From b7d0b42bc66accd393667f2874767bf439a9f849 Mon Sep 17 00:00:00 2001 From: James Blair Date: Wed, 24 Aug 2022 16:39:28 +1200 Subject: [PATCH] First iteration of gitea helm chart. --- gitea/.drone.yml | 87 ++ gitea/.helmignore | 27 + gitea/.markdownlint.yaml | 151 +++ gitea/.markdownlintignore | 3 + gitea/.values.yaml.~undo-tree~ | 5 + gitea/CONTRIBUTING.md | 52 + gitea/Chart.lock | 15 + gitea/Chart.yaml | 46 + gitea/LICENSE | 24 + gitea/Makefile | 8 + gitea/README.md | 966 ++++++++++++++++++ gitea/charts/mariadb/.helmignore | 21 + gitea/charts/mariadb/Chart.lock | 6 + gitea/charts/mariadb/Chart.yaml | 30 + gitea/charts/mariadb/README.md | 391 +++++++ .../charts/mariadb/charts/common/.helmignore | 22 + gitea/charts/mariadb/charts/common/Chart.yaml | 23 + gitea/charts/mariadb/charts/common/README.md | 322 ++++++ .../charts/common/templates/_affinities.tpl | 94 ++ .../charts/common/templates/_capabilities.tpl | 95 ++ .../charts/common/templates/_errors.tpl | 20 + .../charts/common/templates/_images.tpl | 47 + .../charts/common/templates/_ingress.tpl | 42 + .../charts/common/templates/_labels.tpl | 18 + .../charts/common/templates/_names.tpl | 32 + .../charts/common/templates/_secrets.tpl | 129 +++ .../charts/common/templates/_storage.tpl | 23 + .../charts/common/templates/_tplvalues.tpl | 13 + .../charts/common/templates/_utils.tpl | 62 ++ .../charts/common/templates/_warnings.tpl | 14 + .../templates/validations/_cassandra.tpl | 72 ++ .../common/templates/validations/_mariadb.tpl | 103 ++ .../common/templates/validations/_mongodb.tpl | 108 ++ .../templates/validations/_postgresql.tpl | 131 +++ .../common/templates/validations/_redis.tpl | 72 ++ .../templates/validations/_validations.tpl | 46 + .../charts/mariadb/charts/common/values.yaml | 3 + ...lues-production-with-rbac-and-metrics.yaml | 33 + gitea/charts/mariadb/templates/NOTES.txt | 50 + gitea/charts/mariadb/templates/_helpers.tpl | 150 +++ .../charts/mariadb/templates/extra-list.yaml | 4 + .../mariadb/templates/primary/configmap.yaml | 18 + .../primary/initialization-configmap.yaml | 11 + .../charts/mariadb/templates/primary/pdb.yaml | 25 + .../templates/primary/statefulset.yaml | 338 ++++++ .../charts/mariadb/templates/primary/svc.yaml | 49 + gitea/charts/mariadb/templates/role.yaml | 21 + .../charts/mariadb/templates/rolebinding.yaml | 21 + .../templates/secondary/configmap.yaml | 18 + .../mariadb/templates/secondary/pdb.yaml | 25 + .../templates/secondary/statefulset.yaml | 311 ++++++ .../mariadb/templates/secondary/svc.yaml | 51 + gitea/charts/mariadb/templates/secrets.yaml | 39 + .../mariadb/templates/serviceaccount.yaml | 18 + .../mariadb/templates/servicemonitor.yaml | 41 + gitea/charts/mariadb/values.schema.json | 176 ++++ gitea/charts/mariadb/values.yaml | 870 ++++++++++++++++ gitea/charts/memcached/.helmignore | 21 + gitea/charts/memcached/Chart.lock | 6 + gitea/charts/memcached/Chart.yaml | 24 + gitea/charts/memcached/README.md | 224 ++++ .../memcached/charts/common/.helmignore | 22 + .../charts/memcached/charts/common/Chart.yaml | 23 + .../charts/memcached/charts/common/README.md | 322 ++++++ .../charts/common/templates/_affinities.tpl | 94 ++ .../charts/common/templates/_capabilities.tpl | 95 ++ .../charts/common/templates/_errors.tpl | 23 + .../charts/common/templates/_images.tpl | 47 + .../charts/common/templates/_ingress.tpl | 42 + .../charts/common/templates/_labels.tpl | 18 + .../charts/common/templates/_names.tpl | 32 + .../charts/common/templates/_secrets.tpl | 129 +++ .../charts/common/templates/_storage.tpl | 23 + .../charts/common/templates/_tplvalues.tpl | 13 + .../charts/common/templates/_utils.tpl | 62 ++ .../charts/common/templates/_warnings.tpl | 14 + .../templates/validations/_cassandra.tpl | 72 ++ .../common/templates/validations/_mariadb.tpl | 103 ++ .../common/templates/validations/_mongodb.tpl | 108 ++ .../templates/validations/_postgresql.tpl | 131 +++ .../common/templates/validations/_redis.tpl | 72 ++ .../templates/validations/_validations.tpl | 46 + .../memcached/charts/common/values.yaml | 3 + .../memcached/ci/values-production.yaml | 5 + gitea/charts/memcached/templates/NOTES.txt | 28 + gitea/charts/memcached/templates/_helpers.tpl | 95 ++ .../memcached/templates/deployment.yaml | 139 +++ .../memcached/templates/extra-list.yaml | 4 + gitea/charts/memcached/templates/secrets.yaml | 17 + gitea/charts/memcached/templates/service.yaml | 34 + .../memcached/templates/serviceaccount.yaml | 15 + .../memcached/templates/servicemonitor.yaml | 37 + .../memcached/templates/statefulset.yaml | 172 ++++ .../memcached/templates/svc-metrics.yaml | 26 + gitea/charts/memcached/values.yaml | 326 ++++++ gitea/charts/mysql/.helmignore | 21 + gitea/charts/mysql/Chart.yaml | 21 + gitea/charts/mysql/README.md | 272 +++++ gitea/charts/mysql/ci/values-production.yaml | 29 + .../docker-entrypoint-initdb.d/README.md | 3 + gitea/charts/mysql/templates/NOTES.txt | 62 ++ gitea/charts/mysql/templates/_helpers.tpl | 331 ++++++ .../templates/initialization-configmap.yaml | 22 + .../mysql/templates/master-configmap.yaml | 11 + .../mysql/templates/master-statefulset.yaml | 287 ++++++ gitea/charts/mysql/templates/master-svc.yaml | 38 + gitea/charts/mysql/templates/secrets.yaml | 34 + .../mysql/templates/serviceaccount.yaml | 13 + .../mysql/templates/servicemonitor.yaml | 28 + .../mysql/templates/slave-configmap.yaml | 11 + .../mysql/templates/slave-statefulset.yaml | 264 +++++ gitea/charts/mysql/templates/slave-svc.yaml | 40 + gitea/charts/mysql/values-production.yaml | 581 +++++++++++ gitea/charts/mysql/values.yaml | 580 +++++++++++ gitea/charts/postgresql/.helmignore | 21 + gitea/charts/postgresql/Chart.lock | 6 + gitea/charts/postgresql/Chart.yaml | 29 + gitea/charts/postgresql/README.md | 770 ++++++++++++++ .../postgresql/charts/common/.helmignore | 22 + .../postgresql/charts/common/Chart.yaml | 23 + .../charts/postgresql/charts/common/README.md | 322 ++++++ .../charts/common/templates/_affinities.tpl | 94 ++ .../charts/common/templates/_capabilities.tpl | 95 ++ .../charts/common/templates/_errors.tpl | 23 + .../charts/common/templates/_images.tpl | 47 + .../charts/common/templates/_ingress.tpl | 42 + .../charts/common/templates/_labels.tpl | 18 + .../charts/common/templates/_names.tpl | 32 + .../charts/common/templates/_secrets.tpl | 129 +++ .../charts/common/templates/_storage.tpl | 23 + .../charts/common/templates/_tplvalues.tpl | 13 + .../charts/common/templates/_utils.tpl | 62 ++ .../charts/common/templates/_warnings.tpl | 14 + .../templates/validations/_cassandra.tpl | 72 ++ .../common/templates/validations/_mariadb.tpl | 103 ++ .../common/templates/validations/_mongodb.tpl | 108 ++ .../templates/validations/_postgresql.tpl | 131 +++ .../common/templates/validations/_redis.tpl | 72 ++ .../templates/validations/_validations.tpl | 46 + .../postgresql/charts/common/values.yaml | 3 + .../postgresql/ci/commonAnnotations.yaml | 3 + .../charts/postgresql/ci/default-values.yaml | 1 + .../ci/shmvolume-disabled-values.yaml | 2 + gitea/charts/postgresql/files/README.md | 1 + .../charts/postgresql/files/conf.d/README.md | 4 + .../docker-entrypoint-initdb.d/README.md | 3 + gitea/charts/postgresql/templates/NOTES.txt | 59 ++ .../charts/postgresql/templates/_helpers.tpl | 337 ++++++ .../postgresql/templates/configmap.yaml | 31 + .../templates/extended-config-configmap.yaml | 26 + .../postgresql/templates/extra-list.yaml | 4 + .../templates/initialization-configmap.yaml | 25 + .../templates/metrics-configmap.yaml | 14 + .../postgresql/templates/metrics-svc.yaml | 26 + .../postgresql/templates/networkpolicy.yaml | 39 + .../templates/podsecuritypolicy.yaml | 38 + .../postgresql/templates/prometheusrule.yaml | 23 + gitea/charts/postgresql/templates/role.yaml | 20 + .../postgresql/templates/rolebinding.yaml | 20 + .../charts/postgresql/templates/secrets.yaml | 24 + .../postgresql/templates/serviceaccount.yaml | 12 + .../postgresql/templates/servicemonitor.yaml | 33 + .../templates/statefulset-readreplicas.yaml | 411 ++++++++ .../postgresql/templates/statefulset.yaml | 609 +++++++++++ .../postgresql/templates/svc-headless.yaml | 28 + .../charts/postgresql/templates/svc-read.yaml | 43 + gitea/charts/postgresql/templates/svc.yaml | 41 + gitea/charts/postgresql/values.schema.json | 103 ++ gitea/charts/postgresql/values.yaml | 824 +++++++++++++++ gitea/templates/NOTES.txt | 20 + gitea/templates/_helpers.tpl | 333 ++++++ gitea/templates/gitea/config.yaml | 172 ++++ gitea/templates/gitea/deprecation.yaml | 34 + gitea/templates/gitea/http-svc.yaml | 45 + gitea/templates/gitea/ingress.yaml | 58 ++ gitea/templates/gitea/init.yaml | 116 +++ gitea/templates/gitea/servicemonitor.yaml | 17 + gitea/templates/gitea/ssh-svc.yaml | 48 + gitea/templates/gitea/statefulset.yaml | 342 +++++++ .../templates/tests/test-http-connection.yaml | 15 + gitea/values.yaml | 474 +++++++++ 181 files changed, 17705 insertions(+) create mode 100644 gitea/.drone.yml create mode 100644 gitea/.helmignore create mode 100644 gitea/.markdownlint.yaml create mode 100644 gitea/.markdownlintignore create mode 100644 gitea/.values.yaml.~undo-tree~ create mode 100644 gitea/CONTRIBUTING.md create mode 100644 gitea/Chart.lock create mode 100644 gitea/Chart.yaml create mode 100644 gitea/LICENSE create mode 100644 gitea/Makefile create mode 100644 gitea/README.md create mode 100644 gitea/charts/mariadb/.helmignore create mode 100644 gitea/charts/mariadb/Chart.lock create mode 100644 gitea/charts/mariadb/Chart.yaml create mode 100644 gitea/charts/mariadb/README.md create mode 100644 gitea/charts/mariadb/charts/common/.helmignore create mode 100644 gitea/charts/mariadb/charts/common/Chart.yaml create mode 100644 gitea/charts/mariadb/charts/common/README.md create mode 100644 gitea/charts/mariadb/charts/common/templates/_affinities.tpl create mode 100644 gitea/charts/mariadb/charts/common/templates/_capabilities.tpl create mode 100644 gitea/charts/mariadb/charts/common/templates/_errors.tpl create mode 100644 gitea/charts/mariadb/charts/common/templates/_images.tpl create mode 100644 gitea/charts/mariadb/charts/common/templates/_ingress.tpl create mode 100644 gitea/charts/mariadb/charts/common/templates/_labels.tpl create mode 100644 gitea/charts/mariadb/charts/common/templates/_names.tpl create mode 100644 gitea/charts/mariadb/charts/common/templates/_secrets.tpl create mode 100644 gitea/charts/mariadb/charts/common/templates/_storage.tpl create mode 100644 gitea/charts/mariadb/charts/common/templates/_tplvalues.tpl create mode 100644 gitea/charts/mariadb/charts/common/templates/_utils.tpl create mode 100644 gitea/charts/mariadb/charts/common/templates/_warnings.tpl create mode 100644 gitea/charts/mariadb/charts/common/templates/validations/_cassandra.tpl create mode 100644 gitea/charts/mariadb/charts/common/templates/validations/_mariadb.tpl create mode 100644 gitea/charts/mariadb/charts/common/templates/validations/_mongodb.tpl create mode 100644 gitea/charts/mariadb/charts/common/templates/validations/_postgresql.tpl create mode 100644 gitea/charts/mariadb/charts/common/templates/validations/_redis.tpl create mode 100644 gitea/charts/mariadb/charts/common/templates/validations/_validations.tpl create mode 100644 gitea/charts/mariadb/charts/common/values.yaml create mode 100644 gitea/charts/mariadb/ci/values-production-with-rbac-and-metrics.yaml create mode 100644 gitea/charts/mariadb/templates/NOTES.txt create mode 100644 gitea/charts/mariadb/templates/_helpers.tpl create mode 100644 gitea/charts/mariadb/templates/extra-list.yaml create mode 100644 gitea/charts/mariadb/templates/primary/configmap.yaml create mode 100644 gitea/charts/mariadb/templates/primary/initialization-configmap.yaml create mode 100644 gitea/charts/mariadb/templates/primary/pdb.yaml create mode 100644 gitea/charts/mariadb/templates/primary/statefulset.yaml create mode 100644 gitea/charts/mariadb/templates/primary/svc.yaml create mode 100644 gitea/charts/mariadb/templates/role.yaml create mode 100644 gitea/charts/mariadb/templates/rolebinding.yaml create mode 100644 gitea/charts/mariadb/templates/secondary/configmap.yaml create mode 100644 gitea/charts/mariadb/templates/secondary/pdb.yaml create mode 100644 gitea/charts/mariadb/templates/secondary/statefulset.yaml create mode 100644 gitea/charts/mariadb/templates/secondary/svc.yaml create mode 100644 gitea/charts/mariadb/templates/secrets.yaml create mode 100644 gitea/charts/mariadb/templates/serviceaccount.yaml create mode 100644 gitea/charts/mariadb/templates/servicemonitor.yaml create mode 100644 gitea/charts/mariadb/values.schema.json create mode 100644 gitea/charts/mariadb/values.yaml create mode 100644 gitea/charts/memcached/.helmignore create mode 100644 gitea/charts/memcached/Chart.lock create mode 100644 gitea/charts/memcached/Chart.yaml create mode 100644 gitea/charts/memcached/README.md create mode 100644 gitea/charts/memcached/charts/common/.helmignore create mode 100644 gitea/charts/memcached/charts/common/Chart.yaml create mode 100644 gitea/charts/memcached/charts/common/README.md create mode 100644 gitea/charts/memcached/charts/common/templates/_affinities.tpl create mode 100644 gitea/charts/memcached/charts/common/templates/_capabilities.tpl create mode 100644 gitea/charts/memcached/charts/common/templates/_errors.tpl create mode 100644 gitea/charts/memcached/charts/common/templates/_images.tpl create mode 100644 gitea/charts/memcached/charts/common/templates/_ingress.tpl create mode 100644 gitea/charts/memcached/charts/common/templates/_labels.tpl create mode 100644 gitea/charts/memcached/charts/common/templates/_names.tpl create mode 100644 gitea/charts/memcached/charts/common/templates/_secrets.tpl create mode 100644 gitea/charts/memcached/charts/common/templates/_storage.tpl create mode 100644 gitea/charts/memcached/charts/common/templates/_tplvalues.tpl create mode 100644 gitea/charts/memcached/charts/common/templates/_utils.tpl create mode 100644 gitea/charts/memcached/charts/common/templates/_warnings.tpl create mode 100644 gitea/charts/memcached/charts/common/templates/validations/_cassandra.tpl create mode 100644 gitea/charts/memcached/charts/common/templates/validations/_mariadb.tpl create mode 100644 gitea/charts/memcached/charts/common/templates/validations/_mongodb.tpl create mode 100644 gitea/charts/memcached/charts/common/templates/validations/_postgresql.tpl create mode 100644 gitea/charts/memcached/charts/common/templates/validations/_redis.tpl create mode 100644 gitea/charts/memcached/charts/common/templates/validations/_validations.tpl create mode 100644 gitea/charts/memcached/charts/common/values.yaml create mode 100644 gitea/charts/memcached/ci/values-production.yaml create mode 100644 gitea/charts/memcached/templates/NOTES.txt create mode 100644 gitea/charts/memcached/templates/_helpers.tpl create mode 100644 gitea/charts/memcached/templates/deployment.yaml create mode 100644 gitea/charts/memcached/templates/extra-list.yaml create mode 100644 gitea/charts/memcached/templates/secrets.yaml create mode 100644 gitea/charts/memcached/templates/service.yaml create mode 100644 gitea/charts/memcached/templates/serviceaccount.yaml create mode 100644 gitea/charts/memcached/templates/servicemonitor.yaml create mode 100644 gitea/charts/memcached/templates/statefulset.yaml create mode 100644 gitea/charts/memcached/templates/svc-metrics.yaml create mode 100644 gitea/charts/memcached/values.yaml create mode 100644 gitea/charts/mysql/.helmignore create mode 100644 gitea/charts/mysql/Chart.yaml create mode 100644 gitea/charts/mysql/README.md create mode 100644 gitea/charts/mysql/ci/values-production.yaml create mode 100644 gitea/charts/mysql/files/docker-entrypoint-initdb.d/README.md create mode 100644 gitea/charts/mysql/templates/NOTES.txt create mode 100644 gitea/charts/mysql/templates/_helpers.tpl create mode 100644 gitea/charts/mysql/templates/initialization-configmap.yaml create mode 100644 gitea/charts/mysql/templates/master-configmap.yaml create mode 100644 gitea/charts/mysql/templates/master-statefulset.yaml create mode 100644 gitea/charts/mysql/templates/master-svc.yaml create mode 100644 gitea/charts/mysql/templates/secrets.yaml create mode 100644 gitea/charts/mysql/templates/serviceaccount.yaml create mode 100644 gitea/charts/mysql/templates/servicemonitor.yaml create mode 100644 gitea/charts/mysql/templates/slave-configmap.yaml create mode 100644 gitea/charts/mysql/templates/slave-statefulset.yaml create mode 100644 gitea/charts/mysql/templates/slave-svc.yaml create mode 100644 gitea/charts/mysql/values-production.yaml create mode 100644 gitea/charts/mysql/values.yaml create mode 100644 gitea/charts/postgresql/.helmignore create mode 100644 gitea/charts/postgresql/Chart.lock create mode 100644 gitea/charts/postgresql/Chart.yaml create mode 100644 gitea/charts/postgresql/README.md create mode 100644 gitea/charts/postgresql/charts/common/.helmignore create mode 100644 gitea/charts/postgresql/charts/common/Chart.yaml create mode 100644 gitea/charts/postgresql/charts/common/README.md create mode 100644 gitea/charts/postgresql/charts/common/templates/_affinities.tpl create mode 100644 gitea/charts/postgresql/charts/common/templates/_capabilities.tpl create mode 100644 gitea/charts/postgresql/charts/common/templates/_errors.tpl create mode 100644 gitea/charts/postgresql/charts/common/templates/_images.tpl create mode 100644 gitea/charts/postgresql/charts/common/templates/_ingress.tpl create mode 100644 gitea/charts/postgresql/charts/common/templates/_labels.tpl create mode 100644 gitea/charts/postgresql/charts/common/templates/_names.tpl create mode 100644 gitea/charts/postgresql/charts/common/templates/_secrets.tpl create mode 100644 gitea/charts/postgresql/charts/common/templates/_storage.tpl create mode 100644 gitea/charts/postgresql/charts/common/templates/_tplvalues.tpl create mode 100644 gitea/charts/postgresql/charts/common/templates/_utils.tpl create mode 100644 gitea/charts/postgresql/charts/common/templates/_warnings.tpl create mode 100644 gitea/charts/postgresql/charts/common/templates/validations/_cassandra.tpl create mode 100644 gitea/charts/postgresql/charts/common/templates/validations/_mariadb.tpl create mode 100644 gitea/charts/postgresql/charts/common/templates/validations/_mongodb.tpl create mode 100644 gitea/charts/postgresql/charts/common/templates/validations/_postgresql.tpl create mode 100644 gitea/charts/postgresql/charts/common/templates/validations/_redis.tpl create mode 100644 gitea/charts/postgresql/charts/common/templates/validations/_validations.tpl create mode 100644 gitea/charts/postgresql/charts/common/values.yaml create mode 100644 gitea/charts/postgresql/ci/commonAnnotations.yaml create mode 100644 gitea/charts/postgresql/ci/default-values.yaml create mode 100644 gitea/charts/postgresql/ci/shmvolume-disabled-values.yaml create mode 100644 gitea/charts/postgresql/files/README.md create mode 100644 gitea/charts/postgresql/files/conf.d/README.md create mode 100644 gitea/charts/postgresql/files/docker-entrypoint-initdb.d/README.md create mode 100644 gitea/charts/postgresql/templates/NOTES.txt create mode 100644 gitea/charts/postgresql/templates/_helpers.tpl create mode 100644 gitea/charts/postgresql/templates/configmap.yaml create mode 100644 gitea/charts/postgresql/templates/extended-config-configmap.yaml create mode 100644 gitea/charts/postgresql/templates/extra-list.yaml create mode 100644 gitea/charts/postgresql/templates/initialization-configmap.yaml create mode 100644 gitea/charts/postgresql/templates/metrics-configmap.yaml create mode 100644 gitea/charts/postgresql/templates/metrics-svc.yaml create mode 100644 gitea/charts/postgresql/templates/networkpolicy.yaml create mode 100644 gitea/charts/postgresql/templates/podsecuritypolicy.yaml create mode 100644 gitea/charts/postgresql/templates/prometheusrule.yaml create mode 100644 gitea/charts/postgresql/templates/role.yaml create mode 100644 gitea/charts/postgresql/templates/rolebinding.yaml create mode 100644 gitea/charts/postgresql/templates/secrets.yaml create mode 100644 gitea/charts/postgresql/templates/serviceaccount.yaml create mode 100644 gitea/charts/postgresql/templates/servicemonitor.yaml create mode 100644 gitea/charts/postgresql/templates/statefulset-readreplicas.yaml create mode 100644 gitea/charts/postgresql/templates/statefulset.yaml create mode 100644 gitea/charts/postgresql/templates/svc-headless.yaml create mode 100644 gitea/charts/postgresql/templates/svc-read.yaml create mode 100644 gitea/charts/postgresql/templates/svc.yaml create mode 100644 gitea/charts/postgresql/values.schema.json create mode 100644 gitea/charts/postgresql/values.yaml create mode 100644 gitea/templates/NOTES.txt create mode 100644 gitea/templates/_helpers.tpl create mode 100644 gitea/templates/gitea/config.yaml create mode 100644 gitea/templates/gitea/deprecation.yaml create mode 100644 gitea/templates/gitea/http-svc.yaml create mode 100644 gitea/templates/gitea/ingress.yaml create mode 100644 gitea/templates/gitea/init.yaml create mode 100644 gitea/templates/gitea/servicemonitor.yaml create mode 100644 gitea/templates/gitea/ssh-svc.yaml create mode 100644 gitea/templates/gitea/statefulset.yaml create mode 100644 gitea/templates/tests/test-http-connection.yaml create mode 100644 gitea/values.yaml diff --git a/gitea/.drone.yml b/gitea/.drone.yml new file mode 100644 index 0000000..d0244e3 --- /dev/null +++ b/gitea/.drone.yml @@ -0,0 +1,87 @@ +--- +kind: pipeline +type: docker +name: lint + +platform: + os: linux + arch: arm64 + +steps: +- name: helm lint + pull: always + image: alpine:3.16 + commands: + - apk add --no-cache -X http://dl-cdn.alpinelinux.org/alpine/edge/testing helm + - helm lint + +- name: helm template + pull: always + image: alpine:3.16 + commands: + - apk add --no-cache -X http://dl-cdn.alpinelinux.org/alpine/edge/testing helm + - helm dependency update + - helm template --debug gitea-helm . + +- name: verify readme + pull: always + image: alpine:3.16 + commands: + - apk add --no-cache -X http://dl-cdn.alpinelinux.org/alpine/edge/testing make npm git + - make readme + - git diff --exit-code --name-only README.md + +- name: discord + pull: always + image: appleboy/drone-discord:1.2.4 + environment: + DISCORD_WEBHOOK_ID: + from_secret: discord_webhook_id + DISCORD_WEBHOOK_TOKEN: + from_secret: discord_webhook_token + when: + status: + - changed + - failure + + +--- +kind: pipeline +type: docker +name: release-version + +platform: + os: linux + arch: arm64 + +trigger: + event: + - tag + +steps: +- name: generate-chart + pull: always + image: alpine:3.16 + commands: + - apk add --no-cache -X http://dl-cdn.alpinelinux.org/alpine/edge/testing helm + - apk add --no-cache curl + - helm dependency update + - helm package --version "${DRONE_TAG##v}" ./ + - mkdir gitea + - mv gitea*.tgz gitea/ + - curl -L -o gitea/index.yaml https://dl.gitea.io/charts/index.yaml + - helm repo index gitea/ --url https://dl.gitea.io/charts --merge gitea/index.yaml + +- name: upload-chart + pull: always + image: plugins/s3:latest + settings: + bucket: gitea-artifacts + endpoint: https://ams3.digitaloceanspaces.com + access_key: + from_secret: aws_access_key_id + secret_key: + from_secret: aws_secret_access_key + source: gitea/* + target: /charts + strip_prefix: gitea/ diff --git a/gitea/.helmignore b/gitea/.helmignore new file mode 100644 index 0000000..a8cc816 --- /dev/null +++ b/gitea/.helmignore @@ -0,0 +1,27 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ +node_modules/ +.npmrc +package.json +package-lock.json +.gitea/ diff --git a/gitea/.markdownlint.yaml b/gitea/.markdownlint.yaml new file mode 100644 index 0000000..a67574a --- /dev/null +++ b/gitea/.markdownlint.yaml @@ -0,0 +1,151 @@ +# markdownlint YAML configuration +# https://github.com/DavidAnson/markdownlint/blob/main/schema/.markdownlint.yaml + +# Default state for all rules +default: true + +# Path to configuration file to extend +extends: null + +# MD003/heading-style/header-style - Heading style +MD003: + # Heading style + style: "atx" + +# MD004/ul-style - Unordered list style +MD004: + style: "dash" + +# MD007/ul-indent - Unordered list indentation +MD007: + # Spaces for indent + indent: 2 + # Whether to indent the first level of the list + start_indented: false + +# MD009/no-trailing-spaces - Trailing spaces +MD009: + # Spaces for line break + br_spaces: 2 + # Allow spaces for empty lines in list items + list_item_empty_lines: false + # Include unnecessary breaks + strict: false + +# MD010/no-hard-tabs - Hard tabs +MD010: + # Include code blocks + code_blocks: true + +# MD012/no-multiple-blanks - Multiple consecutive blank lines +MD012: + # Consecutive blank lines + maximum: 1 + +# MD013/line-length - Line length +MD013: + # Number of characters + line_length: 80 + # Number of characters for headings + heading_line_length: 80 + # Number of characters for code blocks + code_block_line_length: 80 + # Include code blocks + code_blocks: false + # Include tables + tables: false + # Include headings + headings: true + # Include headings + headers: true + # Strict length checking + strict: false + # Stern length checking + stern: false + +# MD022/blanks-around-headings/blanks-around-headers - Headings should be surrounded by blank lines +MD022: + # Blank lines above heading + lines_above: 1 + # Blank lines below heading + lines_below: 1 + +# MD024/no-duplicate-heading/no-duplicate-header - Multiple headings with the same content +MD024: + # Only check sibling headings + allow_different_nesting: true + +# MD025/single-title/single-h1 - Multiple top-level headings in the same document +MD025: + # Heading level + level: 1 + # RegExp for matching title in front matter + front_matter_title: "^\\s*title\\s*[:=]" + +# MD026/no-trailing-punctuation - Trailing punctuation in heading +MD026: + # Punctuation characters + punctuation: ".,;:!。,;:!" + +# MD029/ol-prefix - Ordered list item prefix +MD029: + # List style + style: "one_or_ordered" + +# MD030/list-marker-space - Spaces after list markers +MD030: + # Spaces for single-line unordered list items + ul_single: 1 + # Spaces for single-line ordered list items + ol_single: 1 + # Spaces for multi-line unordered list items + ul_multi: 1 + # Spaces for multi-line ordered list items + ol_multi: 1 + +# MD033/no-inline-html - Inline HTML +MD033: + # Allowed elements + allowed_elements: [] + +# MD035/hr-style - Horizontal rule style +MD035: + # Horizontal rule style + style: "---" + +# MD036/no-emphasis-as-heading/no-emphasis-as-header - Emphasis used instead of a heading +MD036: + # Punctuation characters + punctuation: ".,;:!?。,;:!?" + +# MD041/first-line-heading/first-line-h1 - First line in a file should be a top-level heading +MD041: + # Heading level + level: 1 + # RegExp for matching title in front matter + front_matter_title: "^\\s*title\\s*[:=]" + +# MD044/proper-names - Proper names should have the correct capitalization +MD044: + # List of proper names + names: + - Gitea + - PostgreSQL + - MariaDB + - MySQL + - Memcached + - Prometheus + - Git + - GitOps + # Include code blocks + code_blocks: false + +# MD046/code-block-style - Code block style +MD046: + # Block style + style: "fenced" + +# MD048/code-fence-style - Code fence style +MD048: + # Code fence syle + style: "backtick" diff --git a/gitea/.markdownlintignore b/gitea/.markdownlintignore new file mode 100644 index 0000000..5922fa5 --- /dev/null +++ b/gitea/.markdownlintignore @@ -0,0 +1,3 @@ +.gitea/ +node_modules/ +charts/ diff --git a/gitea/.values.yaml.~undo-tree~ b/gitea/.values.yaml.~undo-tree~ new file mode 100644 index 0000000..27b0382 --- /dev/null +++ b/gitea/.values.yaml.~undo-tree~ @@ -0,0 +1,5 @@ +(undo-tree-save-format-version . 1) +"fd1fc1fc829c56e1b5eb58aa8667688a112c06b5" +[nil nil nil nil (25349 43110 20564 202000) 0 nil] +([nil current ((10308 . 10309) (10298 . 10308) (#("r" 0 1 (fontified t)) . -10298) (undo-tree-id0 . -1) (undo-tree-id1 . -1) (undo-tree-id2 . -1) (undo-tree-id3 . -1) (undo-tree-id4 . -1) (undo-tree-id5 . -1) (undo-tree-id6 . -1) (undo-tree-id7 . -1) (undo-tree-id8 . -1) (undo-tree-id9 . -1) (undo-tree-id10 . -1) (undo-tree-id11 . -1) (undo-tree-id12 . -1) (undo-tree-id13 . -1) (undo-tree-id14 . -1) (undo-tree-id15 . -1) (undo-tree-id16 . -1) (undo-tree-id17 . -1) (undo-tree-id18 . -1) (undo-tree-id19 . -1) (undo-tree-id20 . -1) (undo-tree-id21 . -1) (undo-tree-id22 . -1) (undo-tree-id23 . -1) (undo-tree-id24 . -1) (undo-tree-id25 . -1) (undo-tree-id26 . -1) (undo-tree-id27 . -1) (undo-tree-id28 . -1) (undo-tree-id29 . -1) (undo-tree-id30 . -1) (undo-tree-id31 . -1) (undo-tree-id32 . -1) (undo-tree-id33 . -1) (undo-tree-id34 . -1) (undo-tree-id35 . -1) (undo-tree-id36 . -1) (undo-tree-id37 . -1) (undo-tree-id38 . -1) (undo-tree-id39 . -1) (undo-tree-id40 . -1) (undo-tree-id41 . -1) (undo-tree-id42 . -1) (undo-tree-id43 . -1) (undo-tree-id44 . -1) (undo-tree-id45 . -1) (undo-tree-id46 . -1) (undo-tree-id47 . -1) (undo-tree-id48 . -1) (undo-tree-id49 . -1) (undo-tree-id50 . -1) (undo-tree-id51 . -1) (undo-tree-id52 . -1) (undo-tree-id53 . -1) (undo-tree-id54 . -1) (undo-tree-id55 . -1) (undo-tree-id56 . -1) (undo-tree-id57 . -1) (undo-tree-id58 . -1) (undo-tree-id59 . -1) (undo-tree-id60 . -1) (undo-tree-id61 . -1) (undo-tree-id62 . -1) (undo-tree-id63 . -1) (undo-tree-id64 . -1) (undo-tree-id65 . -1) (undo-tree-id66 . -1) (undo-tree-id67 . -1) (undo-tree-id68 . -1) (undo-tree-id69 . -1) (undo-tree-id70 . -1) (undo-tree-id71 . -1) (undo-tree-id72 . -1) (undo-tree-id73 . -1) (undo-tree-id74 . -1) (undo-tree-id75 . -1) (undo-tree-id76 . -1) (undo-tree-id77 . -1) (undo-tree-id78 . -1) (undo-tree-id79 . -1) (undo-tree-id80 . -1) (undo-tree-id81 . -1) (undo-tree-id82 . -1) (undo-tree-id83 . -1) (undo-tree-id84 . -1) (undo-tree-id85 . -1) (undo-tree-id86 . -1) (undo-tree-id87 . -1) (undo-tree-id88 . -1) (undo-tree-id89 . -1) (undo-tree-id90 . -1) (undo-tree-id91 . -1) (undo-tree-id92 . -1) (undo-tree-id93 . -1) (undo-tree-id94 . -1) (undo-tree-id95 . -1) (undo-tree-id96 . -1) (undo-tree-id97 . -1) (undo-tree-id98 . -1) (undo-tree-id99 . -1) (undo-tree-id100 . -1) (undo-tree-id101 . -1) (undo-tree-id102 . -1) (undo-tree-id103 . -1) (undo-tree-id104 . -1) (undo-tree-id105 . -1) (undo-tree-id106 . -1) (undo-tree-id107 . -1) (undo-tree-id108 . -1) (undo-tree-id109 . -1) (undo-tree-id110 . -1) (undo-tree-id111 . -1) (undo-tree-id112 . -1) (undo-tree-id113 . -1) (undo-tree-id114 . -1) (undo-tree-id115 . -1) (undo-tree-id116 . -1) (undo-tree-id117 . -1) (undo-tree-id118 . -1) (undo-tree-id119 . -1) (undo-tree-id120 . -1) (undo-tree-id121 . -1) (undo-tree-id122 . -1) (undo-tree-id123 . -1) (undo-tree-id124 . -1) (undo-tree-id125 . -1) (undo-tree-id126 . -1) (undo-tree-id127 . -1) (undo-tree-id128 . -1) (undo-tree-id129 . -1) (undo-tree-id130 . -1) (undo-tree-id131 . -1) (undo-tree-id132 . -1) (undo-tree-id133 . -1) (undo-tree-id134 . -1) (undo-tree-id135 . -1) (undo-tree-id136 . -1) (undo-tree-id137 . -1) (undo-tree-id138 . -1) (undo-tree-id139 . -1) (undo-tree-id140 . -1) (undo-tree-id141 . -1) (undo-tree-id142 . -1) (undo-tree-id143 . -1) (undo-tree-id144 . -1) (undo-tree-id145 . -1) (undo-tree-id146 . -1) (undo-tree-id147 . -1) (undo-tree-id148 . -1) (undo-tree-id149 . -1) (undo-tree-id150 . -1) (undo-tree-id151 . -1) (undo-tree-id152 . -1) (undo-tree-id153 . -1) (undo-tree-id154 . -1) (undo-tree-id155 . -1) (undo-tree-id156 . -1) (undo-tree-id157 . -1) (undo-tree-id158 . -1) (undo-tree-id159 . -1) (undo-tree-id160 . -1) (undo-tree-id161 . -1) (undo-tree-id162 . -1) (undo-tree-id163 . -1) (undo-tree-id164 . -1) (undo-tree-id165 . -1) (undo-tree-id166 . -1) (undo-tree-id167 . -1) (undo-tree-id168 . -1) (undo-tree-id169 . -1) (undo-tree-id170 . -1) (undo-tree-id171 . -1) (undo-tree-id172 . -1) (undo-tree-id173 . -1) (undo-tree-id174 . -1) (undo-tree-id175 . -1) (undo-tree-id176 . -1) (undo-tree-id177 . -1) (undo-tree-id178 . -1) (undo-tree-id179 . -1) (undo-tree-id180 . -1) (undo-tree-id181 . -1) (undo-tree-id182 . -1) (undo-tree-id183 . -1) (undo-tree-id184 . -1) (undo-tree-id185 . -1) (undo-tree-id186 . -1) (undo-tree-id187 . -1) (undo-tree-id188 . -1) (undo-tree-id189 . -1) (undo-tree-id190 . -1) (undo-tree-id191 . -1) (undo-tree-id192 . -1) (undo-tree-id193 . -1) (undo-tree-id194 . -1) (undo-tree-id195 . -1) (undo-tree-id196 . -1) (undo-tree-id197 . -1) (undo-tree-id198 . -1) (undo-tree-id199 . -1) (undo-tree-id200 . -1) (undo-tree-id201 . -1) (undo-tree-id202 . -1) (undo-tree-id203 . -1) (undo-tree-id204 . -1) (undo-tree-id205 . -1) (undo-tree-id206 . -1) (undo-tree-id207 . -1) (undo-tree-id208 . -1) (undo-tree-id209 . -1) (undo-tree-id210 . -1) (undo-tree-id211 . -1) (undo-tree-id212 . -1) (undo-tree-id213 . -1) (undo-tree-id214 . -1) (undo-tree-id215 . -1) (undo-tree-id216 . -1) (undo-tree-id217 . -1) (undo-tree-id218 . -1) (undo-tree-id219 . -1) (undo-tree-id220 . -1) (undo-tree-id221 . -1) (undo-tree-id222 . -1) (undo-tree-id223 . -1) (undo-tree-id224 . -1) (undo-tree-id225 . -1) (undo-tree-id226 . -1) (undo-tree-id227 . -1) (undo-tree-id228 . -1) (undo-tree-id229 . -1) (undo-tree-id230 . -1) (undo-tree-id231 . -1) (undo-tree-id232 . -1) (undo-tree-id233 . -1) (undo-tree-id234 . -1) (undo-tree-id235 . -1) (undo-tree-id236 . -1) (undo-tree-id237 . -1) (undo-tree-id238 . -1) (undo-tree-id239 . -1) (undo-tree-id240 . -1) (undo-tree-id241 . -1) (undo-tree-id242 . -1) (undo-tree-id243 . -1) (undo-tree-id244 . -1) (undo-tree-id245 . -1) (undo-tree-id246 . -1) (undo-tree-id247 . -1) (undo-tree-id248 . -1) (undo-tree-id249 . -1) (undo-tree-id250 . -1) (undo-tree-id251 . -1) (undo-tree-id252 . -1) (undo-tree-id253 . -1) (undo-tree-id254 . -1) (undo-tree-id255 . -1) (undo-tree-id256 . -1) (undo-tree-id257 . -1) (undo-tree-id258 . -1) (undo-tree-id259 . -1) (undo-tree-id260 . -1) (undo-tree-id261 . -1) (undo-tree-id262 . -1) (undo-tree-id263 . -1) (undo-tree-id264 . -1) (undo-tree-id265 . -1) (undo-tree-id266 . -1) (undo-tree-id267 . -1) (undo-tree-id268 . -1) (undo-tree-id269 . -1) (undo-tree-id270 . -1) (undo-tree-id271 . -1) (undo-tree-id272 . -1) (undo-tree-id273 . -1) (undo-tree-id274 . -1) (undo-tree-id275 . -1) (undo-tree-id276 . -1) (undo-tree-id277 . -1) (undo-tree-id278 . -1) (undo-tree-id279 . -1) (undo-tree-id280 . -1) (undo-tree-id281 . -1) (undo-tree-id282 . -1) (undo-tree-id283 . -1) (undo-tree-id284 . -1) (undo-tree-id285 . -1) (undo-tree-id286 . -1) (undo-tree-id287 . -1) (undo-tree-id288 . -1) (undo-tree-id289 . -1) (undo-tree-id290 . -1) (undo-tree-id291 . -1) (undo-tree-id292 . -1) (undo-tree-id293 . -1) (undo-tree-id294 . -1) (undo-tree-id295 . -1) (undo-tree-id296 . -1) (undo-tree-id297 . -1) (undo-tree-id298 . -1) (undo-tree-id299 . -1) (undo-tree-id300 . -1) (undo-tree-id301 . -1) (undo-tree-id302 . -1) (undo-tree-id303 . -1) (undo-tree-id304 . -1) (undo-tree-id305 . -1) (undo-tree-id306 . -1) (undo-tree-id307 . -1) (undo-tree-id308 . -1) (undo-tree-id309 . -1) (undo-tree-id310 . -1) (undo-tree-id311 . -1) (undo-tree-id312 . -1) (undo-tree-id313 . -1) (undo-tree-id314 . -1) (undo-tree-id315 . -1) (undo-tree-id316 . -1) (undo-tree-id317 . -1) (undo-tree-id318 . -1) (undo-tree-id319 . -1) (undo-tree-id320 . -1) (undo-tree-id321 . -1) (undo-tree-id322 . -1) (undo-tree-id323 . -1) (undo-tree-id324 . -1) (undo-tree-id325 . -1) (undo-tree-id326 . -1) (undo-tree-id327 . -1) (undo-tree-id328 . -1) (undo-tree-id329 . -1) (undo-tree-id330 . -1) (undo-tree-id331 . -1) (undo-tree-id332 . -1) (undo-tree-id333 . -1) (undo-tree-id334 . -1) (undo-tree-id335 . -1) (undo-tree-id336 . -1) (undo-tree-id337 . -1) (undo-tree-id338 . -1) (undo-tree-id339 . -1) (undo-tree-id340 . -1) (undo-tree-id341 . -1) (undo-tree-id342 . -1) (undo-tree-id343 . -1) (undo-tree-id344 . -1) (undo-tree-id345 . -1) (undo-tree-id346 . -1) (undo-tree-id347 . -1) (undo-tree-id348 . -1) (undo-tree-id349 . -1) (undo-tree-id350 . -1) (undo-tree-id351 . -1) (undo-tree-id352 . -1) (undo-tree-id353 . -1) (undo-tree-id354 . -1) (undo-tree-id355 . -1) (undo-tree-id356 . -1) (undo-tree-id357 . -1) (undo-tree-id358 . -1) (undo-tree-id359 . -1) (undo-tree-id360 . -1) (undo-tree-id361 . -1) (undo-tree-id362 . -1) (undo-tree-id363 . -1) (undo-tree-id364 . -1) (undo-tree-id365 . -1) (undo-tree-id366 . -1) (undo-tree-id367 . -1) (undo-tree-id368 . -1) (undo-tree-id369 . -1) (undo-tree-id370 . -1) (undo-tree-id371 . -1) (undo-tree-id372 . -1) (undo-tree-id373 . -1) (undo-tree-id374 . -1) (undo-tree-id375 . -1) (undo-tree-id376 . -1) (undo-tree-id377 . -1) (undo-tree-id378 . -1) (undo-tree-id379 . -1) (undo-tree-id380 . -1) (undo-tree-id381 . -1) (undo-tree-id382 . -1) (undo-tree-id383 . -1) (undo-tree-id384 . -1) (undo-tree-id385 . -1) (undo-tree-id386 . -1) (undo-tree-id387 . -1) (undo-tree-id388 . -1) (undo-tree-id389 . -1) (undo-tree-id390 . -1) (undo-tree-id391 . -1) (undo-tree-id392 . -1) (undo-tree-id393 . -1) (undo-tree-id394 . -1) (undo-tree-id395 . -1) (undo-tree-id396 . -1) (undo-tree-id397 . -1) (undo-tree-id398 . -1) (undo-tree-id399 . -1) (undo-tree-id400 . -1) (undo-tree-id401 . -1) (undo-tree-id402 . -1) (undo-tree-id403 . -1) (undo-tree-id404 . -1) (undo-tree-id405 . -1) (undo-tree-id406 . -1) (undo-tree-id407 . -1) (undo-tree-id408 . -1) (undo-tree-id409 . -1) (undo-tree-id410 . -1) (undo-tree-id411 . -1) (undo-tree-id412 . -1) (undo-tree-id413 . -1) (undo-tree-id414 . -1) (undo-tree-id415 . -1) (undo-tree-id416 . -1) (undo-tree-id417 . -1) (undo-tree-id418 . -1) (undo-tree-id419 . -1) (undo-tree-id420 . -1) (undo-tree-id421 . -1) (undo-tree-id422 . -1) (undo-tree-id423 . -1) (undo-tree-id424 . -1) (undo-tree-id425 . -1) (undo-tree-id426 . -1) (undo-tree-id427 . -1) (undo-tree-id428 . -1) (undo-tree-id429 . -1) (undo-tree-id430 . -1) (undo-tree-id431 . -1) (undo-tree-id432 . -1) (undo-tree-id433 . -1) (undo-tree-id434 . -1) (undo-tree-id435 . -1) (undo-tree-id436 . -1) (undo-tree-id437 . -1) (undo-tree-id438 . -1) (undo-tree-id439 . -1) (undo-tree-id440 . -1) (undo-tree-id441 . -1) (undo-tree-id442 . -1) (undo-tree-id443 . -1) (undo-tree-id444 . -1) (undo-tree-id445 . -1) (undo-tree-id446 . -1) (undo-tree-id447 . -1) (undo-tree-id448 . -1) (undo-tree-id449 . -1) (undo-tree-id450 . -1) (undo-tree-id451 . -1) (undo-tree-id452 . -1) (undo-tree-id453 . -1) (undo-tree-id454 . -1) (undo-tree-id455 . -1) (undo-tree-id456 . -1) (undo-tree-id457 . -1) (undo-tree-id458 . -1) (undo-tree-id459 . -1) (undo-tree-id460 . -1) (undo-tree-id461 . -1) (undo-tree-id462 . -1) (undo-tree-id463 . -1) (undo-tree-id464 . -1) (undo-tree-id465 . -1) (undo-tree-id466 . -1) (undo-tree-id467 . -1) (undo-tree-id468 . -1) (undo-tree-id469 . -1) (undo-tree-id470 . -1) (undo-tree-id471 . -1) (undo-tree-id472 . -1) (undo-tree-id473 . -1) (undo-tree-id474 . -1) (undo-tree-id475 . -1) (undo-tree-id476 . -1) (undo-tree-id477 . -1) (undo-tree-id478 . -1) (undo-tree-id479 . -1) (undo-tree-id480 . -1) (undo-tree-id481 . -1) (undo-tree-id482 . -1) (undo-tree-id483 . -1) (undo-tree-id484 . -1) (undo-tree-id485 . -1) (undo-tree-id486 . -1) (undo-tree-id487 . -1) (undo-tree-id488 . -1) (undo-tree-id489 . -1) (undo-tree-id490 . -1) (undo-tree-id491 . -1) (undo-tree-id492 . -1) (undo-tree-id493 . -1) (undo-tree-id494 . -1) (undo-tree-id495 . -1) (undo-tree-id496 . -1) (undo-tree-id497 . -1) (undo-tree-id498 . -1) (undo-tree-id499 . -1) (undo-tree-id500 . -1) (undo-tree-id501 . -1) (undo-tree-id502 . -1) (undo-tree-id503 . -1) (undo-tree-id504 . -1) (undo-tree-id505 . -1) (undo-tree-id506 . -1) (undo-tree-id507 . -1) (undo-tree-id508 . -1) (undo-tree-id509 . -1) (undo-tree-id510 . -1) (undo-tree-id511 . -1) (undo-tree-id512 . -1) (undo-tree-id513 . -1) (undo-tree-id514 . -1) (undo-tree-id515 . -1) (undo-tree-id516 . -1) (undo-tree-id517 . -1) (undo-tree-id518 . -1) (undo-tree-id519 . -1) (undo-tree-id520 . -1) (undo-tree-id521 . -1) (undo-tree-id522 . -1) (undo-tree-id523 . -1) (undo-tree-id524 . -1) (undo-tree-id525 . -1) (undo-tree-id526 . -1) (undo-tree-id527 . -1) (undo-tree-id528 . -1) (undo-tree-id529 . -1) (undo-tree-id530 . -1) (undo-tree-id531 . -1) (undo-tree-id532 . -1) (undo-tree-id533 . -1) (undo-tree-id534 . -1) (undo-tree-id535 . -1) (undo-tree-id536 . -1) (undo-tree-id537 . -1) (undo-tree-id538 . -1) (undo-tree-id539 . -1) (undo-tree-id540 . -1) (undo-tree-id541 . -1) (undo-tree-id542 . -1) (undo-tree-id543 . -1) (undo-tree-id544 . -1) (undo-tree-id545 . -1) (undo-tree-id546 . -1) (undo-tree-id547 . -1) (undo-tree-id548 . -1) (undo-tree-id549 . -1) (undo-tree-id550 . -1) (undo-tree-id551 . -1) (undo-tree-id552 . -1) (undo-tree-id553 . -1) (undo-tree-id554 . -1) (undo-tree-id555 . -1) (undo-tree-id556 . -1) (undo-tree-id557 . -1) (undo-tree-id558 . -1) (undo-tree-id559 . -1) (undo-tree-id560 . -1) (undo-tree-id561 . -1) (undo-tree-id562 . -1) (undo-tree-id563 . -1) (undo-tree-id564 . -1) (undo-tree-id565 . -1) (undo-tree-id566 . -1) (undo-tree-id567 . -1) (undo-tree-id568 . -1) (undo-tree-id569 . -1) (undo-tree-id570 . -1) (undo-tree-id571 . -1) (undo-tree-id572 . -1) (undo-tree-id573 . -1) (undo-tree-id574 . -1) (undo-tree-id575 . -1) (undo-tree-id576 . -1) (undo-tree-id577 . -1) (undo-tree-id578 . -1) (undo-tree-id579 . -1) (undo-tree-id580 . -1) (undo-tree-id581 . -1) (undo-tree-id582 . -1) (undo-tree-id583 . -1) (undo-tree-id584 . -1) (undo-tree-id585 . -1) (undo-tree-id586 . -1) (undo-tree-id587 . -1) (undo-tree-id588 . -1) (undo-tree-id589 . -1) (undo-tree-id590 . -1) (undo-tree-id591 . -1) (undo-tree-id592 . -1) (undo-tree-id593 . -1) (undo-tree-id594 . -1) (undo-tree-id595 . -1) (undo-tree-id596 . -1) (undo-tree-id597 . -1) (undo-tree-id598 . -1) (undo-tree-id599 . -1) (undo-tree-id600 . -1) (undo-tree-id601 . -1) (undo-tree-id602 . -1) (undo-tree-id603 . -1) (undo-tree-id604 . -1) (undo-tree-id605 . -1) (undo-tree-id606 . -1) (undo-tree-id607 . -1) (undo-tree-id608 . -1) (undo-tree-id609 . -1) (undo-tree-id610 . -1) (undo-tree-id611 . -1) (undo-tree-id612 . -1) (undo-tree-id613 . -1) (undo-tree-id614 . -1) (undo-tree-id615 . -1) (undo-tree-id616 . -1) (undo-tree-id617 . -1) (undo-tree-id618 . -1) (undo-tree-id619 . -1) (undo-tree-id620 . -1) (undo-tree-id621 . -1) (undo-tree-id622 . -1) (undo-tree-id623 . -1) (undo-tree-id624 . -1) (undo-tree-id625 . -1) (undo-tree-id626 . -1) (undo-tree-id627 . -1) (undo-tree-id628 . -1) (undo-tree-id629 . -1) (undo-tree-id630 . -1) (undo-tree-id631 . -1) (undo-tree-id632 . -1) (undo-tree-id633 . -1) (undo-tree-id634 . -1) (undo-tree-id635 . -1) (undo-tree-id636 . -1) (undo-tree-id637 . -1) (undo-tree-id638 . -1) (undo-tree-id639 . -1) (undo-tree-id640 . -1) (undo-tree-id641 . -1) (undo-tree-id642 . -1) (undo-tree-id643 . -1) (undo-tree-id644 . -1) (undo-tree-id645 . -1) (undo-tree-id646 . -1) (undo-tree-id647 . -1) (undo-tree-id648 . -1) (undo-tree-id649 . -1) (undo-tree-id650 . -1) (undo-tree-id651 . -1) (undo-tree-id652 . -1) (undo-tree-id653 . -1) (undo-tree-id654 . -1) (undo-tree-id655 . -1) (undo-tree-id656 . -1) (undo-tree-id657 . -1) (undo-tree-id658 . -1) (undo-tree-id659 . -1) (undo-tree-id660 . -1) (undo-tree-id661 . -1) (undo-tree-id662 . -1) (undo-tree-id663 . -1) (undo-tree-id664 . -1) (undo-tree-id665 . -1) (undo-tree-id666 . -1) (undo-tree-id667 . -1) (undo-tree-id668 . -1) (undo-tree-id669 . -1) (undo-tree-id670 . -1) (undo-tree-id671 . -1) (undo-tree-id672 . -1) (undo-tree-id673 . -1) (undo-tree-id674 . -1) (undo-tree-id675 . -1) (undo-tree-id676 . -1) (undo-tree-id677 . -1) (undo-tree-id678 . -1) (undo-tree-id679 . -1) (undo-tree-id680 . -1) (undo-tree-id681 . -1) (undo-tree-id682 . -1) (undo-tree-id683 . -1) (undo-tree-id684 . -1) (undo-tree-id685 . -1) (undo-tree-id686 . -1) (undo-tree-id687 . -1) (undo-tree-id688 . -1) (undo-tree-id689 . -1) (undo-tree-id690 . -1) (undo-tree-id691 . -1) (undo-tree-id692 . -1) (undo-tree-id693 . -1) (undo-tree-id694 . -1) (undo-tree-id695 . -1) (undo-tree-id696 . -1) (undo-tree-id697 . -1) (undo-tree-id698 . -1) (undo-tree-id699 . -1) (undo-tree-id700 . -1) (undo-tree-id701 . -1) (undo-tree-id702 . -1) (undo-tree-id703 . -1) (undo-tree-id704 . -1) (undo-tree-id705 . -1) (undo-tree-id706 . -1) (undo-tree-id707 . -1) (undo-tree-id708 . -1) (undo-tree-id709 . -1) (undo-tree-id710 . -1) (undo-tree-id711 . -1) (undo-tree-id712 . -1) (undo-tree-id713 . -1) (undo-tree-id714 . -1) (undo-tree-id715 . -1) (undo-tree-id716 . -1) (undo-tree-id717 . -1) (undo-tree-id718 . -1) (undo-tree-id719 . -1) (undo-tree-id720 . -1) (undo-tree-id721 . -1) (undo-tree-id722 . -1) (undo-tree-id723 . -1) (undo-tree-id724 . -1) (undo-tree-id725 . -1) (undo-tree-id726 . -1) (undo-tree-id727 . -1) (undo-tree-id728 . -1) (undo-tree-id729 . -1) (undo-tree-id730 . -1) (undo-tree-id731 . -1) (undo-tree-id732 . -1) (undo-tree-id733 . -1) (undo-tree-id734 . -1) (undo-tree-id735 . -1) (undo-tree-id736 . -1) (undo-tree-id737 . -1) (undo-tree-id738 . -1) (undo-tree-id739 . -1) (undo-tree-id740 . -1) (undo-tree-id741 . -1) (undo-tree-id742 . -1) (undo-tree-id743 . -1) (undo-tree-id744 . -1) (undo-tree-id745 . -1) (undo-tree-id746 . -1) (undo-tree-id747 . -1) (undo-tree-id748 . -1) (undo-tree-id749 . -1) (undo-tree-id750 . -1) (undo-tree-id751 . -1) (undo-tree-id752 . -1) (undo-tree-id753 . -1) (undo-tree-id754 . -1) (undo-tree-id755 . -1) (undo-tree-id756 . -1) (undo-tree-id757 . -1) (undo-tree-id758 . -1) (undo-tree-id759 . -1) (undo-tree-id760 . -1) (undo-tree-id761 . -1) (undo-tree-id762 . -1) (undo-tree-id763 . -1) (undo-tree-id764 . -1) (undo-tree-id765 . -1) (undo-tree-id766 . -1) (undo-tree-id767 . -1) (undo-tree-id768 . -1) (undo-tree-id769 . -1) (undo-tree-id770 . -1) (undo-tree-id771 . -1) (undo-tree-id772 . -1) (undo-tree-id773 . -1) (undo-tree-id774 . -1) (undo-tree-id775 . -1) (undo-tree-id776 . -1) (undo-tree-id777 . -1) (undo-tree-id778 . -1) (undo-tree-id779 . -1) (undo-tree-id780 . -1) (undo-tree-id781 . -1) (undo-tree-id782 . -1) (undo-tree-id783 . -1) (undo-tree-id784 . -1) (undo-tree-id785 . -1) (undo-tree-id786 . -1) (undo-tree-id787 . -1) (undo-tree-id788 . -1) (undo-tree-id789 . -1) (undo-tree-id790 . -1) (undo-tree-id791 . -1) (undo-tree-id792 . -1) (undo-tree-id793 . -1) (undo-tree-id794 . -1) (undo-tree-id795 . -1) (undo-tree-id796 . -1) (undo-tree-id797 . -1) (undo-tree-id798 . -1) (undo-tree-id799 . -1) (undo-tree-id800 . -1) (undo-tree-id801 . -1) (undo-tree-id802 . -1) (undo-tree-id803 . -1) (undo-tree-id804 . -1) (undo-tree-id805 . -1) (undo-tree-id806 . -1) (undo-tree-id807 . -1) (undo-tree-id808 . -1) (undo-tree-id809 . -1) (undo-tree-id810 . -1) (undo-tree-id811 . -1) (undo-tree-id812 . -1) (undo-tree-id813 . -1) (undo-tree-id814 . -1) (undo-tree-id815 . -1) (undo-tree-id816 . -1) (undo-tree-id817 . -1) (undo-tree-id818 . -1) (undo-tree-id819 . -1) (undo-tree-id820 . -1) (undo-tree-id821 . -1) (undo-tree-id822 . -1) (undo-tree-id823 . -1) (undo-tree-id824 . -1) (undo-tree-id825 . -1) (undo-tree-id826 . -1) (undo-tree-id827 . -1) (undo-tree-id828 . -1) (undo-tree-id829 . -1) (undo-tree-id830 . -1) (undo-tree-id831 . -1) (undo-tree-id832 . -1) (undo-tree-id833 . -1) (undo-tree-id834 . -1) (undo-tree-id835 . -1) (undo-tree-id836 . -1) (undo-tree-id837 . -1) (undo-tree-id838 . -1) (undo-tree-id839 . -1) (undo-tree-id840 . -1) (undo-tree-id841 . -1) (undo-tree-id842 . -1) (undo-tree-id843 . -1) (undo-tree-id844 . -1) (undo-tree-id845 . -1) (undo-tree-id846 . -1) (undo-tree-id847 . -1) (undo-tree-id848 . -1) (undo-tree-id849 . -1) (undo-tree-id850 . -1) (undo-tree-id851 . -1) (undo-tree-id852 . -1) (undo-tree-id853 . -1) (undo-tree-id854 . -1) (undo-tree-id855 . -1) (undo-tree-id856 . -1) (undo-tree-id857 . -1) (undo-tree-id858 . -1) (undo-tree-id859 . -1) (undo-tree-id860 . -1) (undo-tree-id861 . -1) (undo-tree-id862 . -1) (undo-tree-id863 . -1) (undo-tree-id864 . -1) (undo-tree-id865 . -1) (undo-tree-id866 . -1) (undo-tree-id867 . -1) (undo-tree-id868 . -1) (undo-tree-id869 . -1) (undo-tree-id870 . -1) (undo-tree-id871 . -1) (undo-tree-id872 . -1) (undo-tree-id873 . -1) (undo-tree-id874 . -1) (undo-tree-id875 . -1) (undo-tree-id876 . -1) (undo-tree-id877 . -1) (undo-tree-id878 . -1) (undo-tree-id879 . -1) (undo-tree-id880 . -1) (undo-tree-id881 . -1) (undo-tree-id882 . -1) (undo-tree-id883 . -1) (undo-tree-id884 . -1) (undo-tree-id885 . -1) (undo-tree-id886 . -1) (undo-tree-id887 . -1) (undo-tree-id888 . -1) (undo-tree-id889 . -1) (undo-tree-id890 . -1) (undo-tree-id891 . -1) (undo-tree-id892 . -1) (undo-tree-id893 . -1) (undo-tree-id894 . -1) (undo-tree-id895 . -1) (undo-tree-id896 . -1) (undo-tree-id897 . -1) (undo-tree-id898 . -1) (undo-tree-id899 . -1) (undo-tree-id900 . -1) (undo-tree-id901 . -1) (undo-tree-id902 . -1) (undo-tree-id903 . -1) (undo-tree-id904 . -1) (undo-tree-id905 . -1) (undo-tree-id906 . -1) (undo-tree-id907 . -1) (undo-tree-id908 . -1) (undo-tree-id909 . -1) (undo-tree-id910 . -1) (undo-tree-id911 . -1) (undo-tree-id912 . -1) (undo-tree-id913 . -1) (undo-tree-id914 . -1) (undo-tree-id915 . -1) (undo-tree-id916 . -1) (undo-tree-id917 . -1) (undo-tree-id918 . -1) (undo-tree-id919 . -1) (undo-tree-id920 . -1) (undo-tree-id921 . -1) (undo-tree-id922 . -1) (undo-tree-id923 . -1) (undo-tree-id924 . -1) (undo-tree-id925 . -1) (undo-tree-id926 . -1) (undo-tree-id927 . -1) (undo-tree-id928 . -1) (undo-tree-id929 . -1) (undo-tree-id930 . -1) (undo-tree-id931 . -1) (undo-tree-id932 . -1) (undo-tree-id933 . -1) (undo-tree-id934 . -1) (undo-tree-id935 . -1) (undo-tree-id936 . -1) (undo-tree-id937 . -1) (undo-tree-id938 . -1) (undo-tree-id939 . -1) (undo-tree-id940 . -1) (undo-tree-id941 . -1) (undo-tree-id942 . -1) (undo-tree-id943 . -1) (undo-tree-id944 . -1) (undo-tree-id945 . -1) (undo-tree-id946 . -1) (undo-tree-id947 . -1) (undo-tree-id948 . -1) (undo-tree-id949 . -1) (undo-tree-id950 . -1) (undo-tree-id951 . -1) (undo-tree-id952 . -1) (undo-tree-id953 . -1) (undo-tree-id954 . -1) (undo-tree-id955 . -1) (undo-tree-id956 . -1) (undo-tree-id957 . -1) (undo-tree-id958 . -1) (undo-tree-id959 . -1) (undo-tree-id960 . -1) (undo-tree-id961 . -1) (undo-tree-id962 . -1) (undo-tree-id963 . -1) (undo-tree-id964 . -1) (undo-tree-id965 . -1) (undo-tree-id966 . -1) (undo-tree-id967 . -1) (undo-tree-id968 . -1) (undo-tree-id969 . -1) (undo-tree-id970 . -1) (undo-tree-id971 . -1) (undo-tree-id972 . -1) (undo-tree-id973 . -1) (undo-tree-id974 . -1) (undo-tree-id975 . -1) (undo-tree-id976 . -1) (undo-tree-id977 . -1) (undo-tree-id978 . -1) (undo-tree-id979 . -1) (undo-tree-id980 . -1) (undo-tree-id981 . -1) (undo-tree-id982 . -1) (undo-tree-id983 . -1) (undo-tree-id984 . -1) (undo-tree-id985 . -1) (undo-tree-id986 . -1) (undo-tree-id987 . -1) (undo-tree-id988 . -1) (undo-tree-id989 . -1) (undo-tree-id990 . -1) (undo-tree-id991 . -1) (undo-tree-id992 . -1) (undo-tree-id993 . -1) (undo-tree-id994 . -1) (undo-tree-id995 . -1) (undo-tree-id996 . -1) (undo-tree-id997 . -1) (undo-tree-id998 . -1) (undo-tree-id999 . -1) (undo-tree-id1000 . -1) (undo-tree-id1001 . -1) (undo-tree-id1002 . -1) (undo-tree-id1003 . -1) (undo-tree-id1004 . -1) (undo-tree-id1005 . -1) (undo-tree-id1006 . -1) (undo-tree-id1007 . -1) (undo-tree-id1008 . -1) (undo-tree-id1009 . -1) (undo-tree-id1010 . -1) (undo-tree-id1011 . -1) (undo-tree-id1012 . -1) (undo-tree-id1013 . -1) (undo-tree-id1014 . -1) (undo-tree-id1015 . -1) (undo-tree-id1016 . -1) (undo-tree-id1017 . -1) (undo-tree-id1018 . -1) (undo-tree-id1019 . -1) (undo-tree-id1020 . -1) (undo-tree-id1021 . -1) (undo-tree-id1022 . -1) (undo-tree-id1023 . -1) (undo-tree-id1024 . -1) (undo-tree-id1025 . -1) (undo-tree-id1026 . -1) (undo-tree-id1027 . -1) (undo-tree-id1028 . -1) (undo-tree-id1029 . -1) (undo-tree-id1030 . -1) (undo-tree-id1031 . -1) (undo-tree-id1032 . -1) (undo-tree-id1033 . -1) (undo-tree-id1034 . -1) (undo-tree-id1035 . -1) (undo-tree-id1036 . -1) (undo-tree-id1037 . -1) (undo-tree-id1038 . -1) (undo-tree-id1039 . -1) (undo-tree-id1040 . -1) (undo-tree-id1041 . -1) (undo-tree-id1042 . -1) (undo-tree-id1043 . -1) (undo-tree-id1044 . -1) (undo-tree-id1045 . -1) (undo-tree-id1046 . -1) (undo-tree-id1047 . -1) (undo-tree-id1048 . -1) (undo-tree-id1049 . -1) (undo-tree-id1050 . -1) (undo-tree-id1051 . -1) (undo-tree-id1052 . -1) (undo-tree-id1053 . -1) (undo-tree-id1054 . -1) (undo-tree-id1055 . -1) (undo-tree-id1056 . -1) (undo-tree-id1057 . -1) (undo-tree-id1058 . -1) (undo-tree-id1059 . -1) (undo-tree-id1060 . -1) (undo-tree-id1061 . -1) (undo-tree-id1062 . -1) (undo-tree-id1063 . -1) (undo-tree-id1064 . -1) (undo-tree-id1065 . -1) (undo-tree-id1066 . -1) (undo-tree-id1067 . -1) (undo-tree-id1068 . -1) (undo-tree-id1069 . -1) (undo-tree-id1070 . -1) (undo-tree-id1071 . -1) (undo-tree-id1072 . -1) (undo-tree-id1073 . -1) (undo-tree-id1074 . -1) (undo-tree-id1075 . -1) (undo-tree-id1076 . -1) (undo-tree-id1077 . -1) (undo-tree-id1078 . -1) (undo-tree-id1079 . -1) (undo-tree-id1080 . -1) (undo-tree-id1081 . -1) (undo-tree-id1082 . -1) (undo-tree-id1083 . -1) (undo-tree-id1084 . -1) (undo-tree-id1085 . -1) (undo-tree-id1086 . -1) (undo-tree-id1087 . -1) (undo-tree-id1088 . -1) (undo-tree-id1089 . -1) (undo-tree-id1090 . -1) (undo-tree-id1091 . -1) (undo-tree-id1092 . -1) (undo-tree-id1093 . -1) (undo-tree-id1094 . -1) (undo-tree-id1095 . -1) (undo-tree-id1096 . -1) (undo-tree-id1097 . -1) (undo-tree-id1098 . -1) (undo-tree-id1099 . -1) (undo-tree-id1100 . -1) (undo-tree-id1101 . -1) (undo-tree-id1102 . -1) (undo-tree-id1103 . -1) (undo-tree-id1104 . -1) (undo-tree-id1105 . -1) (undo-tree-id1106 . -1) (undo-tree-id1107 . -1) (undo-tree-id1108 . -1) (undo-tree-id1109 . -1) (undo-tree-id1110 . -1) (undo-tree-id1111 . -1) (undo-tree-id1112 . -1) (undo-tree-id1113 . -1) (undo-tree-id1114 . -1) (undo-tree-id1115 . -1) (undo-tree-id1116 . -1) (undo-tree-id1117 . -1) (undo-tree-id1118 . -1) (undo-tree-id1119 . -1) (undo-tree-id1120 . -1) (undo-tree-id1121 . -1) (undo-tree-id1122 . -1) (undo-tree-id1123 . -1) (undo-tree-id1124 . -1) (undo-tree-id1125 . -1) (undo-tree-id1126 . -1) (undo-tree-id1127 . -1) (undo-tree-id1128 . -1) (undo-tree-id1129 . -1) (undo-tree-id1130 . -1) (undo-tree-id1131 . -1) (undo-tree-id1132 . -1) (undo-tree-id1133 . -1) (undo-tree-id1134 . -1) (undo-tree-id1135 . -1) (undo-tree-id1136 . -1) (undo-tree-id1137 . -1) (undo-tree-id1138 . -1) (undo-tree-id1139 . -1) (undo-tree-id1140 . -1) (undo-tree-id1141 . -1) (undo-tree-id1142 . -1) (undo-tree-id1143 . -1) (undo-tree-id1144 . -1) (undo-tree-id1145 . -1) (undo-tree-id1146 . -1) (undo-tree-id1147 . -1) (undo-tree-id1148 . -1) (undo-tree-id1149 . -1) (undo-tree-id1150 . -1) (undo-tree-id1151 . -1) (undo-tree-id1152 . -1) (undo-tree-id1153 . -1) (undo-tree-id1154 . -1) (undo-tree-id1155 . -1) (undo-tree-id1156 . -1) (undo-tree-id1157 . -1) (undo-tree-id1158 . -1) (undo-tree-id1159 . -1) (undo-tree-id1160 . -1) (undo-tree-id1161 . -1) (undo-tree-id1162 . -1) (undo-tree-id1163 . -1) (undo-tree-id1164 . -1) (undo-tree-id1165 . -1) (undo-tree-id1166 . -1) (undo-tree-id1167 . -1) (undo-tree-id1168 . -1) (undo-tree-id1169 . -1) (undo-tree-id1170 . -1) (undo-tree-id1171 . -1) (undo-tree-id1172 . -1) (undo-tree-id1173 . -1) (undo-tree-id1174 . -1) (undo-tree-id1175 . -1) (undo-tree-id1176 . -1) (undo-tree-id1177 . -1) (undo-tree-id1178 . -1) (undo-tree-id1179 . -1) (undo-tree-id1180 . -1) (undo-tree-id1181 . -1) (undo-tree-id1182 . -1) (undo-tree-id1183 . -1) (undo-tree-id1184 . -1) (undo-tree-id1185 . -1) (undo-tree-id1186 . -1) (undo-tree-id1187 . -1) (undo-tree-id1188 . -1) (undo-tree-id1189 . -1) (undo-tree-id1190 . -1) (undo-tree-id1191 . -1) (undo-tree-id1192 . -1) (undo-tree-id1193 . -1) (undo-tree-id1194 . -1) (undo-tree-id1195 . -1) (undo-tree-id1196 . -1) (undo-tree-id1197 . -1) (undo-tree-id1198 . -1) (undo-tree-id1199 . -1) (undo-tree-id1200 . -1) (undo-tree-id1201 . -1) (undo-tree-id1202 . -1) (undo-tree-id1203 . -1) (undo-tree-id1204 . -1) (undo-tree-id1205 . -1) (undo-tree-id1206 . -1) (undo-tree-id1207 . -1) (undo-tree-id1208 . -1) (undo-tree-id1209 . -1) (undo-tree-id1210 . -1) (undo-tree-id1211 . -1) (undo-tree-id1212 . -1) (undo-tree-id1213 . -1) (undo-tree-id1214 . -1) (undo-tree-id1215 . -1) (undo-tree-id1216 . -1) (undo-tree-id1217 . -1) (undo-tree-id1218 . -1) (undo-tree-id1219 . -1) (undo-tree-id1220 . -1) (undo-tree-id1221 . -1) (undo-tree-id1222 . -1) (undo-tree-id1223 . -1) (undo-tree-id1224 . -1) (undo-tree-id1225 . -1) (undo-tree-id1226 . -1) (undo-tree-id1227 . -1) (undo-tree-id1228 . -1) (undo-tree-id1229 . -1) (undo-tree-id1230 . -1) (undo-tree-id1231 . -1) (undo-tree-id1232 . -1) (undo-tree-id1233 . -1) (undo-tree-id1234 . -1) (undo-tree-id1235 . -1) (undo-tree-id1236 . -1) (undo-tree-id1237 . -1) (undo-tree-id1238 . -1) (undo-tree-id1239 . -1) (undo-tree-id1240 . -1) (undo-tree-id1241 . -1) (undo-tree-id1242 . -1) (undo-tree-id1243 . -1) (undo-tree-id1244 . -1) (undo-tree-id1245 . -1) (undo-tree-id1246 . -1) (undo-tree-id1247 . -1) (undo-tree-id1248 . -1) (undo-tree-id1249 . -1) (undo-tree-id1250 . -1) (undo-tree-id1251 . -1) (undo-tree-id1252 . -1) (undo-tree-id1253 . -1) (undo-tree-id1254 . -1) (undo-tree-id1255 . -1) (undo-tree-id1256 . -1) (undo-tree-id1257 . -1) (undo-tree-id1258 . -1) (undo-tree-id1259 . -1) (undo-tree-id1260 . -1) (undo-tree-id1261 . -1) (undo-tree-id1262 . -1) (undo-tree-id1263 . -1) (undo-tree-id1264 . -1) (undo-tree-id1265 . -1) (undo-tree-id1266 . -1) (undo-tree-id1267 . -1) (undo-tree-id1268 . -1) (undo-tree-id1269 . -1) (undo-tree-id1270 . -1) (undo-tree-id1271 . -1) (undo-tree-id1272 . -1) (undo-tree-id1273 . -1) (undo-tree-id1274 . -1) (undo-tree-id1275 . -1) (undo-tree-id1276 . -1) (undo-tree-id1277 . -1) (undo-tree-id1278 . -1) (undo-tree-id1279 . -1) (undo-tree-id1280 . -1) (undo-tree-id1281 . -1) (undo-tree-id1282 . -1) (undo-tree-id1283 . -1) (undo-tree-id1284 . -1) (undo-tree-id1285 . -1) (undo-tree-id1286 . -1) (undo-tree-id1287 . -1) (undo-tree-id1288 . -1) (undo-tree-id1289 . -1) (undo-tree-id1290 . -1) (undo-tree-id1291 . -1) (undo-tree-id1292 . -1) (undo-tree-id1293 . -1) (undo-tree-id1294 . -1) (undo-tree-id1295 . -1) (undo-tree-id1296 . -1) (undo-tree-id1297 . -1) (undo-tree-id1298 . -1) (undo-tree-id1299 . -1) (undo-tree-id1300 . -1) (undo-tree-id1301 . -1) (undo-tree-id1302 . -1) (undo-tree-id1303 . -1) (undo-tree-id1304 . -1) (undo-tree-id1305 . -1) (undo-tree-id1306 . -1) (undo-tree-id1307 . -1) (undo-tree-id1308 . -1) (undo-tree-id1309 . -1) (undo-tree-id1310 . -1) (undo-tree-id1311 . -1) (undo-tree-id1312 . -1) (undo-tree-id1313 . -1) (undo-tree-id1314 . -1) (undo-tree-id1315 . -1) (undo-tree-id1316 . -1) (undo-tree-id1317 . -1) (undo-tree-id1318 . -1) (undo-tree-id1319 . -1) (undo-tree-id1320 . -1) (undo-tree-id1321 . -1) (undo-tree-id1322 . -1) (undo-tree-id1323 . -1) (undo-tree-id1324 . -1) (undo-tree-id1325 . -1) (undo-tree-id1326 . -1) (undo-tree-id1327 . -1) (undo-tree-id1328 . -1) (undo-tree-id1329 . -1) (undo-tree-id1330 . -1) (undo-tree-id1331 . -1) (undo-tree-id1332 . -1) (undo-tree-id1333 . -1) (undo-tree-id1334 . -1) (undo-tree-id1335 . -1) (undo-tree-id1336 . -1) (undo-tree-id1337 . -1) (undo-tree-id1338 . -1) (undo-tree-id1339 . -1) (undo-tree-id1340 . -1) (undo-tree-id1341 . -1) (undo-tree-id1342 . -1) (undo-tree-id1343 . -1) (undo-tree-id1344 . -1) (undo-tree-id1345 . -1) (undo-tree-id1346 . -1) (undo-tree-id1347 . -1) (undo-tree-id1348 . -1) (undo-tree-id1349 . -1) (undo-tree-id1350 . -1) (undo-tree-id1351 . -1) (undo-tree-id1352 . -1) (undo-tree-id1353 . -1) (undo-tree-id1354 . -1) (undo-tree-id1355 . -1) (undo-tree-id1356 . -1) (undo-tree-id1357 . -1) (undo-tree-id1358 . -1) (undo-tree-id1359 . -1) (undo-tree-id1360 . -1) (undo-tree-id1361 . -1) (undo-tree-id1362 . -1) (undo-tree-id1363 . -1) (undo-tree-id1364 . -1) (undo-tree-id1365 . -1) (undo-tree-id1366 . -1) (undo-tree-id1367 . -1) (undo-tree-id1368 . -1) (undo-tree-id1369 . -1) (undo-tree-id1370 . -1) (undo-tree-id1371 . -1) (undo-tree-id1372 . -1) (undo-tree-id1373 . -1) (undo-tree-id1374 . -1) (undo-tree-id1375 . -1) (undo-tree-id1376 . -1) (undo-tree-id1377 . -1) (undo-tree-id1378 . -1) (undo-tree-id1379 . -1) (undo-tree-id1380 . -1) (undo-tree-id1381 . -1) (undo-tree-id1382 . -1) (undo-tree-id1383 . -1) (undo-tree-id1384 . -1) (undo-tree-id1385 . -1) (undo-tree-id1386 . -1) (undo-tree-id1387 . -1) (undo-tree-id1388 . -1) (undo-tree-id1389 . -1) (undo-tree-id1390 . -1) (undo-tree-id1391 . -1) (undo-tree-id1392 . -1) (undo-tree-id1393 . -1) (undo-tree-id1394 . -1) (undo-tree-id1395 . -1) (undo-tree-id1396 . -1) (undo-tree-id1397 . -1) (undo-tree-id1398 . -1) (undo-tree-id1399 . -1) (undo-tree-id1400 . -1) (undo-tree-id1401 . -1) (undo-tree-id1402 . -1) (undo-tree-id1403 . -1) (undo-tree-id1404 . -1) (undo-tree-id1405 . -1) (undo-tree-id1406 . -1) (undo-tree-id1407 . -1) (undo-tree-id1408 . -1) (undo-tree-id1409 . -1) (undo-tree-id1410 . -1) (undo-tree-id1411 . -1) (undo-tree-id1412 . -1) (undo-tree-id1413 . -1) (undo-tree-id1414 . -1) (undo-tree-id1415 . -1) (undo-tree-id1416 . -1) (undo-tree-id1417 . -1) (undo-tree-id1418 . -1) (undo-tree-id1419 . -1) (undo-tree-id1420 . -1) (undo-tree-id1421 . -1) (undo-tree-id1422 . -1) (undo-tree-id1423 . -1) (undo-tree-id1424 . -1) (undo-tree-id1425 . -1) (undo-tree-id1426 . -1) (undo-tree-id1427 . -1) (undo-tree-id1428 . -1) (undo-tree-id1429 . -1) (undo-tree-id1430 . -1) (undo-tree-id1431 . -1) (undo-tree-id1432 . -1) (undo-tree-id1433 . -1) (undo-tree-id1434 . -1) (undo-tree-id1435 . -1) (undo-tree-id1436 . -1) (undo-tree-id1437 . -1) (undo-tree-id1438 . -1) (undo-tree-id1439 . -1) (undo-tree-id1440 . -1) (undo-tree-id1441 . -1) (undo-tree-id1442 . -1) (undo-tree-id1443 . -1) (undo-tree-id1444 . -1) (undo-tree-id1445 . -1) (undo-tree-id1446 . -1) (undo-tree-id1447 . -1) (undo-tree-id1448 . -1) (undo-tree-id1449 . -1) (undo-tree-id1450 . -1) (undo-tree-id1451 . -1) (undo-tree-id1452 . -1) (undo-tree-id1453 . -1) (undo-tree-id1454 . -1) (undo-tree-id1455 . -1) (undo-tree-id1456 . -1) (undo-tree-id1457 . -1) (undo-tree-id1458 . -1) (undo-tree-id1459 . -1) (undo-tree-id1460 . -1) (undo-tree-id1461 . -1) (undo-tree-id1462 . -1) (undo-tree-id1463 . -1) (undo-tree-id1464 . -1) (undo-tree-id1465 . -1) (undo-tree-id1466 . -1) (undo-tree-id1467 . -1) (undo-tree-id1468 . -1) (undo-tree-id1469 . -1) (undo-tree-id1470 . -1) (undo-tree-id1471 . -1) (undo-tree-id1472 . -1) (undo-tree-id1473 . -1) (undo-tree-id1474 . -1) (undo-tree-id1475 . -1) (undo-tree-id1476 . -1) (undo-tree-id1477 . -1) (undo-tree-id1478 . -1) (undo-tree-id1479 . -1) (undo-tree-id1480 . -1) (undo-tree-id1481 . -1) (undo-tree-id1482 . -1) (undo-tree-id1483 . -1) (undo-tree-id1484 . -1) (undo-tree-id1485 . -1) (undo-tree-id1486 . -1) (undo-tree-id1487 . -1) (undo-tree-id1488 . -1) (undo-tree-id1489 . -1) (undo-tree-id1490 . -1) (undo-tree-id1491 . -1) (undo-tree-id1492 . -1) (undo-tree-id1493 . -1) (undo-tree-id1494 . -1) (undo-tree-id1495 . -1) (undo-tree-id1496 . -1) (undo-tree-id1497 . -1) (undo-tree-id1498 . -1) (undo-tree-id1499 . -1) (undo-tree-id1500 . -1) (undo-tree-id1501 . -1) (undo-tree-id1502 . -1) (undo-tree-id1503 . -1) (undo-tree-id1504 . -1) (undo-tree-id1505 . -1) (undo-tree-id1506 . -1) (undo-tree-id1507 . -1) (undo-tree-id1508 . -1) (undo-tree-id1509 . -1) (undo-tree-id1510 . -1) (undo-tree-id1511 . -1) (undo-tree-id1512 . -1) (undo-tree-id1513 . -1) (undo-tree-id1514 . -1) (undo-tree-id1515 . -1) (undo-tree-id1516 . -1) (undo-tree-id1517 . -1) (undo-tree-id1518 . -1) (undo-tree-id1519 . -1) (undo-tree-id1520 . -1) (undo-tree-id1521 . -1) (undo-tree-id1522 . -1) (undo-tree-id1523 . -1) (undo-tree-id1524 . -1) (undo-tree-id1525 . -1) (undo-tree-id1526 . -1) (undo-tree-id1527 . -1) (undo-tree-id1528 . -1) (undo-tree-id1529 . -1) (undo-tree-id1530 . -1) (undo-tree-id1531 . -1) (undo-tree-id1532 . -1) (undo-tree-id1533 . -1) (undo-tree-id1534 . -1) (undo-tree-id1535 . -1) (undo-tree-id1536 . -1) (undo-tree-id1537 . -1) (undo-tree-id1538 . -1) (undo-tree-id1539 . -1) (undo-tree-id1540 . -1) (undo-tree-id1541 . -1) (undo-tree-id1542 . -1) (undo-tree-id1543 . -1) (undo-tree-id1544 . -1) (undo-tree-id1545 . -1) (undo-tree-id1546 . -1) (undo-tree-id1547 . -1) (undo-tree-id1548 . -1) (undo-tree-id1549 . -1) (undo-tree-id1550 . -1) (undo-tree-id1551 . -1) (undo-tree-id1552 . -1) (undo-tree-id1553 . -1) (undo-tree-id1554 . -1) (undo-tree-id1555 . -1) (undo-tree-id1556 . -1) (undo-tree-id1557 . -1) (undo-tree-id1558 . -1) (undo-tree-id1559 . -1) (undo-tree-id1560 . -1) (undo-tree-id1561 . -1) (undo-tree-id1562 . -1) (undo-tree-id1563 . -1) (undo-tree-id1564 . -1) (undo-tree-id1565 . -1) (undo-tree-id1566 . -1) (undo-tree-id1567 . -1) (undo-tree-id1568 . -1) (undo-tree-id1569 . -1) (undo-tree-id1570 . -1) (undo-tree-id1571 . -1) (undo-tree-id1572 . -1) (undo-tree-id1573 . -1) (undo-tree-id1574 . -1) (undo-tree-id1575 . -1) (undo-tree-id1576 . -1) (undo-tree-id1577 . -1) (undo-tree-id1578 . -1) (undo-tree-id1579 . -1) (undo-tree-id1580 . -1) (undo-tree-id1581 . -1) (undo-tree-id1582 . -1) (undo-tree-id1583 . -1) (undo-tree-id1584 . -1) (undo-tree-id1585 . -1) (undo-tree-id1586 . -1) (undo-tree-id1587 . -1) (undo-tree-id1588 . -1) (undo-tree-id1589 . -1) (undo-tree-id1590 . -1) (undo-tree-id1591 . -1) (undo-tree-id1592 . -1) (undo-tree-id1593 . -1) (undo-tree-id1594 . -1) (undo-tree-id1595 . -1) (undo-tree-id1596 . -1) (undo-tree-id1597 . -1) (undo-tree-id1598 . -1) (undo-tree-id1599 . -1) (undo-tree-id1600 . -1) (undo-tree-id1601 . -1) (undo-tree-id1602 . -1) (undo-tree-id1603 . -1) (undo-tree-id1604 . -1) (undo-tree-id1605 . -1) (undo-tree-id1606 . -1) (undo-tree-id1607 . -1) (undo-tree-id1608 . -1) (undo-tree-id1609 . -1) (undo-tree-id1610 . -1) (undo-tree-id1611 . -1) (undo-tree-id1612 . -1) (undo-tree-id1613 . -1) (undo-tree-id1614 . -1) (undo-tree-id1615 . -1) (undo-tree-id1616 . -1) (undo-tree-id1617 . -1) (undo-tree-id1618 . -1) (undo-tree-id1619 . -1) (undo-tree-id1620 . -1) (undo-tree-id1621 . -1) (undo-tree-id1622 . -1) (undo-tree-id1623 . -1) (undo-tree-id1624 . -1) (undo-tree-id1625 . -1) (undo-tree-id1626 . -1) (undo-tree-id1627 . -1) (undo-tree-id1628 . -1) (undo-tree-id1629 . -1) (undo-tree-id1630 . -1) (undo-tree-id1631 . -1) (undo-tree-id1632 . -1) (undo-tree-id1633 . -1) (undo-tree-id1634 . -1) (undo-tree-id1635 . -1) (undo-tree-id1636 . -1) (undo-tree-id1637 . -1) (undo-tree-id1638 . -1) (undo-tree-id1639 . -1) (undo-tree-id1640 . -1) (undo-tree-id1641 . -1) (undo-tree-id1642 . -1) (undo-tree-id1643 . -1) (undo-tree-id1644 . -1) (undo-tree-id1645 . -1) (undo-tree-id1646 . -1) (undo-tree-id1647 . -1) (undo-tree-id1648 . -1) (undo-tree-id1649 . -1) (undo-tree-id1650 . -1) (undo-tree-id1651 . -1) (undo-tree-id1652 . -1) (undo-tree-id1653 . -1) (undo-tree-id1654 . -1) (undo-tree-id1655 . -1) (undo-tree-id1656 . -1) (undo-tree-id1657 . -1) (undo-tree-id1658 . -1) (undo-tree-id1659 . -1) (undo-tree-id1660 . -1) (undo-tree-id1661 . -1) (undo-tree-id1662 . -1) (undo-tree-id1663 . -1) (undo-tree-id1664 . -1) (undo-tree-id1665 . -1) (undo-tree-id1666 . -1) (undo-tree-id1667 . -1) (undo-tree-id1668 . -1) (undo-tree-id1669 . -1) (undo-tree-id1670 . -1) (undo-tree-id1671 . -1) (undo-tree-id1672 . -1) (undo-tree-id1673 . -1) (undo-tree-id1674 . -1) (undo-tree-id1675 . -1) (undo-tree-id1676 . -1) (undo-tree-id1677 . -1) (undo-tree-id1678 . -1) (undo-tree-id1679 . -1) (undo-tree-id1680 . -1) (undo-tree-id1681 . -1) (undo-tree-id1682 . -1) (undo-tree-id1683 . -1) (undo-tree-id1684 . -1) (undo-tree-id1685 . -1) (undo-tree-id1686 . -1) (undo-tree-id1687 . -1) (undo-tree-id1688 . -1) (undo-tree-id1689 . -1) (undo-tree-id1690 . -1) (undo-tree-id1691 . -1) (undo-tree-id1692 . -1) (undo-tree-id1693 . -1) (undo-tree-id1694 . -1) (undo-tree-id1695 . -1) (undo-tree-id1696 . -1) (undo-tree-id1697 . -1) (undo-tree-id1698 . -1) (undo-tree-id1699 . -1) (undo-tree-id1700 . -1) (undo-tree-id1701 . -1) (undo-tree-id1702 . -1) (undo-tree-id1703 . -1) (undo-tree-id1704 . -1) (undo-tree-id1705 . -1) (undo-tree-id1706 . -1) (undo-tree-id1707 . -1) (undo-tree-id1708 . -1) (undo-tree-id1709 . -1) (undo-tree-id1710 . -1) (undo-tree-id1711 . -1) (undo-tree-id1712 . -1) (undo-tree-id1713 . -1) (undo-tree-id1714 . -1) (undo-tree-id1715 . -1) (undo-tree-id1716 . -1) (undo-tree-id1717 . -1) (undo-tree-id1718 . -1) (undo-tree-id1719 . -1) (undo-tree-id1720 . -1) (undo-tree-id1721 . -1) (undo-tree-id1722 . -1) (undo-tree-id1723 . -1) (undo-tree-id1724 . -1) (undo-tree-id1725 . -1) (undo-tree-id1726 . -1) (undo-tree-id1727 . -1) (undo-tree-id1728 . -1) (undo-tree-id1729 . -1) (undo-tree-id1730 . -1) (undo-tree-id1731 . -1) (undo-tree-id1732 . -1) (undo-tree-id1733 . -1) (undo-tree-id1734 . -1) (undo-tree-id1735 . -1) (undo-tree-id1736 . -1) (undo-tree-id1737 . -1) (undo-tree-id1738 . -1) (undo-tree-id1739 . -1) (undo-tree-id1740 . -1) (undo-tree-id1741 . -1) (undo-tree-id1742 . -1) (undo-tree-id1743 . -1) (undo-tree-id1744 . -1) (undo-tree-id1745 . -1) (undo-tree-id1746 . -1) (undo-tree-id1747 . -1) (undo-tree-id1748 . -1) (undo-tree-id1749 . -1) (undo-tree-id1750 . -1) (undo-tree-id1751 . -1) (undo-tree-id1752 . -1) (undo-tree-id1753 . -1) (undo-tree-id1754 . -1) (undo-tree-id1755 . -1) (undo-tree-id1756 . -1) (undo-tree-id1757 . -1) (undo-tree-id1758 . -1) (undo-tree-id1759 . -1) (undo-tree-id1760 . -1) (undo-tree-id1761 . -1) (undo-tree-id1762 . -1) (undo-tree-id1763 . -1) (undo-tree-id1764 . -1) (undo-tree-id1765 . -1) (undo-tree-id1766 . -1) (undo-tree-id1767 . -1) (undo-tree-id1768 . -1) (undo-tree-id1769 . -1) (undo-tree-id1770 . -1) (undo-tree-id1771 . -1) (undo-tree-id1772 . -1) (undo-tree-id1773 . -1) (undo-tree-id1774 . -1) (undo-tree-id1775 . -1) (undo-tree-id1776 . -1) (undo-tree-id1777 . -1) (undo-tree-id1778 . -1) (undo-tree-id1779 . -1) (undo-tree-id1780 . -1) (undo-tree-id1781 . -1) (undo-tree-id1782 . -1) (undo-tree-id1783 . -1) (undo-tree-id1784 . -1) (undo-tree-id1785 . -1) (undo-tree-id1786 . -1) (undo-tree-id1787 . -1) (undo-tree-id1788 . -1) (undo-tree-id1789 . -1) (undo-tree-id1790 . -1) (undo-tree-id1791 . -1) (undo-tree-id1792 . -1) (undo-tree-id1793 . -1) (undo-tree-id1794 . -1) (undo-tree-id1795 . -1) (undo-tree-id1796 . -1) (undo-tree-id1797 . -1) (undo-tree-id1798 . -1) (undo-tree-id1799 . -1) (undo-tree-id1800 . -1) (undo-tree-id1801 . -1) (undo-tree-id1802 . -1) (undo-tree-id1803 . -1) (undo-tree-id1804 . -1) (undo-tree-id1805 . -1) (undo-tree-id1806 . -1) (undo-tree-id1807 . -1) (undo-tree-id1808 . -1) (undo-tree-id1809 . -1) (undo-tree-id1810 . -1) (undo-tree-id1811 . -1) (undo-tree-id1812 . -1) (undo-tree-id1813 . -1) (undo-tree-id1814 . -1) (undo-tree-id1815 . -1) (undo-tree-id1816 . -1) (undo-tree-id1817 . -1) (undo-tree-id1818 . -1) (undo-tree-id1819 . -1) (undo-tree-id1820 . -1) (undo-tree-id1821 . -1) (undo-tree-id1822 . -1) (undo-tree-id1823 . -1) (undo-tree-id1824 . -1) (undo-tree-id1825 . -1) (undo-tree-id1826 . -1) (undo-tree-id1827 . -1) (undo-tree-id1828 . -1) (undo-tree-id1829 . -1) (undo-tree-id1830 . -1) (undo-tree-id1831 . -1) (undo-tree-id1832 . -1) (undo-tree-id1833 . -1) (undo-tree-id1834 . -1) (undo-tree-id1835 . -1) (undo-tree-id1836 . -1) (undo-tree-id1837 . -1) (undo-tree-id1838 . -1) (undo-tree-id1839 . -1) (undo-tree-id1840 . -1) (undo-tree-id1841 . -1) (undo-tree-id1842 . -1) (undo-tree-id1843 . -1) (undo-tree-id1844 . -1) (undo-tree-id1845 . -1) (undo-tree-id1846 . -1) (undo-tree-id1847 . -1) (undo-tree-id1848 . -1) (undo-tree-id1849 . -1) (undo-tree-id1850 . -1) (undo-tree-id1851 . -1) (undo-tree-id1852 . -1) (undo-tree-id1853 . -1) (undo-tree-id1854 . -1) (undo-tree-id1855 . -1) (undo-tree-id1856 . -1) (undo-tree-id1857 . -1) (undo-tree-id1858 . -1) (undo-tree-id1859 . -1) (undo-tree-id1860 . -1) (undo-tree-id1861 . -1) (undo-tree-id1862 . -1) (undo-tree-id1863 . -1) (undo-tree-id1864 . -1) (undo-tree-id1865 . -1) (undo-tree-id1866 . -1) (undo-tree-id1867 . -1) (undo-tree-id1868 . -1) (undo-tree-id1869 . -1) (undo-tree-id1870 . -1) (undo-tree-id1871 . -1) (undo-tree-id1872 . -1) (undo-tree-id1873 . -1) (undo-tree-id1874 . -1) (undo-tree-id1875 . -1) (undo-tree-id1876 . -1) (undo-tree-id1877 . -1) (undo-tree-id1878 . -1) (undo-tree-id1879 . -1) (undo-tree-id1880 . -1) (undo-tree-id1881 . -1) (undo-tree-id1882 . -1) (undo-tree-id1883 . -1) (undo-tree-id1884 . -1) (undo-tree-id1885 . -1) (undo-tree-id1886 . -1) (undo-tree-id1887 . -1) (undo-tree-id1888 . -1) (undo-tree-id1889 . -1) (undo-tree-id1890 . -1) (undo-tree-id1891 . -1) (undo-tree-id1892 . -1) (undo-tree-id1893 . -1) (undo-tree-id1894 . -1) (undo-tree-id1895 . -1) (undo-tree-id1896 . -1) (undo-tree-id1897 . -1) (undo-tree-id1898 . -1) (undo-tree-id1899 . -1) (undo-tree-id1900 . -1) (undo-tree-id1901 . -1) (undo-tree-id1902 . -1) (undo-tree-id1903 . -1) (undo-tree-id1904 . -1) (undo-tree-id1905 . -1) (undo-tree-id1906 . -1) (undo-tree-id1907 . -1) (undo-tree-id1908 . -1) (undo-tree-id1909 . -1) (undo-tree-id1910 . -1) (undo-tree-id1911 . -1) (undo-tree-id1912 . -1) (undo-tree-id1913 . -1) (undo-tree-id1914 . -1) (undo-tree-id1915 . -1) (undo-tree-id1916 . -1) (undo-tree-id1917 . -1) (undo-tree-id1918 . -1) (undo-tree-id1919 . -1) (undo-tree-id1920 . -1) (undo-tree-id1921 . -1) (undo-tree-id1922 . -1) (undo-tree-id1923 . -1) (undo-tree-id1924 . -1) (undo-tree-id1925 . -1) (undo-tree-id1926 . -1) (undo-tree-id1927 . -1) (undo-tree-id1928 . -1) (undo-tree-id1929 . -1) (undo-tree-id1930 . -1) (undo-tree-id1931 . -1) (undo-tree-id1932 . -1) (undo-tree-id1933 . -1) (undo-tree-id1934 . -1) (undo-tree-id1935 . -1) (undo-tree-id1936 . -1) (undo-tree-id1937 . -1) (undo-tree-id1938 . -1) (undo-tree-id1939 . -1) (undo-tree-id1940 . -1) (undo-tree-id1941 . -1) (undo-tree-id1942 . -1) (undo-tree-id1943 . -1) (undo-tree-id1944 . -1) (undo-tree-id1945 . -1) (undo-tree-id1946 . -1) (undo-tree-id1947 . -1) (undo-tree-id1948 . -1) (undo-tree-id1949 . -1) (undo-tree-id1950 . -1) (undo-tree-id1951 . -1) (undo-tree-id1952 . -1) (undo-tree-id1953 . -1) (undo-tree-id1954 . -1) (undo-tree-id1955 . -1) (undo-tree-id1956 . -1) (undo-tree-id1957 . -1) (undo-tree-id1958 . -1) (undo-tree-id1959 . -1) (undo-tree-id1960 . -1) (undo-tree-id1961 . -1) (undo-tree-id1962 . -1) (undo-tree-id1963 . -1) (undo-tree-id1964 . -1) (undo-tree-id1965 . -1) (undo-tree-id1966 . -1) (undo-tree-id1967 . -1) (undo-tree-id1968 . -1) (undo-tree-id1969 . -1) (undo-tree-id1970 . -1) (undo-tree-id1971 . -1) (undo-tree-id1972 . -1) (undo-tree-id1973 . -1) (undo-tree-id1974 . -1) (undo-tree-id1975 . -1) (undo-tree-id1976 . -1) (undo-tree-id1977 . -1) (undo-tree-id1978 . -1) (undo-tree-id1979 . -1) (undo-tree-id1980 . -1) (undo-tree-id1981 . -1) (undo-tree-id1982 . -1) (undo-tree-id1983 . -1) (undo-tree-id1984 . -1) (undo-tree-id1985 . -1) (undo-tree-id1986 . -1) (undo-tree-id1987 . -1) (undo-tree-id1988 . -1) (undo-tree-id1989 . -1) (undo-tree-id1990 . -1) (undo-tree-id1991 . -1) (undo-tree-id1992 . -1) (undo-tree-id1993 . -1) (undo-tree-id1994 . -1) (undo-tree-id1995 . -1) (undo-tree-id1996 . -1) (undo-tree-id1997 . -1) (undo-tree-id1998 . -1) (undo-tree-id1999 . -1) (undo-tree-id2000 . -1) (undo-tree-id2001 . -1) (undo-tree-id2002 . -1) (undo-tree-id2003 . -1) (undo-tree-id2004 . -1) (undo-tree-id2005 . -1) (undo-tree-id2006 . -1) (undo-tree-id2007 . -1) (undo-tree-id2008 . -1) (#("8" 0 1 (fontified t)) . -10299) (undo-tree-id2009 . -1) (undo-tree-id2010 . -1) (undo-tree-id2011 . -1) (undo-tree-id2012 . -1) (undo-tree-id2013 . -1) (undo-tree-id2014 . -1) (undo-tree-id2015 . -1) (undo-tree-id2016 . -1) (undo-tree-id2017 . -1) (undo-tree-id2018 . -1) (undo-tree-id2019 . -1) (undo-tree-id2020 . -1) (undo-tree-id2021 . -1) (undo-tree-id2022 . -1) (undo-tree-id2023 . -1) (undo-tree-id2024 . -1) (undo-tree-id2025 . -1) (undo-tree-id2026 . -1) (undo-tree-id2027 . -1) (undo-tree-id2028 . -1) (undo-tree-id2029 . -1) (undo-tree-id2030 . -1) (undo-tree-id2031 . -1) (undo-tree-id2032 . -1) (undo-tree-id2033 . -1) (undo-tree-id2034 . -1) (undo-tree-id2035 . -1) (undo-tree-id2036 . -1) (undo-tree-id2037 . -1) (undo-tree-id2038 . -1) (undo-tree-id2039 . -1) (undo-tree-id2040 . -1) (undo-tree-id2041 . -1) (undo-tree-id2042 . -1) (undo-tree-id2043 . -1) (undo-tree-id2044 . -1) (undo-tree-id2045 . -1) (undo-tree-id2046 . -1) (undo-tree-id2047 . -1) (undo-tree-id2048 . -1) (undo-tree-id2049 . -1) (undo-tree-id2050 . -1) (undo-tree-id2051 . -1) (undo-tree-id2052 . -1) (undo-tree-id2053 . -1) (undo-tree-id2054 . -1) (undo-tree-id2055 . -1) (undo-tree-id2056 . -1) (undo-tree-id2057 . -1) (undo-tree-id2058 . -1) (undo-tree-id2059 . -1) (undo-tree-id2060 . -1) (undo-tree-id2061 . -1) (undo-tree-id2062 . -1) (undo-tree-id2063 . -1) (undo-tree-id2064 . -1) (undo-tree-id2065 . -1) (undo-tree-id2066 . -1) (undo-tree-id2067 . -1) (undo-tree-id2068 . -1) (undo-tree-id2069 . -1) (undo-tree-id2070 . -1) (undo-tree-id2071 . -1) (undo-tree-id2072 . -1) (undo-tree-id2073 . -1) (undo-tree-id2074 . -1) (undo-tree-id2075 . -1) (undo-tree-id2076 . -1) (undo-tree-id2077 . -1) (undo-tree-id2078 . -1) (undo-tree-id2079 . -1) (undo-tree-id2080 . -1) (undo-tree-id2081 . -1) (undo-tree-id2082 . -1) (undo-tree-id2083 . -1) (undo-tree-id2084 . -1) (undo-tree-id2085 . -1) (undo-tree-id2086 . -1) (undo-tree-id2087 . -1) (undo-tree-id2088 . -1) (undo-tree-id2089 . -1) (undo-tree-id2090 . -1) (undo-tree-id2091 . -1) (undo-tree-id2092 . -1) (undo-tree-id2093 . -1) (undo-tree-id2094 . -1) (undo-tree-id2095 . -1) (undo-tree-id2096 . -1) (undo-tree-id2097 . -1) (undo-tree-id2098 . -1) (undo-tree-id2099 . -1) (undo-tree-id2100 . -1) (undo-tree-id2101 . -1) (undo-tree-id2102 . -1) (undo-tree-id2103 . -1) (undo-tree-id2104 . -1) (undo-tree-id2105 . -1) (undo-tree-id2106 . -1) (undo-tree-id2107 . -1) (undo-tree-id2108 . -1) (undo-tree-id2109 . -1) (undo-tree-id2110 . -1) (undo-tree-id2111 . -1) (undo-tree-id2112 . -1) (undo-tree-id2113 . -1) (undo-tree-id2114 . -1) (undo-tree-id2115 . -1) (undo-tree-id2116 . -1) (undo-tree-id2117 . -1) (undo-tree-id2118 . -1) (undo-tree-id2119 . -1) (undo-tree-id2120 . -1) (undo-tree-id2121 . -1) (undo-tree-id2122 . -1) (undo-tree-id2123 . -1) (undo-tree-id2124 . -1) (undo-tree-id2125 . -1) (undo-tree-id2126 . -1) (undo-tree-id2127 . -1) (undo-tree-id2128 . -1) (undo-tree-id2129 . -1) (undo-tree-id2130 . -1) (undo-tree-id2131 . -1) (undo-tree-id2132 . -1) (undo-tree-id2133 . -1) (undo-tree-id2134 . -1) (undo-tree-id2135 . -1) (undo-tree-id2136 . -1) (undo-tree-id2137 . -1) (undo-tree-id2138 . -1) (undo-tree-id2139 . -1) (undo-tree-id2140 . -1) (undo-tree-id2141 . -1) (undo-tree-id2142 . -1) (undo-tree-id2143 . -1) (undo-tree-id2144 . -1) (undo-tree-id2145 . -1) (undo-tree-id2146 . -1) (undo-tree-id2147 . -1) (undo-tree-id2148 . -1) (undo-tree-id2149 . -1) (undo-tree-id2150 . -1) (undo-tree-id2151 . -1) (undo-tree-id2152 . -1) (undo-tree-id2153 . -1) (undo-tree-id2154 . -1) (undo-tree-id2155 . -1) (undo-tree-id2156 . -1) (undo-tree-id2157 . -1) (undo-tree-id2158 . -1) (undo-tree-id2159 . -1) (undo-tree-id2160 . -1) (undo-tree-id2161 . -1) (undo-tree-id2162 . -1) (undo-tree-id2163 . -1) (undo-tree-id2164 . -1) (undo-tree-id2165 . -1) (undo-tree-id2166 . -1) (undo-tree-id2167 . -1) (undo-tree-id2168 . -1) (undo-tree-id2169 . -1) (undo-tree-id2170 . -1) (undo-tree-id2171 . -1) (undo-tree-id2172 . -1) (undo-tree-id2173 . -1) (undo-tree-id2174 . -1) (undo-tree-id2175 . -1) (undo-tree-id2176 . -1) (undo-tree-id2177 . -1) (undo-tree-id2178 . -1) (undo-tree-id2179 . -1) (undo-tree-id2180 . -1) (undo-tree-id2181 . -1) (undo-tree-id2182 . -1) (undo-tree-id2183 . -1) (undo-tree-id2184 . -1) (undo-tree-id2185 . -1) (undo-tree-id2186 . -1) (undo-tree-id2187 . -1) (undo-tree-id2188 . -1) (undo-tree-id2189 . -1) (undo-tree-id2190 . -1) (undo-tree-id2191 . -1) (undo-tree-id2192 . -1) (undo-tree-id2193 . -1) (undo-tree-id2194 . -1) (undo-tree-id2195 . -1) (undo-tree-id2196 . -1) (undo-tree-id2197 . -1) (undo-tree-id2198 . -1) (undo-tree-id2199 . -1) (undo-tree-id2200 . -1) (undo-tree-id2201 . -1) (undo-tree-id2202 . -1) (undo-tree-id2203 . -1) (undo-tree-id2204 . -1) (undo-tree-id2205 . -1) (undo-tree-id2206 . -1) (undo-tree-id2207 . -1) (undo-tree-id2208 . -1) (undo-tree-id2209 . -1) (undo-tree-id2210 . -1) (undo-tree-id2211 . -1) (undo-tree-id2212 . -1) (undo-tree-id2213 . -1) (undo-tree-id2214 . -1) (undo-tree-id2215 . -1) (undo-tree-id2216 . -1) (undo-tree-id2217 . -1) (undo-tree-id2218 . -1) (undo-tree-id2219 . -1) (undo-tree-id2220 . -1) (undo-tree-id2221 . -1) (undo-tree-id2222 . -1) (undo-tree-id2223 . -1) (undo-tree-id2224 . -1) (undo-tree-id2225 . -1) (undo-tree-id2226 . -1) (undo-tree-id2227 . -1) (undo-tree-id2228 . -1) (undo-tree-id2229 . -1) (undo-tree-id2230 . -1) (undo-tree-id2231 . -1) (undo-tree-id2232 . -1) (undo-tree-id2233 . -1) (undo-tree-id2234 . -1) (undo-tree-id2235 . -1) (undo-tree-id2236 . -1) (undo-tree-id2237 . -1) (undo-tree-id2238 . -1) (undo-tree-id2239 . -1) (undo-tree-id2240 . -1) (undo-tree-id2241 . -1) (undo-tree-id2242 . -1) (undo-tree-id2243 . -1) (undo-tree-id2244 . -1) (undo-tree-id2245 . -1) (undo-tree-id2246 . -1) (undo-tree-id2247 . -1) (undo-tree-id2248 . -1) (undo-tree-id2249 . -1) (undo-tree-id2250 . -1) (undo-tree-id2251 . -1) (undo-tree-id2252 . -1) (undo-tree-id2253 . -1) (undo-tree-id2254 . -1) (undo-tree-id2255 . -1) (undo-tree-id2256 . -1) (undo-tree-id2257 . -1) (undo-tree-id2258 . -1) (undo-tree-id2259 . -1) (undo-tree-id2260 . -1) (undo-tree-id2261 . -1) (undo-tree-id2262 . -1) (undo-tree-id2263 . -1) (undo-tree-id2264 . -1) (undo-tree-id2265 . -1) (undo-tree-id2266 . -1) (undo-tree-id2267 . -1) (undo-tree-id2268 . -1) (undo-tree-id2269 . -1) (undo-tree-id2270 . -1) (undo-tree-id2271 . -1) (undo-tree-id2272 . -1) (undo-tree-id2273 . -1) (undo-tree-id2274 . -1) (undo-tree-id2275 . -1) (undo-tree-id2276 . -1) (undo-tree-id2277 . -1) (undo-tree-id2278 . -1) (undo-tree-id2279 . -1) (undo-tree-id2280 . -1) (undo-tree-id2281 . -1) (undo-tree-id2282 . -1) (undo-tree-id2283 . -1) (undo-tree-id2284 . -1) (undo-tree-id2285 . -1) (undo-tree-id2286 . -1) (undo-tree-id2287 . -1) (undo-tree-id2288 . -1) (undo-tree-id2289 . -1) (undo-tree-id2290 . -1) (undo-tree-id2291 . -1) (undo-tree-id2292 . -1) (undo-tree-id2293 . -1) (undo-tree-id2294 . -1) (undo-tree-id2295 . -1) (undo-tree-id2296 . -1) (undo-tree-id2297 . -1) (undo-tree-id2298 . -1) (undo-tree-id2299 . -1) (undo-tree-id2300 . -1) (undo-tree-id2301 . -1) (undo-tree-id2302 . -1) (undo-tree-id2303 . -1) (undo-tree-id2304 . -1) (undo-tree-id2305 . -1) (undo-tree-id2306 . -1) (undo-tree-id2307 . -1) (undo-tree-id2308 . -1) (undo-tree-id2309 . -1) (undo-tree-id2310 . -1) (undo-tree-id2311 . -1) (undo-tree-id2312 . -1) (undo-tree-id2313 . -1) (undo-tree-id2314 . -1) (undo-tree-id2315 . -1) (undo-tree-id2316 . -1) (undo-tree-id2317 . -1) (undo-tree-id2318 . -1) (undo-tree-id2319 . -1) (undo-tree-id2320 . -1) (undo-tree-id2321 . -1) (undo-tree-id2322 . -1) (undo-tree-id2323 . -1) (undo-tree-id2324 . -1) (undo-tree-id2325 . -1) (undo-tree-id2326 . -1) (undo-tree-id2327 . -1) (undo-tree-id2328 . -1) (undo-tree-id2329 . -1) (undo-tree-id2330 . -1) (undo-tree-id2331 . -1) (undo-tree-id2332 . -1) (undo-tree-id2333 . -1) (undo-tree-id2334 . -1) (undo-tree-id2335 . -1) (undo-tree-id2336 . -1) (undo-tree-id2337 . -1) (undo-tree-id2338 . -1) (undo-tree-id2339 . -1) (undo-tree-id2340 . -1) (undo-tree-id2341 . -1) (undo-tree-id2342 . -1) (undo-tree-id2343 . -1) (undo-tree-id2344 . -1) (undo-tree-id2345 . -1) (undo-tree-id2346 . -1) (undo-tree-id2347 . -1) (undo-tree-id2348 . -1) (undo-tree-id2349 . -1) (undo-tree-id2350 . -1) (undo-tree-id2351 . -1) (undo-tree-id2352 . -1) (undo-tree-id2353 . -1) (undo-tree-id2354 . -1) (undo-tree-id2355 . -1) (undo-tree-id2356 . -1) (undo-tree-id2357 . -1) (undo-tree-id2358 . -1) (undo-tree-id2359 . -1) (undo-tree-id2360 . -1) (undo-tree-id2361 . -1) (undo-tree-id2362 . -1) (undo-tree-id2363 . -1) (undo-tree-id2364 . -1) (undo-tree-id2365 . -1) (undo-tree-id2366 . -1) (undo-tree-id2367 . -1) (undo-tree-id2368 . -1) (undo-tree-id2369 . -1) (undo-tree-id2370 . -1) (undo-tree-id2371 . -1) (undo-tree-id2372 . -1) (undo-tree-id2373 . -1) (undo-tree-id2374 . -1) (undo-tree-id2375 . -1) (undo-tree-id2376 . -1) (undo-tree-id2377 . -1) (undo-tree-id2378 . -1) (undo-tree-id2379 . -1) (undo-tree-id2380 . -1) (undo-tree-id2381 . -1) (undo-tree-id2382 . -1) (undo-tree-id2383 . -1) (undo-tree-id2384 . -1) (undo-tree-id2385 . -1) (undo-tree-id2386 . -1) (undo-tree-id2387 . -1) (undo-tree-id2388 . -1) (undo-tree-id2389 . -1) (undo-tree-id2390 . -1) (undo-tree-id2391 . -1) (undo-tree-id2392 . -1) (undo-tree-id2393 . -1) (undo-tree-id2394 . -1) (undo-tree-id2395 . -1) (undo-tree-id2396 . -1) (undo-tree-id2397 . -1) (undo-tree-id2398 . -1) (undo-tree-id2399 . -1) (undo-tree-id2400 . -1) (undo-tree-id2401 . -1) (undo-tree-id2402 . -1) (undo-tree-id2403 . -1) (undo-tree-id2404 . -1) (undo-tree-id2405 . -1) (undo-tree-id2406 . -1) (undo-tree-id2407 . -1) (undo-tree-id2408 . -1) (undo-tree-id2409 . -1) (undo-tree-id2410 . -1) (undo-tree-id2411 . -1) (undo-tree-id2412 . -1) (undo-tree-id2413 . -1) (undo-tree-id2414 . -1) (undo-tree-id2415 . -1) (undo-tree-id2416 . -1) (undo-tree-id2417 . -1) (undo-tree-id2418 . -1) (undo-tree-id2419 . -1) (undo-tree-id2420 . -1) (undo-tree-id2421 . -1) (undo-tree-id2422 . -1) (undo-tree-id2423 . -1) (undo-tree-id2424 . -1) (undo-tree-id2425 . -1) (undo-tree-id2426 . -1) (undo-tree-id2427 . -1) (undo-tree-id2428 . -1) (undo-tree-id2429 . -1) (undo-tree-id2430 . -1) (undo-tree-id2431 . -1) (undo-tree-id2432 . -1) (undo-tree-id2433 . -1) (undo-tree-id2434 . -1) (undo-tree-id2435 . -1) (undo-tree-id2436 . -1) (undo-tree-id2437 . -1) (undo-tree-id2438 . -1) (undo-tree-id2439 . -1) (undo-tree-id2440 . -1) (undo-tree-id2441 . -1) (undo-tree-id2442 . -1) (undo-tree-id2443 . -1) (undo-tree-id2444 . -1) (undo-tree-id2445 . -1) (undo-tree-id2446 . -1) (undo-tree-id2447 . -1) (undo-tree-id2448 . -1) (undo-tree-id2449 . -1) (undo-tree-id2450 . -1) (undo-tree-id2451 . -1) (undo-tree-id2452 . -1) (undo-tree-id2453 . -1) (undo-tree-id2454 . -1) (undo-tree-id2455 . -1) (undo-tree-id2456 . -1) (undo-tree-id2457 . -1) (undo-tree-id2458 . -1) (undo-tree-id2459 . -1) (undo-tree-id2460 . -1) (undo-tree-id2461 . -1) (undo-tree-id2462 . -1) (undo-tree-id2463 . -1) (undo-tree-id2464 . -1) (undo-tree-id2465 . -1) (undo-tree-id2466 . -1) (undo-tree-id2467 . -1) (undo-tree-id2468 . -1) (undo-tree-id2469 . -1) (undo-tree-id2470 . -1) (undo-tree-id2471 . -1) (undo-tree-id2472 . -1) (undo-tree-id2473 . -1) (undo-tree-id2474 . -1) (undo-tree-id2475 . -1) (undo-tree-id2476 . -1) (undo-tree-id2477 . -1) (undo-tree-id2478 . -1) (undo-tree-id2479 . -1) (undo-tree-id2480 . -1) (undo-tree-id2481 . -1) (undo-tree-id2482 . -1) (undo-tree-id2483 . -1) (undo-tree-id2484 . -1) (undo-tree-id2485 . -1) (undo-tree-id2486 . -1) (undo-tree-id2487 . -1) (undo-tree-id2488 . -1) (undo-tree-id2489 . -1) (undo-tree-id2490 . -1) (undo-tree-id2491 . -1) (undo-tree-id2492 . -1) (undo-tree-id2493 . -1) (undo-tree-id2494 . -1) (undo-tree-id2495 . -1) (undo-tree-id2496 . -1) (undo-tree-id2497 . -1) (undo-tree-id2498 . -1) (undo-tree-id2499 . -1) (undo-tree-id2500 . -1) (undo-tree-id2501 . -1) (undo-tree-id2502 . -1) (undo-tree-id2503 . -1) (undo-tree-id2504 . -1) (undo-tree-id2505 . -1) (undo-tree-id2506 . -1) (undo-tree-id2507 . -1) (undo-tree-id2508 . -1) (undo-tree-id2509 . -1) (undo-tree-id2510 . -1) (undo-tree-id2511 . -1) (undo-tree-id2512 . -1) (undo-tree-id2513 . -1) (undo-tree-id2514 . -1) (undo-tree-id2515 . -1) (undo-tree-id2516 . -1) (undo-tree-id2517 . -1) (undo-tree-id2518 . -1) (undo-tree-id2519 . -1) (undo-tree-id2520 . -1) (undo-tree-id2521 . -1) (undo-tree-id2522 . -1) (undo-tree-id2523 . -1) (undo-tree-id2524 . -1) (undo-tree-id2525 . -1) (undo-tree-id2526 . -1) (undo-tree-id2527 . -1) (undo-tree-id2528 . -1) (undo-tree-id2529 . -1) (undo-tree-id2530 . -1) (undo-tree-id2531 . -1) (undo-tree-id2532 . -1) (undo-tree-id2533 . -1) (undo-tree-id2534 . -1) (undo-tree-id2535 . -1) (undo-tree-id2536 . -1) (undo-tree-id2537 . -1) (undo-tree-id2538 . -1) (undo-tree-id2539 . -1) (undo-tree-id2540 . -1) (undo-tree-id2541 . -1) (undo-tree-id2542 . -1) (undo-tree-id2543 . -1) (undo-tree-id2544 . -1) (undo-tree-id2545 . -1) (undo-tree-id2546 . -1) (undo-tree-id2547 . -1) (undo-tree-id2548 . -1) (undo-tree-id2549 . -1) (undo-tree-id2550 . -1) (undo-tree-id2551 . -1) (undo-tree-id2552 . -1) (undo-tree-id2553 . -1) (undo-tree-id2554 . -1) (undo-tree-id2555 . -1) (undo-tree-id2556 . -1) (undo-tree-id2557 . -1) (undo-tree-id2558 . -1) (undo-tree-id2559 . -1) (undo-tree-id2560 . -1) (undo-tree-id2561 . -1) (undo-tree-id2562 . -1) (undo-tree-id2563 . -1) (undo-tree-id2564 . -1) (undo-tree-id2565 . -1) (undo-tree-id2566 . -1) (undo-tree-id2567 . -1) (undo-tree-id2568 . -1) (undo-tree-id2569 . -1) (undo-tree-id2570 . -1) (undo-tree-id2571 . -1) (undo-tree-id2572 . -1) (undo-tree-id2573 . -1) (undo-tree-id2574 . -1) (undo-tree-id2575 . -1) (undo-tree-id2576 . -1) (undo-tree-id2577 . -1) (undo-tree-id2578 . -1) (undo-tree-id2579 . -1) (undo-tree-id2580 . -1) (undo-tree-id2581 . -1) (undo-tree-id2582 . -1) (undo-tree-id2583 . -1) (undo-tree-id2584 . -1) (undo-tree-id2585 . -1) (undo-tree-id2586 . -1) (undo-tree-id2587 . -1) (undo-tree-id2588 . -1) (undo-tree-id2589 . -1) (undo-tree-id2590 . -1) (undo-tree-id2591 . -1) (undo-tree-id2592 . -1) (undo-tree-id2593 . -1) (undo-tree-id2594 . -1) (undo-tree-id2595 . -1) (undo-tree-id2596 . -1) (undo-tree-id2597 . -1) (undo-tree-id2598 . -1) (undo-tree-id2599 . -1) (undo-tree-id2600 . -1) (undo-tree-id2601 . -1) (undo-tree-id2602 . -1) (undo-tree-id2603 . -1) (undo-tree-id2604 . -1) (undo-tree-id2605 . -1) (undo-tree-id2606 . -1) (undo-tree-id2607 . -1) (undo-tree-id2608 . -1) (undo-tree-id2609 . -1) (undo-tree-id2610 . -1) (undo-tree-id2611 . -1) (undo-tree-id2612 . -1) (undo-tree-id2613 . -1) (undo-tree-id2614 . -1) (undo-tree-id2615 . -1) (undo-tree-id2616 . -1) (undo-tree-id2617 . -1) (undo-tree-id2618 . -1) (undo-tree-id2619 . -1) (undo-tree-id2620 . -1) (undo-tree-id2621 . -1) (undo-tree-id2622 . -1) (undo-tree-id2623 . -1) (undo-tree-id2624 . -1) (undo-tree-id2625 . -1) (undo-tree-id2626 . -1) (undo-tree-id2627 . -1) (undo-tree-id2628 . -1) (undo-tree-id2629 . -1) (undo-tree-id2630 . -1) (undo-tree-id2631 . -1) (undo-tree-id2632 . -1) (undo-tree-id2633 . -1) (undo-tree-id2634 . -1) (undo-tree-id2635 . -1) (undo-tree-id2636 . -1) (undo-tree-id2637 . -1) (undo-tree-id2638 . -1) (undo-tree-id2639 . -1) (undo-tree-id2640 . -1) (undo-tree-id2641 . -1) (undo-tree-id2642 . -1) (undo-tree-id2643 . -1) (undo-tree-id2644 . -1) (undo-tree-id2645 . -1) (undo-tree-id2646 . -1) (undo-tree-id2647 . -1) (undo-tree-id2648 . -1) (undo-tree-id2649 . -1) (undo-tree-id2650 . -1) (undo-tree-id2651 . -1) (undo-tree-id2652 . -1) (undo-tree-id2653 . -1) (undo-tree-id2654 . -1) (undo-tree-id2655 . -1) (undo-tree-id2656 . -1) (undo-tree-id2657 . -1) (undo-tree-id2658 . -1) (undo-tree-id2659 . -1) (undo-tree-id2660 . -1) (undo-tree-id2661 . -1) (undo-tree-id2662 . -1) (undo-tree-id2663 . -1) (undo-tree-id2664 . -1) (undo-tree-id2665 . -1) (undo-tree-id2666 . -1) (undo-tree-id2667 . -1) (undo-tree-id2668 . -1) (undo-tree-id2669 . -1) (undo-tree-id2670 . -1) (undo-tree-id2671 . -1) (undo-tree-id2672 . -1) (undo-tree-id2673 . -1) (undo-tree-id2674 . -1) (undo-tree-id2675 . -1) (undo-tree-id2676 . -1) (undo-tree-id2677 . -1) (undo-tree-id2678 . -1) (undo-tree-id2679 . -1) (undo-tree-id2680 . -1) (undo-tree-id2681 . -1) (undo-tree-id2682 . -1) (undo-tree-id2683 . -1) (undo-tree-id2684 . -1) (undo-tree-id2685 . -1) (undo-tree-id2686 . -1) (undo-tree-id2687 . -1) (undo-tree-id2688 . -1) (undo-tree-id2689 . -1) (undo-tree-id2690 . -1) (undo-tree-id2691 . -1) (undo-tree-id2692 . -1) (undo-tree-id2693 . -1) (undo-tree-id2694 . -1) (undo-tree-id2695 . -1) (undo-tree-id2696 . -1) (undo-tree-id2697 . -1) (undo-tree-id2698 . -1) (undo-tree-id2699 . -1) (undo-tree-id2700 . -1) (undo-tree-id2701 . -1) (undo-tree-id2702 . -1) (undo-tree-id2703 . -1) (undo-tree-id2704 . -1) (undo-tree-id2705 . -1) (undo-tree-id2706 . -1) (undo-tree-id2707 . -1) (undo-tree-id2708 . -1) (undo-tree-id2709 . -1) (undo-tree-id2710 . -1) (undo-tree-id2711 . -1) (undo-tree-id2712 . -1) (undo-tree-id2713 . -1) (undo-tree-id2714 . -1) (undo-tree-id2715 . -1) (undo-tree-id2716 . -1) (undo-tree-id2717 . -1) (undo-tree-id2718 . -1) (undo-tree-id2719 . -1) (undo-tree-id2720 . -1) (undo-tree-id2721 . -1) (undo-tree-id2722 . -1) (undo-tree-id2723 . -1) (undo-tree-id2724 . -1) (undo-tree-id2725 . -1) (undo-tree-id2726 . -1) (undo-tree-id2727 . -1) (undo-tree-id2728 . -1) (undo-tree-id2729 . -1) (undo-tree-id2730 . -1) (undo-tree-id2731 . -1) (undo-tree-id2732 . -1) (undo-tree-id2733 . -1) (undo-tree-id2734 . -1) (undo-tree-id2735 . -1) (undo-tree-id2736 . -1) (undo-tree-id2737 . -1) (undo-tree-id2738 . -1) (undo-tree-id2739 . -1) (undo-tree-id2740 . -1) (undo-tree-id2741 . -1) (undo-tree-id2742 . -1) (undo-tree-id2743 . -1) (undo-tree-id2744 . -1) (undo-tree-id2745 . -1) (undo-tree-id2746 . -1) (undo-tree-id2747 . -1) (undo-tree-id2748 . -1) (undo-tree-id2749 . -1) (undo-tree-id2750 . -1) (undo-tree-id2751 . -1) (undo-tree-id2752 . -1) (undo-tree-id2753 . -1) (undo-tree-id2754 . -1) (undo-tree-id2755 . -1) (undo-tree-id2756 . -1) (undo-tree-id2757 . -1) (undo-tree-id2758 . -1) (undo-tree-id2759 . -1) (undo-tree-id2760 . -1) (undo-tree-id2761 . -1) (undo-tree-id2762 . -1) (undo-tree-id2763 . -1) (undo-tree-id2764 . -1) (undo-tree-id2765 . -1) (undo-tree-id2766 . -1) (undo-tree-id2767 . -1) (undo-tree-id2768 . -1) (undo-tree-id2769 . -1) (undo-tree-id2770 . -1) (undo-tree-id2771 . -1) (undo-tree-id2772 . -1) (undo-tree-id2773 . -1) (undo-tree-id2774 . -1) (undo-tree-id2775 . -1) (undo-tree-id2776 . -1) (undo-tree-id2777 . -1) (undo-tree-id2778 . -1) (undo-tree-id2779 . -1) (undo-tree-id2780 . -1) (undo-tree-id2781 . -1) (undo-tree-id2782 . -1) (undo-tree-id2783 . -1) (undo-tree-id2784 . -1) (undo-tree-id2785 . -1) (undo-tree-id2786 . -1) (undo-tree-id2787 . -1) (undo-tree-id2788 . -1) (undo-tree-id2789 . -1) (undo-tree-id2790 . -1) (undo-tree-id2791 . -1) (undo-tree-id2792 . -1) (undo-tree-id2793 . -1) (undo-tree-id2794 . -1) (undo-tree-id2795 . -1) (undo-tree-id2796 . -1) (undo-tree-id2797 . -1) (undo-tree-id2798 . -1) (undo-tree-id2799 . -1) (undo-tree-id2800 . -1) (undo-tree-id2801 . -1) (undo-tree-id2802 . -1) (undo-tree-id2803 . -1) (undo-tree-id2804 . -1) (undo-tree-id2805 . -1) (undo-tree-id2806 . -1) (undo-tree-id2807 . -1) (undo-tree-id2808 . -1) (undo-tree-id2809 . -1) (undo-tree-id2810 . -1) (undo-tree-id2811 . -1) (undo-tree-id2812 . -1) (undo-tree-id2813 . -1) (undo-tree-id2814 . -1) (undo-tree-id2815 . -1) (undo-tree-id2816 . -1) (undo-tree-id2817 . -1) (undo-tree-id2818 . -1) (undo-tree-id2819 . -1) (undo-tree-id2820 . -1) (undo-tree-id2821 . -1) (undo-tree-id2822 . -1) (undo-tree-id2823 . -1) (undo-tree-id2824 . -1) (undo-tree-id2825 . -1) (undo-tree-id2826 . -1) (undo-tree-id2827 . -1) (undo-tree-id2828 . -1) (undo-tree-id2829 . -1) (undo-tree-id2830 . -1) (undo-tree-id2831 . -1) (undo-tree-id2832 . -1) (undo-tree-id2833 . -1) (undo-tree-id2834 . -1) (undo-tree-id2835 . -1) (undo-tree-id2836 . -1) (undo-tree-id2837 . -1) (undo-tree-id2838 . -1) (undo-tree-id2839 . -1) (undo-tree-id2840 . -1) (undo-tree-id2841 . -1) (undo-tree-id2842 . -1) (undo-tree-id2843 . -1) (undo-tree-id2844 . -1) (undo-tree-id2845 . -1) (undo-tree-id2846 . -1) (undo-tree-id2847 . -1) (undo-tree-id2848 . -1) (undo-tree-id2849 . -1) (undo-tree-id2850 . -1) (undo-tree-id2851 . -1) (undo-tree-id2852 . -1) (undo-tree-id2853 . -1) (undo-tree-id2854 . -1) (undo-tree-id2855 . -1) (undo-tree-id2856 . -1) (undo-tree-id2857 . -1) (undo-tree-id2858 . -1) (undo-tree-id2859 . -1) (undo-tree-id2860 . -1) (undo-tree-id2861 . -1) (undo-tree-id2862 . -1) (undo-tree-id2863 . -1) (undo-tree-id2864 . -1) (undo-tree-id2865 . -1) (undo-tree-id2866 . -1) (undo-tree-id2867 . -1) (undo-tree-id2868 . -1) (undo-tree-id2869 . -1) (undo-tree-id2870 . -1) (undo-tree-id2871 . -1) (undo-tree-id2872 . -1) (undo-tree-id2873 . -1) (undo-tree-id2874 . -1) (undo-tree-id2875 . -1) (undo-tree-id2876 . -1) (undo-tree-id2877 . -1) (undo-tree-id2878 . -1) (undo-tree-id2879 . -1) (undo-tree-id2880 . -1) (undo-tree-id2881 . -1) (undo-tree-id2882 . -1) (undo-tree-id2883 . -1) (undo-tree-id2884 . -1) (undo-tree-id2885 . -1) (undo-tree-id2886 . -1) (undo-tree-id2887 . -1) (undo-tree-id2888 . -1) (undo-tree-id2889 . -1) (undo-tree-id2890 . -1) (undo-tree-id2891 . -1) (undo-tree-id2892 . -1) (undo-tree-id2893 . -1) (undo-tree-id2894 . -1) (undo-tree-id2895 . -1) (undo-tree-id2896 . -1) (undo-tree-id2897 . -1) (undo-tree-id2898 . -1) (undo-tree-id2899 . -1) (undo-tree-id2900 . -1) (undo-tree-id2901 . -1) (undo-tree-id2902 . -1) (undo-tree-id2903 . -1) (undo-tree-id2904 . -1) (undo-tree-id2905 . -1) (undo-tree-id2906 . -1) (undo-tree-id2907 . -1) (undo-tree-id2908 . -1) (undo-tree-id2909 . -1) (undo-tree-id2910 . -1) (undo-tree-id2911 . -1) (undo-tree-id2912 . -1) (undo-tree-id2913 . -1) (undo-tree-id2914 . -1) (undo-tree-id2915 . -1) (undo-tree-id2916 . -1) (undo-tree-id2917 . -1) (undo-tree-id2918 . -1) (undo-tree-id2919 . -1) (undo-tree-id2920 . -1) (undo-tree-id2921 . -1) (undo-tree-id2922 . -1) (undo-tree-id2923 . -1) (undo-tree-id2924 . -1) (undo-tree-id2925 . -1) (undo-tree-id2926 . -1) (undo-tree-id2927 . -1) (undo-tree-id2928 . -1) (undo-tree-id2929 . -1) (undo-tree-id2930 . -1) (undo-tree-id2931 . -1) (undo-tree-id2932 . -1) (undo-tree-id2933 . -1) (undo-tree-id2934 . -1) (undo-tree-id2935 . -1) (undo-tree-id2936 . -1) (undo-tree-id2937 . -1) (undo-tree-id2938 . -1) (undo-tree-id2939 . -1) (undo-tree-id2940 . -1) (undo-tree-id2941 . -1) (undo-tree-id2942 . -1) (undo-tree-id2943 . -1) (undo-tree-id2944 . -1) (undo-tree-id2945 . -1) (undo-tree-id2946 . -1) (undo-tree-id2947 . -1) (undo-tree-id2948 . -1) (undo-tree-id2949 . -1) (undo-tree-id2950 . -1) (undo-tree-id2951 . -1) (undo-tree-id2952 . -1) (undo-tree-id2953 . -1) (undo-tree-id2954 . -1) (undo-tree-id2955 . -1) (undo-tree-id2956 . -1) (undo-tree-id2957 . -1) (undo-tree-id2958 . -1) (undo-tree-id2959 . -1) (undo-tree-id2960 . -1) (undo-tree-id2961 . -1) (undo-tree-id2962 . -1) (undo-tree-id2963 . -1) (undo-tree-id2964 . -1) (undo-tree-id2965 . -1) (undo-tree-id2966 . -1) (undo-tree-id2967 . -1) (undo-tree-id2968 . -1) (undo-tree-id2969 . -1) (undo-tree-id2970 . -1) (undo-tree-id2971 . -1) (undo-tree-id2972 . -1) (undo-tree-id2973 . -1) (undo-tree-id2974 . -1) (undo-tree-id2975 . -1) (undo-tree-id2976 . -1) (undo-tree-id2977 . -1) (undo-tree-id2978 . -1) (undo-tree-id2979 . -1) (undo-tree-id2980 . -1) (undo-tree-id2981 . -1) (undo-tree-id2982 . -1) (undo-tree-id2983 . -1) (undo-tree-id2984 . -1) (undo-tree-id2985 . -1) (undo-tree-id2986 . -1) (undo-tree-id2987 . -1) (undo-tree-id2988 . -1) (undo-tree-id2989 . -1) (undo-tree-id2990 . -1) (undo-tree-id2991 . -1) (undo-tree-id2992 . -1) (undo-tree-id2993 . -1) (undo-tree-id2994 . -1) (undo-tree-id2995 . -1) (undo-tree-id2996 . -1) (undo-tree-id2997 . -1) (undo-tree-id2998 . -1) (undo-tree-id2999 . -1) (undo-tree-id3000 . -1) (undo-tree-id3001 . -1) (undo-tree-id3002 . -1) (undo-tree-id3003 . -1) (undo-tree-id3004 . -1) (undo-tree-id3005 . -1) (undo-tree-id3006 . -1) (undo-tree-id3007 . -1) (undo-tree-id3008 . -1) (undo-tree-id3009 . -1) (undo-tree-id3010 . -1) (undo-tree-id3011 . -1) (undo-tree-id3012 . -1) (undo-tree-id3013 . -1) (undo-tree-id3014 . -1) (undo-tree-id3015 . -1) (undo-tree-id3016 . -1) (undo-tree-id3017 . -1) (undo-tree-id3018 . -1) (undo-tree-id3019 . -1) (undo-tree-id3020 . -1) (undo-tree-id3021 . -1) (undo-tree-id3022 . -1) (undo-tree-id3023 . -1) (undo-tree-id3024 . -1) (undo-tree-id3025 . -1) (undo-tree-id3026 . -1) (undo-tree-id3027 . -1) (undo-tree-id3028 . -1) (undo-tree-id3029 . -1) (undo-tree-id3030 . -1) (undo-tree-id3031 . -1) (undo-tree-id3032 . -1) (undo-tree-id3033 . -1) (undo-tree-id3034 . -1) (undo-tree-id3035 . -1) (undo-tree-id3036 . -1) (undo-tree-id3037 . -1) (undo-tree-id3038 . -1) (undo-tree-id3039 . -1) (undo-tree-id3040 . -1) (undo-tree-id3041 . -1) (undo-tree-id3042 . -1) (undo-tree-id3043 . -1) (undo-tree-id3044 . -1) (undo-tree-id3045 . -1) (undo-tree-id3046 . -1) (undo-tree-id3047 . -1) (undo-tree-id3048 . -1) (undo-tree-id3049 . -1) (undo-tree-id3050 . -1) (undo-tree-id3051 . -1) (undo-tree-id3052 . -1) (undo-tree-id3053 . -1) (undo-tree-id3054 . -1) (undo-tree-id3055 . -1) (undo-tree-id3056 . -1) (undo-tree-id3057 . -1) (undo-tree-id3058 . -1) (undo-tree-id3059 . -1) (undo-tree-id3060 . -1) (undo-tree-id3061 . -1) (undo-tree-id3062 . -1) (undo-tree-id3063 . -1) (undo-tree-id3064 . -1) (undo-tree-id3065 . -1) (undo-tree-id3066 . -1) (undo-tree-id3067 . -1) (undo-tree-id3068 . -1) (undo-tree-id3069 . -1) (undo-tree-id3070 . -1) (undo-tree-id3071 . -1) (undo-tree-id3072 . -1) (undo-tree-id3073 . -1) (undo-tree-id3074 . -1) (undo-tree-id3075 . -1) (undo-tree-id3076 . -1) (undo-tree-id3077 . -1) (undo-tree-id3078 . -1) (undo-tree-id3079 . -1) (undo-tree-id3080 . -1) (undo-tree-id3081 . -1) (undo-tree-id3082 . -1) (undo-tree-id3083 . -1) (undo-tree-id3084 . -1) (undo-tree-id3085 . -1) (undo-tree-id3086 . -1) (undo-tree-id3087 . -1) (undo-tree-id3088 . -1) (undo-tree-id3089 . -1) (undo-tree-id3090 . -1) (undo-tree-id3091 . -1) (undo-tree-id3092 . -1) (undo-tree-id3093 . -1) (undo-tree-id3094 . -1) (undo-tree-id3095 . -1) (undo-tree-id3096 . -1) (undo-tree-id3097 . -1) (undo-tree-id3098 . -1) (undo-tree-id3099 . -1) (undo-tree-id3100 . -1) (undo-tree-id3101 . -1) (undo-tree-id3102 . -1) (undo-tree-id3103 . -1) (undo-tree-id3104 . -1) (undo-tree-id3105 . -1) (undo-tree-id3106 . -1) (undo-tree-id3107 . -1) (undo-tree-id3108 . -1) (undo-tree-id3109 . -1) (undo-tree-id3110 . -1) (undo-tree-id3111 . -1) (undo-tree-id3112 . -1) (undo-tree-id3113 . -1) (undo-tree-id3114 . -1) (undo-tree-id3115 . -1) (undo-tree-id3116 . -1) (undo-tree-id3117 . -1) (undo-tree-id3118 . -1) (undo-tree-id3119 . -1) (undo-tree-id3120 . -1) (undo-tree-id3121 . -1) (undo-tree-id3122 . -1) (undo-tree-id3123 . -1) (undo-tree-id3124 . -1) (undo-tree-id3125 . -1) (undo-tree-id3126 . -1) (undo-tree-id3127 . -1) (undo-tree-id3128 . -1) (undo-tree-id3129 . -1) (undo-tree-id3130 . -1) (undo-tree-id3131 . -1) (undo-tree-id3132 . -1) (undo-tree-id3133 . -1) (undo-tree-id3134 . -1) (undo-tree-id3135 . -1) (undo-tree-id3136 . -1) (undo-tree-id3137 . -1) (undo-tree-id3138 . -1) (undo-tree-id3139 . -1) (undo-tree-id3140 . -1) (undo-tree-id3141 . -1) (undo-tree-id3142 . -1) (undo-tree-id3143 . -1) (undo-tree-id3144 . -1) (undo-tree-id3145 . -1) (undo-tree-id3146 . -1) (undo-tree-id3147 . -1) (undo-tree-id3148 . -1) (undo-tree-id3149 . -1) (undo-tree-id3150 . -1) (undo-tree-id3151 . -1) (undo-tree-id3152 . -1) (undo-tree-id3153 . -1) (undo-tree-id3154 . -1) (undo-tree-id3155 . -1) (undo-tree-id3156 . -1) (undo-tree-id3157 . -1) (undo-tree-id3158 . -1) (undo-tree-id3159 . -1) (undo-tree-id3160 . -1) (undo-tree-id3161 . -1) (undo-tree-id3162 . -1) (undo-tree-id3163 . -1) (undo-tree-id3164 . -1) (undo-tree-id3165 . -1) (undo-tree-id3166 . -1) (undo-tree-id3167 . -1) (undo-tree-id3168 . -1) (undo-tree-id3169 . -1) (undo-tree-id3170 . -1) (undo-tree-id3171 . -1) (undo-tree-id3172 . -1) (undo-tree-id3173 . -1) (undo-tree-id3174 . -1) (undo-tree-id3175 . -1) (undo-tree-id3176 . -1) (undo-tree-id3177 . -1) (undo-tree-id3178 . -1) (undo-tree-id3179 . -1) (undo-tree-id3180 . -1) (undo-tree-id3181 . -1) (undo-tree-id3182 . -1) (undo-tree-id3183 . -1) (undo-tree-id3184 . -1) (undo-tree-id3185 . -1) (undo-tree-id3186 . -1) (undo-tree-id3187 . -1) (undo-tree-id3188 . -1) (undo-tree-id3189 . -1) (undo-tree-id3190 . -1) (undo-tree-id3191 . -1) (undo-tree-id3192 . -1) (undo-tree-id3193 . -1) (undo-tree-id3194 . -1) (undo-tree-id3195 . -1) (undo-tree-id3196 . -1) (undo-tree-id3197 . -1) (undo-tree-id3198 . -1) (undo-tree-id3199 . -1) (undo-tree-id3200 . -1) (undo-tree-id3201 . -1) (undo-tree-id3202 . -1) (undo-tree-id3203 . -1) (undo-tree-id3204 . -1) (undo-tree-id3205 . -1) (undo-tree-id3206 . -1) (undo-tree-id3207 . -1) (undo-tree-id3208 . -1) (undo-tree-id3209 . -1) (undo-tree-id3210 . -1) (undo-tree-id3211 . -1) (undo-tree-id3212 . -1) (undo-tree-id3213 . -1) (undo-tree-id3214 . -1) (undo-tree-id3215 . -1) (undo-tree-id3216 . -1) (undo-tree-id3217 . -1) (undo-tree-id3218 . -1) (undo-tree-id3219 . -1) (undo-tree-id3220 . -1) (undo-tree-id3221 . -1) (undo-tree-id3222 . -1) (undo-tree-id3223 . -1) (undo-tree-id3224 . -1) (undo-tree-id3225 . -1) (undo-tree-id3226 . -1) (undo-tree-id3227 . -1) (undo-tree-id3228 . -1) (undo-tree-id3229 . -1) (undo-tree-id3230 . -1) (undo-tree-id3231 . -1) (undo-tree-id3232 . -1) (undo-tree-id3233 . -1) (undo-tree-id3234 . -1) (undo-tree-id3235 . -1) (undo-tree-id3236 . -1) (undo-tree-id3237 . -1) (undo-tree-id3238 . -1) (undo-tree-id3239 . -1) (undo-tree-id3240 . -1) (undo-tree-id3241 . -1) (undo-tree-id3242 . -1) (undo-tree-id3243 . -1) (undo-tree-id3244 . -1) (undo-tree-id3245 . -1) (undo-tree-id3246 . -1) (undo-tree-id3247 . -1) (undo-tree-id3248 . -1) (undo-tree-id3249 . -1) (undo-tree-id3250 . -1) (undo-tree-id3251 . -1) (undo-tree-id3252 . -1) (undo-tree-id3253 . -1) (undo-tree-id3254 . -1) (undo-tree-id3255 . -1) (undo-tree-id3256 . -1) (undo-tree-id3257 . -1) (undo-tree-id3258 . -1) (undo-tree-id3259 . -1) (undo-tree-id3260 . -1) (undo-tree-id3261 . -1) (undo-tree-id3262 . -1) (undo-tree-id3263 . -1) (undo-tree-id3264 . -1) (undo-tree-id3265 . -1) (undo-tree-id3266 . -1) (undo-tree-id3267 . -1) (undo-tree-id3268 . -1) (undo-tree-id3269 . -1) (undo-tree-id3270 . -1) (undo-tree-id3271 . -1) (undo-tree-id3272 . -1) (undo-tree-id3273 . -1) (undo-tree-id3274 . -1) (undo-tree-id3275 . -1) (undo-tree-id3276 . -1) (undo-tree-id3277 . -1) (undo-tree-id3278 . -1) (undo-tree-id3279 . -1) (undo-tree-id3280 . -1) (undo-tree-id3281 . -1) (undo-tree-id3282 . -1) (undo-tree-id3283 . -1) (undo-tree-id3284 . -1) (undo-tree-id3285 . -1) (undo-tree-id3286 . -1) (undo-tree-id3287 . -1) (undo-tree-id3288 . -1) (undo-tree-id3289 . -1) (undo-tree-id3290 . -1) (undo-tree-id3291 . -1) (undo-tree-id3292 . -1) (undo-tree-id3293 . -1) (undo-tree-id3294 . -1) (undo-tree-id3295 . -1) (undo-tree-id3296 . -1) (undo-tree-id3297 . -1) (undo-tree-id3298 . -1) (undo-tree-id3299 . -1) (undo-tree-id3300 . -1) (undo-tree-id3301 . -1) (undo-tree-id3302 . -1) (undo-tree-id3303 . -1) (undo-tree-id3304 . -1) (undo-tree-id3305 . -1) (undo-tree-id3306 . -1) (undo-tree-id3307 . -1) (undo-tree-id3308 . -1) (undo-tree-id3309 . -1) (undo-tree-id3310 . -1) (undo-tree-id3311 . -1) (undo-tree-id3312 . -1) (undo-tree-id3313 . -1) (undo-tree-id3314 . -1) (undo-tree-id3315 . -1) (undo-tree-id3316 . -1) (undo-tree-id3317 . -1) (undo-tree-id3318 . -1) (undo-tree-id3319 . -1) (undo-tree-id3320 . -1) (undo-tree-id3321 . -1) (undo-tree-id3322 . -1) (undo-tree-id3323 . -1) (undo-tree-id3324 . -1) (undo-tree-id3325 . -1) (undo-tree-id3326 . -1) (undo-tree-id3327 . -1) (undo-tree-id3328 . -1) (undo-tree-id3329 . -1) (undo-tree-id3330 . -1) (undo-tree-id3331 . -1) (undo-tree-id3332 . -1) (undo-tree-id3333 . -1) (undo-tree-id3334 . -1) (undo-tree-id3335 . -1) (undo-tree-id3336 . -1) (undo-tree-id3337 . -1) (undo-tree-id3338 . -1) (undo-tree-id3339 . -1) (undo-tree-id3340 . -1) (undo-tree-id3341 . -1) (undo-tree-id3342 . -1) (undo-tree-id3343 . -1) (undo-tree-id3344 . -1) (undo-tree-id3345 . -1) (undo-tree-id3346 . -1) (undo-tree-id3347 . -1) (undo-tree-id3348 . -1) (undo-tree-id3349 . -1) (undo-tree-id3350 . -1) (undo-tree-id3351 . -1) (undo-tree-id3352 . -1) (undo-tree-id3353 . -1) (undo-tree-id3354 . -1) (undo-tree-id3355 . -1) (undo-tree-id3356 . -1) (undo-tree-id3357 . -1) (undo-tree-id3358 . -1) (undo-tree-id3359 . -1) (undo-tree-id3360 . -1) (undo-tree-id3361 . -1) (undo-tree-id3362 . -1) (undo-tree-id3363 . -1) (undo-tree-id3364 . -1) (undo-tree-id3365 . -1) (undo-tree-id3366 . -1) (undo-tree-id3367 . -1) (undo-tree-id3368 . -1) (undo-tree-id3369 . -1) (undo-tree-id3370 . -1) (undo-tree-id3371 . -1) (undo-tree-id3372 . -1) (undo-tree-id3373 . -1) (undo-tree-id3374 . -1) (undo-tree-id3375 . -1) (undo-tree-id3376 . -1) (undo-tree-id3377 . -1) (undo-tree-id3378 . -1) (undo-tree-id3379 . -1) (undo-tree-id3380 . -1) (undo-tree-id3381 . -1) (undo-tree-id3382 . -1) (undo-tree-id3383 . -1) (undo-tree-id3384 . -1) (undo-tree-id3385 . -1) (undo-tree-id3386 . -1) (undo-tree-id3387 . -1) (undo-tree-id3388 . -1) (undo-tree-id3389 . -1) (undo-tree-id3390 . -1) (undo-tree-id3391 . -1) (undo-tree-id3392 . -1) (undo-tree-id3393 . -1) (undo-tree-id3394 . -1) (undo-tree-id3395 . -1) (undo-tree-id3396 . -1) (undo-tree-id3397 . -1) (undo-tree-id3398 . -1) (undo-tree-id3399 . -1) (undo-tree-id3400 . -1) (undo-tree-id3401 . -1) (undo-tree-id3402 . -1) (undo-tree-id3403 . -1) (undo-tree-id3404 . -1) (undo-tree-id3405 . -1) (undo-tree-id3406 . -1) (undo-tree-id3407 . -1) (undo-tree-id3408 . -1) (undo-tree-id3409 . -1) (undo-tree-id3410 . -1) (undo-tree-id3411 . -1) (undo-tree-id3412 . -1) (undo-tree-id3413 . -1) (undo-tree-id3414 . -1) (undo-tree-id3415 . -1) (undo-tree-id3416 . -1) (undo-tree-id3417 . -1) (undo-tree-id3418 . -1) (undo-tree-id3419 . -1) (undo-tree-id3420 . -1) (undo-tree-id3421 . -1) (undo-tree-id3422 . -1) (undo-tree-id3423 . -1) (undo-tree-id3424 . -1) (undo-tree-id3425 . -1) (undo-tree-id3426 . -1) (undo-tree-id3427 . -1) (undo-tree-id3428 . -1) (undo-tree-id3429 . -1) (undo-tree-id3430 . -1) (undo-tree-id3431 . -1) (undo-tree-id3432 . -1) (undo-tree-id3433 . -1) (undo-tree-id3434 . -1) (undo-tree-id3435 . -1) (undo-tree-id3436 . -1) (undo-tree-id3437 . -1) (undo-tree-id3438 . -1) (undo-tree-id3439 . -1) (undo-tree-id3440 . -1) (undo-tree-id3441 . -1) (undo-tree-id3442 . -1) (undo-tree-id3443 . -1) (undo-tree-id3444 . -1) (undo-tree-id3445 . -1) (undo-tree-id3446 . -1) (undo-tree-id3447 . -1) (undo-tree-id3448 . -1) (undo-tree-id3449 . -1) (undo-tree-id3450 . -1) (undo-tree-id3451 . -1) (undo-tree-id3452 . -1) (undo-tree-id3453 . -1) (undo-tree-id3454 . -1) (undo-tree-id3455 . -1) (undo-tree-id3456 . -1) (undo-tree-id3457 . -1) (undo-tree-id3458 . -1) (undo-tree-id3459 . -1) (undo-tree-id3460 . -1) (undo-tree-id3461 . -1) (undo-tree-id3462 . -1) (undo-tree-id3463 . -1) (undo-tree-id3464 . -1) (undo-tree-id3465 . -1) (undo-tree-id3466 . -1) (undo-tree-id3467 . -1) (undo-tree-id3468 . -1) (undo-tree-id3469 . -1) (undo-tree-id3470 . -1) (undo-tree-id3471 . -1) (undo-tree-id3472 . -1) (undo-tree-id3473 . -1) (undo-tree-id3474 . -1) (undo-tree-id3475 . -1) (undo-tree-id3476 . -1) (undo-tree-id3477 . -1) (undo-tree-id3478 . -1) (undo-tree-id3479 . -1) (undo-tree-id3480 . -1) (undo-tree-id3481 . -1) (undo-tree-id3482 . -1) (undo-tree-id3483 . -1) (undo-tree-id3484 . -1) (undo-tree-id3485 . -1) (undo-tree-id3486 . -1) (undo-tree-id3487 . -1) (undo-tree-id3488 . -1) (undo-tree-id3489 . -1) (undo-tree-id3490 . -1) (undo-tree-id3491 . -1) (undo-tree-id3492 . -1) (undo-tree-id3493 . -1) (undo-tree-id3494 . -1) (undo-tree-id3495 . -1) (undo-tree-id3496 . -1) (undo-tree-id3497 . -1) (undo-tree-id3498 . -1) (undo-tree-id3499 . -1) (undo-tree-id3500 . -1) (undo-tree-id3501 . -1) (undo-tree-id3502 . -1) (undo-tree-id3503 . -1) (undo-tree-id3504 . -1) (undo-tree-id3505 . -1) (undo-tree-id3506 . -1) (undo-tree-id3507 . -1) (undo-tree-id3508 . -1) (undo-tree-id3509 . -1) (undo-tree-id3510 . -1) (undo-tree-id3511 . -1) (undo-tree-id3512 . -1) (undo-tree-id3513 . -1) (undo-tree-id3514 . -1) (undo-tree-id3515 . -1) (undo-tree-id3516 . -1) (undo-tree-id3517 . -1) (undo-tree-id3518 . -1) (undo-tree-id3519 . -1) (undo-tree-id3520 . -1) (undo-tree-id3521 . -1) (undo-tree-id3522 . -1) (undo-tree-id3523 . -1) (undo-tree-id3524 . -1) (undo-tree-id3525 . -1) (undo-tree-id3526 . -1) (undo-tree-id3527 . -1) (undo-tree-id3528 . -1) (undo-tree-id3529 . -1) (undo-tree-id3530 . -1) (undo-tree-id3531 . -1) (undo-tree-id3532 . -1) (undo-tree-id3533 . -1) (undo-tree-id3534 . -1) (undo-tree-id3535 . -1) (undo-tree-id3536 . -1) (undo-tree-id3537 . -1) (undo-tree-id3538 . -1) (undo-tree-id3539 . -1) (undo-tree-id3540 . -1) (undo-tree-id3541 . -1) (undo-tree-id3542 . -1) (undo-tree-id3543 . -1) (undo-tree-id3544 . -1) (undo-tree-id3545 . -1) (undo-tree-id3546 . -1) (undo-tree-id3547 . -1) (undo-tree-id3548 . -1) (undo-tree-id3549 . -1) (undo-tree-id3550 . -1) (undo-tree-id3551 . -1) (undo-tree-id3552 . -1) (undo-tree-id3553 . -1) (undo-tree-id3554 . -1) (undo-tree-id3555 . -1) (undo-tree-id3556 . -1) (undo-tree-id3557 . -1) (undo-tree-id3558 . -1) (undo-tree-id3559 . -1) (undo-tree-id3560 . -1) (undo-tree-id3561 . -1) (undo-tree-id3562 . -1) (undo-tree-id3563 . -1) (undo-tree-id3564 . -1) (undo-tree-id3565 . -1) (undo-tree-id3566 . -1) (undo-tree-id3567 . -1) (undo-tree-id3568 . -1) (undo-tree-id3569 . -1) (undo-tree-id3570 . -1) (undo-tree-id3571 . -1) (undo-tree-id3572 . -1) (undo-tree-id3573 . -1) (undo-tree-id3574 . -1) (undo-tree-id3575 . -1) (undo-tree-id3576 . -1) (undo-tree-id3577 . -1) (undo-tree-id3578 . -1) (undo-tree-id3579 . -1) (undo-tree-id3580 . -1) (undo-tree-id3581 . -1) (undo-tree-id3582 . -1) (undo-tree-id3583 . -1) (undo-tree-id3584 . -1) (undo-tree-id3585 . -1) (undo-tree-id3586 . -1) (undo-tree-id3587 . -1) (undo-tree-id3588 . -1) (undo-tree-id3589 . -1) (undo-tree-id3590 . -1) (undo-tree-id3591 . -1) (undo-tree-id3592 . -1) (undo-tree-id3593 . -1) (undo-tree-id3594 . -1) (undo-tree-id3595 . -1) (undo-tree-id3596 . -1) (undo-tree-id3597 . -1) (undo-tree-id3598 . -1) (undo-tree-id3599 . -1) (undo-tree-id3600 . -1) (undo-tree-id3601 . -1) (undo-tree-id3602 . -1) (undo-tree-id3603 . -1) (undo-tree-id3604 . -1) (undo-tree-id3605 . -1) (undo-tree-id3606 . -1) (undo-tree-id3607 . -1) (undo-tree-id3608 . -1) (undo-tree-id3609 . -1) (undo-tree-id3610 . -1) (undo-tree-id3611 . -1) (undo-tree-id3612 . -1) (undo-tree-id3613 . -1) (undo-tree-id3614 . -1) (undo-tree-id3615 . -1) (undo-tree-id3616 . -1) (undo-tree-id3617 . -1) (undo-tree-id3618 . -1) (undo-tree-id3619 . -1) (undo-tree-id3620 . -1) (undo-tree-id3621 . -1) (undo-tree-id3622 . -1) (undo-tree-id3623 . -1) (undo-tree-id3624 . -1) (undo-tree-id3625 . -1) (undo-tree-id3626 . -1) (undo-tree-id3627 . -1) (undo-tree-id3628 . -1) (undo-tree-id3629 . -1) (undo-tree-id3630 . -1) (undo-tree-id3631 . -1) (undo-tree-id3632 . -1) (undo-tree-id3633 . -1) (undo-tree-id3634 . -1) (undo-tree-id3635 . -1) (undo-tree-id3636 . -1) (undo-tree-id3637 . -1) (undo-tree-id3638 . -1) (undo-tree-id3639 . -1) (undo-tree-id3640 . -1) (undo-tree-id3641 . -1) (undo-tree-id3642 . -1) (undo-tree-id3643 . -1) (undo-tree-id3644 . -1) (undo-tree-id3645 . -1) (undo-tree-id3646 . -1) (undo-tree-id3647 . -1) (undo-tree-id3648 . -1) (undo-tree-id3649 . -1) (undo-tree-id3650 . -1) (undo-tree-id3651 . -1) (undo-tree-id3652 . -1) (undo-tree-id3653 . -1) (undo-tree-id3654 . -1) (undo-tree-id3655 . -1) (undo-tree-id3656 . -1) (undo-tree-id3657 . -1) (undo-tree-id3658 . -1) (undo-tree-id3659 . -1) (undo-tree-id3660 . -1) (undo-tree-id3661 . -1) (undo-tree-id3662 . -1) (undo-tree-id3663 . -1) (undo-tree-id3664 . -1) (undo-tree-id3665 . -1) (undo-tree-id3666 . -1) (undo-tree-id3667 . -1) (undo-tree-id3668 . -1) (undo-tree-id3669 . -1) (undo-tree-id3670 . -1) (undo-tree-id3671 . -1) (undo-tree-id3672 . -1) (undo-tree-id3673 . -1) (undo-tree-id3674 . -1) (undo-tree-id3675 . -1) (undo-tree-id3676 . -1) (undo-tree-id3677 . -1) (undo-tree-id3678 . -1) (undo-tree-id3679 . -1) (undo-tree-id3680 . -1) (undo-tree-id3681 . -1) (undo-tree-id3682 . -1) (undo-tree-id3683 . -1) (undo-tree-id3684 . -1) (undo-tree-id3685 . -1) (undo-tree-id3686 . -1) (undo-tree-id3687 . -1) (undo-tree-id3688 . -1) (undo-tree-id3689 . -1) (undo-tree-id3690 . -1) (undo-tree-id3691 . -1) (undo-tree-id3692 . -1) (undo-tree-id3693 . -1) (undo-tree-id3694 . -1) (undo-tree-id3695 . -1) (undo-tree-id3696 . -1) (undo-tree-id3697 . -1) (undo-tree-id3698 . -1) (undo-tree-id3699 . -1) (undo-tree-id3700 . -1) (undo-tree-id3701 . -1) (undo-tree-id3702 . -1) (undo-tree-id3703 . -1) (undo-tree-id3704 . -1) (undo-tree-id3705 . -1) (undo-tree-id3706 . -1) (undo-tree-id3707 . -1) (undo-tree-id3708 . -1) (undo-tree-id3709 . -1) (undo-tree-id3710 . -1) (undo-tree-id3711 . -1) (undo-tree-id3712 . -1) (undo-tree-id3713 . -1) (undo-tree-id3714 . -1) (undo-tree-id3715 . -1) (undo-tree-id3716 . -1) (undo-tree-id3717 . -1) (undo-tree-id3718 . -1) (undo-tree-id3719 . -1) (undo-tree-id3720 . -1) (undo-tree-id3721 . -1) (undo-tree-id3722 . -1) (undo-tree-id3723 . -1) (undo-tree-id3724 . -1) (undo-tree-id3725 . -1) (undo-tree-id3726 . -1) (undo-tree-id3727 . -1) (undo-tree-id3728 . -1) (undo-tree-id3729 . -1) (undo-tree-id3730 . -1) (undo-tree-id3731 . -1) (undo-tree-id3732 . -1) (undo-tree-id3733 . -1) (undo-tree-id3734 . -1) (undo-tree-id3735 . -1) (undo-tree-id3736 . -1) (undo-tree-id3737 . -1) (undo-tree-id3738 . -1) (undo-tree-id3739 . -1) (undo-tree-id3740 . -1) (undo-tree-id3741 . -1) (undo-tree-id3742 . -1) (undo-tree-id3743 . -1) (undo-tree-id3744 . -1) (undo-tree-id3745 . -1) (undo-tree-id3746 . -1) (undo-tree-id3747 . -1) (undo-tree-id3748 . -1) (undo-tree-id3749 . -1) (undo-tree-id3750 . -1) (undo-tree-id3751 . -1) (undo-tree-id3752 . -1) (undo-tree-id3753 . -1) (undo-tree-id3754 . -1) (undo-tree-id3755 . -1) (undo-tree-id3756 . -1) (undo-tree-id3757 . -1) (undo-tree-id3758 . -1) (undo-tree-id3759 . -1) (undo-tree-id3760 . -1) (undo-tree-id3761 . -1) (undo-tree-id3762 . -1) (undo-tree-id3763 . -1) (undo-tree-id3764 . -1) (undo-tree-id3765 . -1) (undo-tree-id3766 . -1) (undo-tree-id3767 . -1) (undo-tree-id3768 . -1) (undo-tree-id3769 . -1) (undo-tree-id3770 . -1) (undo-tree-id3771 . -1) (undo-tree-id3772 . -1) (undo-tree-id3773 . -1) (undo-tree-id3774 . -1) (undo-tree-id3775 . -1) (undo-tree-id3776 . -1) (undo-tree-id3777 . -1) (undo-tree-id3778 . -1) (undo-tree-id3779 . -1) (undo-tree-id3780 . -1) (undo-tree-id3781 . -1) (undo-tree-id3782 . -1) (undo-tree-id3783 . -1) (undo-tree-id3784 . -1) (undo-tree-id3785 . -1) (undo-tree-id3786 . -1) (undo-tree-id3787 . -1) (undo-tree-id3788 . -1) (undo-tree-id3789 . -1) (undo-tree-id3790 . -1) (undo-tree-id3791 . -1) (undo-tree-id3792 . -1) (undo-tree-id3793 . -1) (undo-tree-id3794 . -1) (undo-tree-id3795 . -1) (undo-tree-id3796 . -1) (undo-tree-id3797 . -1) (undo-tree-id3798 . -1) (undo-tree-id3799 . -1) (undo-tree-id3800 . -1) (undo-tree-id3801 . -1) (undo-tree-id3802 . -1) (undo-tree-id3803 . -1) (undo-tree-id3804 . -1) (undo-tree-id3805 . -1) (undo-tree-id3806 . -1) (undo-tree-id3807 . -1) (undo-tree-id3808 . -1) (undo-tree-id3809 . -1) (undo-tree-id3810 . -1) (undo-tree-id3811 . -1) (undo-tree-id3812 . -1) (undo-tree-id3813 . -1) (undo-tree-id3814 . -1) (undo-tree-id3815 . -1) (undo-tree-id3816 . -1) (undo-tree-id3817 . -1) (undo-tree-id3818 . -1) (undo-tree-id3819 . -1) (undo-tree-id3820 . -1) (undo-tree-id3821 . -1) (undo-tree-id3822 . -1) (undo-tree-id3823 . -1) (undo-tree-id3824 . -1) (undo-tree-id3825 . -1) (undo-tree-id3826 . -1) (undo-tree-id3827 . -1) (undo-tree-id3828 . -1) (undo-tree-id3829 . -1) (undo-tree-id3830 . -1) (undo-tree-id3831 . -1) (undo-tree-id3832 . -1) (undo-tree-id3833 . -1) (undo-tree-id3834 . -1) (undo-tree-id3835 . -1) (undo-tree-id3836 . -1) (undo-tree-id3837 . -1) (undo-tree-id3838 . -1) (undo-tree-id3839 . -1) (undo-tree-id3840 . -1) (undo-tree-id3841 . -1) (undo-tree-id3842 . -1) (undo-tree-id3843 . -1) (undo-tree-id3844 . -1) (undo-tree-id3845 . -1) (undo-tree-id3846 . -1) (undo-tree-id3847 . -1) (undo-tree-id3848 . -1) (undo-tree-id3849 . -1) (undo-tree-id3850 . -1) (undo-tree-id3851 . -1) (undo-tree-id3852 . -1) (undo-tree-id3853 . -1) (undo-tree-id3854 . -1) (undo-tree-id3855 . -1) (undo-tree-id3856 . -1) (undo-tree-id3857 . -1) (undo-tree-id3858 . -1) (undo-tree-id3859 . -1) (undo-tree-id3860 . -1) (undo-tree-id3861 . -1) (undo-tree-id3862 . -1) (undo-tree-id3863 . -1) (undo-tree-id3864 . -1) (undo-tree-id3865 . -1) (undo-tree-id3866 . -1) (undo-tree-id3867 . -1) (undo-tree-id3868 . -1) (undo-tree-id3869 . -1) (undo-tree-id3870 . -1) (undo-tree-id3871 . -1) (undo-tree-id3872 . -1) (undo-tree-id3873 . -1) (undo-tree-id3874 . -1) (undo-tree-id3875 . -1) (undo-tree-id3876 . -1) (undo-tree-id3877 . -1) (undo-tree-id3878 . -1) (undo-tree-id3879 . -1) (undo-tree-id3880 . -1) (undo-tree-id3881 . -1) (undo-tree-id3882 . -1) (undo-tree-id3883 . -1) (undo-tree-id3884 . -1) (undo-tree-id3885 . -1) (undo-tree-id3886 . -1) (undo-tree-id3887 . -1) (undo-tree-id3888 . -1) (undo-tree-id3889 . -1) (undo-tree-id3890 . -1) (undo-tree-id3891 . -1) (undo-tree-id3892 . -1) (undo-tree-id3893 . -1) (undo-tree-id3894 . -1) (undo-tree-id3895 . -1) (undo-tree-id3896 . -1) (undo-tree-id3897 . -1) (undo-tree-id3898 . -1) (undo-tree-id3899 . -1) (undo-tree-id3900 . -1) (undo-tree-id3901 . -1) (undo-tree-id3902 . -1) (undo-tree-id3903 . -1) (undo-tree-id3904 . -1) (undo-tree-id3905 . -1) (undo-tree-id3906 . -1) (undo-tree-id3907 . -1) (undo-tree-id3908 . -1) (undo-tree-id3909 . -1) (undo-tree-id3910 . -1) (undo-tree-id3911 . -1) (undo-tree-id3912 . -1) (undo-tree-id3913 . -1) (undo-tree-id3914 . -1) (undo-tree-id3915 . -1) (undo-tree-id3916 . -1) (undo-tree-id3917 . -1) (undo-tree-id3918 . -1) (undo-tree-id3919 . -1) (undo-tree-id3920 . -1) (undo-tree-id3921 . -1) (undo-tree-id3922 . -1) (undo-tree-id3923 . -1) (undo-tree-id3924 . -1) (undo-tree-id3925 . -1) (undo-tree-id3926 . -1) (undo-tree-id3927 . -1) (undo-tree-id3928 . -1) (undo-tree-id3929 . -1) (undo-tree-id3930 . -1) (undo-tree-id3931 . -1) (undo-tree-id3932 . -1) (undo-tree-id3933 . -1) (undo-tree-id3934 . -1) (undo-tree-id3935 . -1) (undo-tree-id3936 . -1) (undo-tree-id3937 . -1) (undo-tree-id3938 . -1) (undo-tree-id3939 . -1) (undo-tree-id3940 . -1) (undo-tree-id3941 . -1) (undo-tree-id3942 . -1) (undo-tree-id3943 . -1) (undo-tree-id3944 . -1) (undo-tree-id3945 . -1) (undo-tree-id3946 . -1) (undo-tree-id3947 . -1) (undo-tree-id3948 . -1) (undo-tree-id3949 . -1) (undo-tree-id3950 . -1) (#("s" 0 1 (fontified t)) . -10300) (undo-tree-id3951 . -1) (undo-tree-id3952 . -1) (undo-tree-id3953 . -1) (undo-tree-id3954 . -1) (undo-tree-id3955 . -1) (undo-tree-id3956 . -1) (undo-tree-id3957 . -1) (undo-tree-id3958 . -1) (undo-tree-id3959 . -1) (undo-tree-id3960 . -1) (undo-tree-id3961 . -1) (undo-tree-id3962 . -1) (undo-tree-id3963 . -1) (undo-tree-id3964 . -1) (undo-tree-id3965 . -1) (undo-tree-id3966 . -1) (undo-tree-id3967 . -1) (undo-tree-id3968 . -1) (undo-tree-id3969 . -1) (undo-tree-id3970 . -1) (undo-tree-id3971 . -1) (undo-tree-id3972 . -1) (undo-tree-id3973 . -1) (undo-tree-id3974 . -1) (undo-tree-id3975 . -1) (undo-tree-id3976 . -1) (undo-tree-id3977 . -1) (undo-tree-id3978 . -1) (undo-tree-id3979 . -1) (undo-tree-id3980 . -1) (undo-tree-id3981 . -1) (undo-tree-id3982 . -1) (undo-tree-id3983 . -1) (undo-tree-id3984 . -1) (undo-tree-id3985 . -1) (undo-tree-id3986 . -1) (undo-tree-id3987 . -1) (undo-tree-id3988 . -1) (undo-tree-id3989 . -1) (undo-tree-id3990 . -1) (undo-tree-id3991 . -1) (undo-tree-id3992 . -1) (undo-tree-id3993 . -1) (undo-tree-id3994 . -1) (undo-tree-id3995 . -1) (undo-tree-id3996 . -1) (undo-tree-id3997 . -1) (undo-tree-id3998 . -1) (undo-tree-id3999 . -1) (undo-tree-id4000 . -1) (undo-tree-id4001 . -1) (undo-tree-id4002 . -1) (undo-tree-id4003 . -1) (undo-tree-id4004 . -1) (undo-tree-id4005 . -1) (undo-tree-id4006 . -1) (undo-tree-id4007 . -1) (undo-tree-id4008 . -1) (undo-tree-id4009 . -1) (undo-tree-id4010 . -1) (undo-tree-id4011 . -1) (undo-tree-id4012 . -1) (undo-tree-id4013 . -1) (undo-tree-id4014 . -1) (undo-tree-id4015 . -1) (undo-tree-id4016 . -1) (undo-tree-id4017 . -1) (undo-tree-id4018 . -1) (undo-tree-id4019 . -1) (undo-tree-id4020 . -1) (undo-tree-id4021 . -1) (undo-tree-id4022 . -1) (undo-tree-id4023 . -1) (undo-tree-id4024 . -1) (undo-tree-id4025 . -1) (undo-tree-id4026 . -1) (undo-tree-id4027 . -1) (undo-tree-id4028 . -1) (undo-tree-id4029 . -1) (undo-tree-id4030 . -1) (undo-tree-id4031 . -1) (undo-tree-id4032 . -1) (undo-tree-id4033 . -1) (undo-tree-id4034 . -1) (undo-tree-id4035 . -1) (undo-tree-id4036 . -1) (undo-tree-id4037 . -1) (undo-tree-id4038 . -1) (undo-tree-id4039 . -1) (undo-tree-id4040 . -1) (undo-tree-id4041 . -1) (undo-tree-id4042 . -1) (undo-tree-id4043 . -1) (undo-tree-id4044 . -1) (undo-tree-id4045 . -1) (undo-tree-id4046 . -1) (undo-tree-id4047 . -1) (undo-tree-id4048 . -1) (undo-tree-id4049 . -1) (undo-tree-id4050 . -1) (undo-tree-id4051 . -1) (undo-tree-id4052 . -1) (undo-tree-id4053 . -1) (undo-tree-id4054 . -1) (undo-tree-id4055 . -1) (undo-tree-id4056 . -1) (undo-tree-id4057 . -1) (undo-tree-id4058 . -1) (undo-tree-id4059 . -1) (undo-tree-id4060 . -1) (undo-tree-id4061 . -1) (undo-tree-id4062 . -1) (undo-tree-id4063 . -1) (undo-tree-id4064 . -1) (undo-tree-id4065 . -1) (undo-tree-id4066 . -1) (undo-tree-id4067 . -1) (undo-tree-id4068 . -1) (undo-tree-id4069 . -1) (undo-tree-id4070 . -1) (undo-tree-id4071 . -1) (undo-tree-id4072 . -1) (undo-tree-id4073 . -1) (undo-tree-id4074 . -1) (undo-tree-id4075 . -1) (undo-tree-id4076 . -1) (undo-tree-id4077 . -1) (undo-tree-id4078 . -1) (undo-tree-id4079 . -1) (undo-tree-id4080 . -1) (undo-tree-id4081 . -1) (undo-tree-id4082 . -1) (undo-tree-id4083 . -1) (undo-tree-id4084 . -1) (undo-tree-id4085 . -1) (undo-tree-id4086 . -1) (undo-tree-id4087 . -1) (undo-tree-id4088 . -1) (undo-tree-id4089 . -1) (undo-tree-id4090 . -1) (undo-tree-id4091 . -1) (undo-tree-id4092 . -1) (undo-tree-id4093 . -1) (undo-tree-id4094 . -1) (undo-tree-id4095 . -1) (undo-tree-id4096 . -1) (undo-tree-id4097 . -1) (undo-tree-id4098 . -1) (undo-tree-id4099 . -1) (undo-tree-id4100 . -1) (undo-tree-id4101 . -1) (undo-tree-id4102 . -1) (undo-tree-id4103 . -1) (undo-tree-id4104 . -1) (undo-tree-id4105 . -1) (undo-tree-id4106 . -1) (undo-tree-id4107 . -1) (undo-tree-id4108 . -1) (undo-tree-id4109 . -1) (undo-tree-id4110 . -1) (undo-tree-id4111 . -1) (undo-tree-id4112 . -1) (undo-tree-id4113 . -1) (undo-tree-id4114 . -1) (undo-tree-id4115 . -1) (undo-tree-id4116 . -1) (undo-tree-id4117 . -1) (undo-tree-id4118 . -1) (undo-tree-id4119 . -1) (undo-tree-id4120 . -1) (undo-tree-id4121 . -1) (undo-tree-id4122 . -1) (undo-tree-id4123 . -1) (undo-tree-id4124 . -1) (undo-tree-id4125 . -1) (undo-tree-id4126 . -1) (undo-tree-id4127 . -1) (undo-tree-id4128 . -1) (undo-tree-id4129 . -1) (undo-tree-id4130 . -1) (undo-tree-id4131 . -1) (undo-tree-id4132 . -1) (undo-tree-id4133 . -1) (undo-tree-id4134 . -1) (undo-tree-id4135 . -1) (undo-tree-id4136 . -1) (undo-tree-id4137 . -1) (undo-tree-id4138 . -1) (undo-tree-id4139 . -1) (undo-tree-id4140 . -1) (undo-tree-id4141 . -1) (undo-tree-id4142 . -1) (undo-tree-id4143 . -1) (undo-tree-id4144 . -1) (undo-tree-id4145 . -1) (undo-tree-id4146 . -1) (undo-tree-id4147 . -1) (undo-tree-id4148 . -1) (undo-tree-id4149 . -1) (undo-tree-id4150 . -1) (undo-tree-id4151 . -1) (undo-tree-id4152 . -1) (undo-tree-id4153 . -1) (undo-tree-id4154 . -1) (undo-tree-id4155 . -1) (undo-tree-id4156 . -1) (undo-tree-id4157 . -1) (undo-tree-id4158 . -1) (undo-tree-id4159 . -1) (undo-tree-id4160 . -1) (undo-tree-id4161 . -1) (undo-tree-id4162 . -1) (undo-tree-id4163 . -1) (undo-tree-id4164 . -1) (undo-tree-id4165 . -1) (undo-tree-id4166 . -1) (undo-tree-id4167 . -1) (undo-tree-id4168 . -1) (undo-tree-id4169 . -1) (undo-tree-id4170 . -1) (undo-tree-id4171 . -1) (undo-tree-id4172 . -1) (undo-tree-id4173 . -1) (undo-tree-id4174 . -1) (undo-tree-id4175 . -1) (undo-tree-id4176 . -1) (undo-tree-id4177 . -1) (undo-tree-id4178 . -1) (undo-tree-id4179 . -1) (undo-tree-id4180 . -1) (undo-tree-id4181 . -1) (undo-tree-id4182 . -1) (undo-tree-id4183 . -1) (undo-tree-id4184 . -1) (undo-tree-id4185 . -1) (undo-tree-id4186 . -1) (undo-tree-id4187 . -1) (undo-tree-id4188 . -1) (undo-tree-id4189 . -1) (undo-tree-id4190 . -1) (undo-tree-id4191 . -1) (undo-tree-id4192 . -1) (undo-tree-id4193 . -1) (undo-tree-id4194 . -1) (undo-tree-id4195 . -1) (undo-tree-id4196 . -1) (undo-tree-id4197 . -1) (undo-tree-id4198 . -1) (undo-tree-id4199 . -1) (undo-tree-id4200 . -1) (undo-tree-id4201 . -1) (undo-tree-id4202 . -1) (undo-tree-id4203 . -1) (undo-tree-id4204 . -1) (undo-tree-id4205 . -1) (undo-tree-id4206 . -1) (undo-tree-id4207 . -1) (undo-tree-id4208 . -1) (undo-tree-id4209 . -1) (undo-tree-id4210 . -1) (undo-tree-id4211 . -1) (undo-tree-id4212 . -1) (undo-tree-id4213 . -1) (undo-tree-id4214 . -1) (undo-tree-id4215 . -1) (undo-tree-id4216 . -1) (undo-tree-id4217 . -1) (undo-tree-id4218 . -1) (undo-tree-id4219 . -1) (undo-tree-id4220 . -1) (undo-tree-id4221 . -1) (undo-tree-id4222 . -1) (undo-tree-id4223 . -1) (undo-tree-id4224 . -1) (undo-tree-id4225 . -1) (undo-tree-id4226 . -1) (undo-tree-id4227 . -1) (undo-tree-id4228 . -1) (undo-tree-id4229 . -1) (undo-tree-id4230 . -1) (undo-tree-id4231 . -1) (undo-tree-id4232 . -1) (undo-tree-id4233 . -1) (undo-tree-id4234 . -1) (undo-tree-id4235 . -1) (undo-tree-id4236 . -1) (undo-tree-id4237 . -1) (undo-tree-id4238 . -1) (undo-tree-id4239 . -1) (undo-tree-id4240 . -1) (undo-tree-id4241 . -1) (undo-tree-id4242 . -1) (undo-tree-id4243 . -1) (undo-tree-id4244 . -1) (undo-tree-id4245 . -1) (undo-tree-id4246 . -1) (undo-tree-id4247 . -1) (undo-tree-id4248 . -1) (undo-tree-id4249 . -1) (undo-tree-id4250 . -1) (undo-tree-id4251 . -1) (undo-tree-id4252 . -1) (undo-tree-id4253 . -1) (undo-tree-id4254 . -1) (undo-tree-id4255 . -1) (undo-tree-id4256 . -1) (undo-tree-id4257 . -1) (undo-tree-id4258 . -1) (undo-tree-id4259 . -1) (undo-tree-id4260 . -1) (undo-tree-id4261 . -1) (undo-tree-id4262 . -1) (undo-tree-id4263 . -1) (undo-tree-id4264 . -1) (undo-tree-id4265 . -1) (undo-tree-id4266 . -1) (undo-tree-id4267 . -1) (undo-tree-id4268 . -1) (undo-tree-id4269 . -1) (undo-tree-id4270 . -1) (undo-tree-id4271 . -1) (undo-tree-id4272 . -1) (undo-tree-id4273 . -1) (undo-tree-id4274 . -1) (undo-tree-id4275 . -1) (undo-tree-id4276 . -1) (undo-tree-id4277 . -1) (undo-tree-id4278 . -1) (undo-tree-id4279 . -1) (undo-tree-id4280 . -1) (undo-tree-id4281 . -1) (undo-tree-id4282 . -1) (undo-tree-id4283 . -1) (undo-tree-id4284 . -1) (undo-tree-id4285 . -1) (undo-tree-id4286 . -1) (undo-tree-id4287 . -1) (undo-tree-id4288 . -1) (undo-tree-id4289 . -1) (undo-tree-id4290 . -1) (undo-tree-id4291 . -1) (undo-tree-id4292 . -1) (undo-tree-id4293 . -1) (undo-tree-id4294 . -1) (undo-tree-id4295 . -1) (undo-tree-id4296 . -1) (undo-tree-id4297 . -1) (undo-tree-id4298 . -1) (undo-tree-id4299 . -1) (undo-tree-id4300 . -1) (undo-tree-id4301 . -1) (undo-tree-id4302 . -1) (undo-tree-id4303 . -1) (undo-tree-id4304 . -1) (undo-tree-id4305 . -1) (undo-tree-id4306 . -1) (undo-tree-id4307 . -1) (undo-tree-id4308 . -1) (undo-tree-id4309 . -1) (undo-tree-id4310 . -1) (undo-tree-id4311 . -1) (undo-tree-id4312 . -1) (undo-tree-id4313 . -1) (undo-tree-id4314 . -1) (undo-tree-id4315 . -1) (undo-tree-id4316 . -1) (undo-tree-id4317 . -1) (undo-tree-id4318 . -1) (undo-tree-id4319 . -1) (undo-tree-id4320 . -1) (undo-tree-id4321 . -1) (undo-tree-id4322 . -1) (undo-tree-id4323 . -1) (undo-tree-id4324 . -1) (undo-tree-id4325 . -1) (undo-tree-id4326 . -1) (undo-tree-id4327 . -1) (undo-tree-id4328 . -1) (undo-tree-id4329 . -1) (undo-tree-id4330 . -1) (undo-tree-id4331 . -1) (undo-tree-id4332 . -1) (undo-tree-id4333 . -1) (undo-tree-id4334 . -1) (undo-tree-id4335 . -1) (undo-tree-id4336 . -1) (undo-tree-id4337 . -1) (undo-tree-id4338 . -1) (undo-tree-id4339 . -1) (undo-tree-id4340 . -1) (undo-tree-id4341 . -1) (undo-tree-id4342 . -1) (undo-tree-id4343 . -1) (undo-tree-id4344 . -1) (undo-tree-id4345 . -1) (undo-tree-id4346 . -1) (undo-tree-id4347 . -1) (undo-tree-id4348 . -1) (undo-tree-id4349 . -1) (undo-tree-id4350 . -1) (undo-tree-id4351 . -1) (undo-tree-id4352 . -1) (undo-tree-id4353 . -1) (undo-tree-id4354 . -1) (undo-tree-id4355 . -1) (undo-tree-id4356 . -1) (undo-tree-id4357 . -1) (undo-tree-id4358 . -1) (undo-tree-id4359 . -1) (undo-tree-id4360 . -1) (undo-tree-id4361 . -1) (undo-tree-id4362 . -1) (undo-tree-id4363 . -1) (undo-tree-id4364 . -1) (undo-tree-id4365 . -1) (undo-tree-id4366 . -1) (undo-tree-id4367 . -1) (undo-tree-id4368 . -1) (undo-tree-id4369 . -1) (undo-tree-id4370 . -1) (undo-tree-id4371 . -1) (undo-tree-id4372 . -1) (undo-tree-id4373 . -1) (undo-tree-id4374 . -1) (undo-tree-id4375 . -1) (undo-tree-id4376 . -1) (undo-tree-id4377 . -1) (undo-tree-id4378 . -1) (undo-tree-id4379 . -1) (undo-tree-id4380 . -1) (undo-tree-id4381 . -1) (undo-tree-id4382 . -1) (undo-tree-id4383 . -1) (undo-tree-id4384 . -1) (undo-tree-id4385 . -1) (undo-tree-id4386 . -1) (undo-tree-id4387 . -1) (undo-tree-id4388 . -1) (undo-tree-id4389 . -1) (undo-tree-id4390 . -1) (undo-tree-id4391 . -1) (undo-tree-id4392 . -1) (undo-tree-id4393 . -1) (undo-tree-id4394 . -1) (undo-tree-id4395 . -1) (undo-tree-id4396 . -1) (undo-tree-id4397 . -1) (undo-tree-id4398 . -1) (undo-tree-id4399 . -1) (undo-tree-id4400 . -1) (undo-tree-id4401 . -1) (undo-tree-id4402 . -1) (undo-tree-id4403 . -1) (undo-tree-id4404 . -1) (undo-tree-id4405 . -1) (undo-tree-id4406 . -1) (undo-tree-id4407 . -1) (undo-tree-id4408 . -1) (undo-tree-id4409 . -1) (undo-tree-id4410 . -1) (undo-tree-id4411 . -1) (undo-tree-id4412 . -1) (undo-tree-id4413 . -1) (undo-tree-id4414 . -1) (undo-tree-id4415 . -1) (undo-tree-id4416 . -1) (undo-tree-id4417 . -1) (undo-tree-id4418 . -1) (undo-tree-id4419 . -1) (undo-tree-id4420 . -1) (undo-tree-id4421 . -1) (undo-tree-id4422 . -1) (undo-tree-id4423 . -1) (undo-tree-id4424 . -1) (undo-tree-id4425 . -1) (undo-tree-id4426 . -1) (undo-tree-id4427 . -1) (undo-tree-id4428 . -1) (undo-tree-id4429 . -1) (undo-tree-id4430 . -1) (undo-tree-id4431 . -1) (undo-tree-id4432 . -1) (undo-tree-id4433 . -1) (undo-tree-id4434 . -1) (undo-tree-id4435 . -1) (undo-tree-id4436 . -1) (undo-tree-id4437 . -1) (undo-tree-id4438 . -1) (undo-tree-id4439 . -1) (undo-tree-id4440 . -1) (undo-tree-id4441 . -1) (undo-tree-id4442 . -1) (undo-tree-id4443 . -1) (undo-tree-id4444 . -1) (undo-tree-id4445 . -1) (undo-tree-id4446 . -1) (undo-tree-id4447 . -1) (undo-tree-id4448 . -1) (undo-tree-id4449 . -1) (undo-tree-id4450 . -1) (undo-tree-id4451 . -1) (undo-tree-id4452 . -1) (undo-tree-id4453 . -1) (undo-tree-id4454 . -1) (undo-tree-id4455 . -1) (undo-tree-id4456 . -1) (undo-tree-id4457 . -1) (undo-tree-id4458 . -1) (undo-tree-id4459 . -1) (undo-tree-id4460 . -1) (undo-tree-id4461 . -1) (undo-tree-id4462 . -1) (undo-tree-id4463 . -1) (undo-tree-id4464 . -1) (undo-tree-id4465 . -1) (undo-tree-id4466 . -1) (undo-tree-id4467 . -1) (undo-tree-id4468 . -1) (undo-tree-id4469 . -1) (undo-tree-id4470 . -1) (undo-tree-id4471 . -1) (undo-tree-id4472 . -1) (undo-tree-id4473 . -1) (undo-tree-id4474 . -1) (undo-tree-id4475 . -1) (undo-tree-id4476 . -1) (undo-tree-id4477 . -1) (undo-tree-id4478 . -1) (undo-tree-id4479 . -1) (undo-tree-id4480 . -1) (undo-tree-id4481 . -1) (undo-tree-id4482 . -1) (undo-tree-id4483 . -1) (undo-tree-id4484 . -1) (undo-tree-id4485 . -1) (undo-tree-id4486 . -1) (undo-tree-id4487 . -1) (undo-tree-id4488 . -1) (undo-tree-id4489 . -1) (undo-tree-id4490 . -1) (undo-tree-id4491 . -1) (undo-tree-id4492 . -1) (undo-tree-id4493 . -1) (undo-tree-id4494 . -1) (undo-tree-id4495 . -1) (undo-tree-id4496 . -1) (undo-tree-id4497 . -1) (undo-tree-id4498 . -1) (undo-tree-id4499 . -1) (undo-tree-id4500 . -1) (undo-tree-id4501 . -1) (undo-tree-id4502 . -1) (undo-tree-id4503 . -1) (undo-tree-id4504 . -1) (undo-tree-id4505 . -1) (undo-tree-id4506 . -1) (undo-tree-id4507 . -1) (undo-tree-id4508 . -1) (undo-tree-id4509 . -1) (undo-tree-id4510 . -1) (undo-tree-id4511 . -1) (undo-tree-id4512 . -1) (undo-tree-id4513 . -1) (undo-tree-id4514 . -1) (undo-tree-id4515 . -1) (undo-tree-id4516 . -1) (undo-tree-id4517 . -1) (undo-tree-id4518 . -1) (undo-tree-id4519 . -1) (undo-tree-id4520 . -1) (undo-tree-id4521 . -1) (undo-tree-id4522 . -1) (undo-tree-id4523 . -1) (undo-tree-id4524 . -1) (undo-tree-id4525 . -1) (undo-tree-id4526 . -1) (undo-tree-id4527 . -1) (undo-tree-id4528 . -1) (undo-tree-id4529 . -1) (undo-tree-id4530 . -1) (undo-tree-id4531 . -1) (undo-tree-id4532 . -1) (undo-tree-id4533 . -1) (undo-tree-id4534 . -1) (undo-tree-id4535 . -1) (undo-tree-id4536 . -1) (undo-tree-id4537 . -1) (undo-tree-id4538 . -1) (undo-tree-id4539 . -1) (undo-tree-id4540 . -1) (undo-tree-id4541 . -1) (undo-tree-id4542 . -1) (undo-tree-id4543 . -1) (undo-tree-id4544 . -1) (undo-tree-id4545 . -1) (undo-tree-id4546 . -1) (undo-tree-id4547 . -1) (undo-tree-id4548 . -1) (undo-tree-id4549 . -1) (undo-tree-id4550 . -1) (undo-tree-id4551 . -1) (undo-tree-id4552 . -1) (undo-tree-id4553 . -1) (undo-tree-id4554 . -1) (undo-tree-id4555 . -1) (undo-tree-id4556 . -1) (undo-tree-id4557 . -1) (undo-tree-id4558 . -1) (undo-tree-id4559 . -1) (undo-tree-id4560 . -1) (undo-tree-id4561 . -1) (undo-tree-id4562 . -1) (undo-tree-id4563 . -1) (undo-tree-id4564 . -1) (undo-tree-id4565 . -1) (undo-tree-id4566 . -1) (undo-tree-id4567 . -1) (undo-tree-id4568 . -1) (undo-tree-id4569 . -1) (undo-tree-id4570 . -1) (undo-tree-id4571 . -1) (undo-tree-id4572 . -1) (undo-tree-id4573 . -1) (undo-tree-id4574 . -1) (undo-tree-id4575 . -1) (undo-tree-id4576 . -1) (undo-tree-id4577 . -1) (undo-tree-id4578 . -1) (undo-tree-id4579 . -1) (undo-tree-id4580 . -1) (undo-tree-id4581 . -1) (undo-tree-id4582 . -1) (undo-tree-id4583 . -1) (undo-tree-id4584 . -1) (undo-tree-id4585 . -1) (undo-tree-id4586 . -1) (undo-tree-id4587 . -1) (undo-tree-id4588 . -1) (undo-tree-id4589 . -1) (undo-tree-id4590 . -1) (undo-tree-id4591 . -1) (undo-tree-id4592 . -1) (undo-tree-id4593 . -1) (undo-tree-id4594 . -1) (undo-tree-id4595 . -1) (undo-tree-id4596 . -1) (undo-tree-id4597 . -1) (undo-tree-id4598 . -1) (undo-tree-id4599 . -1) (undo-tree-id4600 . -1) (undo-tree-id4601 . -1) (undo-tree-id4602 . -1) (undo-tree-id4603 . -1) (undo-tree-id4604 . -1) (undo-tree-id4605 . -1) (undo-tree-id4606 . -1) (undo-tree-id4607 . -1) (undo-tree-id4608 . -1) (undo-tree-id4609 . -1) (undo-tree-id4610 . -1) (undo-tree-id4611 . -1) (undo-tree-id4612 . -1) (undo-tree-id4613 . -1) (undo-tree-id4614 . -1) (undo-tree-id4615 . -1) (undo-tree-id4616 . -1) (undo-tree-id4617 . -1) (undo-tree-id4618 . -1) (undo-tree-id4619 . -1) (undo-tree-id4620 . -1) (undo-tree-id4621 . -1) (undo-tree-id4622 . -1) (undo-tree-id4623 . -1) (undo-tree-id4624 . -1) (undo-tree-id4625 . -1) (undo-tree-id4626 . -1) (undo-tree-id4627 . -1) (undo-tree-id4628 . -1) (undo-tree-id4629 . -1) (undo-tree-id4630 . -1) (undo-tree-id4631 . -1) (undo-tree-id4632 . -1) (undo-tree-id4633 . -1) (undo-tree-id4634 . -1) (undo-tree-id4635 . -1) (undo-tree-id4636 . -1) (undo-tree-id4637 . -1) (undo-tree-id4638 . -1) (undo-tree-id4639 . -1) (undo-tree-id4640 . -1) (undo-tree-id4641 . -1) (undo-tree-id4642 . -1) (undo-tree-id4643 . -1) (undo-tree-id4644 . -1) (undo-tree-id4645 . -1) (undo-tree-id4646 . -1) (undo-tree-id4647 . -1) (undo-tree-id4648 . -1) (undo-tree-id4649 . -1) (undo-tree-id4650 . -1) (undo-tree-id4651 . -1) (undo-tree-id4652 . -1) (undo-tree-id4653 . -1) (undo-tree-id4654 . -1) (undo-tree-id4655 . -1) (undo-tree-id4656 . -1) (undo-tree-id4657 . -1) (undo-tree-id4658 . -1) (undo-tree-id4659 . -1) (undo-tree-id4660 . -1) (undo-tree-id4661 . -1) (undo-tree-id4662 . -1) (undo-tree-id4663 . -1) (undo-tree-id4664 . -1) (undo-tree-id4665 . -1) (undo-tree-id4666 . -1) (undo-tree-id4667 . -1) (undo-tree-id4668 . -1) (undo-tree-id4669 . -1) (undo-tree-id4670 . -1) (undo-tree-id4671 . -1) (undo-tree-id4672 . -1) (undo-tree-id4673 . -1) (undo-tree-id4674 . -1) (undo-tree-id4675 . -1) (undo-tree-id4676 . -1) (undo-tree-id4677 . -1) (undo-tree-id4678 . -1) (undo-tree-id4679 . -1) (undo-tree-id4680 . -1) (undo-tree-id4681 . -1) (undo-tree-id4682 . -1) (undo-tree-id4683 . -1) (undo-tree-id4684 . -1) (undo-tree-id4685 . -1) (undo-tree-id4686 . -1) (undo-tree-id4687 . -1) (undo-tree-id4688 . -1) (undo-tree-id4689 . -1) (undo-tree-id4690 . -1) (undo-tree-id4691 . -1) (undo-tree-id4692 . -1) (undo-tree-id4693 . -1) (undo-tree-id4694 . -1) (undo-tree-id4695 . -1) (undo-tree-id4696 . -1) (undo-tree-id4697 . -1) (undo-tree-id4698 . -1) (undo-tree-id4699 . -1) (undo-tree-id4700 . -1) (undo-tree-id4701 . -1) (undo-tree-id4702 . -1) (undo-tree-id4703 . -1) (undo-tree-id4704 . -1) (undo-tree-id4705 . -1) (undo-tree-id4706 . -1) (undo-tree-id4707 . -1) (undo-tree-id4708 . -1) (undo-tree-id4709 . -1) (undo-tree-id4710 . -1) (undo-tree-id4711 . -1) (undo-tree-id4712 . -1) (undo-tree-id4713 . -1) (undo-tree-id4714 . -1) (undo-tree-id4715 . -1) (undo-tree-id4716 . -1) (undo-tree-id4717 . -1) (undo-tree-id4718 . -1) (undo-tree-id4719 . -1) (undo-tree-id4720 . -1) (undo-tree-id4721 . -1) (undo-tree-id4722 . -1) (undo-tree-id4723 . -1) (undo-tree-id4724 . -1) (undo-tree-id4725 . -1) (undo-tree-id4726 . -1) (undo-tree-id4727 . -1) (undo-tree-id4728 . -1) (undo-tree-id4729 . -1) (undo-tree-id4730 . -1) (undo-tree-id4731 . -1) (undo-tree-id4732 . -1) (undo-tree-id4733 . -1) (undo-tree-id4734 . -1) (undo-tree-id4735 . -1) (undo-tree-id4736 . -1) (undo-tree-id4737 . -1) (undo-tree-id4738 . -1) (undo-tree-id4739 . -1) (undo-tree-id4740 . -1) (undo-tree-id4741 . -1) (undo-tree-id4742 . -1) (undo-tree-id4743 . -1) (undo-tree-id4744 . -1) (undo-tree-id4745 . -1) (undo-tree-id4746 . -1) (undo-tree-id4747 . -1) (undo-tree-id4748 . -1) (undo-tree-id4749 . -1) (undo-tree-id4750 . -1) (undo-tree-id4751 . -1) (undo-tree-id4752 . -1) (undo-tree-id4753 . -1) (undo-tree-id4754 . -1) (undo-tree-id4755 . -1) (undo-tree-id4756 . -1) (undo-tree-id4757 . -1) (undo-tree-id4758 . -1) (undo-tree-id4759 . -1) (undo-tree-id4760 . -1) (undo-tree-id4761 . -1) (undo-tree-id4762 . -1) (undo-tree-id4763 . -1) (undo-tree-id4764 . -1) (undo-tree-id4765 . -1) (undo-tree-id4766 . -1) (undo-tree-id4767 . -1) (undo-tree-id4768 . -1) (undo-tree-id4769 . -1) (undo-tree-id4770 . -1) (undo-tree-id4771 . -1) (undo-tree-id4772 . -1) (undo-tree-id4773 . -1) (undo-tree-id4774 . -1) (undo-tree-id4775 . -1) (undo-tree-id4776 . -1) (undo-tree-id4777 . -1) (undo-tree-id4778 . -1) (undo-tree-id4779 . -1) (undo-tree-id4780 . -1) (undo-tree-id4781 . -1) (undo-tree-id4782 . -1) (undo-tree-id4783 . -1) (undo-tree-id4784 . -1) (undo-tree-id4785 . -1) (undo-tree-id4786 . -1) (undo-tree-id4787 . -1) (undo-tree-id4788 . -1) (undo-tree-id4789 . -1) (undo-tree-id4790 . -1) (undo-tree-id4791 . -1) (undo-tree-id4792 . -1) (undo-tree-id4793 . -1) (undo-tree-id4794 . -1) (undo-tree-id4795 . -1) (undo-tree-id4796 . -1) (undo-tree-id4797 . -1) (undo-tree-id4798 . -1) (undo-tree-id4799 . -1) (undo-tree-id4800 . -1) (undo-tree-id4801 . -1) (undo-tree-id4802 . -1) (undo-tree-id4803 . -1) (undo-tree-id4804 . -1) (undo-tree-id4805 . -1) (undo-tree-id4806 . -1) (undo-tree-id4807 . -1) (undo-tree-id4808 . -1) (undo-tree-id4809 . -1) (undo-tree-id4810 . -1) (undo-tree-id4811 . -1) (undo-tree-id4812 . -1) (undo-tree-id4813 . -1) (undo-tree-id4814 . -1) (undo-tree-id4815 . -1) (undo-tree-id4816 . -1) (undo-tree-id4817 . -1) (undo-tree-id4818 . -1) (undo-tree-id4819 . -1) (undo-tree-id4820 . -1) (undo-tree-id4821 . -1) (undo-tree-id4822 . -1) (undo-tree-id4823 . -1) (undo-tree-id4824 . -1) (undo-tree-id4825 . -1) (undo-tree-id4826 . -1) (undo-tree-id4827 . -1) (undo-tree-id4828 . -1) (undo-tree-id4829 . -1) (undo-tree-id4830 . -1) (undo-tree-id4831 . -1) (undo-tree-id4832 . -1) (undo-tree-id4833 . -1) (undo-tree-id4834 . -1) (undo-tree-id4835 . -1) (undo-tree-id4836 . -1) (undo-tree-id4837 . -1) (undo-tree-id4838 . -1) (undo-tree-id4839 . -1) (undo-tree-id4840 . -1) (undo-tree-id4841 . -1) (undo-tree-id4842 . -1) (undo-tree-id4843 . -1) (undo-tree-id4844 . -1) (undo-tree-id4845 . -1) (undo-tree-id4846 . -1) (undo-tree-id4847 . -1) (undo-tree-id4848 . -1) (undo-tree-id4849 . -1) (undo-tree-id4850 . -1) (undo-tree-id4851 . -1) (undo-tree-id4852 . -1) (undo-tree-id4853 . -1) (undo-tree-id4854 . -1) (undo-tree-id4855 . -1) (undo-tree-id4856 . -1) (undo-tree-id4857 . -1) (undo-tree-id4858 . -1) (undo-tree-id4859 . -1) (undo-tree-id4860 . -1) (undo-tree-id4861 . -1) (undo-tree-id4862 . -1) (undo-tree-id4863 . -1) (undo-tree-id4864 . -1) (undo-tree-id4865 . -1) (undo-tree-id4866 . -1) (undo-tree-id4867 . -1) (undo-tree-id4868 . -1) (undo-tree-id4869 . -1) (undo-tree-id4870 . -1) (undo-tree-id4871 . -1) (undo-tree-id4872 . -1) (undo-tree-id4873 . -1) (undo-tree-id4874 . -1) (undo-tree-id4875 . -1) (undo-tree-id4876 . -1) (undo-tree-id4877 . -1) (undo-tree-id4878 . -1) (undo-tree-id4879 . -1) (undo-tree-id4880 . -1) (undo-tree-id4881 . -1) (undo-tree-id4882 . -1) (undo-tree-id4883 . -1) (undo-tree-id4884 . -1) (undo-tree-id4885 . -1) (undo-tree-id4886 . -1) (undo-tree-id4887 . -1) (undo-tree-id4888 . -1) (undo-tree-id4889 . -1) (undo-tree-id4890 . -1) (undo-tree-id4891 . -1) (undo-tree-id4892 . -1) (undo-tree-id4893 . -1) (undo-tree-id4894 . -1) (undo-tree-id4895 . -1) (undo-tree-id4896 . -1) (undo-tree-id4897 . -1) (undo-tree-id4898 . -1) (undo-tree-id4899 . -1) (undo-tree-id4900 . -1) (undo-tree-id4901 . -1) (undo-tree-id4902 . -1) (undo-tree-id4903 . -1) (undo-tree-id4904 . -1) (undo-tree-id4905 . -1) (undo-tree-id4906 . -1) (undo-tree-id4907 . -1) (undo-tree-id4908 . -1) (undo-tree-id4909 . -1) (undo-tree-id4910 . -1) (undo-tree-id4911 . -1) (undo-tree-id4912 . -1) (undo-tree-id4913 . -1) (undo-tree-id4914 . -1) (undo-tree-id4915 . -1) (undo-tree-id4916 . -1) (undo-tree-id4917 . -1) (undo-tree-id4918 . -1) (undo-tree-id4919 . -1) (undo-tree-id4920 . -1) (undo-tree-id4921 . -1) (undo-tree-id4922 . -1) (undo-tree-id4923 . -1) (undo-tree-id4924 . -1) (undo-tree-id4925 . -1) (undo-tree-id4926 . -1) (undo-tree-id4927 . -1) (undo-tree-id4928 . -1) (undo-tree-id4929 . -1) (undo-tree-id4930 . -1) (undo-tree-id4931 . -1) (undo-tree-id4932 . -1) (undo-tree-id4933 . -1) (undo-tree-id4934 . -1) (undo-tree-id4935 . -1) (undo-tree-id4936 . -1) (undo-tree-id4937 . -1) (undo-tree-id4938 . -1) (undo-tree-id4939 . -1) (undo-tree-id4940 . -1) (undo-tree-id4941 . -1) (undo-tree-id4942 . -1) (undo-tree-id4943 . -1) (undo-tree-id4944 . -1) (undo-tree-id4945 . -1) (undo-tree-id4946 . -1) (undo-tree-id4947 . -1) (undo-tree-id4948 . -1) (undo-tree-id4949 . -1) (undo-tree-id4950 . -1) (undo-tree-id4951 . -1) (undo-tree-id4952 . -1) (undo-tree-id4953 . -1) (undo-tree-id4954 . -1) (undo-tree-id4955 . -1) (undo-tree-id4956 . -1) (undo-tree-id4957 . -1) (undo-tree-id4958 . -1) (undo-tree-id4959 . -1) (undo-tree-id4960 . -1) (undo-tree-id4961 . -1) (undo-tree-id4962 . -1) (undo-tree-id4963 . -1) (undo-tree-id4964 . -1) (undo-tree-id4965 . -1) (undo-tree-id4966 . -1) (undo-tree-id4967 . -1) (undo-tree-id4968 . -1) (undo-tree-id4969 . -1) (undo-tree-id4970 . -1) (undo-tree-id4971 . -1) (undo-tree-id4972 . -1) (undo-tree-id4973 . -1) (undo-tree-id4974 . -1) (undo-tree-id4975 . -1) (undo-tree-id4976 . -1) (undo-tree-id4977 . -1) (undo-tree-id4978 . -1) (undo-tree-id4979 . -1) (undo-tree-id4980 . -1) (undo-tree-id4981 . -1) (undo-tree-id4982 . -1) (undo-tree-id4983 . -1) (undo-tree-id4984 . -1) (undo-tree-id4985 . -1) (undo-tree-id4986 . -1) (undo-tree-id4987 . -1) (undo-tree-id4988 . -1) (undo-tree-id4989 . -1) (undo-tree-id4990 . -1) (undo-tree-id4991 . -1) (undo-tree-id4992 . -1) (undo-tree-id4993 . -1) (undo-tree-id4994 . -1) (undo-tree-id4995 . -1) (undo-tree-id4996 . -1) (undo-tree-id4997 . -1) (undo-tree-id4998 . -1) (undo-tree-id4999 . -1) (undo-tree-id5000 . -1) (undo-tree-id5001 . -1) (undo-tree-id5002 . -1) (undo-tree-id5003 . -1) (undo-tree-id5004 . -1) (undo-tree-id5005 . -1) (undo-tree-id5006 . -1) (undo-tree-id5007 . -1) (undo-tree-id5008 . -1) (undo-tree-id5009 . -1) (undo-tree-id5010 . -1) (undo-tree-id5011 . -1) (undo-tree-id5012 . -1) (undo-tree-id5013 . -1) (undo-tree-id5014 . -1) (undo-tree-id5015 . -1) (undo-tree-id5016 . -1) (undo-tree-id5017 . -1) (undo-tree-id5018 . -1) (undo-tree-id5019 . -1) (undo-tree-id5020 . -1) (undo-tree-id5021 . -1) (undo-tree-id5022 . -1) (undo-tree-id5023 . -1) (undo-tree-id5024 . -1) (undo-tree-id5025 . -1) (undo-tree-id5026 . -1) (undo-tree-id5027 . -1) (undo-tree-id5028 . -1) (undo-tree-id5029 . -1) (undo-tree-id5030 . -1) (undo-tree-id5031 . -1) (undo-tree-id5032 . -1) (undo-tree-id5033 . -1) (undo-tree-id5034 . -1) (undo-tree-id5035 . -1) (undo-tree-id5036 . -1) (undo-tree-id5037 . -1) (undo-tree-id5038 . -1) (undo-tree-id5039 . -1) (undo-tree-id5040 . -1) (undo-tree-id5041 . -1) (undo-tree-id5042 . -1) (undo-tree-id5043 . -1) (undo-tree-id5044 . -1) (undo-tree-id5045 . -1) (undo-tree-id5046 . -1) (undo-tree-id5047 . -1) (undo-tree-id5048 . -1) (undo-tree-id5049 . -1) (undo-tree-id5050 . -1) (undo-tree-id5051 . -1) (undo-tree-id5052 . -1) (undo-tree-id5053 . -1) (undo-tree-id5054 . -1) (undo-tree-id5055 . -1) (undo-tree-id5056 . -1) (undo-tree-id5057 . -1) (undo-tree-id5058 . -1) (undo-tree-id5059 . -1) (undo-tree-id5060 . -1) (undo-tree-id5061 . -1) (undo-tree-id5062 . -1) (undo-tree-id5063 . -1) (undo-tree-id5064 . -1) (undo-tree-id5065 . -1) (undo-tree-id5066 . -1) (undo-tree-id5067 . -1) (undo-tree-id5068 . -1) (undo-tree-id5069 . -1) (undo-tree-id5070 . -1) (undo-tree-id5071 . -1) (undo-tree-id5072 . -1) (undo-tree-id5073 . -1) (undo-tree-id5074 . -1) (undo-tree-id5075 . -1) (undo-tree-id5076 . -1) (undo-tree-id5077 . -1) (undo-tree-id5078 . -1) (undo-tree-id5079 . -1) (undo-tree-id5080 . -1) (undo-tree-id5081 . -1) (undo-tree-id5082 . -1) (undo-tree-id5083 . -1) (undo-tree-id5084 . -1) (undo-tree-id5085 . -1) (undo-tree-id5086 . -1) (undo-tree-id5087 . -1) (undo-tree-id5088 . -1) (undo-tree-id5089 . -1) (undo-tree-id5090 . -1) (undo-tree-id5091 . -1) (undo-tree-id5092 . -1) (undo-tree-id5093 . -1) (undo-tree-id5094 . -1) (undo-tree-id5095 . -1) (undo-tree-id5096 . -1) (undo-tree-id5097 . -1) (undo-tree-id5098 . -1) (undo-tree-id5099 . -1) (undo-tree-id5100 . -1) (undo-tree-id5101 . -1) (undo-tree-id5102 . -1) (undo-tree-id5103 . -1) (undo-tree-id5104 . -1) (undo-tree-id5105 . -1) (undo-tree-id5106 . -1) (undo-tree-id5107 . -1) (undo-tree-id5108 . -1) (undo-tree-id5109 . -1) (undo-tree-id5110 . -1) (undo-tree-id5111 . -1) (undo-tree-id5112 . -1) (undo-tree-id5113 . -1) (undo-tree-id5114 . -1) (undo-tree-id5115 . -1) (undo-tree-id5116 . -1) (undo-tree-id5117 . -1) (undo-tree-id5118 . -1) (undo-tree-id5119 . -1) (undo-tree-id5120 . -1) (undo-tree-id5121 . -1) (undo-tree-id5122 . -1) (undo-tree-id5123 . -1) (undo-tree-id5124 . -1) (undo-tree-id5125 . -1) (undo-tree-id5126 . -1) (undo-tree-id5127 . -1) (undo-tree-id5128 . -1) (undo-tree-id5129 . -1) (undo-tree-id5130 . -1) (undo-tree-id5131 . -1) (undo-tree-id5132 . -1) (undo-tree-id5133 . -1) (undo-tree-id5134 . -1) (undo-tree-id5135 . -1) (undo-tree-id5136 . -1) (undo-tree-id5137 . -1) (undo-tree-id5138 . -1) (undo-tree-id5139 . -1) (undo-tree-id5140 . -1) (undo-tree-id5141 . -1) (undo-tree-id5142 . -1) (undo-tree-id5143 . -1) (undo-tree-id5144 . -1) (undo-tree-id5145 . -1) (undo-tree-id5146 . -1) (undo-tree-id5147 . -1) (undo-tree-id5148 . -1) (undo-tree-id5149 . -1) (undo-tree-id5150 . -1) (undo-tree-id5151 . -1) (undo-tree-id5152 . -1) (undo-tree-id5153 . -1) (undo-tree-id5154 . -1) (undo-tree-id5155 . -1) (undo-tree-id5156 . -1) (undo-tree-id5157 . -1) (undo-tree-id5158 . -1) (undo-tree-id5159 . -1) (undo-tree-id5160 . -1) (undo-tree-id5161 . -1) (undo-tree-id5162 . -1) (undo-tree-id5163 . -1) (undo-tree-id5164 . -1) (undo-tree-id5165 . -1) (undo-tree-id5166 . -1) (undo-tree-id5167 . -1) (undo-tree-id5168 . -1) (undo-tree-id5169 . -1) (undo-tree-id5170 . -1) (undo-tree-id5171 . -1) (undo-tree-id5172 . -1) (undo-tree-id5173 . -1) (undo-tree-id5174 . -1) (undo-tree-id5175 . -1) (undo-tree-id5176 . -1) (undo-tree-id5177 . -1) (undo-tree-id5178 . -1) (undo-tree-id5179 . -1) (undo-tree-id5180 . -1) (undo-tree-id5181 . -1) (undo-tree-id5182 . -1) (undo-tree-id5183 . -1) (undo-tree-id5184 . -1) (undo-tree-id5185 . -1) (undo-tree-id5186 . -1) (undo-tree-id5187 . -1) (undo-tree-id5188 . -1) (undo-tree-id5189 . -1) (undo-tree-id5190 . -1) (undo-tree-id5191 . -1) (undo-tree-id5192 . -1) (undo-tree-id5193 . -1) (undo-tree-id5194 . -1) (undo-tree-id5195 . -1) (undo-tree-id5196 . -1) (undo-tree-id5197 . -1) (undo-tree-id5198 . -1) (undo-tree-id5199 . -1) (undo-tree-id5200 . -1) (undo-tree-id5201 . -1) (undo-tree-id5202 . -1) (undo-tree-id5203 . -1) (undo-tree-id5204 . -1) (undo-tree-id5205 . -1) (undo-tree-id5206 . -1) (undo-tree-id5207 . -1) (undo-tree-id5208 . -1) (undo-tree-id5209 . -1) (undo-tree-id5210 . -1) (undo-tree-id5211 . -1) (undo-tree-id5212 . -1) (undo-tree-id5213 . -1) (undo-tree-id5214 . -1) (undo-tree-id5215 . -1) (undo-tree-id5216 . -1) (undo-tree-id5217 . -1) (undo-tree-id5218 . -1) (undo-tree-id5219 . -1) (undo-tree-id5220 . -1) (undo-tree-id5221 . -1) (undo-tree-id5222 . -1) (undo-tree-id5223 . -1) (undo-tree-id5224 . -1) (undo-tree-id5225 . -1) (undo-tree-id5226 . -1) (undo-tree-id5227 . -1) (undo-tree-id5228 . -1) (undo-tree-id5229 . -1) (undo-tree-id5230 . -1) (undo-tree-id5231 . -1) (undo-tree-id5232 . -1) (undo-tree-id5233 . -1) (undo-tree-id5234 . -1) (undo-tree-id5235 . -1) (undo-tree-id5236 . -1) (undo-tree-id5237 . -1) (undo-tree-id5238 . -1) (undo-tree-id5239 . -1) (undo-tree-id5240 . -1) (undo-tree-id5241 . -1) (undo-tree-id5242 . -1) (undo-tree-id5243 . -1) (undo-tree-id5244 . -1) (undo-tree-id5245 . -1) (undo-tree-id5246 . -1) (undo-tree-id5247 . -1) (undo-tree-id5248 . -1) (undo-tree-id5249 . -1) (undo-tree-id5250 . -1) (undo-tree-id5251 . -1) (undo-tree-id5252 . -1) (undo-tree-id5253 . -1) (undo-tree-id5254 . -1) (undo-tree-id5255 . -1) (undo-tree-id5256 . -1) (undo-tree-id5257 . -1) (undo-tree-id5258 . -1) (undo-tree-id5259 . -1) (undo-tree-id5260 . -1) (undo-tree-id5261 . -1) (undo-tree-id5262 . -1) (undo-tree-id5263 . -1) (undo-tree-id5264 . -1) (undo-tree-id5265 . -1) (undo-tree-id5266 . -1) (undo-tree-id5267 . -1) (undo-tree-id5268 . -1) (undo-tree-id5269 . -1) (undo-tree-id5270 . -1) (undo-tree-id5271 . -1) (undo-tree-id5272 . -1) (undo-tree-id5273 . -1) (undo-tree-id5274 . -1) (undo-tree-id5275 . -1) (undo-tree-id5276 . -1) (undo-tree-id5277 . -1) (undo-tree-id5278 . -1) (undo-tree-id5279 . -1) (undo-tree-id5280 . -1) (undo-tree-id5281 . -1) (undo-tree-id5282 . -1) (undo-tree-id5283 . -1) (undo-tree-id5284 . -1) (undo-tree-id5285 . -1) (undo-tree-id5286 . -1) (undo-tree-id5287 . -1) (undo-tree-id5288 . -1) (undo-tree-id5289 . -1) (undo-tree-id5290 . -1) (undo-tree-id5291 . -1) (undo-tree-id5292 . -1) (undo-tree-id5293 . -1) (undo-tree-id5294 . -1) (undo-tree-id5295 . -1) (undo-tree-id5296 . -1) (undo-tree-id5297 . -1) (undo-tree-id5298 . -1) (undo-tree-id5299 . -1) (undo-tree-id5300 . -1) (undo-tree-id5301 . -1) (undo-tree-id5302 . -1) (undo-tree-id5303 . -1) (undo-tree-id5304 . -1) (undo-tree-id5305 . -1) (undo-tree-id5306 . -1) (undo-tree-id5307 . -1) (undo-tree-id5308 . -1) (undo-tree-id5309 . -1) (undo-tree-id5310 . -1) (undo-tree-id5311 . -1) (undo-tree-id5312 . -1) (undo-tree-id5313 . -1) (undo-tree-id5314 . -1) (undo-tree-id5315 . -1) (undo-tree-id5316 . -1) (undo-tree-id5317 . -1) (undo-tree-id5318 . -1) (undo-tree-id5319 . -1) (undo-tree-id5320 . -1) (undo-tree-id5321 . -1) (undo-tree-id5322 . -1) (undo-tree-id5323 . -1) (undo-tree-id5324 . -1) (undo-tree-id5325 . -1) (undo-tree-id5326 . -1) (undo-tree-id5327 . -1) (undo-tree-id5328 . -1) (undo-tree-id5329 . -1) (undo-tree-id5330 . -1) (undo-tree-id5331 . -1) (undo-tree-id5332 . -1) (undo-tree-id5333 . -1) (undo-tree-id5334 . -1) (undo-tree-id5335 . -1) (undo-tree-id5336 . -1) (undo-tree-id5337 . -1) (undo-tree-id5338 . -1) (undo-tree-id5339 . -1) (undo-tree-id5340 . -1) (undo-tree-id5341 . -1) (undo-tree-id5342 . -1) (undo-tree-id5343 . -1) (undo-tree-id5344 . -1) (undo-tree-id5345 . -1) (undo-tree-id5346 . -1) (undo-tree-id5347 . -1) (undo-tree-id5348 . -1) (undo-tree-id5349 . -1) (undo-tree-id5350 . -1) (undo-tree-id5351 . -1) (undo-tree-id5352 . -1) (undo-tree-id5353 . -1) (undo-tree-id5354 . -1) (undo-tree-id5355 . -1) (undo-tree-id5356 . -1) (undo-tree-id5357 . -1) (undo-tree-id5358 . -1) (undo-tree-id5359 . -1) (undo-tree-id5360 . -1) (undo-tree-id5361 . -1) (undo-tree-id5362 . -1) (undo-tree-id5363 . -1) (undo-tree-id5364 . -1) (undo-tree-id5365 . -1) (undo-tree-id5366 . -1) (undo-tree-id5367 . -1) (undo-tree-id5368 . -1) (undo-tree-id5369 . -1) (undo-tree-id5370 . -1) (undo-tree-id5371 . -1) (undo-tree-id5372 . -1) (undo-tree-id5373 . -1) (undo-tree-id5374 . -1) (undo-tree-id5375 . -1) (undo-tree-id5376 . -1) (undo-tree-id5377 . -1) (undo-tree-id5378 . -1) (undo-tree-id5379 . -1) (undo-tree-id5380 . -1) (undo-tree-id5381 . -1) (undo-tree-id5382 . -1) (undo-tree-id5383 . -1) (undo-tree-id5384 . -1) (undo-tree-id5385 . -1) (undo-tree-id5386 . -1) (undo-tree-id5387 . -1) (undo-tree-id5388 . -1) (undo-tree-id5389 . -1) (undo-tree-id5390 . -1) (undo-tree-id5391 . -1) (undo-tree-id5392 . -1) (undo-tree-id5393 . -1) (undo-tree-id5394 . -1) (undo-tree-id5395 . -1) (undo-tree-id5396 . -1) (undo-tree-id5397 . -1) (undo-tree-id5398 . -1) (undo-tree-id5399 . -1) (undo-tree-id5400 . -1) (undo-tree-id5401 . -1) (undo-tree-id5402 . -1) (undo-tree-id5403 . -1) (undo-tree-id5404 . -1) (undo-tree-id5405 . -1) (undo-tree-id5406 . -1) (undo-tree-id5407 . -1) (undo-tree-id5408 . -1) (undo-tree-id5409 . -1) (undo-tree-id5410 . -1) (undo-tree-id5411 . -1) (undo-tree-id5412 . -1) (undo-tree-id5413 . -1) (undo-tree-id5414 . -1) (undo-tree-id5415 . -1) (undo-tree-id5416 . -1) (undo-tree-id5417 . -1) (undo-tree-id5418 . -1) (undo-tree-id5419 . -1) (undo-tree-id5420 . -1) (undo-tree-id5421 . -1) (undo-tree-id5422 . -1) (undo-tree-id5423 . -1) (undo-tree-id5424 . -1) (undo-tree-id5425 . -1) (undo-tree-id5426 . -1) (undo-tree-id5427 . -1) (undo-tree-id5428 . -1) (undo-tree-id5429 . -1) (undo-tree-id5430 . -1) (undo-tree-id5431 . -1) (undo-tree-id5432 . -1) (undo-tree-id5433 . -1) (undo-tree-id5434 . -1) (undo-tree-id5435 . -1) (undo-tree-id5436 . -1) (undo-tree-id5437 . -1) (undo-tree-id5438 . -1) (undo-tree-id5439 . -1) (undo-tree-id5440 . -1) (undo-tree-id5441 . -1) (undo-tree-id5442 . -1) (undo-tree-id5443 . -1) (undo-tree-id5444 . -1) (undo-tree-id5445 . -1) (undo-tree-id5446 . -1) (undo-tree-id5447 . -1) (undo-tree-id5448 . -1) (undo-tree-id5449 . -1) (undo-tree-id5450 . -1) (undo-tree-id5451 . -1) (undo-tree-id5452 . -1) (undo-tree-id5453 . -1) (undo-tree-id5454 . -1) (undo-tree-id5455 . -1) (undo-tree-id5456 . -1) (undo-tree-id5457 . -1) (undo-tree-id5458 . -1) (undo-tree-id5459 . -1) (undo-tree-id5460 . -1) (undo-tree-id5461 . -1) (undo-tree-id5462 . -1) (undo-tree-id5463 . -1) (undo-tree-id5464 . -1) (undo-tree-id5465 . -1) (undo-tree-id5466 . -1) (undo-tree-id5467 . -1) (undo-tree-id5468 . -1) (undo-tree-id5469 . -1) (undo-tree-id5470 . -1) (undo-tree-id5471 . -1) (undo-tree-id5472 . -1) (undo-tree-id5473 . -1) (undo-tree-id5474 . -1) (undo-tree-id5475 . -1) (undo-tree-id5476 . -1) (undo-tree-id5477 . -1) (undo-tree-id5478 . -1) (undo-tree-id5479 . -1) (undo-tree-id5480 . -1) (undo-tree-id5481 . -1) (undo-tree-id5482 . -1) (undo-tree-id5483 . -1) (undo-tree-id5484 . -1) (undo-tree-id5485 . -1) (undo-tree-id5486 . -1) (undo-tree-id5487 . -1) (undo-tree-id5488 . -1) (undo-tree-id5489 . -1) (undo-tree-id5490 . -1) (undo-tree-id5491 . -1) (undo-tree-id5492 . -1) (undo-tree-id5493 . -1) (undo-tree-id5494 . -1) (undo-tree-id5495 . -1) (undo-tree-id5496 . -1) (undo-tree-id5497 . -1) (undo-tree-id5498 . -1) (undo-tree-id5499 . -1) (undo-tree-id5500 . -1) (undo-tree-id5501 . -1) (undo-tree-id5502 . -1) (undo-tree-id5503 . -1) (undo-tree-id5504 . -1) (undo-tree-id5505 . -1) (undo-tree-id5506 . -1) (undo-tree-id5507 . -1) (undo-tree-id5508 . -1) (undo-tree-id5509 . -1) (undo-tree-id5510 . -1) (undo-tree-id5511 . -1) (undo-tree-id5512 . -1) (undo-tree-id5513 . -1) (undo-tree-id5514 . -1) (undo-tree-id5515 . -1) (undo-tree-id5516 . -1) (undo-tree-id5517 . -1) (undo-tree-id5518 . -1) (undo-tree-id5519 . -1) (undo-tree-id5520 . -1) (undo-tree-id5521 . -1) (undo-tree-id5522 . -1) (undo-tree-id5523 . -1) (undo-tree-id5524 . -1) (undo-tree-id5525 . -1) (undo-tree-id5526 . -1) (undo-tree-id5527 . -1) (undo-tree-id5528 . -1) (undo-tree-id5529 . -1) (undo-tree-id5530 . -1) (undo-tree-id5531 . -1) (undo-tree-id5532 . -1) (undo-tree-id5533 . -1) (undo-tree-id5534 . -1) (undo-tree-id5535 . -1) (undo-tree-id5536 . -1) (undo-tree-id5537 . -1) (undo-tree-id5538 . -1) (undo-tree-id5539 . -1) (undo-tree-id5540 . -1) (undo-tree-id5541 . -1) (undo-tree-id5542 . -1) (undo-tree-id5543 . -1) (undo-tree-id5544 . -1) (undo-tree-id5545 . -1) (undo-tree-id5546 . -1) (undo-tree-id5547 . -1) (undo-tree-id5548 . -1) (undo-tree-id5549 . -1) (undo-tree-id5550 . -1) (undo-tree-id5551 . -1) (undo-tree-id5552 . -1) (undo-tree-id5553 . -1) (undo-tree-id5554 . -1) (undo-tree-id5555 . -1) (undo-tree-id5556 . -1) (undo-tree-id5557 . -1) (undo-tree-id5558 . -1) (undo-tree-id5559 . -1) (undo-tree-id5560 . -1) (undo-tree-id5561 . -1) (undo-tree-id5562 . -1) (undo-tree-id5563 . -1) (undo-tree-id5564 . -1) (undo-tree-id5565 . -1) (undo-tree-id5566 . -1) (undo-tree-id5567 . -1) (undo-tree-id5568 . -1) (undo-tree-id5569 . -1) (undo-tree-id5570 . -1) (undo-tree-id5571 . -1) (undo-tree-id5572 . -1) (undo-tree-id5573 . -1) (undo-tree-id5574 . -1) (undo-tree-id5575 . -1) (undo-tree-id5576 . -1) (undo-tree-id5577 . -1) (undo-tree-id5578 . -1) (undo-tree-id5579 . -1) (undo-tree-id5580 . -1) (undo-tree-id5581 . -1) (undo-tree-id5582 . -1) (undo-tree-id5583 . -1) (undo-tree-id5584 . -1) (undo-tree-id5585 . -1) (undo-tree-id5586 . -1) (undo-tree-id5587 . -1) (undo-tree-id5588 . -1) (undo-tree-id5589 . -1) (undo-tree-id5590 . -1) (undo-tree-id5591 . -1) (undo-tree-id5592 . -1) (undo-tree-id5593 . -1) (undo-tree-id5594 . -1) (undo-tree-id5595 . -1) (undo-tree-id5596 . -1) (undo-tree-id5597 . -1) (undo-tree-id5598 . -1) (undo-tree-id5599 . -1) (undo-tree-id5600 . -1) (undo-tree-id5601 . -1) (undo-tree-id5602 . -1) (undo-tree-id5603 . -1) (undo-tree-id5604 . -1) (undo-tree-id5605 . -1) (undo-tree-id5606 . -1) (undo-tree-id5607 . -1) (undo-tree-id5608 . -1) (undo-tree-id5609 . -1) (undo-tree-id5610 . -1) (undo-tree-id5611 . -1) (undo-tree-id5612 . -1) (undo-tree-id5613 . -1) (undo-tree-id5614 . -1) (undo-tree-id5615 . -1) (undo-tree-id5616 . -1) (undo-tree-id5617 . -1) (undo-tree-id5618 . -1) (undo-tree-id5619 . -1) (undo-tree-id5620 . -1) (undo-tree-id5621 . -1) (undo-tree-id5622 . -1) (undo-tree-id5623 . -1) (undo-tree-id5624 . -1) (undo-tree-id5625 . -1) (undo-tree-id5626 . -1) (undo-tree-id5627 . -1) (undo-tree-id5628 . -1) (undo-tree-id5629 . -1) (undo-tree-id5630 . -1) (undo-tree-id5631 . -1) (undo-tree-id5632 . -1) (undo-tree-id5633 . -1) (undo-tree-id5634 . -1) (undo-tree-id5635 . -1) (undo-tree-id5636 . -1) (undo-tree-id5637 . -1) (undo-tree-id5638 . -1) (undo-tree-id5639 . -1) (undo-tree-id5640 . -1) (undo-tree-id5641 . -1) (undo-tree-id5642 . -1) (undo-tree-id5643 . -1) (undo-tree-id5644 . -1) (undo-tree-id5645 . -1) (undo-tree-id5646 . -1) (undo-tree-id5647 . -1) (undo-tree-id5648 . -1) (undo-tree-id5649 . -1) (undo-tree-id5650 . -1) (undo-tree-id5651 . -1) (undo-tree-id5652 . -1) (undo-tree-id5653 . -1) (undo-tree-id5654 . -1) (undo-tree-id5655 . -1) (undo-tree-id5656 . -1) (undo-tree-id5657 . -1) (undo-tree-id5658 . -1) (undo-tree-id5659 . -1) (undo-tree-id5660 . -1) (undo-tree-id5661 . -1) (undo-tree-id5662 . -1) (undo-tree-id5663 . -1) (undo-tree-id5664 . -1) (undo-tree-id5665 . -1) (undo-tree-id5666 . -1) (undo-tree-id5667 . -1) (undo-tree-id5668 . -1) (undo-tree-id5669 . -1) (undo-tree-id5670 . -1) (undo-tree-id5671 . -1) (undo-tree-id5672 . -1) (undo-tree-id5673 . -1) (undo-tree-id5674 . -1) (undo-tree-id5675 . -1) (undo-tree-id5676 . -1) (undo-tree-id5677 . -1) (undo-tree-id5678 . -1) (undo-tree-id5679 . -1) (undo-tree-id5680 . -1) (undo-tree-id5681 . -1) (undo-tree-id5682 . -1) (undo-tree-id5683 . -1) (undo-tree-id5684 . -1) (undo-tree-id5685 . -1) (undo-tree-id5686 . -1) (undo-tree-id5687 . -1) (undo-tree-id5688 . -1) (undo-tree-id5689 . -1) (undo-tree-id5690 . -1) (undo-tree-id5691 . -1) (#("A" 0 1 (fontified t)) . -10301) (undo-tree-id5692 . -1) (undo-tree-id5693 . -1) (undo-tree-id5694 . -1) (undo-tree-id5695 . -1) (undo-tree-id5696 . -1) (undo-tree-id5697 . -1) (undo-tree-id5698 . -1) (undo-tree-id5699 . -1) (undo-tree-id5700 . -1) (undo-tree-id5701 . -1) (undo-tree-id5702 . -1) (undo-tree-id5703 . -1) (undo-tree-id5704 . -1) (undo-tree-id5705 . -1) (undo-tree-id5706 . -1) (undo-tree-id5707 . -1) (undo-tree-id5708 . -1) (undo-tree-id5709 . -1) (undo-tree-id5710 . -1) (undo-tree-id5711 . -1) (undo-tree-id5712 . -1) (undo-tree-id5713 . -1) (undo-tree-id5714 . -1) (undo-tree-id5715 . -1) (undo-tree-id5716 . -1) (undo-tree-id5717 . -1) (undo-tree-id5718 . -1) (undo-tree-id5719 . -1) (undo-tree-id5720 . -1) (undo-tree-id5721 . -1) (undo-tree-id5722 . -1) (undo-tree-id5723 . -1) (undo-tree-id5724 . -1) (undo-tree-id5725 . -1) (undo-tree-id5726 . -1) (undo-tree-id5727 . -1) (undo-tree-id5728 . -1) (undo-tree-id5729 . -1) (undo-tree-id5730 . -1) (undo-tree-id5731 . -1) (undo-tree-id5732 . -1) (undo-tree-id5733 . -1) (undo-tree-id5734 . -1) (undo-tree-id5735 . -1) (undo-tree-id5736 . -1) (undo-tree-id5737 . -1) (undo-tree-id5738 . -1) (undo-tree-id5739 . -1) (undo-tree-id5740 . -1) (undo-tree-id5741 . -1) (undo-tree-id5742 . -1) (undo-tree-id5743 . -1) (undo-tree-id5744 . -1) (undo-tree-id5745 . -1) (undo-tree-id5746 . -1) (undo-tree-id5747 . -1) (undo-tree-id5748 . -1) (undo-tree-id5749 . -1) (undo-tree-id5750 . -1) (undo-tree-id5751 . -1) (undo-tree-id5752 . -1) (undo-tree-id5753 . -1) (undo-tree-id5754 . -1) (undo-tree-id5755 . -1) (undo-tree-id5756 . -1) (undo-tree-id5757 . -1) (undo-tree-id5758 . -1) (undo-tree-id5759 . -1) (undo-tree-id5760 . -1) (undo-tree-id5761 . -1) (undo-tree-id5762 . -1) (undo-tree-id5763 . -1) (undo-tree-id5764 . -1) (undo-tree-id5765 . -1) (undo-tree-id5766 . -1) (undo-tree-id5767 . -1) (undo-tree-id5768 . -1) (undo-tree-id5769 . -1) (undo-tree-id5770 . -1) (undo-tree-id5771 . -1) (undo-tree-id5772 . -1) (undo-tree-id5773 . -1) (undo-tree-id5774 . -1) (undo-tree-id5775 . -1) (undo-tree-id5776 . -1) (undo-tree-id5777 . -1) (undo-tree-id5778 . -1) (undo-tree-id5779 . -1) (undo-tree-id5780 . -1) (undo-tree-id5781 . -1) (undo-tree-id5782 . -1) (undo-tree-id5783 . -1) (undo-tree-id5784 . -1) (undo-tree-id5785 . -1) (undo-tree-id5786 . -1) (undo-tree-id5787 . -1) (undo-tree-id5788 . -1) (undo-tree-id5789 . -1) (undo-tree-id5790 . -1) (undo-tree-id5791 . -1) (undo-tree-id5792 . -1) (undo-tree-id5793 . -1) (undo-tree-id5794 . -1) (undo-tree-id5795 . -1) (undo-tree-id5796 . -1) (undo-tree-id5797 . -1) (undo-tree-id5798 . -1) (undo-tree-id5799 . -1) (undo-tree-id5800 . -1) (undo-tree-id5801 . -1) (undo-tree-id5802 . -1) (undo-tree-id5803 . -1) (undo-tree-id5804 . -1) (undo-tree-id5805 . -1) (undo-tree-id5806 . -1) (undo-tree-id5807 . -1) (undo-tree-id5808 . -1) (undo-tree-id5809 . -1) (undo-tree-id5810 . -1) (undo-tree-id5811 . -1) (undo-tree-id5812 . -1) (undo-tree-id5813 . -1) (undo-tree-id5814 . -1) (undo-tree-id5815 . -1) (undo-tree-id5816 . -1) (undo-tree-id5817 . -1) (undo-tree-id5818 . -1) (undo-tree-id5819 . -1) (undo-tree-id5820 . -1) (undo-tree-id5821 . -1) (undo-tree-id5822 . -1) (undo-tree-id5823 . -1) (undo-tree-id5824 . -1) (undo-tree-id5825 . -1) (undo-tree-id5826 . -1) (undo-tree-id5827 . -1) (undo-tree-id5828 . -1) (undo-tree-id5829 . -1) (undo-tree-id5830 . -1) (undo-tree-id5831 . -1) (undo-tree-id5832 . -1) (undo-tree-id5833 . -1) (undo-tree-id5834 . -1) (undo-tree-id5835 . -1) (undo-tree-id5836 . -1) (undo-tree-id5837 . -1) (undo-tree-id5838 . -1) (undo-tree-id5839 . -1) (undo-tree-id5840 . -1) (undo-tree-id5841 . -1) (undo-tree-id5842 . -1) (undo-tree-id5843 . -1) (undo-tree-id5844 . -1) (undo-tree-id5845 . -1) (undo-tree-id5846 . -1) (undo-tree-id5847 . -1) (undo-tree-id5848 . -1) (undo-tree-id5849 . -1) (undo-tree-id5850 . -1) (undo-tree-id5851 . -1) (undo-tree-id5852 . -1) (undo-tree-id5853 . -1) (undo-tree-id5854 . -1) (undo-tree-id5855 . -1) (undo-tree-id5856 . -1) (undo-tree-id5857 . -1) (undo-tree-id5858 . -1) (undo-tree-id5859 . -1) (undo-tree-id5860 . -1) (undo-tree-id5861 . -1) (undo-tree-id5862 . -1) (undo-tree-id5863 . -1) (undo-tree-id5864 . -1) (undo-tree-id5865 . -1) (undo-tree-id5866 . -1) (undo-tree-id5867 . -1) (undo-tree-id5868 . -1) (undo-tree-id5869 . -1) (undo-tree-id5870 . -1) (undo-tree-id5871 . -1) (undo-tree-id5872 . -1) (undo-tree-id5873 . -1) (undo-tree-id5874 . -1) (undo-tree-id5875 . -1) (undo-tree-id5876 . -1) (undo-tree-id5877 . -1) (undo-tree-id5878 . -1) (undo-tree-id5879 . -1) (undo-tree-id5880 . -1) (undo-tree-id5881 . -1) (undo-tree-id5882 . -1) (undo-tree-id5883 . -1) (undo-tree-id5884 . -1) (undo-tree-id5885 . -1) (undo-tree-id5886 . -1) (undo-tree-id5887 . -1) (undo-tree-id5888 . -1) (undo-tree-id5889 . -1) (undo-tree-id5890 . -1) (undo-tree-id5891 . -1) (undo-tree-id5892 . -1) (undo-tree-id5893 . -1) (undo-tree-id5894 . -1) (undo-tree-id5895 . -1) (undo-tree-id5896 . -1) (undo-tree-id5897 . -1) (undo-tree-id5898 . -1) (undo-tree-id5899 . -1) (undo-tree-id5900 . -1) (undo-tree-id5901 . -1) (undo-tree-id5902 . -1) (undo-tree-id5903 . -1) (undo-tree-id5904 . -1) (undo-tree-id5905 . -1) (undo-tree-id5906 . -1) (undo-tree-id5907 . -1) (undo-tree-id5908 . -1) (undo-tree-id5909 . -1) (undo-tree-id5910 . -1) (undo-tree-id5911 . -1) (undo-tree-id5912 . -1) (undo-tree-id5913 . -1) (undo-tree-id5914 . -1) (undo-tree-id5915 . -1) (undo-tree-id5916 . -1) (undo-tree-id5917 . -1) (undo-tree-id5918 . -1) (undo-tree-id5919 . -1) (undo-tree-id5920 . -1) (undo-tree-id5921 . -1) (undo-tree-id5922 . -1) (undo-tree-id5923 . -1) (undo-tree-id5924 . -1) (undo-tree-id5925 . -1) (undo-tree-id5926 . -1) (undo-tree-id5927 . -1) (undo-tree-id5928 . -1) (undo-tree-id5929 . -1) (undo-tree-id5930 . -1) (undo-tree-id5931 . -1) (undo-tree-id5932 . -1) (undo-tree-id5933 . -1) (undo-tree-id5934 . -1) (undo-tree-id5935 . -1) (undo-tree-id5936 . -1) (undo-tree-id5937 . -1) (undo-tree-id5938 . -1) (undo-tree-id5939 . -1) (undo-tree-id5940 . -1) (undo-tree-id5941 . -1) (undo-tree-id5942 . -1) (undo-tree-id5943 . -1) (undo-tree-id5944 . -1) (undo-tree-id5945 . -1) (undo-tree-id5946 . -1) (undo-tree-id5947 . -1) (undo-tree-id5948 . -1) (undo-tree-id5949 . -1) (undo-tree-id5950 . -1) (undo-tree-id5951 . -1) (undo-tree-id5952 . -1) (undo-tree-id5953 . -1) (undo-tree-id5954 . -1) (undo-tree-id5955 . -1) (undo-tree-id5956 . -1) (undo-tree-id5957 . -1) (undo-tree-id5958 . -1) (undo-tree-id5959 . -1) (undo-tree-id5960 . -1) (undo-tree-id5961 . -1) (undo-tree-id5962 . -1) (undo-tree-id5963 . -1) (undo-tree-id5964 . -1) (undo-tree-id5965 . -1) (undo-tree-id5966 . -1) (undo-tree-id5967 . -1) (undo-tree-id5968 . -1) (undo-tree-id5969 . -1) (undo-tree-id5970 . -1) (undo-tree-id5971 . -1) (undo-tree-id5972 . -1) (undo-tree-id5973 . -1) (undo-tree-id5974 . -1) (undo-tree-id5975 . -1) (undo-tree-id5976 . -1) (undo-tree-id5977 . -1) (undo-tree-id5978 . -1) (undo-tree-id5979 . -1) (undo-tree-id5980 . -1) (undo-tree-id5981 . -1) (undo-tree-id5982 . -1) (undo-tree-id5983 . -1) (undo-tree-id5984 . -1) (undo-tree-id5985 . -1) (undo-tree-id5986 . -1) (undo-tree-id5987 . -1) (undo-tree-id5988 . -1) (undo-tree-id5989 . -1) (undo-tree-id5990 . -1) (undo-tree-id5991 . -1) (undo-tree-id5992 . -1) (undo-tree-id5993 . -1) (undo-tree-id5994 . -1) (undo-tree-id5995 . -1) (undo-tree-id5996 . -1) (undo-tree-id5997 . -1) (undo-tree-id5998 . -1) (undo-tree-id5999 . -1) (undo-tree-id6000 . -1) (undo-tree-id6001 . -1) (undo-tree-id6002 . -1) (undo-tree-id6003 . -1) (undo-tree-id6004 . -1) (undo-tree-id6005 . -1) (undo-tree-id6006 . -1) (undo-tree-id6007 . -1) (undo-tree-id6008 . -1) (undo-tree-id6009 . -1) (undo-tree-id6010 . -1) (undo-tree-id6011 . -1) (undo-tree-id6012 . -1) (undo-tree-id6013 . -1) (undo-tree-id6014 . -1) (undo-tree-id6015 . -1) (undo-tree-id6016 . -1) (undo-tree-id6017 . -1) (undo-tree-id6018 . -1) (undo-tree-id6019 . -1) (undo-tree-id6020 . -1) (undo-tree-id6021 . -1) (undo-tree-id6022 . -1) (undo-tree-id6023 . -1) (undo-tree-id6024 . -1) (undo-tree-id6025 . -1) (undo-tree-id6026 . -1) (undo-tree-id6027 . -1) (undo-tree-id6028 . -1) (undo-tree-id6029 . -1) (undo-tree-id6030 . -1) (undo-tree-id6031 . -1) (undo-tree-id6032 . -1) (undo-tree-id6033 . -1) (undo-tree-id6034 . -1) (undo-tree-id6035 . -1) (undo-tree-id6036 . -1) (undo-tree-id6037 . -1) (undo-tree-id6038 . -1) (undo-tree-id6039 . -1) (undo-tree-id6040 . -1) (undo-tree-id6041 . -1) (undo-tree-id6042 . -1) (undo-tree-id6043 . -1) (undo-tree-id6044 . -1) (undo-tree-id6045 . -1) (undo-tree-id6046 . -1) (undo-tree-id6047 . -1) (undo-tree-id6048 . -1) (undo-tree-id6049 . -1) (undo-tree-id6050 . -1) (undo-tree-id6051 . -1) (undo-tree-id6052 . -1) (undo-tree-id6053 . -1) (undo-tree-id6054 . -1) (undo-tree-id6055 . -1) (undo-tree-id6056 . -1) (undo-tree-id6057 . -1) (undo-tree-id6058 . -1) (undo-tree-id6059 . -1) (undo-tree-id6060 . -1) (undo-tree-id6061 . -1) (undo-tree-id6062 . -1) (undo-tree-id6063 . -1) (undo-tree-id6064 . -1) (undo-tree-id6065 . -1) (undo-tree-id6066 . -1) (undo-tree-id6067 . -1) (undo-tree-id6068 . -1) (undo-tree-id6069 . -1) (undo-tree-id6070 . -1) (undo-tree-id6071 . -1) (undo-tree-id6072 . -1) (undo-tree-id6073 . -1) (undo-tree-id6074 . -1) (undo-tree-id6075 . -1) (undo-tree-id6076 . -1) (undo-tree-id6077 . -1) (undo-tree-id6078 . -1) (undo-tree-id6079 . -1) (undo-tree-id6080 . -1) (undo-tree-id6081 . -1) (undo-tree-id6082 . -1) (undo-tree-id6083 . -1) (undo-tree-id6084 . -1) (undo-tree-id6085 . -1) (undo-tree-id6086 . -1) (undo-tree-id6087 . -1) (undo-tree-id6088 . -1) (undo-tree-id6089 . -1) (undo-tree-id6090 . -1) (undo-tree-id6091 . -1) (undo-tree-id6092 . -1) (undo-tree-id6093 . -1) (undo-tree-id6094 . -1) (undo-tree-id6095 . -1) (undo-tree-id6096 . -1) (undo-tree-id6097 . -1) (undo-tree-id6098 . -1) (undo-tree-id6099 . -1) (undo-tree-id6100 . -1) (undo-tree-id6101 . -1) (undo-tree-id6102 . -1) (undo-tree-id6103 . -1) (undo-tree-id6104 . -1) (undo-tree-id6105 . -1) (undo-tree-id6106 . -1) (undo-tree-id6107 . -1) (undo-tree-id6108 . -1) (undo-tree-id6109 . -1) (undo-tree-id6110 . -1) (undo-tree-id6111 . -1) (undo-tree-id6112 . -1) (undo-tree-id6113 . -1) (undo-tree-id6114 . -1) (undo-tree-id6115 . -1) (undo-tree-id6116 . -1) (undo-tree-id6117 . -1) (undo-tree-id6118 . -1) (undo-tree-id6119 . -1) (undo-tree-id6120 . -1) (undo-tree-id6121 . -1) (undo-tree-id6122 . -1) (undo-tree-id6123 . -1) (undo-tree-id6124 . -1) (undo-tree-id6125 . -1) (undo-tree-id6126 . -1) (undo-tree-id6127 . -1) (undo-tree-id6128 . -1) (undo-tree-id6129 . -1) (undo-tree-id6130 . -1) (undo-tree-id6131 . -1) (undo-tree-id6132 . -1) (undo-tree-id6133 . -1) (undo-tree-id6134 . -1) (undo-tree-id6135 . -1) (undo-tree-id6136 . -1) (undo-tree-id6137 . -1) (undo-tree-id6138 . -1) (undo-tree-id6139 . -1) (undo-tree-id6140 . -1) (undo-tree-id6141 . -1) (undo-tree-id6142 . -1) (undo-tree-id6143 . -1) (undo-tree-id6144 . -1) (undo-tree-id6145 . -1) (undo-tree-id6146 . -1) (undo-tree-id6147 . -1) (undo-tree-id6148 . -1) (undo-tree-id6149 . -1) (undo-tree-id6150 . -1) (undo-tree-id6151 . -1) (undo-tree-id6152 . -1) (undo-tree-id6153 . -1) (undo-tree-id6154 . -1) (undo-tree-id6155 . -1) (undo-tree-id6156 . -1) (undo-tree-id6157 . -1) (undo-tree-id6158 . -1) (undo-tree-id6159 . -1) (undo-tree-id6160 . -1) (undo-tree-id6161 . -1) (undo-tree-id6162 . -1) (undo-tree-id6163 . -1) (undo-tree-id6164 . -1) (undo-tree-id6165 . -1) (undo-tree-id6166 . -1) (undo-tree-id6167 . -1) (undo-tree-id6168 . -1) (undo-tree-id6169 . -1) (undo-tree-id6170 . -1) (undo-tree-id6171 . -1) (undo-tree-id6172 . -1) (undo-tree-id6173 . -1) (undo-tree-id6174 . -1) (undo-tree-id6175 . -1) (undo-tree-id6176 . -1) (undo-tree-id6177 . -1) (undo-tree-id6178 . -1) (undo-tree-id6179 . -1) (undo-tree-id6180 . -1) (undo-tree-id6181 . -1) (undo-tree-id6182 . -1) (undo-tree-id6183 . -1) (undo-tree-id6184 . -1) (undo-tree-id6185 . -1) (undo-tree-id6186 . -1) (undo-tree-id6187 . -1) (undo-tree-id6188 . -1) (undo-tree-id6189 . -1) (undo-tree-id6190 . -1) (undo-tree-id6191 . -1) (undo-tree-id6192 . -1) (undo-tree-id6193 . -1) (undo-tree-id6194 . -1) (undo-tree-id6195 . -1) (undo-tree-id6196 . -1) (undo-tree-id6197 . -1) (undo-tree-id6198 . -1) (undo-tree-id6199 . -1) (undo-tree-id6200 . -1) (undo-tree-id6201 . -1) (undo-tree-id6202 . -1) (undo-tree-id6203 . -1) (undo-tree-id6204 . -1) (undo-tree-id6205 . -1) (undo-tree-id6206 . -1) (undo-tree-id6207 . -1) (undo-tree-id6208 . -1) (undo-tree-id6209 . -1) (undo-tree-id6210 . -1) (undo-tree-id6211 . -1) (undo-tree-id6212 . -1) (undo-tree-id6213 . -1) (undo-tree-id6214 . -1) (undo-tree-id6215 . -1) (undo-tree-id6216 . -1) (undo-tree-id6217 . -1) (undo-tree-id6218 . -1) (undo-tree-id6219 . -1) (undo-tree-id6220 . -1) (undo-tree-id6221 . -1) (undo-tree-id6222 . -1) (undo-tree-id6223 . -1) (undo-tree-id6224 . -1) (undo-tree-id6225 . -1) (undo-tree-id6226 . -1) (undo-tree-id6227 . -1) (undo-tree-id6228 . -1) (undo-tree-id6229 . -1) (undo-tree-id6230 . -1) (undo-tree-id6231 . -1) (undo-tree-id6232 . -1) (undo-tree-id6233 . -1) (undo-tree-id6234 . -1) (undo-tree-id6235 . -1) (undo-tree-id6236 . -1) (undo-tree-id6237 . -1) (undo-tree-id6238 . -1) (undo-tree-id6239 . -1) (undo-tree-id6240 . -1) (undo-tree-id6241 . -1) (undo-tree-id6242 . -1) (undo-tree-id6243 . -1) (undo-tree-id6244 . -1) (undo-tree-id6245 . -1) (undo-tree-id6246 . -1) (undo-tree-id6247 . -1) (undo-tree-id6248 . -1) (undo-tree-id6249 . -1) (undo-tree-id6250 . -1) (undo-tree-id6251 . -1) (undo-tree-id6252 . -1) (undo-tree-id6253 . -1) (undo-tree-id6254 . -1) (undo-tree-id6255 . -1) (undo-tree-id6256 . -1) (undo-tree-id6257 . -1) (undo-tree-id6258 . -1) (undo-tree-id6259 . -1) (undo-tree-id6260 . -1) (undo-tree-id6261 . -1) (undo-tree-id6262 . -1) (undo-tree-id6263 . -1) (undo-tree-id6264 . -1) (undo-tree-id6265 . -1) (undo-tree-id6266 . -1) (undo-tree-id6267 . -1) (undo-tree-id6268 . -1) (undo-tree-id6269 . -1) (undo-tree-id6270 . -1) (undo-tree-id6271 . -1) (undo-tree-id6272 . -1) (undo-tree-id6273 . -1) (undo-tree-id6274 . -1) (undo-tree-id6275 . -1) (undo-tree-id6276 . -1) (undo-tree-id6277 . -1) (undo-tree-id6278 . -1) (undo-tree-id6279 . -1) (undo-tree-id6280 . -1) (undo-tree-id6281 . -1) (undo-tree-id6282 . -1) (undo-tree-id6283 . -1) (undo-tree-id6284 . -1) (undo-tree-id6285 . -1) (undo-tree-id6286 . -1) (undo-tree-id6287 . -1) (undo-tree-id6288 . -1) (undo-tree-id6289 . -1) (undo-tree-id6290 . -1) (undo-tree-id6291 . -1) (undo-tree-id6292 . -1) (undo-tree-id6293 . -1) (undo-tree-id6294 . -1) (undo-tree-id6295 . -1) (undo-tree-id6296 . -1) (undo-tree-id6297 . -1) (undo-tree-id6298 . -1) (undo-tree-id6299 . -1) (undo-tree-id6300 . -1) (undo-tree-id6301 . -1) (undo-tree-id6302 . -1) (undo-tree-id6303 . -1) (undo-tree-id6304 . -1) (undo-tree-id6305 . -1) (undo-tree-id6306 . -1) (undo-tree-id6307 . -1) (undo-tree-id6308 . -1) (undo-tree-id6309 . -1) (undo-tree-id6310 . -1) (undo-tree-id6311 . -1) (undo-tree-id6312 . -1) (undo-tree-id6313 . -1) (undo-tree-id6314 . -1) (undo-tree-id6315 . -1) (undo-tree-id6316 . -1) (undo-tree-id6317 . -1) (undo-tree-id6318 . -1) (undo-tree-id6319 . -1) (undo-tree-id6320 . -1) (undo-tree-id6321 . -1) (undo-tree-id6322 . -1) (undo-tree-id6323 . -1) (undo-tree-id6324 . -1) (undo-tree-id6325 . -1) (undo-tree-id6326 . -1) (undo-tree-id6327 . -1) (undo-tree-id6328 . -1) (undo-tree-id6329 . -1) (undo-tree-id6330 . -1) (undo-tree-id6331 . -1) (undo-tree-id6332 . -1) (undo-tree-id6333 . -1) (undo-tree-id6334 . -1) (undo-tree-id6335 . -1) (undo-tree-id6336 . -1) (undo-tree-id6337 . -1) (undo-tree-id6338 . -1) (undo-tree-id6339 . -1) (undo-tree-id6340 . -1) (undo-tree-id6341 . -1) (undo-tree-id6342 . -1) (undo-tree-id6343 . -1) (undo-tree-id6344 . -1) (undo-tree-id6345 . -1) (undo-tree-id6346 . -1) (undo-tree-id6347 . -1) (undo-tree-id6348 . -1) (undo-tree-id6349 . -1) (undo-tree-id6350 . -1) (undo-tree-id6351 . -1) (undo-tree-id6352 . -1) (undo-tree-id6353 . -1) (undo-tree-id6354 . -1) (undo-tree-id6355 . -1) (undo-tree-id6356 . -1) (undo-tree-id6357 . -1) (undo-tree-id6358 . -1) (undo-tree-id6359 . -1) (undo-tree-id6360 . -1) (undo-tree-id6361 . -1) (undo-tree-id6362 . -1) (undo-tree-id6363 . -1) (undo-tree-id6364 . -1) (undo-tree-id6365 . -1) (undo-tree-id6366 . -1) (undo-tree-id6367 . -1) (undo-tree-id6368 . -1) (undo-tree-id6369 . -1) (undo-tree-id6370 . -1) (undo-tree-id6371 . -1) (undo-tree-id6372 . -1) (undo-tree-id6373 . -1) (undo-tree-id6374 . -1) (undo-tree-id6375 . -1) (undo-tree-id6376 . -1) (undo-tree-id6377 . -1) (undo-tree-id6378 . -1) (undo-tree-id6379 . -1) (undo-tree-id6380 . -1) (undo-tree-id6381 . -1) (undo-tree-id6382 . -1) (undo-tree-id6383 . -1) (undo-tree-id6384 . -1) (undo-tree-id6385 . -1) (undo-tree-id6386 . -1) (undo-tree-id6387 . -1) (undo-tree-id6388 . -1) (undo-tree-id6389 . -1) (undo-tree-id6390 . -1) (undo-tree-id6391 . -1) (undo-tree-id6392 . -1) (undo-tree-id6393 . -1) (undo-tree-id6394 . -1) (undo-tree-id6395 . -1) (undo-tree-id6396 . -1) (undo-tree-id6397 . -1) (undo-tree-id6398 . -1) (undo-tree-id6399 . -1) (undo-tree-id6400 . -1) (undo-tree-id6401 . -1) (undo-tree-id6402 . -1) (undo-tree-id6403 . -1) (undo-tree-id6404 . -1) (undo-tree-id6405 . -1) (undo-tree-id6406 . -1) (undo-tree-id6407 . -1) (undo-tree-id6408 . -1) (undo-tree-id6409 . -1) (undo-tree-id6410 . -1) (undo-tree-id6411 . -1) (undo-tree-id6412 . -1) (undo-tree-id6413 . -1) (undo-tree-id6414 . -1) (undo-tree-id6415 . -1) (undo-tree-id6416 . -1) (undo-tree-id6417 . -1) (undo-tree-id6418 . -1) (undo-tree-id6419 . -1) (undo-tree-id6420 . -1) (undo-tree-id6421 . -1) (undo-tree-id6422 . -1) (undo-tree-id6423 . -1) (undo-tree-id6424 . -1) (undo-tree-id6425 . -1) (undo-tree-id6426 . -1) (undo-tree-id6427 . -1) (undo-tree-id6428 . -1) (undo-tree-id6429 . -1) (undo-tree-id6430 . -1) (undo-tree-id6431 . -1) (undo-tree-id6432 . -1) (undo-tree-id6433 . -1) (undo-tree-id6434 . -1) (undo-tree-id6435 . -1) (undo-tree-id6436 . -1) (undo-tree-id6437 . -1) (undo-tree-id6438 . -1) (undo-tree-id6439 . -1) (undo-tree-id6440 . -1) (undo-tree-id6441 . -1) (undo-tree-id6442 . -1) (undo-tree-id6443 . -1) (undo-tree-id6444 . -1) (undo-tree-id6445 . -1) (undo-tree-id6446 . -1) (undo-tree-id6447 . -1) (undo-tree-id6448 . -1) (undo-tree-id6449 . -1) (undo-tree-id6450 . -1) (undo-tree-id6451 . -1) (undo-tree-id6452 . -1) (undo-tree-id6453 . -1) (undo-tree-id6454 . -1) (undo-tree-id6455 . -1) (undo-tree-id6456 . -1) (undo-tree-id6457 . -1) (undo-tree-id6458 . -1) (undo-tree-id6459 . -1) (undo-tree-id6460 . -1) (undo-tree-id6461 . -1) (undo-tree-id6462 . -1) (undo-tree-id6463 . -1) (undo-tree-id6464 . -1) (undo-tree-id6465 . -1) (undo-tree-id6466 . -1) (undo-tree-id6467 . -1) (undo-tree-id6468 . -1) (undo-tree-id6469 . -1) (undo-tree-id6470 . -1) (undo-tree-id6471 . -1) (undo-tree-id6472 . -1) (undo-tree-id6473 . -1) (undo-tree-id6474 . -1) (undo-tree-id6475 . -1) (undo-tree-id6476 . -1) (undo-tree-id6477 . -1) (undo-tree-id6478 . -1) (undo-tree-id6479 . -1) (undo-tree-id6480 . -1) (undo-tree-id6481 . -1) (undo-tree-id6482 . -1) (undo-tree-id6483 . -1) (undo-tree-id6484 . -1) (undo-tree-id6485 . -1) (undo-tree-id6486 . -1) (undo-tree-id6487 . -1) (undo-tree-id6488 . -1) (undo-tree-id6489 . -1) (undo-tree-id6490 . -1) (undo-tree-id6491 . -1) (undo-tree-id6492 . -1) (undo-tree-id6493 . -1) (undo-tree-id6494 . -1) (undo-tree-id6495 . -1) (undo-tree-id6496 . -1) (undo-tree-id6497 . -1) (undo-tree-id6498 . -1) (undo-tree-id6499 . -1) (undo-tree-id6500 . -1) (undo-tree-id6501 . -1) (undo-tree-id6502 . -1) (undo-tree-id6503 . -1) (undo-tree-id6504 . -1) (undo-tree-id6505 . -1) (undo-tree-id6506 . -1) (undo-tree-id6507 . -1) (undo-tree-id6508 . -1) (undo-tree-id6509 . -1) (undo-tree-id6510 . -1) (undo-tree-id6511 . -1) (undo-tree-id6512 . -1) (undo-tree-id6513 . -1) (undo-tree-id6514 . -1) (undo-tree-id6515 . -1) (undo-tree-id6516 . -1) (undo-tree-id6517 . -1) (undo-tree-id6518 . -1) (undo-tree-id6519 . -1) (undo-tree-id6520 . -1) (undo-tree-id6521 . -1) (undo-tree-id6522 . -1) (undo-tree-id6523 . -1) (undo-tree-id6524 . -1) (undo-tree-id6525 . -1) (undo-tree-id6526 . -1) (undo-tree-id6527 . -1) (undo-tree-id6528 . -1) (undo-tree-id6529 . -1) (undo-tree-id6530 . -1) (undo-tree-id6531 . -1) (undo-tree-id6532 . -1) (undo-tree-id6533 . -1) (undo-tree-id6534 . -1) (undo-tree-id6535 . -1) (undo-tree-id6536 . -1) (undo-tree-id6537 . -1) (undo-tree-id6538 . -1) (undo-tree-id6539 . -1) (undo-tree-id6540 . -1) (undo-tree-id6541 . -1) (undo-tree-id6542 . -1) (undo-tree-id6543 . -1) (undo-tree-id6544 . -1) (undo-tree-id6545 . -1) (undo-tree-id6546 . -1) (undo-tree-id6547 . -1) (undo-tree-id6548 . -1) (undo-tree-id6549 . -1) (undo-tree-id6550 . -1) (undo-tree-id6551 . -1) (undo-tree-id6552 . -1) (undo-tree-id6553 . -1) (undo-tree-id6554 . -1) (undo-tree-id6555 . -1) (undo-tree-id6556 . -1) (undo-tree-id6557 . -1) (undo-tree-id6558 . -1) (undo-tree-id6559 . -1) (undo-tree-id6560 . -1) (undo-tree-id6561 . -1) (undo-tree-id6562 . -1) (undo-tree-id6563 . -1) (undo-tree-id6564 . -1) (undo-tree-id6565 . -1) (undo-tree-id6566 . -1) (undo-tree-id6567 . -1) (undo-tree-id6568 . -1) (undo-tree-id6569 . -1) (undo-tree-id6570 . -1) (undo-tree-id6571 . -1) (undo-tree-id6572 . -1) (undo-tree-id6573 . -1) (undo-tree-id6574 . -1) (undo-tree-id6575 . -1) (undo-tree-id6576 . -1) (undo-tree-id6577 . -1) (undo-tree-id6578 . -1) (undo-tree-id6579 . -1) (undo-tree-id6580 . -1) (undo-tree-id6581 . -1) (undo-tree-id6582 . -1) (undo-tree-id6583 . -1) (undo-tree-id6584 . -1) (undo-tree-id6585 . -1) (undo-tree-id6586 . -1) (undo-tree-id6587 . -1) (undo-tree-id6588 . -1) (undo-tree-id6589 . -1) (undo-tree-id6590 . -1) (undo-tree-id6591 . -1) (undo-tree-id6592 . -1) (undo-tree-id6593 . -1) (undo-tree-id6594 . -1) (undo-tree-id6595 . -1) (undo-tree-id6596 . -1) (undo-tree-id6597 . -1) (undo-tree-id6598 . -1) (undo-tree-id6599 . -1) (undo-tree-id6600 . -1) (undo-tree-id6601 . -1) (undo-tree-id6602 . -1) (undo-tree-id6603 . -1) (undo-tree-id6604 . -1) (undo-tree-id6605 . -1) (undo-tree-id6606 . -1) (undo-tree-id6607 . -1) (undo-tree-id6608 . -1) (undo-tree-id6609 . -1) (undo-tree-id6610 . -1) (undo-tree-id6611 . -1) (undo-tree-id6612 . -1) (undo-tree-id6613 . -1) (undo-tree-id6614 . -1) (undo-tree-id6615 . -1) (undo-tree-id6616 . -1) (undo-tree-id6617 . -1) (undo-tree-id6618 . -1) (undo-tree-id6619 . -1) (undo-tree-id6620 . -1) (undo-tree-id6621 . -1) (undo-tree-id6622 . -1) (undo-tree-id6623 . -1) (undo-tree-id6624 . -1) (undo-tree-id6625 . -1) (undo-tree-id6626 . -1) (undo-tree-id6627 . -1) (undo-tree-id6628 . -1) (undo-tree-id6629 . -1) (undo-tree-id6630 . -1) (undo-tree-id6631 . -1) (undo-tree-id6632 . -1) (undo-tree-id6633 . -1) (undo-tree-id6634 . -1) (undo-tree-id6635 . -1) (undo-tree-id6636 . -1) (undo-tree-id6637 . -1) (undo-tree-id6638 . -1) (undo-tree-id6639 . -1) (undo-tree-id6640 . -1) (undo-tree-id6641 . -1) (undo-tree-id6642 . -1) (undo-tree-id6643 . -1) (undo-tree-id6644 . -1) (undo-tree-id6645 . -1) (undo-tree-id6646 . -1) (undo-tree-id6647 . -1) (undo-tree-id6648 . -1) (undo-tree-id6649 . -1) (undo-tree-id6650 . -1) (undo-tree-id6651 . -1) (undo-tree-id6652 . -1) (undo-tree-id6653 . -1) (undo-tree-id6654 . -1) (undo-tree-id6655 . -1) (undo-tree-id6656 . -1) (undo-tree-id6657 . -1) (undo-tree-id6658 . -1) (undo-tree-id6659 . -1) (undo-tree-id6660 . -1) (undo-tree-id6661 . -1) (undo-tree-id6662 . -1) (undo-tree-id6663 . -1) (undo-tree-id6664 . -1) (undo-tree-id6665 . -1) (undo-tree-id6666 . -1) (undo-tree-id6667 . -1) (undo-tree-id6668 . -1) (undo-tree-id6669 . -1) (undo-tree-id6670 . -1) (undo-tree-id6671 . -1) (undo-tree-id6672 . -1) (undo-tree-id6673 . -1) (undo-tree-id6674 . -1) (undo-tree-id6675 . -1) (undo-tree-id6676 . -1) (undo-tree-id6677 . -1) (undo-tree-id6678 . -1) (undo-tree-id6679 . -1) (undo-tree-id6680 . -1) (undo-tree-id6681 . -1) (undo-tree-id6682 . -1) (undo-tree-id6683 . -1) (undo-tree-id6684 . -1) (undo-tree-id6685 . -1) (undo-tree-id6686 . -1) (undo-tree-id6687 . -1) (undo-tree-id6688 . -1) (undo-tree-id6689 . -1) (undo-tree-id6690 . -1) (undo-tree-id6691 . -1) (undo-tree-id6692 . -1) (undo-tree-id6693 . -1) (undo-tree-id6694 . -1) (undo-tree-id6695 . -1) (undo-tree-id6696 . -1) (undo-tree-id6697 . -1) (undo-tree-id6698 . -1) (undo-tree-id6699 . -1) (undo-tree-id6700 . -1) (undo-tree-id6701 . -1) (undo-tree-id6702 . -1) (undo-tree-id6703 . -1) (undo-tree-id6704 . -1) (undo-tree-id6705 . -1) (undo-tree-id6706 . -1) (undo-tree-id6707 . -1) (undo-tree-id6708 . -1) (undo-tree-id6709 . -1) (undo-tree-id6710 . -1) (undo-tree-id6711 . -1) (undo-tree-id6712 . -1) (undo-tree-id6713 . -1) (undo-tree-id6714 . -1) (undo-tree-id6715 . -1) (undo-tree-id6716 . -1) (undo-tree-id6717 . -1) (undo-tree-id6718 . -1) (undo-tree-id6719 . -1) (undo-tree-id6720 . -1) (undo-tree-id6721 . -1) (undo-tree-id6722 . -1) (undo-tree-id6723 . -1) (undo-tree-id6724 . -1) (undo-tree-id6725 . -1) (undo-tree-id6726 . -1) (undo-tree-id6727 . -1) (undo-tree-id6728 . -1) (undo-tree-id6729 . -1) (undo-tree-id6730 . -1) (undo-tree-id6731 . -1) (undo-tree-id6732 . -1) (undo-tree-id6733 . -1) (undo-tree-id6734 . -1) (undo-tree-id6735 . -1) (undo-tree-id6736 . -1) (undo-tree-id6737 . -1) (undo-tree-id6738 . -1) (undo-tree-id6739 . -1) (undo-tree-id6740 . -1) (undo-tree-id6741 . -1) (undo-tree-id6742 . -1) (undo-tree-id6743 . -1) (undo-tree-id6744 . -1) (undo-tree-id6745 . -1) (undo-tree-id6746 . -1) (undo-tree-id6747 . -1) (undo-tree-id6748 . -1) (undo-tree-id6749 . -1) (undo-tree-id6750 . -1) (undo-tree-id6751 . -1) (undo-tree-id6752 . -1) (undo-tree-id6753 . -1) (undo-tree-id6754 . -1) (undo-tree-id6755 . -1) (undo-tree-id6756 . -1) (undo-tree-id6757 . -1) (undo-tree-id6758 . -1) (undo-tree-id6759 . -1) (undo-tree-id6760 . -1) (undo-tree-id6761 . -1) (undo-tree-id6762 . -1) (undo-tree-id6763 . -1) (undo-tree-id6764 . -1) (undo-tree-id6765 . -1) (undo-tree-id6766 . -1) (undo-tree-id6767 . -1) (undo-tree-id6768 . -1) (undo-tree-id6769 . -1) (undo-tree-id6770 . -1) (undo-tree-id6771 . -1) (undo-tree-id6772 . -1) (undo-tree-id6773 . -1) (undo-tree-id6774 . -1) (undo-tree-id6775 . -1) (undo-tree-id6776 . -1) (undo-tree-id6777 . -1) (undo-tree-id6778 . -1) (undo-tree-id6779 . -1) (undo-tree-id6780 . -1) (undo-tree-id6781 . -1) (undo-tree-id6782 . -1) (undo-tree-id6783 . -1) (undo-tree-id6784 . -1) (undo-tree-id6785 . -1) (undo-tree-id6786 . -1) (undo-tree-id6787 . -1) (undo-tree-id6788 . -1) (undo-tree-id6789 . -1) (undo-tree-id6790 . -1) (undo-tree-id6791 . -1) (undo-tree-id6792 . -1) (undo-tree-id6793 . -1) (undo-tree-id6794 . -1) (undo-tree-id6795 . -1) (undo-tree-id6796 . -1) (undo-tree-id6797 . -1) (undo-tree-id6798 . -1) (undo-tree-id6799 . -1) (undo-tree-id6800 . -1) (undo-tree-id6801 . -1) (undo-tree-id6802 . -1) (undo-tree-id6803 . -1) (undo-tree-id6804 . -1) (undo-tree-id6805 . -1) (undo-tree-id6806 . -1) (undo-tree-id6807 . -1) (undo-tree-id6808 . -1) (undo-tree-id6809 . -1) (undo-tree-id6810 . -1) (undo-tree-id6811 . -1) (undo-tree-id6812 . -1) (undo-tree-id6813 . -1) (undo-tree-id6814 . -1) (undo-tree-id6815 . -1) (undo-tree-id6816 . -1) (undo-tree-id6817 . -1) (undo-tree-id6818 . -1) (undo-tree-id6819 . -1) (undo-tree-id6820 . -1) (undo-tree-id6821 . -1) (undo-tree-id6822 . -1) (undo-tree-id6823 . -1) (undo-tree-id6824 . -1) (undo-tree-id6825 . -1) (undo-tree-id6826 . -1) (undo-tree-id6827 . -1) (undo-tree-id6828 . -1) (undo-tree-id6829 . -1) (undo-tree-id6830 . -1) (undo-tree-id6831 . -1) (undo-tree-id6832 . -1) (undo-tree-id6833 . -1) (undo-tree-id6834 . -1) (undo-tree-id6835 . -1) (undo-tree-id6836 . -1) (undo-tree-id6837 . -1) (undo-tree-id6838 . -1) (undo-tree-id6839 . -1) (undo-tree-id6840 . -1) (undo-tree-id6841 . -1) (undo-tree-id6842 . -1) (undo-tree-id6843 . -1) (undo-tree-id6844 . -1) (undo-tree-id6845 . -1) (undo-tree-id6846 . -1) (undo-tree-id6847 . -1) (undo-tree-id6848 . -1) (undo-tree-id6849 . -1) (undo-tree-id6850 . -1) (undo-tree-id6851 . -1) (undo-tree-id6852 . -1) (undo-tree-id6853 . -1) (undo-tree-id6854 . -1) (undo-tree-id6855 . -1) (undo-tree-id6856 . -1) (undo-tree-id6857 . -1) (undo-tree-id6858 . -1) (undo-tree-id6859 . -1) (undo-tree-id6860 . -1) (undo-tree-id6861 . -1) (undo-tree-id6862 . -1) (undo-tree-id6863 . -1) (undo-tree-id6864 . -1) (undo-tree-id6865 . -1) (undo-tree-id6866 . -1) (undo-tree-id6867 . -1) (undo-tree-id6868 . -1) (undo-tree-id6869 . -1) (undo-tree-id6870 . -1) (undo-tree-id6871 . -1) (undo-tree-id6872 . -1) (undo-tree-id6873 . -1) (undo-tree-id6874 . -1) (undo-tree-id6875 . -1) (undo-tree-id6876 . -1) (undo-tree-id6877 . -1) (undo-tree-id6878 . -1) (undo-tree-id6879 . -1) (undo-tree-id6880 . -1) (undo-tree-id6881 . -1) (undo-tree-id6882 . -1) (undo-tree-id6883 . -1) (undo-tree-id6884 . -1) (undo-tree-id6885 . -1) (undo-tree-id6886 . -1) (undo-tree-id6887 . -1) (undo-tree-id6888 . -1) (undo-tree-id6889 . -1) (undo-tree-id6890 . -1) (undo-tree-id6891 . -1) (undo-tree-id6892 . -1) (undo-tree-id6893 . -1) (undo-tree-id6894 . -1) (undo-tree-id6895 . -1) (undo-tree-id6896 . -1) (undo-tree-id6897 . -1) (undo-tree-id6898 . -1) (undo-tree-id6899 . -1) (undo-tree-id6900 . -1) (undo-tree-id6901 . -1) (undo-tree-id6902 . -1) (undo-tree-id6903 . -1) (undo-tree-id6904 . -1) (undo-tree-id6905 . -1) (undo-tree-id6906 . -1) (undo-tree-id6907 . -1) (undo-tree-id6908 . -1) (undo-tree-id6909 . -1) (undo-tree-id6910 . -1) (undo-tree-id6911 . -1) (undo-tree-id6912 . -1) (undo-tree-id6913 . -1) (undo-tree-id6914 . -1) (undo-tree-id6915 . -1) (undo-tree-id6916 . -1) (undo-tree-id6917 . -1) (undo-tree-id6918 . -1) (undo-tree-id6919 . -1) (undo-tree-id6920 . -1) (undo-tree-id6921 . -1) (undo-tree-id6922 . -1) (undo-tree-id6923 . -1) (undo-tree-id6924 . -1) (undo-tree-id6925 . -1) (undo-tree-id6926 . -1) (undo-tree-id6927 . -1) (undo-tree-id6928 . -1) (undo-tree-id6929 . -1) (undo-tree-id6930 . -1) (undo-tree-id6931 . -1) (undo-tree-id6932 . -1) (undo-tree-id6933 . -1) (undo-tree-id6934 . -1) (undo-tree-id6935 . -1) (undo-tree-id6936 . -1) (undo-tree-id6937 . -1) (undo-tree-id6938 . -1) (undo-tree-id6939 . -1) (undo-tree-id6940 . -1) (undo-tree-id6941 . -1) (undo-tree-id6942 . -1) (undo-tree-id6943 . -1) (undo-tree-id6944 . -1) (undo-tree-id6945 . -1) (undo-tree-id6946 . -1) (undo-tree-id6947 . -1) (undo-tree-id6948 . -1) (undo-tree-id6949 . -1) (undo-tree-id6950 . -1) (undo-tree-id6951 . -1) (undo-tree-id6952 . -1) (undo-tree-id6953 . -1) (undo-tree-id6954 . -1) (undo-tree-id6955 . -1) (undo-tree-id6956 . -1) (undo-tree-id6957 . -1) (undo-tree-id6958 . -1) (undo-tree-id6959 . -1) (undo-tree-id6960 . -1) (undo-tree-id6961 . -1) (undo-tree-id6962 . -1) (undo-tree-id6963 . -1) (undo-tree-id6964 . -1) (undo-tree-id6965 . -1) (undo-tree-id6966 . -1) (undo-tree-id6967 . -1) (undo-tree-id6968 . -1) (undo-tree-id6969 . -1) (undo-tree-id6970 . -1) (undo-tree-id6971 . -1) (undo-tree-id6972 . -1) (undo-tree-id6973 . -1) (undo-tree-id6974 . -1) (undo-tree-id6975 . -1) (undo-tree-id6976 . -1) (undo-tree-id6977 . -1) (undo-tree-id6978 . -1) (undo-tree-id6979 . -1) (undo-tree-id6980 . -1) (undo-tree-id6981 . -1) (undo-tree-id6982 . -1) (undo-tree-id6983 . -1) (undo-tree-id6984 . -1) (undo-tree-id6985 . -1) (undo-tree-id6986 . -1) (undo-tree-id6987 . -1) (undo-tree-id6988 . -1) (undo-tree-id6989 . -1) (undo-tree-id6990 . -1) (undo-tree-id6991 . -1) (undo-tree-id6992 . -1) (undo-tree-id6993 . -1) (undo-tree-id6994 . -1) (undo-tree-id6995 . -1) (undo-tree-id6996 . -1) (undo-tree-id6997 . -1) (undo-tree-id6998 . -1) (undo-tree-id6999 . -1) (undo-tree-id7000 . -1) (undo-tree-id7001 . -1) (undo-tree-id7002 . -1) (undo-tree-id7003 . -1) (undo-tree-id7004 . -1) (undo-tree-id7005 . -1) (undo-tree-id7006 . -1) (undo-tree-id7007 . -1) (undo-tree-id7008 . -1) (undo-tree-id7009 . -1) (undo-tree-id7010 . -1) (undo-tree-id7011 . -1) (undo-tree-id7012 . -1) (undo-tree-id7013 . -1) (undo-tree-id7014 . -1) (undo-tree-id7015 . -1) (undo-tree-id7016 . -1) (undo-tree-id7017 . -1) (undo-tree-id7018 . -1) (undo-tree-id7019 . -1) (undo-tree-id7020 . -1) (undo-tree-id7021 . -1) (undo-tree-id7022 . -1) (undo-tree-id7023 . -1) (undo-tree-id7024 . -1) (undo-tree-id7025 . -1) (undo-tree-id7026 . -1) (undo-tree-id7027 . -1) (undo-tree-id7028 . -1) (undo-tree-id7029 . -1) (undo-tree-id7030 . -1) (undo-tree-id7031 . -1) (undo-tree-id7032 . -1) (undo-tree-id7033 . -1) (undo-tree-id7034 . -1) (undo-tree-id7035 . -1) (undo-tree-id7036 . -1) (undo-tree-id7037 . -1) (undo-tree-id7038 . -1) (undo-tree-id7039 . -1) (undo-tree-id7040 . -1) (undo-tree-id7041 . -1) (undo-tree-id7042 . -1) (undo-tree-id7043 . -1) (undo-tree-id7044 . -1) (undo-tree-id7045 . -1) (undo-tree-id7046 . -1) (undo-tree-id7047 . -1) (undo-tree-id7048 . -1) (undo-tree-id7049 . -1) (undo-tree-id7050 . -1) (undo-tree-id7051 . -1) (undo-tree-id7052 . -1) (undo-tree-id7053 . -1) (undo-tree-id7054 . -1) (undo-tree-id7055 . -1) (undo-tree-id7056 . -1) (undo-tree-id7057 . -1) (undo-tree-id7058 . -1) (undo-tree-id7059 . -1) (undo-tree-id7060 . -1) (undo-tree-id7061 . -1) (undo-tree-id7062 . -1) (undo-tree-id7063 . -1) (undo-tree-id7064 . -1) (undo-tree-id7065 . -1) (undo-tree-id7066 . -1) (undo-tree-id7067 . -1) (undo-tree-id7068 . -1) (undo-tree-id7069 . -1) (undo-tree-id7070 . -1) (undo-tree-id7071 . -1) (undo-tree-id7072 . -1) (undo-tree-id7073 . -1) (undo-tree-id7074 . -1) (undo-tree-id7075 . -1) (undo-tree-id7076 . -1) (undo-tree-id7077 . -1) (undo-tree-id7078 . -1) (undo-tree-id7079 . -1) (undo-tree-id7080 . -1) (undo-tree-id7081 . -1) (undo-tree-id7082 . -1) (undo-tree-id7083 . -1) (undo-tree-id7084 . -1) (undo-tree-id7085 . -1) (undo-tree-id7086 . -1) (undo-tree-id7087 . -1) (undo-tree-id7088 . -1) (undo-tree-id7089 . -1) (undo-tree-id7090 . -1) (undo-tree-id7091 . -1) (undo-tree-id7092 . -1) (undo-tree-id7093 . -1) (undo-tree-id7094 . -1) (undo-tree-id7095 . -1) (undo-tree-id7096 . -1) (undo-tree-id7097 . -1) (undo-tree-id7098 . -1) (undo-tree-id7099 . -1) (undo-tree-id7100 . -1) (undo-tree-id7101 . -1) (undo-tree-id7102 . -1) (undo-tree-id7103 . -1) (undo-tree-id7104 . -1) (undo-tree-id7105 . -1) (undo-tree-id7106 . -1) (undo-tree-id7107 . -1) (undo-tree-id7108 . -1) (undo-tree-id7109 . -1) (undo-tree-id7110 . -1) (undo-tree-id7111 . -1) (undo-tree-id7112 . -1) (undo-tree-id7113 . -1) (undo-tree-id7114 . -1) (undo-tree-id7115 . -1) (undo-tree-id7116 . -1) (undo-tree-id7117 . -1) (undo-tree-id7118 . -1) (undo-tree-id7119 . -1) (undo-tree-id7120 . -1) (undo-tree-id7121 . -1) (undo-tree-id7122 . -1) (undo-tree-id7123 . -1) (undo-tree-id7124 . -1) (undo-tree-id7125 . -1) (undo-tree-id7126 . -1) (undo-tree-id7127 . -1) (undo-tree-id7128 . -1) (undo-tree-id7129 . -1) (undo-tree-id7130 . -1) (undo-tree-id7131 . -1) (undo-tree-id7132 . -1) (undo-tree-id7133 . -1) (undo-tree-id7134 . -1) (undo-tree-id7135 . -1) (undo-tree-id7136 . -1) (undo-tree-id7137 . -1) (undo-tree-id7138 . -1) (undo-tree-id7139 . -1) (undo-tree-id7140 . -1) (undo-tree-id7141 . -1) (undo-tree-id7142 . -1) (undo-tree-id7143 . -1) (undo-tree-id7144 . -1) (undo-tree-id7145 . -1) (undo-tree-id7146 . -1) (undo-tree-id7147 . -1) (undo-tree-id7148 . -1) (undo-tree-id7149 . -1) (undo-tree-id7150 . -1) (undo-tree-id7151 . -1) (undo-tree-id7152 . -1) (undo-tree-id7153 . -1) (undo-tree-id7154 . -1) (undo-tree-id7155 . -1) (undo-tree-id7156 . -1) (undo-tree-id7157 . -1) (undo-tree-id7158 . -1) (undo-tree-id7159 . -1) (undo-tree-id7160 . -1) (undo-tree-id7161 . -1) (undo-tree-id7162 . -1) (undo-tree-id7163 . -1) (undo-tree-id7164 . -1) (undo-tree-id7165 . -1) (undo-tree-id7166 . -1) (undo-tree-id7167 . -1) (undo-tree-id7168 . -1) (undo-tree-id7169 . -1) (undo-tree-id7170 . -1) (undo-tree-id7171 . -1) (undo-tree-id7172 . -1) (undo-tree-id7173 . -1) (undo-tree-id7174 . -1) (undo-tree-id7175 . -1) (undo-tree-id7176 . -1) (undo-tree-id7177 . -1) (undo-tree-id7178 . -1) (undo-tree-id7179 . -1) (undo-tree-id7180 . -1) (undo-tree-id7181 . -1) (undo-tree-id7182 . -1) (undo-tree-id7183 . -1) (undo-tree-id7184 . -1) (undo-tree-id7185 . -1) (undo-tree-id7186 . -1) (undo-tree-id7187 . -1) (undo-tree-id7188 . -1) (undo-tree-id7189 . -1) (undo-tree-id7190 . -1) (undo-tree-id7191 . -1) (undo-tree-id7192 . -1) (undo-tree-id7193 . -1) (undo-tree-id7194 . -1) (undo-tree-id7195 . -1) (undo-tree-id7196 . -1) (undo-tree-id7197 . -1) (undo-tree-id7198 . -1) (undo-tree-id7199 . -1) (undo-tree-id7200 . -1) (undo-tree-id7201 . -1) (undo-tree-id7202 . -1) (undo-tree-id7203 . -1) (undo-tree-id7204 . -1) (undo-tree-id7205 . -1) (undo-tree-id7206 . -1) (undo-tree-id7207 . -1) (undo-tree-id7208 . -1) (undo-tree-id7209 . -1) (undo-tree-id7210 . -1) (undo-tree-id7211 . -1) (undo-tree-id7212 . -1) (undo-tree-id7213 . -1) (undo-tree-id7214 . -1) (undo-tree-id7215 . -1) (undo-tree-id7216 . -1) (undo-tree-id7217 . -1) (undo-tree-id7218 . -1) (undo-tree-id7219 . -1) (undo-tree-id7220 . -1) (undo-tree-id7221 . -1) (undo-tree-id7222 . -1) (undo-tree-id7223 . -1) (undo-tree-id7224 . -1) (undo-tree-id7225 . -1) (undo-tree-id7226 . -1) (undo-tree-id7227 . -1) (undo-tree-id7228 . -1) (undo-tree-id7229 . -1) (undo-tree-id7230 . -1) (undo-tree-id7231 . -1) (undo-tree-id7232 . -1) (undo-tree-id7233 . -1) (#("8" 0 1 (fontified t)) . -10302) (undo-tree-id7234 . -1) (undo-tree-id7235 . -1) (undo-tree-id7236 . -1) (undo-tree-id7237 . -1) (undo-tree-id7238 . -1) (undo-tree-id7239 . -1) (undo-tree-id7240 . -1) (undo-tree-id7241 . -1) (undo-tree-id7242 . -1) (undo-tree-id7243 . -1) (undo-tree-id7244 . -1) (undo-tree-id7245 . -1) (undo-tree-id7246 . -1) (undo-tree-id7247 . -1) (undo-tree-id7248 . -1) (undo-tree-id7249 . -1) (undo-tree-id7250 . -1) (undo-tree-id7251 . -1) (undo-tree-id7252 . -1) (undo-tree-id7253 . -1) (undo-tree-id7254 . -1) (undo-tree-id7255 . -1) (undo-tree-id7256 . -1) (undo-tree-id7257 . -1) (undo-tree-id7258 . -1) (undo-tree-id7259 . -1) (undo-tree-id7260 . -1) (undo-tree-id7261 . -1) (undo-tree-id7262 . -1) (undo-tree-id7263 . -1) (undo-tree-id7264 . -1) (undo-tree-id7265 . -1) (undo-tree-id7266 . -1) (undo-tree-id7267 . -1) (undo-tree-id7268 . -1) (undo-tree-id7269 . -1) (undo-tree-id7270 . -1) (undo-tree-id7271 . -1) (undo-tree-id7272 . -1) (undo-tree-id7273 . -1) (undo-tree-id7274 . -1) (undo-tree-id7275 . -1) (undo-tree-id7276 . -1) (undo-tree-id7277 . -1) (undo-tree-id7278 . -1) (undo-tree-id7279 . -1) (undo-tree-id7280 . -1) (undo-tree-id7281 . -1) (undo-tree-id7282 . -1) (undo-tree-id7283 . -1) (undo-tree-id7284 . -1) (undo-tree-id7285 . -1) (undo-tree-id7286 . -1) (undo-tree-id7287 . -1) (undo-tree-id7288 . -1) (undo-tree-id7289 . -1) (undo-tree-id7290 . -1) (undo-tree-id7291 . -1) (undo-tree-id7292 . -1) (undo-tree-id7293 . -1) (undo-tree-id7294 . -1) (undo-tree-id7295 . -1) (undo-tree-id7296 . -1) (undo-tree-id7297 . -1) (undo-tree-id7298 . -1) (undo-tree-id7299 . -1) (undo-tree-id7300 . -1) (undo-tree-id7301 . -1) (undo-tree-id7302 . -1) (undo-tree-id7303 . -1) (undo-tree-id7304 . -1) (undo-tree-id7305 . -1) (undo-tree-id7306 . -1) (undo-tree-id7307 . -1) (undo-tree-id7308 . -1) (undo-tree-id7309 . -1) (undo-tree-id7310 . -1) (undo-tree-id7311 . -1) (undo-tree-id7312 . -1) (undo-tree-id7313 . -1) (undo-tree-id7314 . -1) (undo-tree-id7315 . -1) (undo-tree-id7316 . -1) (undo-tree-id7317 . -1) (undo-tree-id7318 . -1) (undo-tree-id7319 . -1) (undo-tree-id7320 . -1) (undo-tree-id7321 . -1) (undo-tree-id7322 . -1) (undo-tree-id7323 . -1) (undo-tree-id7324 . -1) (undo-tree-id7325 . -1) (undo-tree-id7326 . -1) (undo-tree-id7327 . -1) (undo-tree-id7328 . -1) (undo-tree-id7329 . -1) (undo-tree-id7330 . -1) (undo-tree-id7331 . -1) (undo-tree-id7332 . -1) (undo-tree-id7333 . -1) (undo-tree-id7334 . -1) (undo-tree-id7335 . -1) (undo-tree-id7336 . -1) (undo-tree-id7337 . -1) (undo-tree-id7338 . -1) (undo-tree-id7339 . -1) (undo-tree-id7340 . -1) (undo-tree-id7341 . -1) (undo-tree-id7342 . -1) (undo-tree-id7343 . -1) (undo-tree-id7344 . -1) (undo-tree-id7345 . -1) (undo-tree-id7346 . -1) (undo-tree-id7347 . -1) (undo-tree-id7348 . -1) (undo-tree-id7349 . -1) (undo-tree-id7350 . -1) (undo-tree-id7351 . -1) (undo-tree-id7352 . -1) (undo-tree-id7353 . -1) (undo-tree-id7354 . -1) (undo-tree-id7355 . -1) (undo-tree-id7356 . -1) (undo-tree-id7357 . -1) (undo-tree-id7358 . -1) (undo-tree-id7359 . -1) (undo-tree-id7360 . -1) (undo-tree-id7361 . -1) (undo-tree-id7362 . -1) (undo-tree-id7363 . -1) (undo-tree-id7364 . -1) (undo-tree-id7365 . -1) (undo-tree-id7366 . -1) (undo-tree-id7367 . -1) (undo-tree-id7368 . -1) (undo-tree-id7369 . -1) (undo-tree-id7370 . -1) (undo-tree-id7371 . -1) (undo-tree-id7372 . -1) (undo-tree-id7373 . -1) (undo-tree-id7374 . -1) (undo-tree-id7375 . -1) (undo-tree-id7376 . -1) (undo-tree-id7377 . -1) (undo-tree-id7378 . -1) (undo-tree-id7379 . -1) (undo-tree-id7380 . -1) (undo-tree-id7381 . -1) (undo-tree-id7382 . -1) (undo-tree-id7383 . -1) (undo-tree-id7384 . -1) (undo-tree-id7385 . -1) (undo-tree-id7386 . -1) (undo-tree-id7387 . -1) (undo-tree-id7388 . -1) (undo-tree-id7389 . -1) (undo-tree-id7390 . -1) (undo-tree-id7391 . -1) (undo-tree-id7392 . -1) (undo-tree-id7393 . -1) (undo-tree-id7394 . -1) (undo-tree-id7395 . -1) (undo-tree-id7396 . -1) (undo-tree-id7397 . -1) (undo-tree-id7398 . -1) (undo-tree-id7399 . -1) (undo-tree-id7400 . -1) (undo-tree-id7401 . -1) (undo-tree-id7402 . -1) (undo-tree-id7403 . -1) (undo-tree-id7404 . -1) (undo-tree-id7405 . -1) (undo-tree-id7406 . -1) (undo-tree-id7407 . -1) (undo-tree-id7408 . -1) (undo-tree-id7409 . -1) (undo-tree-id7410 . -1) (undo-tree-id7411 . -1) (undo-tree-id7412 . -1) (undo-tree-id7413 . -1) (undo-tree-id7414 . -1) (undo-tree-id7415 . -1) (undo-tree-id7416 . -1) (undo-tree-id7417 . -1) (undo-tree-id7418 . -1) (undo-tree-id7419 . -1) (undo-tree-id7420 . -1) (undo-tree-id7421 . -1) (undo-tree-id7422 . -1) (undo-tree-id7423 . -1) (undo-tree-id7424 . -1) (undo-tree-id7425 . -1) (undo-tree-id7426 . -1) (undo-tree-id7427 . -1) (undo-tree-id7428 . -1) (undo-tree-id7429 . -1) (undo-tree-id7430 . -1) (undo-tree-id7431 . -1) (undo-tree-id7432 . -1) (undo-tree-id7433 . -1) (undo-tree-id7434 . -1) (undo-tree-id7435 . -1) (undo-tree-id7436 . -1) (undo-tree-id7437 . -1) (undo-tree-id7438 . -1) (undo-tree-id7439 . -1) (undo-tree-id7440 . -1) (undo-tree-id7441 . -1) (undo-tree-id7442 . -1) (undo-tree-id7443 . -1) (undo-tree-id7444 . -1) (undo-tree-id7445 . -1) (undo-tree-id7446 . -1) (undo-tree-id7447 . -1) (undo-tree-id7448 . -1) (undo-tree-id7449 . -1) (undo-tree-id7450 . -1) (undo-tree-id7451 . -1) (undo-tree-id7452 . -1) (undo-tree-id7453 . -1) (undo-tree-id7454 . -1) (undo-tree-id7455 . -1) (undo-tree-id7456 . -1) (undo-tree-id7457 . -1) (undo-tree-id7458 . -1) (undo-tree-id7459 . -1) (undo-tree-id7460 . -1) (undo-tree-id7461 . -1) (undo-tree-id7462 . -1) (undo-tree-id7463 . -1) (undo-tree-id7464 . -1) (undo-tree-id7465 . -1) (undo-tree-id7466 . -1) (undo-tree-id7467 . -1) (undo-tree-id7468 . -1) (undo-tree-id7469 . -1) (undo-tree-id7470 . -1) (undo-tree-id7471 . -1) (undo-tree-id7472 . -1) (undo-tree-id7473 . -1) (undo-tree-id7474 . -1) (undo-tree-id7475 . -1) (undo-tree-id7476 . -1) (undo-tree-id7477 . -1) (undo-tree-id7478 . -1) (undo-tree-id7479 . -1) (undo-tree-id7480 . -1) (undo-tree-id7481 . -1) (undo-tree-id7482 . -1) (undo-tree-id7483 . -1) (undo-tree-id7484 . -1) (undo-tree-id7485 . -1) (undo-tree-id7486 . -1) (undo-tree-id7487 . -1) (undo-tree-id7488 . -1) (undo-tree-id7489 . -1) (undo-tree-id7490 . -1) (undo-tree-id7491 . -1) (undo-tree-id7492 . -1) (undo-tree-id7493 . -1) (undo-tree-id7494 . -1) (undo-tree-id7495 . -1) (undo-tree-id7496 . -1) (undo-tree-id7497 . -1) (undo-tree-id7498 . -1) (undo-tree-id7499 . -1) (undo-tree-id7500 . -1) (undo-tree-id7501 . -1) (undo-tree-id7502 . -1) (undo-tree-id7503 . -1) (undo-tree-id7504 . -1) (undo-tree-id7505 . -1) (undo-tree-id7506 . -1) (undo-tree-id7507 . -1) (undo-tree-id7508 . -1) (undo-tree-id7509 . -1) (undo-tree-id7510 . -1) (undo-tree-id7511 . -1) (undo-tree-id7512 . -1) (undo-tree-id7513 . -1) (undo-tree-id7514 . -1) (undo-tree-id7515 . -1) (undo-tree-id7516 . -1) (undo-tree-id7517 . -1) (undo-tree-id7518 . -1) (undo-tree-id7519 . -1) (undo-tree-id7520 . -1) (undo-tree-id7521 . -1) (undo-tree-id7522 . -1) (undo-tree-id7523 . -1) (undo-tree-id7524 . -1) (undo-tree-id7525 . -1) (undo-tree-id7526 . -1) (undo-tree-id7527 . -1) (undo-tree-id7528 . -1) (undo-tree-id7529 . -1) (undo-tree-id7530 . -1) (undo-tree-id7531 . -1) (undo-tree-id7532 . -1) (undo-tree-id7533 . -1) (undo-tree-id7534 . -1) (undo-tree-id7535 . -1) (undo-tree-id7536 . -1) (undo-tree-id7537 . -1) (undo-tree-id7538 . -1) (undo-tree-id7539 . -1) (undo-tree-id7540 . -1) (undo-tree-id7541 . -1) (undo-tree-id7542 . -1) (undo-tree-id7543 . -1) (undo-tree-id7544 . -1) (undo-tree-id7545 . -1) (undo-tree-id7546 . -1) (undo-tree-id7547 . -1) (undo-tree-id7548 . -1) (undo-tree-id7549 . -1) (undo-tree-id7550 . -1) (undo-tree-id7551 . -1) (undo-tree-id7552 . -1) (undo-tree-id7553 . -1) (undo-tree-id7554 . -1) (undo-tree-id7555 . -1) (undo-tree-id7556 . -1) (undo-tree-id7557 . -1) (undo-tree-id7558 . -1) (undo-tree-id7559 . -1) (undo-tree-id7560 . -1) (undo-tree-id7561 . -1) (undo-tree-id7562 . -1) (undo-tree-id7563 . -1) (undo-tree-id7564 . -1) (undo-tree-id7565 . -1) (undo-tree-id7566 . -1) (undo-tree-id7567 . -1) (undo-tree-id7568 . -1) (undo-tree-id7569 . -1) (undo-tree-id7570 . -1) (undo-tree-id7571 . -1) (undo-tree-id7572 . -1) (undo-tree-id7573 . -1) (undo-tree-id7574 . -1) (undo-tree-id7575 . -1) (undo-tree-id7576 . -1) (undo-tree-id7577 . -1) (undo-tree-id7578 . -1) (undo-tree-id7579 . -1) (undo-tree-id7580 . -1) (undo-tree-id7581 . -1) (undo-tree-id7582 . -1) (undo-tree-id7583 . -1) (undo-tree-id7584 . -1) (undo-tree-id7585 . -1) (undo-tree-id7586 . -1) (undo-tree-id7587 . -1) (undo-tree-id7588 . -1) (undo-tree-id7589 . -1) (undo-tree-id7590 . -1) (undo-tree-id7591 . -1) (undo-tree-id7592 . -1) (undo-tree-id7593 . -1) (undo-tree-id7594 . -1) (undo-tree-id7595 . -1) (undo-tree-id7596 . -1) (undo-tree-id7597 . -1) (undo-tree-id7598 . -1) (undo-tree-id7599 . -1) (undo-tree-id7600 . -1) (undo-tree-id7601 . -1) (undo-tree-id7602 . -1) (undo-tree-id7603 . -1) (undo-tree-id7604 . -1) (undo-tree-id7605 . -1) (undo-tree-id7606 . -1) (undo-tree-id7607 . -1) (undo-tree-id7608 . -1) (undo-tree-id7609 . -1) (undo-tree-id7610 . -1) (undo-tree-id7611 . -1) (undo-tree-id7612 . -1) (undo-tree-id7613 . -1) (undo-tree-id7614 . -1) (undo-tree-id7615 . -1) (undo-tree-id7616 . -1) (undo-tree-id7617 . -1) (undo-tree-id7618 . -1) (undo-tree-id7619 . -1) (undo-tree-id7620 . -1) (undo-tree-id7621 . -1) (undo-tree-id7622 . -1) (undo-tree-id7623 . -1) (undo-tree-id7624 . -1) (undo-tree-id7625 . -1) (undo-tree-id7626 . -1) (undo-tree-id7627 . -1) (undo-tree-id7628 . -1) (undo-tree-id7629 . -1) (undo-tree-id7630 . -1) (undo-tree-id7631 . -1) (undo-tree-id7632 . -1) (undo-tree-id7633 . -1) (undo-tree-id7634 . -1) (undo-tree-id7635 . -1) (undo-tree-id7636 . -1) (undo-tree-id7637 . -1) (undo-tree-id7638 . -1) (undo-tree-id7639 . -1) (undo-tree-id7640 . -1) (undo-tree-id7641 . -1) (undo-tree-id7642 . -1) (undo-tree-id7643 . -1) (undo-tree-id7644 . -1) (undo-tree-id7645 . -1) (undo-tree-id7646 . -1) (undo-tree-id7647 . -1) (undo-tree-id7648 . -1) (undo-tree-id7649 . -1) (undo-tree-id7650 . -1) (undo-tree-id7651 . -1) (undo-tree-id7652 . -1) (undo-tree-id7653 . -1) (undo-tree-id7654 . -1) (undo-tree-id7655 . -1) (undo-tree-id7656 . -1) (undo-tree-id7657 . -1) (undo-tree-id7658 . -1) (undo-tree-id7659 . -1) (undo-tree-id7660 . -1) (undo-tree-id7661 . -1) (undo-tree-id7662 . -1) (undo-tree-id7663 . -1) (undo-tree-id7664 . -1) (undo-tree-id7665 . -1) (undo-tree-id7666 . -1) (undo-tree-id7667 . -1) (undo-tree-id7668 . -1) (undo-tree-id7669 . -1) (undo-tree-id7670 . -1) (undo-tree-id7671 . -1) (undo-tree-id7672 . -1) (undo-tree-id7673 . -1) (undo-tree-id7674 . -1) (undo-tree-id7675 . -1) (undo-tree-id7676 . -1) (undo-tree-id7677 . -1) (undo-tree-id7678 . -1) (undo-tree-id7679 . -1) (undo-tree-id7680 . -1) (undo-tree-id7681 . -1) (undo-tree-id7682 . -1) (undo-tree-id7683 . -1) (undo-tree-id7684 . -1) (undo-tree-id7685 . -1) (undo-tree-id7686 . -1) (undo-tree-id7687 . -1) (undo-tree-id7688 . -1) (undo-tree-id7689 . -1) (undo-tree-id7690 . -1) (undo-tree-id7691 . -1) (undo-tree-id7692 . -1) (undo-tree-id7693 . -1) (undo-tree-id7694 . -1) (undo-tree-id7695 . -1) (undo-tree-id7696 . -1) (undo-tree-id7697 . -1) (undo-tree-id7698 . -1) (undo-tree-id7699 . -1) (undo-tree-id7700 . -1) (undo-tree-id7701 . -1) (undo-tree-id7702 . -1) (undo-tree-id7703 . -1) (undo-tree-id7704 . -1) (undo-tree-id7705 . -1) (undo-tree-id7706 . -1) (undo-tree-id7707 . -1) (undo-tree-id7708 . -1) (undo-tree-id7709 . -1) (undo-tree-id7710 . -1) (undo-tree-id7711 . -1) (undo-tree-id7712 . -1) (undo-tree-id7713 . -1) (undo-tree-id7714 . -1) (undo-tree-id7715 . -1) (undo-tree-id7716 . -1) (undo-tree-id7717 . -1) (undo-tree-id7718 . -1) (undo-tree-id7719 . -1) (undo-tree-id7720 . -1) (undo-tree-id7721 . -1) (undo-tree-id7722 . -1) (undo-tree-id7723 . -1) (undo-tree-id7724 . -1) (undo-tree-id7725 . -1) (undo-tree-id7726 . -1) (undo-tree-id7727 . -1) (undo-tree-id7728 . -1) (undo-tree-id7729 . -1) (undo-tree-id7730 . -1) (undo-tree-id7731 . -1) (undo-tree-id7732 . -1) (undo-tree-id7733 . -1) (undo-tree-id7734 . -1) (undo-tree-id7735 . -1) (undo-tree-id7736 . -1) (undo-tree-id7737 . -1) (undo-tree-id7738 . -1) (undo-tree-id7739 . -1) (undo-tree-id7740 . -1) (undo-tree-id7741 . -1) (undo-tree-id7742 . -1) (undo-tree-id7743 . -1) (undo-tree-id7744 . -1) (undo-tree-id7745 . -1) (undo-tree-id7746 . -1) (undo-tree-id7747 . -1) (undo-tree-id7748 . -1) (undo-tree-id7749 . -1) (undo-tree-id7750 . -1) (undo-tree-id7751 . -1) (undo-tree-id7752 . -1) (undo-tree-id7753 . -1) (undo-tree-id7754 . -1) (undo-tree-id7755 . -1) (undo-tree-id7756 . -1) (undo-tree-id7757 . -1) (undo-tree-id7758 . -1) (undo-tree-id7759 . -1) (undo-tree-id7760 . -1) (undo-tree-id7761 . -1) (undo-tree-id7762 . -1) (undo-tree-id7763 . -1) (undo-tree-id7764 . -1) (undo-tree-id7765 . -1) (undo-tree-id7766 . -1) (undo-tree-id7767 . -1) (undo-tree-id7768 . -1) (undo-tree-id7769 . -1) (undo-tree-id7770 . -1) (undo-tree-id7771 . -1) (undo-tree-id7772 . -1) (undo-tree-id7773 . -1) (undo-tree-id7774 . -1) (undo-tree-id7775 . -1) (undo-tree-id7776 . -1) (undo-tree-id7777 . -1) (undo-tree-id7778 . -1) (undo-tree-id7779 . -1) (undo-tree-id7780 . -1) (undo-tree-id7781 . -1) (undo-tree-id7782 . -1) (undo-tree-id7783 . -1) (undo-tree-id7784 . -1) (undo-tree-id7785 . -1) (undo-tree-id7786 . -1) (undo-tree-id7787 . -1) (undo-tree-id7788 . -1) (undo-tree-id7789 . -1) (undo-tree-id7790 . -1) (undo-tree-id7791 . -1) (undo-tree-id7792 . -1) (undo-tree-id7793 . -1) (undo-tree-id7794 . -1) (undo-tree-id7795 . -1) (undo-tree-id7796 . -1) (undo-tree-id7797 . -1) (undo-tree-id7798 . -1) (undo-tree-id7799 . -1) (undo-tree-id7800 . -1) (undo-tree-id7801 . -1) (undo-tree-id7802 . -1) (undo-tree-id7803 . -1) (undo-tree-id7804 . -1) (undo-tree-id7805 . -1) (undo-tree-id7806 . -1) (undo-tree-id7807 . -1) (undo-tree-id7808 . -1) (undo-tree-id7809 . -1) (undo-tree-id7810 . -1) (undo-tree-id7811 . -1) (undo-tree-id7812 . -1) (undo-tree-id7813 . -1) (undo-tree-id7814 . -1) (undo-tree-id7815 . -1) (undo-tree-id7816 . -1) (undo-tree-id7817 . -1) (undo-tree-id7818 . -1) (undo-tree-id7819 . -1) (undo-tree-id7820 . -1) (undo-tree-id7821 . -1) (undo-tree-id7822 . -1) (undo-tree-id7823 . -1) (undo-tree-id7824 . -1) (undo-tree-id7825 . -1) (undo-tree-id7826 . -1) (undo-tree-id7827 . -1) (undo-tree-id7828 . -1) (undo-tree-id7829 . -1) (undo-tree-id7830 . -1) (undo-tree-id7831 . -1) (undo-tree-id7832 . -1) (undo-tree-id7833 . -1) (undo-tree-id7834 . -1) (undo-tree-id7835 . -1) (undo-tree-id7836 . -1) (undo-tree-id7837 . -1) (undo-tree-id7838 . -1) (undo-tree-id7839 . -1) (undo-tree-id7840 . -1) (undo-tree-id7841 . -1) (undo-tree-id7842 . -1) (undo-tree-id7843 . -1) (undo-tree-id7844 . -1) (undo-tree-id7845 . -1) (undo-tree-id7846 . -1) (undo-tree-id7847 . -1) (undo-tree-id7848 . -1) (undo-tree-id7849 . -1) (undo-tree-id7850 . -1) (undo-tree-id7851 . -1) (undo-tree-id7852 . -1) (undo-tree-id7853 . -1) (undo-tree-id7854 . -1) (undo-tree-id7855 . -1) (undo-tree-id7856 . -1) (undo-tree-id7857 . -1) (undo-tree-id7858 . -1) (undo-tree-id7859 . -1) (undo-tree-id7860 . -1) (undo-tree-id7861 . -1) (undo-tree-id7862 . -1) (undo-tree-id7863 . -1) (undo-tree-id7864 . -1) (undo-tree-id7865 . -1) (undo-tree-id7866 . -1) (undo-tree-id7867 . -1) (undo-tree-id7868 . -1) (undo-tree-id7869 . -1) (undo-tree-id7870 . -1) (undo-tree-id7871 . -1) (undo-tree-id7872 . -1) (undo-tree-id7873 . -1) (undo-tree-id7874 . -1) (undo-tree-id7875 . -1) (undo-tree-id7876 . -1) (undo-tree-id7877 . -1) (undo-tree-id7878 . -1) (undo-tree-id7879 . -1) (undo-tree-id7880 . -1) (undo-tree-id7881 . -1) (undo-tree-id7882 . -1) (undo-tree-id7883 . -1) (undo-tree-id7884 . -1) (undo-tree-id7885 . -1) (undo-tree-id7886 . -1) (undo-tree-id7887 . -1) (undo-tree-id7888 . -1) (undo-tree-id7889 . -1) (undo-tree-id7890 . -1) (undo-tree-id7891 . -1) (undo-tree-id7892 . -1) (undo-tree-id7893 . -1) (undo-tree-id7894 . -1) (undo-tree-id7895 . -1) (undo-tree-id7896 . -1) (undo-tree-id7897 . -1) (undo-tree-id7898 . -1) (undo-tree-id7899 . -1) (undo-tree-id7900 . -1) (undo-tree-id7901 . -1) (undo-tree-id7902 . -1) (undo-tree-id7903 . -1) (undo-tree-id7904 . -1) (undo-tree-id7905 . -1) (undo-tree-id7906 . -1) (undo-tree-id7907 . -1) (undo-tree-id7908 . -1) (undo-tree-id7909 . -1) (undo-tree-id7910 . -1) (undo-tree-id7911 . -1) (undo-tree-id7912 . -1) (undo-tree-id7913 . -1) (undo-tree-id7914 . -1) (undo-tree-id7915 . -1) (undo-tree-id7916 . -1) (undo-tree-id7917 . -1) (undo-tree-id7918 . -1) (undo-tree-id7919 . -1) (undo-tree-id7920 . -1) (undo-tree-id7921 . -1) (undo-tree-id7922 . -1) (undo-tree-id7923 . -1) (undo-tree-id7924 . -1) (undo-tree-id7925 . -1) (undo-tree-id7926 . -1) (undo-tree-id7927 . -1) (undo-tree-id7928 . -1) (undo-tree-id7929 . -1) (undo-tree-id7930 . -1) (undo-tree-id7931 . -1) (undo-tree-id7932 . -1) (undo-tree-id7933 . -1) (undo-tree-id7934 . -1) (undo-tree-id7935 . -1) (undo-tree-id7936 . -1) (undo-tree-id7937 . -1) (undo-tree-id7938 . -1) (undo-tree-id7939 . -1) (undo-tree-id7940 . -1) (undo-tree-id7941 . -1) (undo-tree-id7942 . -1) (undo-tree-id7943 . -1) (undo-tree-id7944 . -1) (undo-tree-id7945 . -1) (undo-tree-id7946 . -1) (undo-tree-id7947 . -1) (undo-tree-id7948 . -1) (undo-tree-id7949 . -1) (undo-tree-id7950 . -1) (undo-tree-id7951 . -1) (undo-tree-id7952 . -1) (undo-tree-id7953 . -1) (undo-tree-id7954 . -1) (undo-tree-id7955 . -1) (undo-tree-id7956 . -1) (undo-tree-id7957 . -1) (undo-tree-id7958 . -1) (undo-tree-id7959 . -1) (undo-tree-id7960 . -1) (undo-tree-id7961 . -1) (undo-tree-id7962 . -1) (undo-tree-id7963 . -1) (undo-tree-id7964 . -1) (undo-tree-id7965 . -1) (undo-tree-id7966 . -1) (undo-tree-id7967 . -1) (undo-tree-id7968 . -1) (undo-tree-id7969 . -1) (undo-tree-id7970 . -1) (undo-tree-id7971 . -1) (undo-tree-id7972 . -1) (undo-tree-id7973 . -1) (undo-tree-id7974 . -1) (undo-tree-id7975 . -1) (undo-tree-id7976 . -1) (undo-tree-id7977 . -1) (undo-tree-id7978 . -1) (undo-tree-id7979 . -1) (undo-tree-id7980 . -1) (undo-tree-id7981 . -1) (undo-tree-id7982 . -1) (undo-tree-id7983 . -1) (undo-tree-id7984 . -1) (undo-tree-id7985 . -1) (undo-tree-id7986 . -1) (undo-tree-id7987 . -1) (undo-tree-id7988 . -1) (undo-tree-id7989 . -1) (undo-tree-id7990 . -1) (undo-tree-id7991 . -1) (undo-tree-id7992 . -1) (undo-tree-id7993 . -1) (undo-tree-id7994 . -1) (undo-tree-id7995 . -1) (undo-tree-id7996 . -1) (undo-tree-id7997 . -1) (undo-tree-id7998 . -1) (undo-tree-id7999 . -1) (undo-tree-id8000 . -1) (undo-tree-id8001 . -1) (undo-tree-id8002 . -1) (undo-tree-id8003 . -1) (undo-tree-id8004 . -1) (undo-tree-id8005 . -1) (undo-tree-id8006 . -1) (undo-tree-id8007 . -1) (undo-tree-id8008 . -1) (undo-tree-id8009 . -1) (undo-tree-id8010 . -1) (undo-tree-id8011 . -1) (undo-tree-id8012 . -1) (undo-tree-id8013 . -1) (undo-tree-id8014 . -1) (undo-tree-id8015 . -1) (undo-tree-id8016 . -1) (undo-tree-id8017 . -1) (undo-tree-id8018 . -1) (undo-tree-id8019 . -1) (undo-tree-id8020 . -1) (undo-tree-id8021 . -1) (undo-tree-id8022 . -1) (undo-tree-id8023 . -1) (undo-tree-id8024 . -1) (undo-tree-id8025 . -1) (undo-tree-id8026 . -1) (undo-tree-id8027 . -1) (undo-tree-id8028 . -1) (undo-tree-id8029 . -1) (undo-tree-id8030 . -1) (undo-tree-id8031 . -1) (undo-tree-id8032 . -1) (undo-tree-id8033 . -1) (undo-tree-id8034 . -1) (undo-tree-id8035 . -1) (undo-tree-id8036 . -1) (undo-tree-id8037 . -1) (undo-tree-id8038 . -1) (undo-tree-id8039 . -1) (undo-tree-id8040 . -1) (undo-tree-id8041 . -1) (undo-tree-id8042 . -1) (undo-tree-id8043 . -1) (undo-tree-id8044 . -1) (undo-tree-id8045 . -1) (undo-tree-id8046 . -1) (undo-tree-id8047 . -1) (undo-tree-id8048 . -1) (undo-tree-id8049 . -1) (undo-tree-id8050 . -1) (undo-tree-id8051 . -1) (undo-tree-id8052 . -1) (undo-tree-id8053 . -1) (undo-tree-id8054 . -1) (undo-tree-id8055 . -1) (undo-tree-id8056 . -1) (undo-tree-id8057 . -1) (undo-tree-id8058 . -1) (undo-tree-id8059 . -1) (undo-tree-id8060 . -1) (undo-tree-id8061 . -1) (undo-tree-id8062 . -1) (undo-tree-id8063 . -1) (undo-tree-id8064 . -1) (undo-tree-id8065 . -1) (undo-tree-id8066 . -1) (undo-tree-id8067 . -1) (undo-tree-id8068 . -1) (undo-tree-id8069 . -1) (undo-tree-id8070 . -1) (undo-tree-id8071 . -1) (undo-tree-id8072 . -1) (undo-tree-id8073 . -1) (undo-tree-id8074 . -1) (undo-tree-id8075 . -1) (undo-tree-id8076 . -1) (undo-tree-id8077 . -1) (undo-tree-id8078 . -1) (undo-tree-id8079 . -1) (undo-tree-id8080 . -1) (undo-tree-id8081 . -1) (undo-tree-id8082 . -1) (undo-tree-id8083 . -1) (undo-tree-id8084 . -1) (undo-tree-id8085 . -1) (undo-tree-id8086 . -1) (undo-tree-id8087 . -1) (undo-tree-id8088 . -1) (undo-tree-id8089 . -1) (undo-tree-id8090 . -1) (undo-tree-id8091 . -1) (undo-tree-id8092 . -1) (undo-tree-id8093 . -1) (undo-tree-id8094 . -1) (undo-tree-id8095 . -1) (undo-tree-id8096 . -1) (undo-tree-id8097 . -1) (undo-tree-id8098 . -1) (undo-tree-id8099 . -1) (undo-tree-id8100 . -1) (undo-tree-id8101 . -1) (undo-tree-id8102 . -1) (undo-tree-id8103 . -1) (undo-tree-id8104 . -1) (undo-tree-id8105 . -1) (undo-tree-id8106 . -1) (undo-tree-id8107 . -1) (undo-tree-id8108 . -1) (undo-tree-id8109 . -1) (undo-tree-id8110 . -1) (undo-tree-id8111 . -1) (undo-tree-id8112 . -1) (undo-tree-id8113 . -1) (undo-tree-id8114 . -1) (undo-tree-id8115 . -1) (undo-tree-id8116 . -1) (undo-tree-id8117 . -1) (undo-tree-id8118 . -1) (undo-tree-id8119 . -1) (undo-tree-id8120 . -1) (undo-tree-id8121 . -1) (undo-tree-id8122 . -1) (undo-tree-id8123 . -1) (undo-tree-id8124 . -1) (undo-tree-id8125 . -1) (undo-tree-id8126 . -1) (undo-tree-id8127 . -1) (undo-tree-id8128 . -1) (undo-tree-id8129 . -1) (undo-tree-id8130 . -1) (undo-tree-id8131 . -1) (undo-tree-id8132 . -1) (undo-tree-id8133 . -1) (undo-tree-id8134 . -1) (undo-tree-id8135 . -1) (undo-tree-id8136 . -1) (undo-tree-id8137 . -1) (undo-tree-id8138 . -1) (undo-tree-id8139 . -1) (undo-tree-id8140 . -1) (undo-tree-id8141 . -1) (undo-tree-id8142 . -1) (undo-tree-id8143 . -1) (undo-tree-id8144 . -1) (undo-tree-id8145 . -1) (undo-tree-id8146 . -1) (undo-tree-id8147 . -1) (undo-tree-id8148 . -1) (undo-tree-id8149 . -1) (undo-tree-id8150 . -1) (undo-tree-id8151 . -1) (undo-tree-id8152 . -1) (undo-tree-id8153 . -1) (undo-tree-id8154 . -1) (undo-tree-id8155 . -1) (undo-tree-id8156 . -1) (undo-tree-id8157 . -1) (undo-tree-id8158 . -1) (undo-tree-id8159 . -1) (undo-tree-id8160 . -1) (undo-tree-id8161 . -1) (undo-tree-id8162 . -1) (undo-tree-id8163 . -1) (undo-tree-id8164 . -1) (undo-tree-id8165 . -1) (undo-tree-id8166 . -1) (undo-tree-id8167 . -1) (undo-tree-id8168 . -1) (undo-tree-id8169 . -1) (undo-tree-id8170 . -1) (undo-tree-id8171 . -1) (undo-tree-id8172 . -1) (undo-tree-id8173 . -1) (undo-tree-id8174 . -1) (undo-tree-id8175 . -1) (undo-tree-id8176 . -1) (undo-tree-id8177 . -1) (undo-tree-id8178 . -1) (undo-tree-id8179 . -1) (undo-tree-id8180 . -1) (undo-tree-id8181 . -1) (undo-tree-id8182 . -1) (undo-tree-id8183 . -1) (undo-tree-id8184 . -1) (undo-tree-id8185 . -1) (undo-tree-id8186 . -1) (undo-tree-id8187 . -1) (undo-tree-id8188 . -1) (undo-tree-id8189 . -1) (undo-tree-id8190 . -1) (undo-tree-id8191 . -1) (undo-tree-id8192 . -1) (undo-tree-id8193 . -1) (undo-tree-id8194 . -1) (undo-tree-id8195 . -1) (undo-tree-id8196 . -1) (undo-tree-id8197 . -1) (undo-tree-id8198 . -1) (undo-tree-id8199 . -1) (undo-tree-id8200 . -1) (undo-tree-id8201 . -1) (undo-tree-id8202 . -1) (undo-tree-id8203 . -1) (undo-tree-id8204 . -1) (undo-tree-id8205 . -1) (undo-tree-id8206 . -1) (undo-tree-id8207 . -1) (undo-tree-id8208 . -1) (undo-tree-id8209 . -1) (undo-tree-id8210 . -1) (undo-tree-id8211 . -1) (undo-tree-id8212 . -1) (undo-tree-id8213 . -1) (undo-tree-id8214 . -1) (undo-tree-id8215 . -1) (undo-tree-id8216 . -1) (undo-tree-id8217 . -1) (undo-tree-id8218 . -1) (undo-tree-id8219 . -1) (undo-tree-id8220 . -1) (undo-tree-id8221 . -1) (undo-tree-id8222 . -1) (undo-tree-id8223 . -1) (undo-tree-id8224 . -1) (undo-tree-id8225 . -1) (undo-tree-id8226 . -1) (undo-tree-id8227 . -1) (undo-tree-id8228 . -1) (undo-tree-id8229 . -1) (undo-tree-id8230 . -1) (undo-tree-id8231 . -1) (undo-tree-id8232 . -1) (undo-tree-id8233 . -1) (undo-tree-id8234 . -1) (undo-tree-id8235 . -1) (undo-tree-id8236 . -1) (undo-tree-id8237 . -1) (undo-tree-id8238 . -1) (undo-tree-id8239 . -1) (undo-tree-id8240 . -1) (undo-tree-id8241 . -1) (undo-tree-id8242 . -1) (undo-tree-id8243 . -1) (undo-tree-id8244 . -1) (undo-tree-id8245 . -1) (undo-tree-id8246 . -1) (undo-tree-id8247 . -1) (undo-tree-id8248 . -1) (undo-tree-id8249 . -1) (undo-tree-id8250 . -1) (undo-tree-id8251 . -1) (undo-tree-id8252 . -1) (undo-tree-id8253 . -1) (undo-tree-id8254 . -1) (undo-tree-id8255 . -1) (undo-tree-id8256 . -1) (undo-tree-id8257 . -1) (undo-tree-id8258 . -1) (undo-tree-id8259 . -1) (undo-tree-id8260 . -1) (undo-tree-id8261 . -1) (undo-tree-id8262 . -1) (undo-tree-id8263 . -1) (undo-tree-id8264 . -1) (undo-tree-id8265 . -1) (undo-tree-id8266 . -1) (undo-tree-id8267 . -1) (undo-tree-id8268 . -1) (undo-tree-id8269 . -1) (undo-tree-id8270 . -1) (undo-tree-id8271 . -1) (undo-tree-id8272 . -1) (undo-tree-id8273 . -1) (undo-tree-id8274 . -1) (undo-tree-id8275 . -1) (undo-tree-id8276 . -1) (undo-tree-id8277 . -1) (undo-tree-id8278 . -1) (undo-tree-id8279 . -1) (undo-tree-id8280 . -1) (undo-tree-id8281 . -1) (undo-tree-id8282 . -1) (undo-tree-id8283 . -1) (undo-tree-id8284 . -1) (undo-tree-id8285 . -1) (undo-tree-id8286 . -1) (undo-tree-id8287 . -1) (undo-tree-id8288 . -1) (undo-tree-id8289 . -1) (undo-tree-id8290 . -1) (undo-tree-id8291 . -1) (undo-tree-id8292 . -1) (undo-tree-id8293 . -1) (undo-tree-id8294 . -1) (undo-tree-id8295 . -1) (undo-tree-id8296 . -1) (undo-tree-id8297 . -1) (undo-tree-id8298 . -1) (undo-tree-id8299 . -1) (undo-tree-id8300 . -1) (undo-tree-id8301 . -1) (undo-tree-id8302 . -1) (undo-tree-id8303 . -1) (undo-tree-id8304 . -1) (undo-tree-id8305 . -1) (undo-tree-id8306 . -1) (undo-tree-id8307 . -1) (undo-tree-id8308 . -1) (undo-tree-id8309 . -1) (undo-tree-id8310 . -1) (undo-tree-id8311 . -1) (undo-tree-id8312 . -1) (undo-tree-id8313 . -1) (undo-tree-id8314 . -1) (undo-tree-id8315 . -1) (undo-tree-id8316 . -1) (undo-tree-id8317 . -1) (undo-tree-id8318 . -1) (undo-tree-id8319 . -1) (undo-tree-id8320 . -1) (undo-tree-id8321 . -1) (undo-tree-id8322 . -1) (undo-tree-id8323 . -1) (undo-tree-id8324 . -1) (undo-tree-id8325 . -1) (undo-tree-id8326 . -1) (undo-tree-id8327 . -1) (undo-tree-id8328 . -1) (undo-tree-id8329 . -1) (undo-tree-id8330 . -1) (undo-tree-id8331 . -1) (undo-tree-id8332 . -1) (undo-tree-id8333 . -1) (undo-tree-id8334 . -1) (undo-tree-id8335 . -1) (undo-tree-id8336 . -1) (undo-tree-id8337 . -1) (undo-tree-id8338 . -1) (undo-tree-id8339 . -1) (undo-tree-id8340 . -1) (undo-tree-id8341 . -1) (undo-tree-id8342 . -1) (undo-tree-id8343 . -1) (undo-tree-id8344 . -1) (undo-tree-id8345 . -1) (undo-tree-id8346 . -1) (undo-tree-id8347 . -1) (undo-tree-id8348 . -1) (undo-tree-id8349 . -1) (undo-tree-id8350 . -1) (undo-tree-id8351 . -1) (undo-tree-id8352 . -1) (undo-tree-id8353 . -1) (undo-tree-id8354 . -1) (undo-tree-id8355 . -1) (undo-tree-id8356 . -1) (undo-tree-id8357 . -1) (undo-tree-id8358 . -1) (undo-tree-id8359 . -1) (undo-tree-id8360 . -1) (undo-tree-id8361 . -1) (undo-tree-id8362 . -1) (undo-tree-id8363 . -1) (undo-tree-id8364 . -1) (undo-tree-id8365 . -1) (undo-tree-id8366 . -1) (undo-tree-id8367 . -1) (undo-tree-id8368 . -1) (undo-tree-id8369 . -1) (undo-tree-id8370 . -1) (undo-tree-id8371 . -1) (undo-tree-id8372 . -1) (undo-tree-id8373 . -1) (undo-tree-id8374 . -1) (undo-tree-id8375 . -1) (undo-tree-id8376 . -1) (undo-tree-id8377 . -1) (undo-tree-id8378 . -1) (undo-tree-id8379 . -1) (undo-tree-id8380 . -1) (undo-tree-id8381 . -1) (undo-tree-id8382 . -1) (undo-tree-id8383 . -1) (undo-tree-id8384 . -1) (undo-tree-id8385 . -1) (undo-tree-id8386 . -1) (undo-tree-id8387 . -1) (undo-tree-id8388 . -1) (undo-tree-id8389 . -1) (undo-tree-id8390 . -1) (undo-tree-id8391 . -1) (undo-tree-id8392 . -1) (undo-tree-id8393 . -1) (undo-tree-id8394 . -1) (undo-tree-id8395 . -1) (undo-tree-id8396 . -1) (undo-tree-id8397 . -1) (undo-tree-id8398 . -1) (undo-tree-id8399 . -1) (undo-tree-id8400 . -1) (undo-tree-id8401 . -1) (undo-tree-id8402 . -1) (undo-tree-id8403 . -1) (undo-tree-id8404 . -1) (undo-tree-id8405 . -1) (undo-tree-id8406 . -1) (undo-tree-id8407 . -1) (undo-tree-id8408 . -1) (undo-tree-id8409 . -1) (undo-tree-id8410 . -1) (undo-tree-id8411 . -1) (undo-tree-id8412 . -1) (undo-tree-id8413 . -1) (undo-tree-id8414 . -1) (undo-tree-id8415 . -1) (undo-tree-id8416 . -1) (undo-tree-id8417 . -1) (undo-tree-id8418 . -1) (undo-tree-id8419 . -1) (undo-tree-id8420 . -1) (undo-tree-id8421 . -1) (undo-tree-id8422 . -1) (undo-tree-id8423 . -1) (undo-tree-id8424 . -1) (undo-tree-id8425 . -1) (undo-tree-id8426 . -1) (undo-tree-id8427 . -1) (undo-tree-id8428 . -1) (undo-tree-id8429 . -1) (undo-tree-id8430 . -1) (undo-tree-id8431 . -1) (undo-tree-id8432 . -1) (undo-tree-id8433 . -1) (undo-tree-id8434 . -1) (undo-tree-id8435 . -1) (undo-tree-id8436 . -1) (undo-tree-id8437 . -1) (undo-tree-id8438 . -1) (undo-tree-id8439 . -1) (undo-tree-id8440 . -1) (undo-tree-id8441 . -1) (undo-tree-id8442 . -1) (undo-tree-id8443 . -1) (undo-tree-id8444 . -1) (undo-tree-id8445 . -1) (undo-tree-id8446 . -1) (undo-tree-id8447 . -1) (undo-tree-id8448 . -1) (undo-tree-id8449 . -1) (undo-tree-id8450 . -1) (undo-tree-id8451 . -1) (undo-tree-id8452 . -1) (undo-tree-id8453 . -1) (undo-tree-id8454 . -1) (undo-tree-id8455 . -1) (undo-tree-id8456 . -1) (undo-tree-id8457 . -1) (undo-tree-id8458 . -1) (undo-tree-id8459 . -1) (undo-tree-id8460 . -1) (undo-tree-id8461 . -1) (undo-tree-id8462 . -1) (undo-tree-id8463 . -1) (undo-tree-id8464 . -1) (undo-tree-id8465 . -1) (undo-tree-id8466 . -1) (undo-tree-id8467 . -1) (undo-tree-id8468 . -1) (undo-tree-id8469 . -1) (undo-tree-id8470 . -1) (undo-tree-id8471 . -1) (undo-tree-id8472 . -1) (undo-tree-id8473 . -1) (undo-tree-id8474 . -1) (undo-tree-id8475 . -1) (undo-tree-id8476 . -1) (undo-tree-id8477 . -1) (undo-tree-id8478 . -1) (undo-tree-id8479 . -1) (undo-tree-id8480 . -1) (undo-tree-id8481 . -1) (undo-tree-id8482 . -1) (undo-tree-id8483 . -1) (undo-tree-id8484 . -1) (undo-tree-id8485 . -1) (undo-tree-id8486 . -1) (undo-tree-id8487 . -1) (undo-tree-id8488 . -1) (undo-tree-id8489 . -1) (undo-tree-id8490 . -1) (undo-tree-id8491 . -1) (undo-tree-id8492 . -1) (undo-tree-id8493 . -1) (undo-tree-id8494 . -1) (undo-tree-id8495 . -1) (undo-tree-id8496 . -1) (undo-tree-id8497 . -1) (undo-tree-id8498 . -1) (undo-tree-id8499 . -1) (undo-tree-id8500 . -1) (undo-tree-id8501 . -1) (undo-tree-id8502 . -1) (undo-tree-id8503 . -1) (undo-tree-id8504 . -1) (undo-tree-id8505 . -1) (undo-tree-id8506 . -1) (undo-tree-id8507 . -1) (undo-tree-id8508 . -1) (undo-tree-id8509 . -1) (undo-tree-id8510 . -1) (undo-tree-id8511 . -1) (undo-tree-id8512 . -1) (undo-tree-id8513 . -1) (undo-tree-id8514 . -1) (undo-tree-id8515 . -1) (undo-tree-id8516 . -1) (undo-tree-id8517 . -1) (undo-tree-id8518 . -1) (undo-tree-id8519 . -1) (undo-tree-id8520 . -1) (undo-tree-id8521 . -1) (undo-tree-id8522 . -1) (undo-tree-id8523 . -1) (undo-tree-id8524 . -1) (undo-tree-id8525 . -1) (undo-tree-id8526 . -1) (undo-tree-id8527 . -1) (undo-tree-id8528 . -1) (undo-tree-id8529 . -1) (undo-tree-id8530 . -1) (undo-tree-id8531 . -1) (undo-tree-id8532 . -1) (undo-tree-id8533 . -1) (undo-tree-id8534 . -1) (undo-tree-id8535 . -1) (undo-tree-id8536 . -1) (undo-tree-id8537 . -1) (undo-tree-id8538 . -1) (undo-tree-id8539 . -1) (undo-tree-id8540 . -1) (undo-tree-id8541 . -1) (undo-tree-id8542 . -1) (undo-tree-id8543 . -1) (undo-tree-id8544 . -1) (undo-tree-id8545 . -1) (undo-tree-id8546 . -1) (undo-tree-id8547 . -1) (undo-tree-id8548 . -1) (undo-tree-id8549 . -1) (undo-tree-id8550 . -1) (undo-tree-id8551 . -1) (undo-tree-id8552 . -1) (undo-tree-id8553 . -1) (undo-tree-id8554 . -1) (undo-tree-id8555 . -1) (undo-tree-id8556 . -1) (undo-tree-id8557 . -1) (undo-tree-id8558 . -1) (undo-tree-id8559 . -1) (undo-tree-id8560 . -1) (undo-tree-id8561 . -1) (undo-tree-id8562 . -1) (undo-tree-id8563 . -1) (undo-tree-id8564 . -1) (undo-tree-id8565 . -1) (undo-tree-id8566 . -1) (undo-tree-id8567 . -1) (undo-tree-id8568 . -1) (undo-tree-id8569 . -1) (undo-tree-id8570 . -1) (undo-tree-id8571 . -1) (undo-tree-id8572 . -1) (undo-tree-id8573 . -1) (undo-tree-id8574 . -1) (undo-tree-id8575 . -1) (undo-tree-id8576 . -1) (undo-tree-id8577 . -1) (undo-tree-id8578 . -1) (undo-tree-id8579 . -1) (undo-tree-id8580 . -1) (undo-tree-id8581 . -1) (undo-tree-id8582 . -1) (undo-tree-id8583 . -1) (undo-tree-id8584 . -1) (undo-tree-id8585 . -1) (undo-tree-id8586 . -1) (undo-tree-id8587 . -1) (undo-tree-id8588 . -1) (undo-tree-id8589 . -1) (undo-tree-id8590 . -1) (undo-tree-id8591 . -1) (undo-tree-id8592 . -1) (undo-tree-id8593 . -1) (undo-tree-id8594 . -1) (undo-tree-id8595 . -1) (undo-tree-id8596 . -1) (undo-tree-id8597 . -1) (undo-tree-id8598 . -1) (undo-tree-id8599 . -1) (undo-tree-id8600 . -1) (undo-tree-id8601 . -1) (undo-tree-id8602 . -1) (undo-tree-id8603 . -1) (undo-tree-id8604 . -1) (undo-tree-id8605 . -1) (undo-tree-id8606 . -1) (undo-tree-id8607 . -1) (undo-tree-id8608 . -1) (undo-tree-id8609 . -1) (undo-tree-id8610 . -1) (undo-tree-id8611 . -1) (undo-tree-id8612 . -1) (undo-tree-id8613 . -1) (undo-tree-id8614 . -1) (undo-tree-id8615 . -1) (undo-tree-id8616 . -1) (undo-tree-id8617 . -1) (undo-tree-id8618 . -1) (undo-tree-id8619 . -1) (undo-tree-id8620 . -1) (undo-tree-id8621 . -1) (undo-tree-id8622 . -1) (undo-tree-id8623 . -1) (undo-tree-id8624 . -1) (undo-tree-id8625 . -1) (undo-tree-id8626 . -1) (undo-tree-id8627 . -1) (undo-tree-id8628 . -1) (undo-tree-id8629 . -1) (undo-tree-id8630 . -1) (undo-tree-id8631 . -1) (undo-tree-id8632 . -1) (undo-tree-id8633 . -1) (undo-tree-id8634 . -1) (undo-tree-id8635 . -1) (undo-tree-id8636 . -1) (undo-tree-id8637 . -1) (undo-tree-id8638 . -1) (undo-tree-id8639 . -1) (undo-tree-id8640 . -1) (undo-tree-id8641 . -1) (#("C" 0 1 (fontified t)) . -10303) (undo-tree-id8642 . -1) (undo-tree-id8643 . -1) (undo-tree-id8644 . -1) (undo-tree-id8645 . -1) (undo-tree-id8646 . -1) (undo-tree-id8647 . -1) (undo-tree-id8648 . -1) (undo-tree-id8649 . -1) (undo-tree-id8650 . -1) (undo-tree-id8651 . -1) (undo-tree-id8652 . -1) (undo-tree-id8653 . -1) (undo-tree-id8654 . -1) (undo-tree-id8655 . -1) (undo-tree-id8656 . -1) (undo-tree-id8657 . -1) (undo-tree-id8658 . -1) (undo-tree-id8659 . -1) (undo-tree-id8660 . -1) (undo-tree-id8661 . -1) (undo-tree-id8662 . -1) (undo-tree-id8663 . -1) (undo-tree-id8664 . -1) (undo-tree-id8665 . -1) (undo-tree-id8666 . -1) (undo-tree-id8667 . -1) (undo-tree-id8668 . -1) (undo-tree-id8669 . -1) (undo-tree-id8670 . -1) (undo-tree-id8671 . -1) (undo-tree-id8672 . -1) (undo-tree-id8673 . -1) (undo-tree-id8674 . -1) (undo-tree-id8675 . -1) (undo-tree-id8676 . -1) (undo-tree-id8677 . -1) (undo-tree-id8678 . -1) (undo-tree-id8679 . -1) (undo-tree-id8680 . -1) (undo-tree-id8681 . -1) (undo-tree-id8682 . -1) (undo-tree-id8683 . -1) (undo-tree-id8684 . -1) (undo-tree-id8685 . -1) (undo-tree-id8686 . -1) (undo-tree-id8687 . -1) (undo-tree-id8688 . -1) (undo-tree-id8689 . -1) (undo-tree-id8690 . -1) (undo-tree-id8691 . -1) (undo-tree-id8692 . -1) (undo-tree-id8693 . -1) (undo-tree-id8694 . -1) (undo-tree-id8695 . -1) (undo-tree-id8696 . -1) (undo-tree-id8697 . -1) (undo-tree-id8698 . -1) (undo-tree-id8699 . -1) (undo-tree-id8700 . -1) (undo-tree-id8701 . -1) (undo-tree-id8702 . -1) (undo-tree-id8703 . -1) (undo-tree-id8704 . -1) (undo-tree-id8705 . -1) (undo-tree-id8706 . -1) (undo-tree-id8707 . -1) (undo-tree-id8708 . -1) (undo-tree-id8709 . -1) (undo-tree-id8710 . -1) (undo-tree-id8711 . -1) (undo-tree-id8712 . -1) (undo-tree-id8713 . -1) (undo-tree-id8714 . -1) (undo-tree-id8715 . -1) (undo-tree-id8716 . -1) (undo-tree-id8717 . -1) (undo-tree-id8718 . -1) (undo-tree-id8719 . -1) (undo-tree-id8720 . -1) (undo-tree-id8721 . -1) (undo-tree-id8722 . -1) (undo-tree-id8723 . -1) (undo-tree-id8724 . -1) (undo-tree-id8725 . -1) (undo-tree-id8726 . -1) (undo-tree-id8727 . -1) (undo-tree-id8728 . -1) (undo-tree-id8729 . -1) (undo-tree-id8730 . -1) (undo-tree-id8731 . -1) (undo-tree-id8732 . -1) (undo-tree-id8733 . -1) (undo-tree-id8734 . -1) (undo-tree-id8735 . -1) (undo-tree-id8736 . -1) (undo-tree-id8737 . -1) (undo-tree-id8738 . -1) (undo-tree-id8739 . -1) (undo-tree-id8740 . -1) (undo-tree-id8741 . -1) (undo-tree-id8742 . -1) (undo-tree-id8743 . -1) (undo-tree-id8744 . -1) (undo-tree-id8745 . -1) (undo-tree-id8746 . -1) (undo-tree-id8747 . -1) (undo-tree-id8748 . -1) (undo-tree-id8749 . -1) (undo-tree-id8750 . -1) (undo-tree-id8751 . -1) (undo-tree-id8752 . -1) (undo-tree-id8753 . -1) (undo-tree-id8754 . -1) (undo-tree-id8755 . -1) (undo-tree-id8756 . -1) (undo-tree-id8757 . -1) (undo-tree-id8758 . -1) (undo-tree-id8759 . -1) (undo-tree-id8760 . -1) (undo-tree-id8761 . -1) (undo-tree-id8762 . -1) (undo-tree-id8763 . -1) (undo-tree-id8764 . -1) (undo-tree-id8765 . -1) (undo-tree-id8766 . -1) (undo-tree-id8767 . -1) (undo-tree-id8768 . -1) (undo-tree-id8769 . -1) (undo-tree-id8770 . -1) (undo-tree-id8771 . -1) (undo-tree-id8772 . -1) (undo-tree-id8773 . -1) (undo-tree-id8774 . -1) (undo-tree-id8775 . -1) (undo-tree-id8776 . -1) (undo-tree-id8777 . -1) (undo-tree-id8778 . -1) (undo-tree-id8779 . -1) (undo-tree-id8780 . -1) (undo-tree-id8781 . -1) (undo-tree-id8782 . -1) (undo-tree-id8783 . -1) (undo-tree-id8784 . -1) (undo-tree-id8785 . -1) (undo-tree-id8786 . -1) (undo-tree-id8787 . -1) (undo-tree-id8788 . -1) (undo-tree-id8789 . -1) (undo-tree-id8790 . -1) (undo-tree-id8791 . -1) (undo-tree-id8792 . -1) (undo-tree-id8793 . -1) (undo-tree-id8794 . -1) (undo-tree-id8795 . -1) (undo-tree-id8796 . -1) (undo-tree-id8797 . -1) (undo-tree-id8798 . -1) (undo-tree-id8799 . -1) (undo-tree-id8800 . -1) (undo-tree-id8801 . -1) (undo-tree-id8802 . -1) (undo-tree-id8803 . -1) (undo-tree-id8804 . -1) (undo-tree-id8805 . -1) (undo-tree-id8806 . -1) (undo-tree-id8807 . -1) (undo-tree-id8808 . -1) (undo-tree-id8809 . -1) (undo-tree-id8810 . -1) (undo-tree-id8811 . -1) (undo-tree-id8812 . -1) (undo-tree-id8813 . -1) (undo-tree-id8814 . -1) (undo-tree-id8815 . -1) (undo-tree-id8816 . -1) (undo-tree-id8817 . -1) (undo-tree-id8818 . -1) (undo-tree-id8819 . -1) (undo-tree-id8820 . -1) (undo-tree-id8821 . -1) (undo-tree-id8822 . -1) (undo-tree-id8823 . -1) (undo-tree-id8824 . -1) (undo-tree-id8825 . -1) (undo-tree-id8826 . -1) (undo-tree-id8827 . -1) (undo-tree-id8828 . -1) (undo-tree-id8829 . -1) (undo-tree-id8830 . -1) (undo-tree-id8831 . -1) (undo-tree-id8832 . -1) (undo-tree-id8833 . -1) (undo-tree-id8834 . -1) (undo-tree-id8835 . -1) (undo-tree-id8836 . -1) (undo-tree-id8837 . -1) (undo-tree-id8838 . -1) (undo-tree-id8839 . -1) (undo-tree-id8840 . -1) (undo-tree-id8841 . -1) (undo-tree-id8842 . -1) (undo-tree-id8843 . -1) (undo-tree-id8844 . -1) (undo-tree-id8845 . -1) (undo-tree-id8846 . -1) (undo-tree-id8847 . -1) (undo-tree-id8848 . -1) (undo-tree-id8849 . -1) (undo-tree-id8850 . -1) (undo-tree-id8851 . -1) (undo-tree-id8852 . -1) (undo-tree-id8853 . -1) (undo-tree-id8854 . -1) (undo-tree-id8855 . -1) (undo-tree-id8856 . -1) (undo-tree-id8857 . -1) (undo-tree-id8858 . -1) (undo-tree-id8859 . -1) (undo-tree-id8860 . -1) (undo-tree-id8861 . -1) (undo-tree-id8862 . -1) (undo-tree-id8863 . -1) (undo-tree-id8864 . -1) (undo-tree-id8865 . -1) (undo-tree-id8866 . -1) (undo-tree-id8867 . -1) (undo-tree-id8868 . -1) (undo-tree-id8869 . -1) (undo-tree-id8870 . -1) (undo-tree-id8871 . -1) (undo-tree-id8872 . -1) (undo-tree-id8873 . -1) (undo-tree-id8874 . -1) (undo-tree-id8875 . -1) (undo-tree-id8876 . -1) (undo-tree-id8877 . -1) (undo-tree-id8878 . -1) (undo-tree-id8879 . -1) (undo-tree-id8880 . -1) (undo-tree-id8881 . -1) (undo-tree-id8882 . -1) (undo-tree-id8883 . -1) (undo-tree-id8884 . -1) (undo-tree-id8885 . -1) (undo-tree-id8886 . -1) (undo-tree-id8887 . -1) (undo-tree-id8888 . -1) (undo-tree-id8889 . -1) (undo-tree-id8890 . -1) (undo-tree-id8891 . -1) (undo-tree-id8892 . -1) (undo-tree-id8893 . -1) (undo-tree-id8894 . -1) (undo-tree-id8895 . -1) (undo-tree-id8896 . -1) (undo-tree-id8897 . -1) (undo-tree-id8898 . -1) (undo-tree-id8899 . -1) (undo-tree-id8900 . -1) (undo-tree-id8901 . -1) (undo-tree-id8902 . -1) (undo-tree-id8903 . -1) (undo-tree-id8904 . -1) (undo-tree-id8905 . -1) (undo-tree-id8906 . -1) (undo-tree-id8907 . -1) (undo-tree-id8908 . -1) (undo-tree-id8909 . -1) (undo-tree-id8910 . -1) (undo-tree-id8911 . -1) (undo-tree-id8912 . -1) (undo-tree-id8913 . -1) (undo-tree-id8914 . -1) (undo-tree-id8915 . -1) (undo-tree-id8916 . -1) (undo-tree-id8917 . -1) (undo-tree-id8918 . -1) (undo-tree-id8919 . -1) (undo-tree-id8920 . -1) (undo-tree-id8921 . -1) (undo-tree-id8922 . -1) (undo-tree-id8923 . -1) (undo-tree-id8924 . -1) (undo-tree-id8925 . -1) (undo-tree-id8926 . -1) (undo-tree-id8927 . -1) (undo-tree-id8928 . -1) (undo-tree-id8929 . -1) (undo-tree-id8930 . -1) (undo-tree-id8931 . -1) (undo-tree-id8932 . -1) (undo-tree-id8933 . -1) (undo-tree-id8934 . -1) (undo-tree-id8935 . -1) (undo-tree-id8936 . -1) (undo-tree-id8937 . -1) (undo-tree-id8938 . -1) (undo-tree-id8939 . -1) (undo-tree-id8940 . -1) (undo-tree-id8941 . -1) (undo-tree-id8942 . -1) (undo-tree-id8943 . -1) (undo-tree-id8944 . -1) (undo-tree-id8945 . -1) (undo-tree-id8946 . -1) (undo-tree-id8947 . -1) (undo-tree-id8948 . -1) (undo-tree-id8949 . -1) (undo-tree-id8950 . -1) (undo-tree-id8951 . -1) (undo-tree-id8952 . -1) (undo-tree-id8953 . -1) (undo-tree-id8954 . -1) (undo-tree-id8955 . -1) (undo-tree-id8956 . -1) (undo-tree-id8957 . -1) (undo-tree-id8958 . -1) (undo-tree-id8959 . -1) (undo-tree-id8960 . -1) (undo-tree-id8961 . -1) (undo-tree-id8962 . -1) (undo-tree-id8963 . -1) (undo-tree-id8964 . -1) (undo-tree-id8965 . -1) (undo-tree-id8966 . -1) (undo-tree-id8967 . -1) (undo-tree-id8968 . -1) (undo-tree-id8969 . -1) (undo-tree-id8970 . -1) (undo-tree-id8971 . -1) (undo-tree-id8972 . -1) (undo-tree-id8973 . -1) (undo-tree-id8974 . -1) (undo-tree-id8975 . -1) (undo-tree-id8976 . -1) (undo-tree-id8977 . -1) (undo-tree-id8978 . -1) (undo-tree-id8979 . -1) (undo-tree-id8980 . -1) (undo-tree-id8981 . -1) (undo-tree-id8982 . -1) (undo-tree-id8983 . -1) (undo-tree-id8984 . -1) (undo-tree-id8985 . -1) (undo-tree-id8986 . -1) (undo-tree-id8987 . -1) (undo-tree-id8988 . -1) (undo-tree-id8989 . -1) (undo-tree-id8990 . -1) (undo-tree-id8991 . -1) (undo-tree-id8992 . -1) (undo-tree-id8993 . -1) (undo-tree-id8994 . -1) (undo-tree-id8995 . -1) (undo-tree-id8996 . -1) (undo-tree-id8997 . -1) (undo-tree-id8998 . -1) (undo-tree-id8999 . -1) (undo-tree-id9000 . -1) (undo-tree-id9001 . -1) (undo-tree-id9002 . -1) (undo-tree-id9003 . -1) (undo-tree-id9004 . -1) (undo-tree-id9005 . -1) (undo-tree-id9006 . -1) (undo-tree-id9007 . -1) (undo-tree-id9008 . -1) (undo-tree-id9009 . -1) (undo-tree-id9010 . -1) (undo-tree-id9011 . -1) (undo-tree-id9012 . -1) (undo-tree-id9013 . -1) (undo-tree-id9014 . -1) (undo-tree-id9015 . -1) (undo-tree-id9016 . -1) (undo-tree-id9017 . -1) (undo-tree-id9018 . -1) (undo-tree-id9019 . -1) (undo-tree-id9020 . -1) (undo-tree-id9021 . -1) (undo-tree-id9022 . -1) (undo-tree-id9023 . -1) (undo-tree-id9024 . -1) (undo-tree-id9025 . -1) (undo-tree-id9026 . -1) (undo-tree-id9027 . -1) (undo-tree-id9028 . -1) (undo-tree-id9029 . -1) (undo-tree-id9030 . -1) (undo-tree-id9031 . -1) (undo-tree-id9032 . -1) (undo-tree-id9033 . -1) (undo-tree-id9034 . -1) (undo-tree-id9035 . -1) (undo-tree-id9036 . -1) (undo-tree-id9037 . -1) (undo-tree-id9038 . -1) (undo-tree-id9039 . -1) (undo-tree-id9040 . -1) (undo-tree-id9041 . -1) (undo-tree-id9042 . -1) (undo-tree-id9043 . -1) (undo-tree-id9044 . -1) (undo-tree-id9045 . -1) (undo-tree-id9046 . -1) (undo-tree-id9047 . -1) (undo-tree-id9048 . -1) (undo-tree-id9049 . -1) (undo-tree-id9050 . -1) (undo-tree-id9051 . -1) (undo-tree-id9052 . -1) (undo-tree-id9053 . -1) (undo-tree-id9054 . -1) (undo-tree-id9055 . -1) (undo-tree-id9056 . -1) (undo-tree-id9057 . -1) (undo-tree-id9058 . -1) (undo-tree-id9059 . -1) (undo-tree-id9060 . -1) (undo-tree-id9061 . -1) (undo-tree-id9062 . -1) (undo-tree-id9063 . -1) (undo-tree-id9064 . -1) (undo-tree-id9065 . -1) (undo-tree-id9066 . -1) (undo-tree-id9067 . -1) (undo-tree-id9068 . -1) (undo-tree-id9069 . -1) (undo-tree-id9070 . -1) (undo-tree-id9071 . -1) (undo-tree-id9072 . -1) (undo-tree-id9073 . -1) (undo-tree-id9074 . -1) (undo-tree-id9075 . -1) (undo-tree-id9076 . -1) (undo-tree-id9077 . -1) (undo-tree-id9078 . -1) (undo-tree-id9079 . -1) (undo-tree-id9080 . -1) (undo-tree-id9081 . -1) (undo-tree-id9082 . -1) (undo-tree-id9083 . -1) (undo-tree-id9084 . -1) (undo-tree-id9085 . -1) (undo-tree-id9086 . -1) (undo-tree-id9087 . -1) (undo-tree-id9088 . -1) (undo-tree-id9089 . -1) (undo-tree-id9090 . -1) (undo-tree-id9091 . -1) (undo-tree-id9092 . -1) (undo-tree-id9093 . -1) (undo-tree-id9094 . -1) (undo-tree-id9095 . -1) (undo-tree-id9096 . -1) (undo-tree-id9097 . -1) (undo-tree-id9098 . -1) (undo-tree-id9099 . -1) (undo-tree-id9100 . -1) (undo-tree-id9101 . -1) (undo-tree-id9102 . -1) (undo-tree-id9103 . -1) (undo-tree-id9104 . -1) (undo-tree-id9105 . -1) (undo-tree-id9106 . -1) (undo-tree-id9107 . -1) (undo-tree-id9108 . -1) (undo-tree-id9109 . -1) (undo-tree-id9110 . -1) (undo-tree-id9111 . -1) (undo-tree-id9112 . -1) (undo-tree-id9113 . -1) (undo-tree-id9114 . -1) (undo-tree-id9115 . -1) (undo-tree-id9116 . -1) (undo-tree-id9117 . -1) (undo-tree-id9118 . -1) (undo-tree-id9119 . -1) (undo-tree-id9120 . -1) (undo-tree-id9121 . -1) (undo-tree-id9122 . -1) (undo-tree-id9123 . -1) (undo-tree-id9124 . -1) (undo-tree-id9125 . -1) (undo-tree-id9126 . -1) (undo-tree-id9127 . -1) (undo-tree-id9128 . -1) (undo-tree-id9129 . -1) (undo-tree-id9130 . -1) (undo-tree-id9131 . -1) (undo-tree-id9132 . -1) (undo-tree-id9133 . -1) (undo-tree-id9134 . -1) (undo-tree-id9135 . -1) (undo-tree-id9136 . -1) (undo-tree-id9137 . -1) (undo-tree-id9138 . -1) (undo-tree-id9139 . -1) (undo-tree-id9140 . -1) (undo-tree-id9141 . -1) (undo-tree-id9142 . -1) (undo-tree-id9143 . -1) (undo-tree-id9144 . -1) (undo-tree-id9145 . -1) (undo-tree-id9146 . -1) (undo-tree-id9147 . -1) (undo-tree-id9148 . -1) (undo-tree-id9149 . -1) (undo-tree-id9150 . -1) (undo-tree-id9151 . -1) (undo-tree-id9152 . -1) (undo-tree-id9153 . -1) (undo-tree-id9154 . -1) (undo-tree-id9155 . -1) (undo-tree-id9156 . -1) (undo-tree-id9157 . -1) (undo-tree-id9158 . -1) (undo-tree-id9159 . -1) (undo-tree-id9160 . -1) (undo-tree-id9161 . -1) (undo-tree-id9162 . -1) (undo-tree-id9163 . -1) (undo-tree-id9164 . -1) (undo-tree-id9165 . -1) (undo-tree-id9166 . -1) (undo-tree-id9167 . -1) (undo-tree-id9168 . -1) (undo-tree-id9169 . -1) (undo-tree-id9170 . -1) (undo-tree-id9171 . -1) (undo-tree-id9172 . -1) (undo-tree-id9173 . -1) (undo-tree-id9174 . -1) (undo-tree-id9175 . -1) (undo-tree-id9176 . -1) (undo-tree-id9177 . -1) (undo-tree-id9178 . -1) (undo-tree-id9179 . -1) (undo-tree-id9180 . -1) (undo-tree-id9181 . -1) (undo-tree-id9182 . -1) (undo-tree-id9183 . -1) (undo-tree-id9184 . -1) (undo-tree-id9185 . -1) (undo-tree-id9186 . -1) (undo-tree-id9187 . -1) (undo-tree-id9188 . -1) (undo-tree-id9189 . -1) (undo-tree-id9190 . -1) (undo-tree-id9191 . -1) (undo-tree-id9192 . -1) (undo-tree-id9193 . -1) (undo-tree-id9194 . -1) (undo-tree-id9195 . -1) (undo-tree-id9196 . -1) (undo-tree-id9197 . -1) (undo-tree-id9198 . -1) (undo-tree-id9199 . -1) (undo-tree-id9200 . -1) (undo-tree-id9201 . -1) (undo-tree-id9202 . -1) (undo-tree-id9203 . -1) (undo-tree-id9204 . -1) (undo-tree-id9205 . -1) (undo-tree-id9206 . -1) (undo-tree-id9207 . -1) (undo-tree-id9208 . -1) (undo-tree-id9209 . -1) (undo-tree-id9210 . -1) (undo-tree-id9211 . -1) (undo-tree-id9212 . -1) (undo-tree-id9213 . -1) (undo-tree-id9214 . -1) (undo-tree-id9215 . -1) (undo-tree-id9216 . -1) (undo-tree-id9217 . -1) (undo-tree-id9218 . -1) (undo-tree-id9219 . -1) (undo-tree-id9220 . -1) (undo-tree-id9221 . -1) (undo-tree-id9222 . -1) (undo-tree-id9223 . -1) (undo-tree-id9224 . -1) (undo-tree-id9225 . -1) (undo-tree-id9226 . -1) (undo-tree-id9227 . -1) (undo-tree-id9228 . -1) (undo-tree-id9229 . -1) (undo-tree-id9230 . -1) (undo-tree-id9231 . -1) (undo-tree-id9232 . -1) (undo-tree-id9233 . -1) (undo-tree-id9234 . -1) (undo-tree-id9235 . -1) (undo-tree-id9236 . -1) (undo-tree-id9237 . -1) (undo-tree-id9238 . -1) (undo-tree-id9239 . -1) (undo-tree-id9240 . -1) (undo-tree-id9241 . -1) (undo-tree-id9242 . -1) (undo-tree-id9243 . -1) (undo-tree-id9244 . -1) (undo-tree-id9245 . -1) (undo-tree-id9246 . -1) (undo-tree-id9247 . -1) (undo-tree-id9248 . -1) (undo-tree-id9249 . -1) (undo-tree-id9250 . -1) (undo-tree-id9251 . -1) (undo-tree-id9252 . -1) (undo-tree-id9253 . -1) (undo-tree-id9254 . -1) (undo-tree-id9255 . -1) (undo-tree-id9256 . -1) (undo-tree-id9257 . -1) (undo-tree-id9258 . -1) (undo-tree-id9259 . -1) (undo-tree-id9260 . -1) (undo-tree-id9261 . -1) (undo-tree-id9262 . -1) (undo-tree-id9263 . -1) (undo-tree-id9264 . -1) (undo-tree-id9265 . -1) (undo-tree-id9266 . -1) (undo-tree-id9267 . -1) (undo-tree-id9268 . -1) (undo-tree-id9269 . -1) (undo-tree-id9270 . -1) (undo-tree-id9271 . -1) (undo-tree-id9272 . -1) (undo-tree-id9273 . -1) (undo-tree-id9274 . -1) (undo-tree-id9275 . -1) (undo-tree-id9276 . -1) (undo-tree-id9277 . -1) (undo-tree-id9278 . -1) (undo-tree-id9279 . -1) (undo-tree-id9280 . -1) (undo-tree-id9281 . -1) (undo-tree-id9282 . -1) (undo-tree-id9283 . -1) (undo-tree-id9284 . -1) (undo-tree-id9285 . -1) (undo-tree-id9286 . -1) (undo-tree-id9287 . -1) (undo-tree-id9288 . -1) (undo-tree-id9289 . -1) (undo-tree-id9290 . -1) (undo-tree-id9291 . -1) (undo-tree-id9292 . -1) (undo-tree-id9293 . -1) (undo-tree-id9294 . -1) (undo-tree-id9295 . -1) (undo-tree-id9296 . -1) (undo-tree-id9297 . -1) (undo-tree-id9298 . -1) (undo-tree-id9299 . -1) (undo-tree-id9300 . -1) (undo-tree-id9301 . -1) (undo-tree-id9302 . -1) (undo-tree-id9303 . -1) (undo-tree-id9304 . -1) (undo-tree-id9305 . -1) (undo-tree-id9306 . -1) (undo-tree-id9307 . -1) (undo-tree-id9308 . -1) (undo-tree-id9309 . -1) (undo-tree-id9310 . -1) (undo-tree-id9311 . -1) (undo-tree-id9312 . -1) (undo-tree-id9313 . -1) (undo-tree-id9314 . -1) (undo-tree-id9315 . -1) (undo-tree-id9316 . -1) (undo-tree-id9317 . -1) (undo-tree-id9318 . -1) (undo-tree-id9319 . -1) (undo-tree-id9320 . -1) (undo-tree-id9321 . -1) (undo-tree-id9322 . -1) (undo-tree-id9323 . -1) (undo-tree-id9324 . -1) (undo-tree-id9325 . -1) (undo-tree-id9326 . -1) (undo-tree-id9327 . -1) (undo-tree-id9328 . -1) (undo-tree-id9329 . -1) (undo-tree-id9330 . -1) (undo-tree-id9331 . -1) (undo-tree-id9332 . -1) (undo-tree-id9333 . -1) (undo-tree-id9334 . -1) (undo-tree-id9335 . -1) (undo-tree-id9336 . -1) (undo-tree-id9337 . -1) (undo-tree-id9338 . -1) (undo-tree-id9339 . -1) (undo-tree-id9340 . -1) (undo-tree-id9341 . -1) (undo-tree-id9342 . -1) (undo-tree-id9343 . -1) (undo-tree-id9344 . -1) (undo-tree-id9345 . -1) (undo-tree-id9346 . -1) (undo-tree-id9347 . -1) (undo-tree-id9348 . -1) (undo-tree-id9349 . -1) (undo-tree-id9350 . -1) (undo-tree-id9351 . -1) (undo-tree-id9352 . -1) (undo-tree-id9353 . -1) (undo-tree-id9354 . -1) (undo-tree-id9355 . -1) (undo-tree-id9356 . -1) (undo-tree-id9357 . -1) (undo-tree-id9358 . -1) (undo-tree-id9359 . -1) (undo-tree-id9360 . -1) (undo-tree-id9361 . -1) (undo-tree-id9362 . -1) (undo-tree-id9363 . -1) (undo-tree-id9364 . -1) (undo-tree-id9365 . -1) (undo-tree-id9366 . -1) (undo-tree-id9367 . -1) (undo-tree-id9368 . -1) (undo-tree-id9369 . -1) (undo-tree-id9370 . -1) (undo-tree-id9371 . -1) (undo-tree-id9372 . -1) (undo-tree-id9373 . -1) (undo-tree-id9374 . -1) (undo-tree-id9375 . -1) (undo-tree-id9376 . -1) (undo-tree-id9377 . -1) (undo-tree-id9378 . -1) (undo-tree-id9379 . -1) (undo-tree-id9380 . -1) (undo-tree-id9381 . -1) (undo-tree-id9382 . -1) (undo-tree-id9383 . -1) (undo-tree-id9384 . -1) (undo-tree-id9385 . -1) (undo-tree-id9386 . -1) (undo-tree-id9387 . -1) (undo-tree-id9388 . -1) (undo-tree-id9389 . -1) (undo-tree-id9390 . -1) (undo-tree-id9391 . -1) (undo-tree-id9392 . -1) (undo-tree-id9393 . -1) (undo-tree-id9394 . -1) (undo-tree-id9395 . -1) (undo-tree-id9396 . -1) (undo-tree-id9397 . -1) (undo-tree-id9398 . -1) (undo-tree-id9399 . -1) (undo-tree-id9400 . -1) (undo-tree-id9401 . -1) (undo-tree-id9402 . -1) (undo-tree-id9403 . -1) (undo-tree-id9404 . -1) (undo-tree-id9405 . -1) (undo-tree-id9406 . -1) (undo-tree-id9407 . -1) (undo-tree-id9408 . -1) (undo-tree-id9409 . -1) (undo-tree-id9410 . -1) (undo-tree-id9411 . -1) (undo-tree-id9412 . -1) (undo-tree-id9413 . -1) (undo-tree-id9414 . -1) (undo-tree-id9415 . -1) (undo-tree-id9416 . -1) (undo-tree-id9417 . -1) (undo-tree-id9418 . -1) (undo-tree-id9419 . -1) (undo-tree-id9420 . -1) (undo-tree-id9421 . -1) (undo-tree-id9422 . -1) (undo-tree-id9423 . -1) (undo-tree-id9424 . -1) (undo-tree-id9425 . -1) (undo-tree-id9426 . -1) (undo-tree-id9427 . -1) (undo-tree-id9428 . -1) (undo-tree-id9429 . -1) (undo-tree-id9430 . -1) (undo-tree-id9431 . -1) (undo-tree-id9432 . -1) (undo-tree-id9433 . -1) (undo-tree-id9434 . -1) (undo-tree-id9435 . -1) (undo-tree-id9436 . -1) (undo-tree-id9437 . -1) (undo-tree-id9438 . -1) (undo-tree-id9439 . -1) (undo-tree-id9440 . -1) (undo-tree-id9441 . -1) (undo-tree-id9442 . -1) (undo-tree-id9443 . -1) (undo-tree-id9444 . -1) (undo-tree-id9445 . -1) (undo-tree-id9446 . -1) (undo-tree-id9447 . -1) (undo-tree-id9448 . -1) (undo-tree-id9449 . -1) (undo-tree-id9450 . -1) (undo-tree-id9451 . -1) (undo-tree-id9452 . -1) (undo-tree-id9453 . -1) (undo-tree-id9454 . -1) (undo-tree-id9455 . -1) (undo-tree-id9456 . -1) (undo-tree-id9457 . -1) (undo-tree-id9458 . -1) (undo-tree-id9459 . -1) (undo-tree-id9460 . -1) (undo-tree-id9461 . -1) (undo-tree-id9462 . -1) (undo-tree-id9463 . -1) (undo-tree-id9464 . -1) (undo-tree-id9465 . -1) (undo-tree-id9466 . -1) (undo-tree-id9467 . -1) (undo-tree-id9468 . -1) (undo-tree-id9469 . -1) (undo-tree-id9470 . -1) (undo-tree-id9471 . -1) (undo-tree-id9472 . -1) (undo-tree-id9473 . -1) (undo-tree-id9474 . -1) (undo-tree-id9475 . -1) (undo-tree-id9476 . -1) (undo-tree-id9477 . -1) (undo-tree-id9478 . -1) (undo-tree-id9479 . -1) (undo-tree-id9480 . -1) (undo-tree-id9481 . -1) (undo-tree-id9482 . -1) (undo-tree-id9483 . -1) (undo-tree-id9484 . -1) (undo-tree-id9485 . -1) (undo-tree-id9486 . -1) (undo-tree-id9487 . -1) (undo-tree-id9488 . -1) (undo-tree-id9489 . -1) (undo-tree-id9490 . -1) (undo-tree-id9491 . -1) (undo-tree-id9492 . -1) (undo-tree-id9493 . -1) (undo-tree-id9494 . -1) (undo-tree-id9495 . -1) (undo-tree-id9496 . -1) (undo-tree-id9497 . -1) (undo-tree-id9498 . -1) (undo-tree-id9499 . -1) (undo-tree-id9500 . -1) (undo-tree-id9501 . -1) (undo-tree-id9502 . -1) (undo-tree-id9503 . -1) (undo-tree-id9504 . -1) (undo-tree-id9505 . -1) (undo-tree-id9506 . -1) (undo-tree-id9507 . -1) (undo-tree-id9508 . -1) (undo-tree-id9509 . -1) (undo-tree-id9510 . -1) (undo-tree-id9511 . -1) (undo-tree-id9512 . -1) (undo-tree-id9513 . -1) (undo-tree-id9514 . -1) (undo-tree-id9515 . -1) (undo-tree-id9516 . -1) (undo-tree-id9517 . -1) (undo-tree-id9518 . -1) (undo-tree-id9519 . -1) (undo-tree-id9520 . -1) (undo-tree-id9521 . -1) (undo-tree-id9522 . -1) (undo-tree-id9523 . -1) (undo-tree-id9524 . -1) (undo-tree-id9525 . -1) (undo-tree-id9526 . -1) (undo-tree-id9527 . -1) (undo-tree-id9528 . -1) (undo-tree-id9529 . -1) (undo-tree-id9530 . -1) (undo-tree-id9531 . -1) (undo-tree-id9532 . -1) (undo-tree-id9533 . -1) (undo-tree-id9534 . -1) (undo-tree-id9535 . -1) (undo-tree-id9536 . -1) (undo-tree-id9537 . -1) (undo-tree-id9538 . -1) (undo-tree-id9539 . -1) (undo-tree-id9540 . -1) (undo-tree-id9541 . -1) (undo-tree-id9542 . -1) (undo-tree-id9543 . -1) (undo-tree-id9544 . -1) (undo-tree-id9545 . -1) (undo-tree-id9546 . -1) (undo-tree-id9547 . -1) (undo-tree-id9548 . -1) (undo-tree-id9549 . -1) (undo-tree-id9550 . -1) (undo-tree-id9551 . -1) (undo-tree-id9552 . -1) (undo-tree-id9553 . -1) (undo-tree-id9554 . -1) (undo-tree-id9555 . -1) (undo-tree-id9556 . -1) (undo-tree-id9557 . -1) (undo-tree-id9558 . -1) (undo-tree-id9559 . -1) (undo-tree-id9560 . -1) (undo-tree-id9561 . -1) (undo-tree-id9562 . -1) (undo-tree-id9563 . -1) (undo-tree-id9564 . -1) (undo-tree-id9565 . -1) (undo-tree-id9566 . -1) (undo-tree-id9567 . -1) (undo-tree-id9568 . -1) (undo-tree-id9569 . -1) (undo-tree-id9570 . -1) (undo-tree-id9571 . -1) (undo-tree-id9572 . -1) (undo-tree-id9573 . -1) (undo-tree-id9574 . -1) (undo-tree-id9575 . -1) (undo-tree-id9576 . -1) (undo-tree-id9577 . -1) (undo-tree-id9578 . -1) (undo-tree-id9579 . -1) (undo-tree-id9580 . -1) (undo-tree-id9581 . -1) (undo-tree-id9582 . -1) (undo-tree-id9583 . -1) (undo-tree-id9584 . -1) (undo-tree-id9585 . -1) (undo-tree-id9586 . -1) (undo-tree-id9587 . -1) (undo-tree-id9588 . -1) (undo-tree-id9589 . -1) (undo-tree-id9590 . -1) (undo-tree-id9591 . -1) (undo-tree-id9592 . -1) (undo-tree-id9593 . -1) (undo-tree-id9594 . -1) (undo-tree-id9595 . -1) (undo-tree-id9596 . -1) (undo-tree-id9597 . -1) (undo-tree-id9598 . -1) (undo-tree-id9599 . -1) (undo-tree-id9600 . -1) (undo-tree-id9601 . -1) (undo-tree-id9602 . -1) (undo-tree-id9603 . -1) (undo-tree-id9604 . -1) (undo-tree-id9605 . -1) (undo-tree-id9606 . -1) (undo-tree-id9607 . -1) (undo-tree-id9608 . -1) (undo-tree-id9609 . -1) (undo-tree-id9610 . -1) (undo-tree-id9611 . -1) (undo-tree-id9612 . -1) (undo-tree-id9613 . -1) (undo-tree-id9614 . -1) (undo-tree-id9615 . -1) (undo-tree-id9616 . -1) (undo-tree-id9617 . -1) (undo-tree-id9618 . -1) (undo-tree-id9619 . -1) (undo-tree-id9620 . -1) (undo-tree-id9621 . -1) (undo-tree-id9622 . -1) (undo-tree-id9623 . -1) (undo-tree-id9624 . -1) (undo-tree-id9625 . -1) (undo-tree-id9626 . -1) (undo-tree-id9627 . -1) (undo-tree-id9628 . -1) (undo-tree-id9629 . -1) (undo-tree-id9630 . -1) (undo-tree-id9631 . -1) (undo-tree-id9632 . -1) (undo-tree-id9633 . -1) (undo-tree-id9634 . -1) (undo-tree-id9635 . -1) (undo-tree-id9636 . -1) (undo-tree-id9637 . -1) (undo-tree-id9638 . -1) (undo-tree-id9639 . -1) (undo-tree-id9640 . -1) (undo-tree-id9641 . -1) (undo-tree-id9642 . -1) (undo-tree-id9643 . -1) (undo-tree-id9644 . -1) (undo-tree-id9645 . -1) (undo-tree-id9646 . -1) (undo-tree-id9647 . -1) (undo-tree-id9648 . -1) (undo-tree-id9649 . -1) (undo-tree-id9650 . -1) (undo-tree-id9651 . -1) (undo-tree-id9652 . -1) (undo-tree-id9653 . -1) (undo-tree-id9654 . -1) (undo-tree-id9655 . -1) (undo-tree-id9656 . -1) (undo-tree-id9657 . -1) (undo-tree-id9658 . -1) (undo-tree-id9659 . -1) (undo-tree-id9660 . -1) (undo-tree-id9661 . -1) (undo-tree-id9662 . -1) (undo-tree-id9663 . -1) (undo-tree-id9664 . -1) (undo-tree-id9665 . -1) (undo-tree-id9666 . -1) (undo-tree-id9667 . -1) (undo-tree-id9668 . -1) (undo-tree-id9669 . -1) (undo-tree-id9670 . -1) (undo-tree-id9671 . -1) (undo-tree-id9672 . -1) (undo-tree-id9673 . -1) (undo-tree-id9674 . -1) (undo-tree-id9675 . -1) (undo-tree-id9676 . -1) (undo-tree-id9677 . -1) (undo-tree-id9678 . -1) (undo-tree-id9679 . -1) (undo-tree-id9680 . -1) (undo-tree-id9681 . -1) (undo-tree-id9682 . -1) (undo-tree-id9683 . -1) (undo-tree-id9684 . -1) (undo-tree-id9685 . -1) (undo-tree-id9686 . -1) (undo-tree-id9687 . -1) (undo-tree-id9688 . -1) (undo-tree-id9689 . -1) (undo-tree-id9690 . -1) (undo-tree-id9691 . -1) (undo-tree-id9692 . -1) (undo-tree-id9693 . -1) (undo-tree-id9694 . -1) (undo-tree-id9695 . -1) (undo-tree-id9696 . -1) (undo-tree-id9697 . -1) (undo-tree-id9698 . -1) (undo-tree-id9699 . -1) (undo-tree-id9700 . -1) (undo-tree-id9701 . -1) (undo-tree-id9702 . -1) (undo-tree-id9703 . -1) (undo-tree-id9704 . -1) (undo-tree-id9705 . -1) (undo-tree-id9706 . -1) (undo-tree-id9707 . -1) (undo-tree-id9708 . -1) (undo-tree-id9709 . -1) (undo-tree-id9710 . -1) (undo-tree-id9711 . -1) (undo-tree-id9712 . -1) (undo-tree-id9713 . -1) (undo-tree-id9714 . -1) (undo-tree-id9715 . -1) (undo-tree-id9716 . -1) (undo-tree-id9717 . -1) (undo-tree-id9718 . -1) (undo-tree-id9719 . -1) (undo-tree-id9720 . -1) (undo-tree-id9721 . -1) (undo-tree-id9722 . -1) (undo-tree-id9723 . -1) (undo-tree-id9724 . -1) (undo-tree-id9725 . -1) (undo-tree-id9726 . -1) (undo-tree-id9727 . -1) (undo-tree-id9728 . -1) (undo-tree-id9729 . -1) (undo-tree-id9730 . -1) (undo-tree-id9731 . -1) (undo-tree-id9732 . -1) (undo-tree-id9733 . -1) (undo-tree-id9734 . -1) (undo-tree-id9735 . -1) (undo-tree-id9736 . -1) (undo-tree-id9737 . -1) (undo-tree-id9738 . -1) (undo-tree-id9739 . -1) (undo-tree-id9740 . -1) (undo-tree-id9741 . -1) (undo-tree-id9742 . -1) (undo-tree-id9743 . -1) (undo-tree-id9744 . -1) (undo-tree-id9745 . -1) (undo-tree-id9746 . -1) (undo-tree-id9747 . -1) (undo-tree-id9748 . -1) (undo-tree-id9749 . -1) (undo-tree-id9750 . -1) (undo-tree-id9751 . -1) (undo-tree-id9752 . -1) (undo-tree-id9753 . -1) (undo-tree-id9754 . -1) (undo-tree-id9755 . -1) (undo-tree-id9756 . -1) (undo-tree-id9757 . -1) (undo-tree-id9758 . -1) (undo-tree-id9759 . -1) (undo-tree-id9760 . -1) (undo-tree-id9761 . -1) (undo-tree-id9762 . -1) (undo-tree-id9763 . -1) (undo-tree-id9764 . -1) (undo-tree-id9765 . -1) (undo-tree-id9766 . -1) (undo-tree-id9767 . -1) (undo-tree-id9768 . -1) (undo-tree-id9769 . -1) (undo-tree-id9770 . -1) (undo-tree-id9771 . -1) (undo-tree-id9772 . -1) (undo-tree-id9773 . -1) (undo-tree-id9774 . -1) (undo-tree-id9775 . -1) (undo-tree-id9776 . -1) (undo-tree-id9777 . -1) (undo-tree-id9778 . -1) (undo-tree-id9779 . -1) (undo-tree-id9780 . -1) (undo-tree-id9781 . -1) (undo-tree-id9782 . -1) (undo-tree-id9783 . -1) (undo-tree-id9784 . -1) (undo-tree-id9785 . -1) (undo-tree-id9786 . -1) (undo-tree-id9787 . -1) (undo-tree-id9788 . -1) (undo-tree-id9789 . -1) (undo-tree-id9790 . -1) (undo-tree-id9791 . -1) (undo-tree-id9792 . -1) (undo-tree-id9793 . -1) (undo-tree-id9794 . -1) (undo-tree-id9795 . -1) (undo-tree-id9796 . -1) (undo-tree-id9797 . -1) (undo-tree-id9798 . -1) (undo-tree-id9799 . -1) (undo-tree-id9800 . -1) (undo-tree-id9801 . -1) (undo-tree-id9802 . -1) (undo-tree-id9803 . -1) (undo-tree-id9804 . -1) (undo-tree-id9805 . -1) (undo-tree-id9806 . -1) (undo-tree-id9807 . -1) (undo-tree-id9808 . -1) (undo-tree-id9809 . -1) (undo-tree-id9810 . -1) (undo-tree-id9811 . -1) (undo-tree-id9812 . -1) (undo-tree-id9813 . -1) (undo-tree-id9814 . -1) (undo-tree-id9815 . -1) (undo-tree-id9816 . -1) (undo-tree-id9817 . -1) (undo-tree-id9818 . -1) (undo-tree-id9819 . -1) (undo-tree-id9820 . -1) (undo-tree-id9821 . -1) (undo-tree-id9822 . -1) (undo-tree-id9823 . -1) (undo-tree-id9824 . -1) (undo-tree-id9825 . -1) (undo-tree-id9826 . -1) (undo-tree-id9827 . -1) (undo-tree-id9828 . -1) (undo-tree-id9829 . -1) (undo-tree-id9830 . -1) (undo-tree-id9831 . -1) (undo-tree-id9832 . -1) (undo-tree-id9833 . -1) (undo-tree-id9834 . -1) (undo-tree-id9835 . -1) (undo-tree-id9836 . -1) (undo-tree-id9837 . -1) (undo-tree-id9838 . -1) (undo-tree-id9839 . -1) (undo-tree-id9840 . -1) (undo-tree-id9841 . -1) (undo-tree-id9842 . -1) (undo-tree-id9843 . -1) (undo-tree-id9844 . -1) (undo-tree-id9845 . -1) (undo-tree-id9846 . -1) (undo-tree-id9847 . -1) (undo-tree-id9848 . -1) (undo-tree-id9849 . -1) (undo-tree-id9850 . -1) (undo-tree-id9851 . -1) (undo-tree-id9852 . -1) (undo-tree-id9853 . -1) (undo-tree-id9854 . -1) (undo-tree-id9855 . -1) (undo-tree-id9856 . -1) (undo-tree-id9857 . -1) (undo-tree-id9858 . -1) (undo-tree-id9859 . -1) (undo-tree-id9860 . -1) (undo-tree-id9861 . -1) (undo-tree-id9862 . -1) (undo-tree-id9863 . -1) (undo-tree-id9864 . -1) (undo-tree-id9865 . -1) (undo-tree-id9866 . -1) (undo-tree-id9867 . -1) (undo-tree-id9868 . -1) (undo-tree-id9869 . -1) (undo-tree-id9870 . -1) (undo-tree-id9871 . -1) (undo-tree-id9872 . -1) (undo-tree-id9873 . -1) (undo-tree-id9874 . -1) (undo-tree-id9875 . -1) (undo-tree-id9876 . -1) (undo-tree-id9877 . -1) (undo-tree-id9878 . -1) (undo-tree-id9879 . -1) (undo-tree-id9880 . -1) (undo-tree-id9881 . -1) (undo-tree-id9882 . -1) (undo-tree-id9883 . -1) (undo-tree-id9884 . -1) (undo-tree-id9885 . -1) (undo-tree-id9886 . -1) (undo-tree-id9887 . -1) (undo-tree-id9888 . -1) (undo-tree-id9889 . -1) (undo-tree-id9890 . -1) (undo-tree-id9891 . -1) (undo-tree-id9892 . -1) (undo-tree-id9893 . -1) (undo-tree-id9894 . -1) (undo-tree-id9895 . -1) (undo-tree-id9896 . -1) (undo-tree-id9897 . -1) (undo-tree-id9898 . -1) (undo-tree-id9899 . -1) (undo-tree-id9900 . -1) (undo-tree-id9901 . -1) (undo-tree-id9902 . -1) (undo-tree-id9903 . -1) (undo-tree-id9904 . -1) (undo-tree-id9905 . -1) (undo-tree-id9906 . -1) (undo-tree-id9907 . -1) (undo-tree-id9908 . -1) (undo-tree-id9909 . -1) (undo-tree-id9910 . -1) (undo-tree-id9911 . -1) (undo-tree-id9912 . -1) (undo-tree-id9913 . -1) (undo-tree-id9914 . -1) (undo-tree-id9915 . -1) (#("P" 0 1 (fontified t)) . -10304) (undo-tree-id9916 . -1) (undo-tree-id9917 . -1) (undo-tree-id9918 . -1) (undo-tree-id9919 . -1) (undo-tree-id9920 . -1) (undo-tree-id9921 . -1) (undo-tree-id9922 . -1) (undo-tree-id9923 . -1) (undo-tree-id9924 . -1) (undo-tree-id9925 . -1) (undo-tree-id9926 . -1) (undo-tree-id9927 . -1) (undo-tree-id9928 . -1) (undo-tree-id9929 . -1) (undo-tree-id9930 . -1) (undo-tree-id9931 . -1) (undo-tree-id9932 . -1) (undo-tree-id9933 . -1) (undo-tree-id9934 . -1) (undo-tree-id9935 . -1) (undo-tree-id9936 . -1) (undo-tree-id9937 . -1) (undo-tree-id9938 . -1) (undo-tree-id9939 . -1) (undo-tree-id9940 . -1) (undo-tree-id9941 . -1) (undo-tree-id9942 . -1) (undo-tree-id9943 . -1) (undo-tree-id9944 . -1) (undo-tree-id9945 . -1) (undo-tree-id9946 . -1) (undo-tree-id9947 . -1) (undo-tree-id9948 . -1) (undo-tree-id9949 . -1) (undo-tree-id9950 . -1) (undo-tree-id9951 . -1) (undo-tree-id9952 . -1) (undo-tree-id9953 . -1) (undo-tree-id9954 . -1) (undo-tree-id9955 . -1) (undo-tree-id9956 . -1) (undo-tree-id9957 . -1) (undo-tree-id9958 . -1) (undo-tree-id9959 . -1) (undo-tree-id9960 . -1) (undo-tree-id9961 . -1) (undo-tree-id9962 . -1) (undo-tree-id9963 . -1) (undo-tree-id9964 . -1) (undo-tree-id9965 . -1) (undo-tree-id9966 . -1) (undo-tree-id9967 . -1) (undo-tree-id9968 . -1) (undo-tree-id9969 . -1) (undo-tree-id9970 . -1) (undo-tree-id9971 . -1) (undo-tree-id9972 . -1) (undo-tree-id9973 . -1) (undo-tree-id9974 . -1) (undo-tree-id9975 . -1) (undo-tree-id9976 . -1) (undo-tree-id9977 . -1) (undo-tree-id9978 . -1) (undo-tree-id9979 . -1) (undo-tree-id9980 . -1) (undo-tree-id9981 . -1) (undo-tree-id9982 . -1) (undo-tree-id9983 . -1) (undo-tree-id9984 . -1) (undo-tree-id9985 . -1) (undo-tree-id9986 . -1) (undo-tree-id9987 . -1) (undo-tree-id9988 . -1) (undo-tree-id9989 . -1) (undo-tree-id9990 . -1) (undo-tree-id9991 . -1) (undo-tree-id9992 . -1) (undo-tree-id9993 . -1) (undo-tree-id9994 . -1) (undo-tree-id9995 . -1) (undo-tree-id9996 . -1) (undo-tree-id9997 . -1) (undo-tree-id9998 . -1) (undo-tree-id9999 . -1) (undo-tree-id10000 . -1) (undo-tree-id10001 . -1) (undo-tree-id10002 . -1) (undo-tree-id10003 . -1) (undo-tree-id10004 . -1) (undo-tree-id10005 . -1) (undo-tree-id10006 . -1) (undo-tree-id10007 . -1) (undo-tree-id10008 . -1) (undo-tree-id10009 . -1) (undo-tree-id10010 . -1) (undo-tree-id10011 . -1) (undo-tree-id10012 . -1) (undo-tree-id10013 . -1) (undo-tree-id10014 . -1) (undo-tree-id10015 . -1) (undo-tree-id10016 . -1) (undo-tree-id10017 . -1) (undo-tree-id10018 . -1) (undo-tree-id10019 . -1) (undo-tree-id10020 . -1) (undo-tree-id10021 . -1) (undo-tree-id10022 . -1) (undo-tree-id10023 . -1) (undo-tree-id10024 . -1) (undo-tree-id10025 . -1) (undo-tree-id10026 . -1) (undo-tree-id10027 . -1) (undo-tree-id10028 . -1) (undo-tree-id10029 . -1) (undo-tree-id10030 . -1) (undo-tree-id10031 . -1) (undo-tree-id10032 . -1) (undo-tree-id10033 . -1) (undo-tree-id10034 . -1) (undo-tree-id10035 . -1) (undo-tree-id10036 . -1) (undo-tree-id10037 . -1) (undo-tree-id10038 . -1) (undo-tree-id10039 . -1) (undo-tree-id10040 . -1) (undo-tree-id10041 . -1) (undo-tree-id10042 . -1) (undo-tree-id10043 . -1) (undo-tree-id10044 . -1) (undo-tree-id10045 . -1) (undo-tree-id10046 . -1) (undo-tree-id10047 . -1) (undo-tree-id10048 . -1) (undo-tree-id10049 . -1) (undo-tree-id10050 . -1) (undo-tree-id10051 . -1) (undo-tree-id10052 . -1) (undo-tree-id10053 . -1) (undo-tree-id10054 . -1) (undo-tree-id10055 . -1) (undo-tree-id10056 . -1) (undo-tree-id10057 . -1) (undo-tree-id10058 . -1) (undo-tree-id10059 . -1) (undo-tree-id10060 . -1) (undo-tree-id10061 . -1) (undo-tree-id10062 . -1) (undo-tree-id10063 . -1) (undo-tree-id10064 . -1) (undo-tree-id10065 . -1) (undo-tree-id10066 . -1) (undo-tree-id10067 . -1) (undo-tree-id10068 . -1) (undo-tree-id10069 . -1) (undo-tree-id10070 . -1) (undo-tree-id10071 . -1) (undo-tree-id10072 . -1) (undo-tree-id10073 . -1) (undo-tree-id10074 . -1) (undo-tree-id10075 . -1) (undo-tree-id10076 . -1) (undo-tree-id10077 . -1) (undo-tree-id10078 . -1) (undo-tree-id10079 . -1) (undo-tree-id10080 . -1) (undo-tree-id10081 . -1) (undo-tree-id10082 . -1) (undo-tree-id10083 . -1) (undo-tree-id10084 . -1) (undo-tree-id10085 . -1) (undo-tree-id10086 . -1) (undo-tree-id10087 . -1) (undo-tree-id10088 . -1) (undo-tree-id10089 . -1) (undo-tree-id10090 . -1) (undo-tree-id10091 . -1) (undo-tree-id10092 . -1) (undo-tree-id10093 . -1) (undo-tree-id10094 . -1) (undo-tree-id10095 . -1) (undo-tree-id10096 . -1) (undo-tree-id10097 . -1) (undo-tree-id10098 . -1) (undo-tree-id10099 . -1) (undo-tree-id10100 . -1) (undo-tree-id10101 . -1) (undo-tree-id10102 . -1) (undo-tree-id10103 . -1) (undo-tree-id10104 . -1) (undo-tree-id10105 . -1) (undo-tree-id10106 . -1) (undo-tree-id10107 . -1) (undo-tree-id10108 . -1) (undo-tree-id10109 . -1) (undo-tree-id10110 . -1) (undo-tree-id10111 . -1) (undo-tree-id10112 . -1) (undo-tree-id10113 . -1) (undo-tree-id10114 . -1) (undo-tree-id10115 . -1) (undo-tree-id10116 . -1) (undo-tree-id10117 . -1) (undo-tree-id10118 . -1) (undo-tree-id10119 . -1) (undo-tree-id10120 . -1) (undo-tree-id10