8g$2Fp=pvr_xDVQ?|m zwZOC5;!(YeeO!C5&1tWx;04@le^taYQr>+4@k*!uX^hq9@@BQbYNl8*rP=-^riuD6 zMtk}l{`gad%eT7<6I@6pA`H~4V*txL6_voTN(HKfjqQ05f=g>kvtxabWOf=5JJG#R z%J_t+ErW4PL*|~_!O>4YNt)2#f!;^;3!odO*gH5ml zPZ?*4_4)+2EKEca;nc2oHe!X2P4&(XV3D&}yep$Zl~crqCITklEJ;`al8{6nj~}p1a+U}s5fppR*%dna z`9L@oaH4}hpO{8Zh&28%36UfoA}5H{4&RHhwmaN=`af!hxN{HrbBXFPQ7_bd)@Zd2 zzhe8>x~VZbCKA)ky+4U?;=S$}$AJ=JJzCOo*X8$q^|l?>K_xQDlPPEE6BH%55boTk z0;g^-F!6eIWE!;{kEGq6gLw#!V(r>)*~gti4$Ha!v(RafFH#yqZe0zFX`hju5RI}Hv|)H!rQFdLdp*|@S0FLk%~gO=uW zq&*-8&V$E#f(*=u%Uz`@gM+Bi@ttF?YSMTeyYB1Tkl6y1Rhq${uHQN&1l-s&GG9~4 z+b=-5ic_`UimRqA0q*XlrEo-JjwT5+YR&-B{FVAuD&4BY814RbZ@By7<#2cS;@Rlw zUZo8mG(?4?S!f7badu6mYR~iLW3FgsZ%mha#0#<*qv}Ap7`h5*Wt+fq!Z8r!Fsppf z_LOmLvob*a2usm#zK+>U^xaN0wEJ_BA%^z5L%=|g7T{>}2*Bilog0XYd{8!am z#iITmw88A{3=c()t?VLt=qqy=yfG?w`bu{{8)vQ)?aAjReSqj_fF$$iv`qFaBW|6# zJHy?b(cUv#rZTeL;O_1{edfbyc;RYEvV|o6U@18$>x>L*l^4;?nFCO#1Jj8R|L#Y3a9_IcS z_2DwdXru;wUMcNFzt`gFD^pF zwHGU*FBdsc4GLY+efqS$ygbb$nGx<)Fn{S_c4J+s5dE#d z3B)r)IM21?Z?`5>R&AzM*1;fIkye=2PcY=Y^b!q~Z+)wg_qt!@P;W3Qxr4f(SEJ5* zZ-7d-_+=@JhE=kdtC>p}$ThucnizPEsRHk-(U&XV+MDd$?6Rg?W~(=n6^b^m)>p&Q znQH=-ygn6#+vlu(K2?kNLz!;w9#g8ezgO9vU|i2?b0cga3a+27r;J(v@Z(PTdv4j2 zK$e@eIwN%kpE6gE>J}vCS%O((2}9m8R{h(X$xvgwysOI-Ty=o?sKM(C}Op=?*)!GaSrbxLvtP4RJXi{)wK zMY&8ZCGJD?9-QP|C?uPig=N*UCdy+Ar5k+;a#Srg*i z7Bw>^e6}iPrm5RBQH88?(JG9qA%q~f6F6U+9NSFJ&Dl@FGJW+I&vcq+cXs~alJF}| zAp)f0?qK=y09QMkb;KX8#4bVq5MpbpMT=%jv4uuk+q@ft6elw(WcxC;YzCD9MsHGE z;@M5A>7buCsab|UT~WI-?HYzqc;EmlGesI#Hh{H2QK9}aP zSP$s5P~+C!Z3`n+tKW2#mIZ(9-j7}laNpi5sGegO@|YLZvj{InVXr^-A$xA ziYqqRUf|9L-&3^{d_|9%yP5#;mkt10y_L8H!#4wqc0EHCH>>7HC+%9t3t)PGi=d5) z+8wEuz^V6#Vk5-rl9SR(#d?I(uJvjGmF}cxz8DKnO^8J9scmiZGCY;KtD9M`yj38_&oRAl#9-Lk3x&_ZhjRxmXh%7 zs6|~Ge)}bv*Vi(CSAw4|gBCszuR9%-AyaP+%U&Y7H6R-(`PP7})9KnOQVot5rTJFc zR)twwM4`tj-rH6Cd*_dI|4v5`srA99Pm~u+NdHUiJqns%%$FeR_#{T5bK87QQo?aE zFu~An%Tp$MK`8kUZwD(!29|IUVUqu5K^D`=)oDsgeJT>6(5EC zt(wqWaFbP}MPv7(Hs8C#9*6_lwvsh(@cFBtAIb7Y5UQa+Zv>(q$n$1+EQ`^3BZ%P@ z=KeK=7TLO{fh#QV?`(rwjpzKx@9Ti5M_vAWljf1dD}UAeX}s9Zj|{#Jh)02rkpJy# z;P&OI(?a|oydj^r-CbJh<&X!iY%Q%&&!^V4o|gcvbC*mKvbD;aG-3C5-sv)aEpf7N zZ8UG$``N{OUx1dZV}22ndCY(Ho@He94Sbhgth4WrpJJ@D6N;B(EL5j5*~&`IJY=0K zhrPB|cs0S{>bOdzf5%?+1ym ze|ux1biJ>5rL=V*a!oJqMX+);4E}8)_`&kqVBN8kvWLknJxPOs*zb%pn&Thgr2caC zUrw01PDd6&%e8}j+FY%c!4E@f69bhJZ$9D{%9#Q>i2t$@ zhiRTbj9!=-<~C%*qHCXD*CR&z*#KI(?Qy^ZZ-WgkxAG!4@~cK}S!V*Dnj~583}Ok^ zX72UcnhP(nvJvm%%N0{)zKFXKRv{t1k_JmD(Fu{Y&S1ieQ!|CgS2Kt$H%x9Yd@Gju z8$w-vnP$oI-v;pBx$ME0#3g6f=q{GT_NF^I8K6~^t3g^qKT~pDD%!rRrlr^G6=gco zRX;7%^;%n@c7$782DOU{V#=*jL`<=j>WC?~o>HQpuxg^86~tSvrkGNlloiul>$fF{ ztX5wvy6sAgS7M1OV@tItH2P^HXSi>7t)z(?YFZ6Z-BgC`hp$smuTYq3=-otIw=Zrr z;CCmkmrK7jIPM-*@vLU&Yt_ViHP|heWNQ~V8nymU8m zPw>*%-Kf4zdUum~yF5eQjnHYNse2${b{E`aa_QZMlPWp*)^Rym=1F3c?1k(x-*7Tj zFgHe!Fk9yVd$Z~bm|AGvjp$9ixDN-*UiniKW4u+4;m|!Y}Q`dEUbHdlPe(r- z@4r5L|HClV8K!6^BrhV9H_{+avRM7qGu_2mj5bxDH_30V-%5P=>AttNTFaE#zuOD> zM%t~dFcDSBua9tESKX~|bLZMn!~3jnSeyP2Y6NiKJzHbW*(Hr_&it|gDiAagM$EQo z5}FUI87ha?bZ4-jQ#6xklV&BV{x$6_v|Gj3+<8O>9MY{QlvHm;VG?R7D*ABH3=V!d zl5?CPmXRSkN(dIjWID5j5u|-Vl0lhT4=a5geTyz}LSrmRnd(t!4l;Sf(VXB!&d(sV zHu`o{cDdyGIToN$xpI9+2a~eQxStKnMjWSmm7(tCUbotz8E`r$sD(ih@GmmUywLg1 zSr`WS2Tf|URFUh0yfW^HZ`jP5?>HRrc)BhVauFrZN2%yPdXT+`2id|C~1RQYQfBF zG(`oZU|1pm4doLTbjv$U;TI*QV=!$S7sSj8tXiT{J z1=$*1HCI>>#lTRqVZjPs9-M57Ep$mS@Zq^b<{V8aN#Zs}Sh`?UzS=n$ysKVb1bpTuUK_LZ0hMLQ=@KSYs4n5I1-$KGP|KRiO&b0a`JRHY@aMv!xHU zwbibHmXeI4l{M|&eRWCKhOV&HBJWqX)CH|tW4;2Vr9wwitPmF6DV$c-jQb&R*~mlC zxZc_tM6OZe&ZrFOmhY9sriF)~Z>6aYNXO|VB*}0Zc-HiZ* z^toz0?MXT(DZ4B+u4y3)PKM|w$O9YhBq~$qwl~kUJrLRTq`yKbu{#4rK$FRnvdodP zUM!H(yh{7vhNcQ!XSHns1WAI^LKZkl7KnUQI~ICLd=*svdC&X*)%Kq=GZHdSZrH|h z`_HrIFTShUfA)6vUOa!a|2)K_I1Stm2oZBsU9a9}PZz>gm77J*0G; zhzP+r{6c7eCRj%Eu`?W#k2&L#@UdrBR`A9Zqq9wdq#Yeb@N-g3D`l+69HZ-No1Fa~ z6&W=J{pQO>Yb7LeV9~irTfWw!c|ER~>lGrB{TrtV+U!h*8=|y@{y-VcVvt8&+~x zktEAGtAtgh*_;W@H&!nip6#GNz`}x{x@NXK*dB!2s4!7Gewzw#&^6vJh)v^9K@)%l#yu{Q(}i*O+4*d z>C>xb_PenK3g@{Z1!$ng%Aqjs>BATAPzNE-m^{m| zoR85+eVht-9l5pj3`_%;I2ohe9sN;69Oo6=bd(q6kAz|GG(>ysmA_*uF3Mj@rxFVx zN$MNA!N(&eXDKT(d8PwuRt@3pUl1CgQA{pJ-!@<8oJFDcVj)7Wd6A7So{CY#GKpzM zcpNHqiTNm@lTpl~3&NL`FpE(TgAC`j_bHaq{7f!#GDe)t$j3ZDp{alpH5!E9s)leO znHggL^@L{ARGy_&M9pvcwDB&2=wo}$_rQ0724XTP!tXD08GJ3%JWzgG2olMp@qS*+ zh)gDd8dR{qzId_Ic%S}OkfI)QYk)ElfT1+31TPxz6+Z=E24LhuGTv;D=h2xG8-W^v zL_w$JoI4^>KU9O)ZY7yCzPm=?z4%AF}~Si5?=QF{SNGQ?BZ+W zxBIR=e#u)fyT7rXW8?4jbzT1`3A`ldSp1VL4A{O|$@^Q?4|auj8Q*Ng%PoMX&$(J! z{=N#Lt|Wvj4Lrf_dRB-)udEZhZY1Eso-x^i+Exjg=mCJ+3ghol|Kg=MGl-T3?MQyC zEaP@9&fIO&4ok3C*bLnk_>)&r>xX*V_pt0&aNcTcdA}sBBMLG!kaLOFL8k#4RJ-@4 zys@-aN6TwOwjYjQt8Mpw<(h_5;uE;Bgf_t)VXB!cfo`3dF&zCx)CaV#`ZNyU9!MXn z%!K>U$HLsy;R37ZjK(qN=rk^`d%G7tKAIW zs$Bl6D3~5qwf3>Buj+e~XU2hdqwDKxk4)_n3$#pYz0qew{y;(+3(;&T7Afl=zat@QFW+=(l4q14V*sz^X19e`wy?*oE;v0 z8t?AxJ>Tiyj0MAH&O2s7eX4pZ{!4;*-Vy)79f0+i4=l4D=c#RG!e&jT^K3oK4c4H& zLw0q&>HM14Yaqv&>JgriCQZ7Zq<3QEFmD7LzdBN0HC%Q^O<%t|dOF9HL*t8ax%+04 zBoRw|{3}Ai@Q4OrIDU+NF#yJu@_mK<%DC&O0(St$}tzDWF}yxo-+-=g6BTEj?>tCI{*;n#}t1& zOW5p8(BBET>3*|<9FRIAV(Elt(BH|8jnzwz#X2sTtIhZAP26U+TPn}1-Y(i5W#mr^>YkoBrL20WduMyA@~Vutx$^XV$17#@po^CRyN>o(N!GG~E#E-WU6}hA zZsweH5$9!{2D-i+Z{sh|WZ&uLz+H|`-S~2!1LV1Q-*k-JlCP=8E&EGiFj=ZjY2sZDRC>jk65nSe zyF9zZe2gmUMX#|R%CQh~&RH>=`@0>rqs2n7i0X_0=5C@1CsZzzs;#k$Gj!&9Q6721 zHtOP~80IV<()^A96*OKBDPmcs_ef^jt@uOQQcRMhqOADJOiCn8%IpnE=wUWniL(8|oYo%dYhOB;}a7SAGVVhdZ zr%^Naev%xqSf`0X?!IaL+VucQJTumfZ@$^}To*3L;tV`x#%Oc+?UwgNPpO>w$W<;$ z-xymjF;)pJxQn=BysvA%>PY*l%Q=B15wWShcsFI-juPtZm2N5=F)o`byw2(qx>T#b zm~#5^`!^S4v90T@N?JU!Z+?zX1c}Ebcz|Ig7uTfv=3= z-Ha{huR|*KXC#xR;G79rLbAU+NYw&sj?LQp=c-flmv`J(_vild4*V`&3Z1Fo9uJz^ z#;WcQVGz+PLFETH90Jo5fKr;#!MxT7<4&2R0GuwzsILnT)e=ux`Puq}UX}iP-cm9^ z{nu~azBzsKdi}HLu)9gviWudjQlO!ix+&lo>^7wCiJ3GzzZ_l1R#(#T|2kryD`IxKaL#?sE)NHC#JkBwf!|s>< z^l9XvEUm-18~_;LcDt~ul1j#N8WSb3c#%cu#Z&l`rYFU8N9|ckmd;cPuH=w*!9HPclpb3d^ zAqWyIC8$&|H1|UMY#m+`!Yh+lC$^*lZB7=z*{|Q9sIoMhA(4}4YuG!SB2IK{egI-L zF=3+6!#gTnP*WY{R3Hq<8*DpsMtSxh@E5Tk-TW{`TEBOhKgRI_^n}bfO?RH4C610N z8p!ZilWbVVnjh3&u8Ev=x&4b6{6+L@uymu{#l@0cg=Io-bd>}&mH;)fFv5mibSc=e zuQAF{s~qBb*LK#i{mKhsEcZ_v;jq;o%=}^pd77@@# zR{M?X4x4LvtIG?cO_>bZ<$XRi8#GDw^W0M9)2ANJ^IFEy(CfqpBPtZPn9 zC@JKhjt7&424uPJ#26TYm2%AGfKA73`71gJ{2=5zUIA9MaqA_aLnk_{5q_*Rm%pyG znq6P(OQ5Y~?7pXYFSIc|P7LF%JwfUmI|z2&>G_=;#|+;$!C2#Cl_z~s8sCC(bj zaO9HA6k-i6rn;MX-?nO1i+Q!%1qO^&t?czj-8g7uK5!2)V((tI6`l}@t2Ju-oq?~7<%J~3 zsuLg_A!SttCb6}J@f(wx)$>QFeo^YZ z8`Im>n5;1xp5y)?}N8%8`m9r}6J1Ll8QhQ-QQCR_((t36}y0LbJS( z2!dm&Ro�k_^3CC{415&>@t_2#JLu7S?G5O)V@S&lTfR?|Cm?3Jb=C?>1S8J_dzTE4@9CLkM_|8&0;tg2UT|1J5`%XoKuMt`ny(hsX#PU zs|(Jw-^PhC2%Q9X53PZqa{N!4#p|7>c&hvBz^Ap3K0J6{FTwyD^wLMn?{IF;6Q-z= zc9jZ4gLoS;IVb#z3OH(TI+H%%U>wazMmVIDHNFGu980MRFnw;awq5O z4#}yhcwi7J4GWzI3Q*K#ZMR0cRK*^-X*NSc+vM;S76dByNA+aRb@*E#V8k5nJ%6Fd z)~@PyIGI#MZ;YuM{Q;P;hYOslok{?`>e8@MXxt4}H^-+Tb?%5vzEkc>LqDut_@}Ic;8Y!NUqasO8 zNW_VDgss1`_hyV&;?T>#v{#cU&9kO%$7rE5Dt)L{NCq)APbwu&*#$9Y#^Dp9W%V?o zI)>o^%Ov?I>s>7E@F&%Rp}toLI%h)eClm{P+06U71{uxT>tYm$Ip*X@-)yS569zw+ zJ2xIY=amddcn-}s4_6V2ED^CZ#aZl5bYRib?@GVYkvC|e3fI*u5SY)LQ|fgi3VNyF znDfdNDy_Q-F+hWXF7rJsuOm(pynr=z*;NefLS9E7E?(^OnegGOZdNP%0X>@R=XDSa z$6)L)xw}$+Ys)(;>K4w!%h<<@Y+w8&2p^*z|J4uLjd#aK+1ChzQ$)1Rj~A`Iud$83 zClu2e5iYwOyc?tb^)&(`G+&^8-)c#&@3VwWaI&Q#9FrLpQWYG5X+6#5VntC!6ptM> zBAnz*P|5fLefsqOZ+v!m_N!{(7l!z_@mb=TXS@%&=k!Ap(5(jA{$CNg8gTADn$sF% zpK;eRR!W)r&5pW&DKBXtlWMaf6U=9i^}@1*WS4dS_ILk2I|0Z$H^lnz`t0z?d8C6u z{U4lF0zZT8{FqFufs4x%(J{K*t$czCM-T-^>FfopC9ajGAX||aU^A2leQ6l}r3X)2 zzM#^CsNZH?n;3qNa}vRwq4(u=y+%7XBYBgqYK5&3HgtbZA5j}}6oUNl;oX~eZx7!c zo^GMd%}w{o9+rr$A(+*~)=(d#Y}wn*eqTx`)vk0~T7C0jqkYr7Y2EjOThh^rA_9xj zo9t3l%M8owC0#{z7_1sEZ(^0hx4M<(%Rxe?Bw9oX`H`^;hrN3{ZeNRPHCMNs&`XjL zA&xkkka76RWu?rJW>iv~yjI%635i%1t9G=={sRu^9VG)rE5dU%;N_#;ila`jy#l*R zp(S`#f!z=zNmIfKxdNqXsUEu-er#@c%@mooo>$WlJ*pl_}1nDRqatc2oc&R$;4-E!19zv-%pTP<{# zGq(fe&I4bAb<4TC6xvO3y7lZ`4)3ODi6TE;- zCudtdZ+6xw193Ns9Ll@>ulKHH`uauga`LW(+j+<Q&ht53t2UdLZ3x_!rCgkAk%L-{o^49`B}QO1umXWm6U{I zAN%)h;7OJcUf$L7e%=mh&Js3ToaAaXJz$xT9NUB)tsmEH@$>mqt@i&hcP=?g2#Blo z+gR@Zv-AABXZ83$yH8&{`u{x0Q!X}}!3(z_R0IA3%T5mi#lxAVTi`ZNFqa}wO}-r{ zx@tY_SS79Fq;LP1hq!!#qaiNjoN?p&Zi1POE_ZtuG>gaRprmcjk7v7v>QTQ$ZuAd7 zp6GR_WP2{^Mk$+~1=ks$A#gn~Xd@`-bv;(1zGLQPKwS#2?iW5rkZbXREYPM}+6=gF ztm?VdL_e@{#BOrF3xu2T`Ri7sY?IBcr`6-2f#rYhQZz)e z5Pg(J-rx4J+JNe1N9BdN-&|V&(J8GZ{dBZceD`9m! z${J}azed`L1YWY3lz)swP9pWo4i2OeD@&UWE6!K@3a*4QU-G3=RimhcABH!^cUAP! z4F{)f+@0KjX39$vKBD%kceUW2n4~i{H*9_4KGYii51T+6CK&pS8^DERBEkvHW}#+4 zYfziaBxkWLtGHs#8L>*psV%C#_RaGvyYE+}dwols{g559+*j!c` zQ*NL-20PX&+ixHdyYDI2+W$>V%$+s2fh+cZd%I8T`@g;KcJ?0ke-H6I?*Bg5{?7!k zy8Sk=5_IcfcY}d=Tz9=e?9#;j?ipD^j3cp?*Gq=Fhfs5;fBXHtC~ScBfq{Qgk22o9 ziPq~<2vsAHubcSx@qXx6_jFkQ1GlW#Yh%Uwzw=%F{^#D_&htn6?}I$oor8_Fo!{1C zwuMh|n~P<+B-#o$TnVd*v^A49B$;LB?xO52*HGIjIP)E&Ke~f-BT(LL@?j5dEpykI z|MldV9B}5YI~D|M%>Nsn{&rda z8~IGCHo z&T~;(v|dBO6C(e->U+Zkb{96Thc#k}oJ3j-T~alQKT;tXU%aI$tzXb;7SPay=kkY8 zie)r^TghSDiO9{IFRk9+9lUT|f~^1;?E`QkIhJI$82fk2JZ|SKNmwC=!jwb(W0oW| zoBgC+2-+{Mn2Ovl?k=(TFK>8}rS?<%yZR$l#~cdUnPNt%mNGk-!ME;J3g&IS<}^bQ z`nQ2P4$`XFhCVS~*5Oy~A9QT8p4y?MfqDk!Tk~%N`I~a^`hdK25kWw9{-ZMHNvy{^ zl=!wf4^`RMSYjv%=~Z>9z7M5e3&q(-eJ#uTsBevXJ-HXRCogmc6?{I|Bk z@?_40d{5*R;}?}lhR=|U|niD*vZ zA|bqb>A&*26aEjOU;CQ1&VBXOtJaVHBM<$o*8kz|=sTRzDG^fKWDl_F{AYLPyN3VA zqy6_`p6lycRO0GztC=_$3|#hID`2H4|5@%Y^ESv~*fIll49kA7Cn|GgJ` z&l>UnUp#%B{}1ta=fBIgg`148JRe@}J_0ueD^`TEnbGB*F(&-zF2NkJc;8)u`7>G; ztO5-^JjHxQq>EP^vbL!Ann+!`?viCWP4yOJOKEl-G70#c;*~L#@W<7a$}(YNi&u6+ z=J=B85EKa6U*$;Du4o3U28}yTc{dLJdpUg~E2@YNcc*QECiUlNXI#QWGv^N#p0ySUW^cX0I6UD6`T zi-#h_a?Bf4s75gHpy4>C3Ia|lcb;2zrA_wxOk1DT>p#tAoQNAK{^nWb|FN^XSNH#V z_Wb$d`u`Bmbv@*n9&A6AH`pl52W`*DImwBqG1yw=95{5vYh@fnV<9i$*3^T3rfmmm zZn;}jeWNBA@D;Vd_N2@P<5s-Vus&Ef&EPj%KE&%vx{jNysNV$S$}O~#Z*HlTeA9N2 zu#TZI0K^W)txiimkBf{&-Ed|lI37avw|aF6m%VPJ(Nl0`VtON!1_{cKYRQ~4A#2uT zQw+ZNCS6Dvq)0F14`NOB=-2intN?$HTK1z-a#A67S=G9t?OS5JdR&Gb6jso#GW;HU)(D-Uqs@3a% z9#8J~{Ac&+ci%P7f1W+A{}1s5&VOK9R8s+Ts&0i;P-+H2;Ez9LxQ0XJ-D)fX zAgXvgkSpldC86*4=^+1EoU)86%HEIv|L(J$#{JK|NB^IPdBXDlof+^(jKlI%YQqP| zI=4ez_8Xp28^VZj!XV#yd28UvLHaY_8||{)^U1CBT`jimXRqgc4!*LzouW~V-|86_ zI&f%v4u;P?3qRk}LH=`=5;-S@;Kj{SKrEO4yU%v&`v2bE?#`qC*MmHD)z1yK+UWYm zk9A~w1<0RKb?+$IYs7pg=|0mjg`0WBD(L7^OKdUW@@u3qt5lE46c>pE`$;$-lA}A6 z(YKz;L&O2X3E^^#j!8u5CE>3*%X1Q+yaLzpMPv zw9$3G$rQYZ6%!G0nrk+0nM;|A@n}?;a6`&QF^j~g zTzzOJ3D0mcaD_%22ET#H+A5yh1^M@z*7X~YK^un}&1DT9)tbwhR$Cr}*pn%w#3W6rqjy4n*{`b>~4K2yDW zT=A>CX(^=m%>Dhi;@>Tou3YhheEPWR--KTuSN*%-*yXE!kX;{F{^rW>bL->Ee>WWZ ze;1@6C-iqx;m-zZ{-%nZ2}RGpw|$Lpjw31;=v%ZieCf04?rJu@!aSqd>?`EbB}@u* zL31n+Cpemu7-0l7)GS(Z<~^|^v_D8lHk0!&iWT9~i=eX%CvfE@p+cfQC`WzNuPoJl z)c0gzA5|~7Xc!8F16Swt6OzTi<^KT5s_1TNIoy^BWs+&`HgdUAeTihg4a5Jpj5OR}vPSpOa0~S%FNmKYpmvFLN$7u*#O%*}M0iurhwyC! zI~nidoK-O6_<%y zVCjQt+!*cJyi=O5NQ?GU4JuX4J?<)3=RE07fhfk|-ylW)h-4m}JZ;~|esd{AH z+WqP-MUYilPxZ9%qBwRX+hGVooq+WeG)sACvtEjP3^ZYQE%+@sF@hz(@*5t@pU(Op z*4aYuA^zX)?#|Oj{J-7D_}>rmTsQMSSJT5TPXQfD)x1jEvngwDru21AUi-P#zp(yb zsd|SBTr0?X)#F^~$FE-o{%?Ld%l}*40aar>_r;_9e~721eBH_bP?Jk-mq==# zZ+VgAqyp{FY)R;}7(8AjS#gzwthhk3iaP^T2^?6}pl|}COS740kM~}#Na(O$4Es@A6r({y+O}uaW=h>ErtUFwb>M{wF_n^NIveC#L9K z5XgzhB~RejIxW22Z?NRr8) zSyH6rAi*>}Ch7%cSu@}jLS1U;@xGdq>@`Va~xgZ z84<(Y20EQnfkct(6KydkNrGkxo9LyVX0vTDYe;%YAhNRe9%pfH17&2USG&!elPUd3 zVm)F0duxb3WXS@t3~DNrz#TrJ85#D5uTRcSB;%yFfeu)jvJCxvaDrmWMQ=Exas>Zs z^n1g}?|cOR+86WLNd04fipy+N0-E6HqR7#dCPehU9g3^G_w8_kFM8h&Wvc#WoX&dR z{=dBq^fTs^6#^Z;ej|FroU{LsNcM&_CU~TabM~L!@KQu9CZitth|@eFLN#`%Nn2!8 zN+M)W{Ub)bZ%1cmBEz|uGkJD4`u3r1C~foq;KTdVVE(kD3K$%+bLdbBPXEX56B(8Tz51G3oX8lLSR`?Pwzzl5?Vda)~(kt)QGB zj3z~z+i#cJP=IKL&Y>I_j?RbZgb*n3OS6$*H?0fxjLLa20V}`aPR~=i%B*UI8UT1P znj~y8N-@pqjJsiQq1kK;O&Le5;HZ3OJD|3xV%Y0_$Rgr(&visV|46(IAMLybodZn> z;$%iLqIL`M5TSpw0!29U-j+2c3&e{Inm$kQ1wppRz!f?8asT-At^ zVQ+7UOk!eJ`-wp3IL}SH=c+77eJGKUt1_^M1vf-`A+gY}Xp$&07J|eG3#dp_JR?Zr znL^IEx(|C#hv=AGQgWr6XPgs}GwsjMNdkS%m{P20rntcv*kWtD3Kh8c z7Jvtl2H`iLM!{?3*nGK7D;9d$%n+f&DZ<&p&1*cJl1Puenpt{m#Wuq6e-xKj-y1CKYzCSxc)!L zvw=S3Bs;Yn;H@J+s>u#2L9cgOo%}Qt5+{j3zqC}og{<1@(F|P_6T&m1w}VDra${}T82 zY#wn-j&+u-wgML~Mc*`LdJ4xt-}lW0NhqL6{I5CTT46a?sGcKzn353^gFZVUTJ2$= z1+ghQk1vP07I`@n^N*ntJ;|MEdcMy|Y&e0W4E|8paR?OyTMkMIC zO3FwQE49Sq*+OW>q{5qC+ei>npITm}9}LJ74YHhT;k$?BTpAf<1_qhYmY!8Vyg`6`^eV8*5*=|INg5G> zVipyOV}LTZ(LBqY4UDER?F}YG$U$z~Q#&1jr({-O9*Y5 zC5|q{Rjo(E37khEmN|NtBWp+p z*}hDQh4R2xGnlq%7n-lsn+>S?JPmujZ{KK@`rENx*SvPHK-jB31hKF7-907q#@;6_6g|q7K;~xm zRjwj#p4zUC)w=ubw}w97emh1VPTw8@oyrT!LoW!ZnmBgUNQ_vPEMO-tB93#tP?b}W zU1gT^Lug0S-Zrz1ey8~b&7iseU@{{dZOS>PQwgtTJdd_?MKz2LyG_Xq{>UY3L3*G; z*j5-0u=50NwZ^ZT8xyw^CL}n3k{xDT$CV ziBiI6B;H1XAv#41R-h}K!6KQmm`)e4d9)k^;Sp3BkR>7~5tK+0L?ubZwmHvHqwQCN zj}_P#gydCDe@z99n?E5To=Q1o)vJtU116KaWY}>z10r`u=6yv785SBNMHhHcvat73 z^PGE8$@=H8uqSYuVaxNlT8sJ_Acbqi56^E9K@ZIfttGl;3@3sqG%smPgbvn#6J#!B zC;=jMM1u)Q*wwb8>6|2aIRg<*mF!aVuJE{JoFP)nX{wez4NE97PH;3Y3z=Et)%T4e z7SbA;Nx9yYh>YyiSvoln+~kB9M!lf$1;dhL_JighK{U$=iL)5<7_ma;1sKCZlV1#b zV6>VNEP;#y#hNv%(*IBfrD$np1Oa*|jrs|K-@{m|qgq&#c&Lk->Kf`V|DXv;SSgxs zOXrQL1~{+)w+t5M5H_|;wzu67MKo7S&My})@5VAEIUz>R@$Th{k*CdXHH?>zYI?f? zn<*par8idF&Z>#d?d>JS0)}ao1T~A>xtduy;c}r!a1JWZu=gX;)KDjk<#q#a6fd&`OmK98XlAr_+kXsOKQs|A8wyQ(_JGGBO5#b7trG4M7g6)<1;JLx>T(AB{)H36Jq16A$0?vw)h3bwP z1{%?t20!fe-VA42XZB4OzQn&`MPl?ugFVnybs6wgs*RCQp5y4bnW_W#?(XJkt3F}K zWS4qFp>pLPpy~)Va6EHk>aF_~{nO1`wW{eA;T$$4=jE=%KQcMOlw18z6}D^|kPn~@ znqRA??skt##kT~Dg^8X-W3}N;lzLA{+&JRn9i+m>U4{5%@(I2InlTu5(YSvZHrc zRm`opsMj$&T6{r}P^$$9^gO}ltg}wO9`Fh*c7~oXDlsDhb_Rl26}(ibpq-i~HSEF4 z`J{c}g!y9G4iFMm9<2{-cm;C^pDV3eDI@1K+=aG1H7Ao=<*oK&P*m#6`1$h}FL%$K zWoXztG@5sm5X?nYD7pcBB9z!MQqgJ>+rX!#u43B_C|GVuejtUy6J(ZNMvz%TTG3?* zF-EP_TDdcVJ&hBEwFdotk!nJVzm@9$zSO!R5$K4shzP-W%O=3HL1;^(56AlRmYQwO zVr_MY-KCY!@D~`tI1vzk1mO||JqKB8V}6FrNJ>!L={};mISA7xx3szSUcs|;lpP;9 z_+RhVL2IEYN!b{^XOfK3!5n8ZMRmrt9s_g-!|26JQTF~EiHPMy^m>OGVmv0Wi%V%n zQ~G;T8t0r|(uB;2(XIR;JASo)fFPn@Ntu%3Zj?Bg5>B#+jBuprKEQ>XXYlXuBR;{= zXiLjI%n8DIo>0y7)t)OR$6RWXINK@a&RvA2MQYhAE>~MW0E9+t-=l@miY0?h$q?KO zTyVnL`lsmzO~yn(E3A-$#>9@3f#yt0sxym#^9K+P(#5EjXB?YF*y}A&YOOtDsDt;m zQ}pC|sNFW{zTw=B^z!7)JRbFoxKj$9AuASwMHDN|OrLdVmwgaZ{@oA|nsOxfljO+y*?WDfeDy9K_}k&|3Q-mwyuyOS z=rt9Q+L|o7Ee?fbDTb)j$wG-|s0-AwCZzw5y(evM+sJZ0^H=oBQ)^2_QUou_+No4I zw$|}(l&Cz)q^4Xh6C|1P+!wgTg06C2}s=|f94OvC`?0ORX?x~|MB~)_rJXRkOhMkB)S=aLz|ZXY4nMq12bIAmr&iFP^TQneFZ+VCECUk><78M*B zw$8FR;!+VbB}{7rP_$6`yHuRs)$~Kr%!{N!ZhprGE)F1F=wOh?Cy=TA*(?$MXkz^% zs%xqE(m0Dpi2Px?P*k==tA-iH-6&$wxK7l10$5ohBCuz#TP_Q)hZ`4Y{ zl!XEJBY*-P&%;E-Agq(g)YaAvb&eLxxQd0I8RWboQ&!?ADq51lPjcQG>$HR}vW` zj940@PrqHFuGYG_b}Z;B_^Rx`sKjtZ1dz7_eSl zzN07~kd7FYj@yAM9Pw19ek!-;EW2@f{Zo0&s_XqdwjN|htkQt)W+ZxzD0d$qHvy=P z2*Nf>pzYdQ43sz7D{WkcxSx2$jh1bhciuNm%!K()$m@;_MS6d>iX%E4hPLmU$CUgQ zIx(P%A3I@NP(K9?($>KM+5Q%Ia#v&!1fvRdUsx4d+iVquhJQ0PI0QeWrmK3|C&9uL&U zrrKDUKN6+bkalE6q;ZBiwT^#hvn-hjiLpp=POsKJc%#BGm<2d;@c2o4W>nLhrD{sm zQK!|NRCeH;XTCBsuu{+2ecg^ykg$P3_QD}D+M_-s!_Z+9?Lzts z7?LbLm8(PRPb?r)Ag>+6lmOXFE+#lj1gT#E)+!AX2v8p!Fh7guCp+}cnv^D$yru{ZA%S(~%zsjK}{H3(P!fHNCdiY^hJwKika~c=cgA>W5C#%jLCUcIGW- zGKGtD*({SVCI}W_7v!NoUx@5^ z!gXSn5^h#GZfrm()=^MfC?^ocCT~M1&LG&}5j;jzDHxkon7KiELIFvHu^0?ja zde(JG#%yyaUdtSc*J^r7=f;1wYqj4w8z$n06Z6txR_M_VV>Y1g2RgWq!UG48@1lVf z3RjH%Flw?l5RAzDH09G-4(!0}WBOB1D4UCZ^Dsk{rZ#A@w}Qzu@x$v0@>zV+836Kd zKhO(&dD3j-`d*$Ym~;KEwIA4Px+58IPYE{xpZXa25KgB&2o(@19D+$h-A4^=Gm&D9 zB1=MfgNgE#{(5nK@$P z*{RlP5*`OU;eo3H;*9A?Pfs<-p1v#|DP!9{)K@l`=T;;)NcL|1 zB#@4iZCSp)tB%68XkvG&nd>jK{+C$XS``-3d;!_43sDKKeoW-e`oRq>LgZ7Fa6ecS zK1+3Qec@9C+F`=cm50RGM!iyf6yP8=XAlb3FD020d1LO zL46zfiBgQB1(a~5qBtL%9KgIDjy44|nXMeLlb*cnh>xd!9FDn6NtB2BKsppTO!Xvf zYPPcgy(1w=0R`c{$%r$LvlJtq3M(uHBbgKpIC`+W8~u~?0v%12k;nhe7^48$4+26p zspHHsf+}H-HsdIY)sY63DZPNE^1J< zo_SuU_pq{GBs!>$4h`Au8nW9{WLKx|T!-KU4v%riVToIMWPT~Z^lbrx#l64DKnK693Es~gmyunP_d^Oo>&+&%&8D#CFj9^ zgQjaNqX3#X4P#{E7&8DfR*qd1P#?4(?)cFPfH3+sML{Bc5aG>B1p( zrcVe=Ntp!Gq1yf+97C|NB92fVWM#>Vr(E-5sdjPFYkGvVeMK_PwI!IB1V?S3A4mDh zbZD=fazB>U)kl;-V~#>Y(FMwwKaz}T=mN#zF4!oOshC>82vhYiAJDzDlTcDYS4EwU zj;s(3T>}n@2~qjs2I+4sBygQ(o(&a5N5pTgfK= zoacyeld(%wsPzUZ1sMSw{2Bv@2u5S{g+IFxS)9rNYy3b@u>QRqm{)%iGQITE$;vk+ zA0<3p`HCS|KSQjmdZ#*(cwqN}xKRIP(_{aM|7b5`N4Jnr0_4L<)hqBC0y3p{1T34e zAty=J=H8XWS4eJ+7pO*H8W$*OJkXXGQ^En~M$z}XxL=cgqjc?kA`7N8VrHc%A0UTB9JyS zDVzgRh>#33i}@{2wAsK2s+CJGrnMd&T~)oNYh7x&L+zLrV0C%Sqa*e^XOr-H0;0WE z572T$1}(E6cC8xpP6+T$3EB`+OAc6*s-Z}e$vhmqIsf_m>io@s!dcVBj7ug3<&(r} zMcVX+na&Dg)dA8k4z80S7FUwJg>YFO03t!Yw>Pqk+Mo&~wRaOZ`F@U_s#8BRG?!LljXsDOT; zkYMYpQ2m#L1KR=1(A>oB-kcU@NfWUK678=J6A-lY^I=9Ql?7B+NReu(Muyk1A3b-n zo|R;R!L(d)AKJrSPs`oCKJ8*Uiv}j_*9vof5a3CfBq~Xn?`{%I7+)t`N^rkwZzL2} zfb1DakXY!v8Z{%9@J#C8!?=c0H}Ni$V4#Oon|B?Fp&x0n%{5z$vP8*Sku3zUV1qyY zU|+rrm|VoE{~2UWJ7JOJ=d1RQ%v!fdYw#qR>`E{$NB)d6{+Z~w4p4(#fKlo|2LJeD z!2TwZ@H&jGiRuS7`0~ZcPQ^u_Zg>rMLuInTeVH~qxNFad^=C|`{xz@Fp0O*grdT*0 za~PpfU+KDemaqEodEU289R1zW7RKLa97PGl+Je_ zi6lK^-HvyP3imH2l^z^61Zq&@k|5GlhoWsaSZd3DGC7*?sqcWJwS|G+GO!6XxZHt* zjU@f_dQA_ElVZ%~_@|@MplA$C_pg8Ocz$;N%Rdy5r;CVdPzTY)=}ppT{7*AU%3QOBa~ zI`%-$cWKD!w>o<}&fbo*x8rC#&J`I8G%XZksQ2n9OSp}7miV9z0yQ?rTcOMwj zgS73-WgEP#Hpnm%*T?Nv+dKB!$E_3RX~S!@JKAg8@Z(ryG1e70el{_iI1_2gtZj_#CdnG6p@J-(;7IWj&15*N3X#X!Y{p{p#iQ?^yZ- zl;eg!3y<|6p@`+6XJ{B-e|&NEKcs# zgTY{hVL&}@GAMXKDsCM4XFG*mzrRm4=&6_yR=wdfD_S<~&KXs4y@cm@?6t?B%i$a$)aQd|0aC zfrjSg)U)>6(BT$sqrkSibV>^6S?hLX3|l!aYspIg#z-F0VZKZVvia6D(jH!ADqhJV-?q-E>FVknZf&#Aax znGpkL_AzB*SkEbegWfKD z0L-DZ2l>v-)pZ3Qivzu`&zihROdB@p1(!!@G!yd)*8vt+X)c{pGet+8t*}6j;<9G! zl%c;lmFg_jy1~(H?ie)bRF2t}>UILTdl-+fv5oY@G9}nt0=jHIhe-Chn<$pAex@|O zk!y|e3@7wnx-=GwiCb+Fwiaq~Mk2QOrh_22!X>>vk?BExa0=qB7=EBV%TizJQWXfW zlBarxrz(w{h2!$*bWu-va577lO)Um+F2ZXF%10REA74D1;x9@HR=*rFnerLB1anCc zBF5l;TVHj9UBMd~;DRD^&K+~kIbNFHibf&jd>heWy_aQ{tM7^$3bMUn!TLOCS@t2B z45wL?`Y~79fw9;XEO8FmqT@Ywl16yKaXd#0%WY$xw+)=zw&NhTtMsD8V^=K3f=!dH zI-SDd0Ehw;9lA;l(r6{2-TFxY7C=7@Y4@xQ;)lqX1ImTF5^!G^tkJ!+1;%#@ed$|X za_=n5WwjM$0(B%q8|-X02yeeq@{V(-)w+vfe&L_fx`6{fcCM{inpO+mnEbsjK;+O9 zJsyW6W4a9JS(f` zmhC~h*!L1n;o6~6*M=3wU^%tfqYo{!TQDQBh7MCHTuAbuPKxHN&H6CTo&qcPBA8gnl_0(w& zbse>p@?@%`F$y{Cl0v~O0$~+NgQvL)B@RSCWB>4@&^Q4VjXW@49l$zW8(FjVOo^FT zZSroS25?&)gop_AH#5Tj*}i|UH|?+Uo{zz)1>`QfZz-Rdcn`K3bkOIzSYS znmJ3l)v9vg0+^@0v94U36{?y3@ulVjGr*tEu+{|KkEV+}pq0bqGS5U{1Jfr$rq5;7 zjcU1D+-T0v(B25a7Qmzn;zX&4M$IqGSl_H@E{ikZ$|X1Zs5OY83G8s=^+KhKWO2%q z8HCFy4dKpb1+spsuXHSs|0dK19Ct#52OU99YgyOQ2TGg8e{nt z;0GnYgo3XU%YfV63f0}!K+c~*C~w@q;cl6QO!*Xl&9S)(Mpwb8+}W`Yin-LCE4}LO zR6imF>x~8TfAw~j`2K2y@6?L>xZD|6v32E*%WYeJ)AC!kS}rJU)}~uk#5U(zRE2KU zO3iYdTSUgX_lw5?Ym;!OaxOu{sc7$9SO@wnpqrvK07{6 zviKNZrT;ah7~NQ}YdGa1Q`EgBEwCB$-6sf_o%@k};Sn&>UCPENX*HEvaVMAK+!NW& zts-m1E>>QcTIF2=Q>5_=RooVdm10KvHU!_ywr&%t|Yw6 zg^)0}KhvF%TdDuC%xXCbk8Rph!$HD(jIp}@ORLrHxAXO1+O1BvyRZMUi&iG2PpPCz7l19|WX^jw-o74Ool+ zts?*TPWpTN-${Gg_`XPUJuFcL9(MjK@ZWk=9wz>; z#s5y*E6V@<-d_ISNqf@x|EQdA-~O@&|BX`kxca~6bxZue)jQea|1O$M;8r5&nGQtf z0iJoS!qWP!Q;0`PL03Bne^n-+tEZTGZqueW{+2;PpMFvO8(!QzoqgpPY?}$`UmL>r zZB<)E|H00#v{I8-cRxn3PX6n4i}GK)zo-AZX-}KHLvoaQiV9yNms?s0!!a*mGU@7f zY+7jP4bmN}9)5@N=nDLw%>2eyWWaU!-#sbGfBnwh{@AV4!-|6+dJ^t^aeO>;4FZ0bZxI_Y>gZ2)fkjpU^GXbMVx8t22)EJv^KQPXi zhNe58i)lGfd6_5L9s)pr#twY^m-^X_>MBvD(r^~>2AP)b zEdZ>+|8~nO>Hprzp8xNpJ#G2_p7ddfCA7x00rz#}OZf|o7+;6+=NfbG&Bq~9E>pE) zo1dp6Q>#s?^w6eb>MEZjG2OOJRn6BJk>BB(c!8qX7aBufh9f6gBR2<}eevyz*;lM! z*(%noq`aESY5T$4k4HS9FPER4YNhjY&rpNJir&}ni~eAnTXX)|AEnE8hE@^fCWhte zaR;QBa{Sxrq_7nHYTZJ2~(m_44S{*Tx9I(z!Ri}oGre`^@P z*WU4`)mGrYh=K-js0NSckLdsLivAz(q_vO#*h%{a?Y}lFAQy*kMp+t%?*{=|0r0Mo zi+_H){PoSJcb8wzPESw&q=9O8#Q!Xb9@GC@&i`re?Y}!|e@gtPTOSbZ@tK~9ef!|% zR5ooDCH1d^Gj>2`-h=OiT&%!hSf$8%8{7!WJ7IWE&jJ#1^n-J_W3`%X;0ez z<5ZTmQ20gzA)=~V?XY0!`3}Q1x8By{KcysVNk9QiW3$x2wfg@_(f-@__VM4lY2OO| z6BJ%753AUt`+eFy@qeSR@U{HERpkHuPIqtr+ev%c_P;#=c_qf0PwjTd)P9@yo|7h`_t!}CQPupwn<^P?uZ-)Qds{qdd8uwIS zEA0;WpAC7$A0h&5uK#!1`~1({v~Pv~6BO=6fGxMX;Xe{yKTVTxn5BF}DzKja7xTZm z-QM2+x0CiQ;Xgv*D+7glD)8{O9{(e8Eo~Y5$Ke0nPQS$e+k5}tPTIGE{|~-dc25{8 z+e-Ww!%bOzWm|*)Ub~e4(Q3E$_P?F9CyoD6IOj2!@=`(K8KiH9Y3N69c;qks&PO5+ zbeV@4PeKux-+DE3A&dE~Q)6)NXO{4*Ny6nsL;>EpgIDW8biv!iAMwk4XI(YGBu!^; zIhB>d42RQ~r!VnO%<`LXKT0S6R;0!c!tG96W}^|8vM}-L9FnU+!Z6>6YTZ+xz=pcGI4C{h#8kUV9;K-}Y_a_H9e;{{sL3|Nnj` JjMxAy0|0T$e60Wg diff --git a/charts/netdata/values.yaml b/charts/netdata/values.yaml index 9669654b..998b3e97 100644 --- a/charts/netdata/values.yaml +++ b/charts/netdata/values.yaml @@ -454,7 +454,7 @@ child: # @section -- Child failureThreshold: 3 # -- How often (in seconds) to perform the liveness probe - # @section -- Child1.0 + # @section -- Child periodSeconds: 30 # -- Minimum consecutive successes for the liveness probe to be considered successful after having failed # @section -- Child @@ -871,14 +871,21 @@ netdataOpentelemetry: # -- Service annotations # @section -- Netdata OpenTelemetry annotations: {} - ## Only to be used with type LoadBalancer - # loadBalancerIP: 10.0.1.69 - # loadBalancerSourceRanges: [] - # externalTrafficPolicy: Local - ## Only to be used with type LoadBalancer and external traffic policy Local - # healthCheckNodePort: - ## Only to be used with type ClusterIP - # clusterIP: 10.1.2.3 + # -- Cluster IP address (only used with service.type ClusterIP) + # @section -- Netdata OpenTelemetry + clusterIP: "" + # -- LoadBalancer IP address (only used with service.type LoadBalancer) + # @section -- Netdata OpenTelemetry + loadBalancerIP: "" + # -- Allowed source ranges for LoadBalancer (only used with service.type LoadBalancer) + # @section -- Netdata OpenTelemetry + loadBalancerSourceRanges: [] + # -- External traffic policy (only used with service.type LoadBalancer) + # @section -- Netdata OpenTelemetry + externalTrafficPolicy: "" + # -- Health check node port (only used with service.type LoadBalancer and external traffic policy Local) + # @section -- Netdata OpenTelemetry + healthCheckNodePort: "" # -- Compute resources required by this Deployment # @section -- Netdata OpenTelemetry From 436a9ccb14331d063033388ffdbf9eee527ef91f Mon Sep 17 00:00:00 2001 From: Mateusz Date: Mon, 2 Feb 2026 13:30:41 +0100 Subject: [PATCH 10/10] adding security context --- charts/netdata/README.md | 27 +++++++++++++++++++ .../templates/netdata-otel/deployment.yaml | 5 ++++ charts/netdata/values.yaml | 11 ++++++++ 3 files changed, 43 insertions(+) diff --git a/charts/netdata/README.md b/charts/netdata/README.md index 20351ef8..b92df662 100644 --- a/charts/netdata/README.md +++ b/charts/netdata/README.md @@ -1845,6 +1845,33 @@ false + + + + + + + + + + + + + + + + + + diff --git a/charts/netdata/templates/netdata-otel/deployment.yaml b/charts/netdata/templates/netdata-otel/deployment.yaml index 5b4ef4cd..0d0b3d01 100644 --- a/charts/netdata/templates/netdata-otel/deployment.yaml +++ b/charts/netdata/templates/netdata-otel/deployment.yaml @@ -37,6 +37,8 @@ spec: {{ toYaml . | trim | indent 8 }} {{- end }} spec: + securityContext: + fsGroup: {{ .Values.netdataOpentelemetry.securityContext.fsGroup }} serviceAccountName: {{ .Values.serviceAccount.name }} restartPolicy: Always {{- if .Values.netdataOpentelemetry.priorityClassName }} @@ -122,6 +124,9 @@ spec: periodSeconds: {{ .Values.netdataOpentelemetry.readinessProbe.periodSeconds }} successThreshold: {{ .Values.netdataOpentelemetry.readinessProbe.successThreshold }} timeoutSeconds: {{ .Values.netdataOpentelemetry.readinessProbe.timeoutSeconds }} + securityContext: + runAsUser: {{ .Values.netdataOpentelemetry.securityContext.runAsUser }} + runAsGroup: {{ .Values.netdataOpentelemetry.securityContext.runAsGroup }} volumeMounts: - name: os-release mountPath: /host/etc/os-release diff --git a/charts/netdata/values.yaml b/charts/netdata/values.yaml index 998b3e97..73e3ecf8 100644 --- a/charts/netdata/values.yaml +++ b/charts/netdata/values.yaml @@ -930,6 +930,17 @@ netdataOpentelemetry: # @section -- Netdata OpenTelemetry timeoutSeconds: 1 + securityContext: + # -- The UID to run the container process + # @section -- Netdata OpenTelemetry + runAsUser: 201 + # -- The GID to run the container process + # @section -- Netdata OpenTelemetry + runAsGroup: 201 + # -- The supplementary group for setting permissions on volumes + # @section -- Netdata OpenTelemetry + fsGroup: 201 + # -- Duration in seconds the pod needs to terminate gracefully # @section -- Netdata OpenTelemetry terminationGracePeriodSeconds: 30
Service annotations
netdataOpentelemetry.service.clusterIPstring
+""
+
+		Cluster IP address (only used with service.type ClusterIP)
netdataOpentelemetry.service.loadBalancerIPstring
+""
+
+		LoadBalancer IP address (only used with service.type LoadBalancer)
netdataOpentelemetry.service.loadBalancerSourceRangeslist
+[]
+
+		Allowed source ranges for LoadBalancer (only used with service.type LoadBalancer)
netdataOpentelemetry.service.externalTrafficPolicystring
+""
+
+		External traffic policy (only used with service.type LoadBalancer)
netdataOpentelemetry.service.healthCheckNodePortstring
+""
+
+		Health check node port (only used with service.type LoadBalancer and external traffic policy Local)
netdataOpentelemetry.resources objectNumber of seconds after which the readiness probe times out
netdataOpentelemetry.securityContext.runAsUserint
+201
+
+		The UID to run the container process
netdataOpentelemetry.securityContext.runAsGroupint
+201
+
+		The GID to run the container process
netdataOpentelemetry.securityContext.fsGroupint
+201
+
+		The supplementary group for setting permissions on volumes
netdataOpentelemetry.terminationGracePeriodSeconds int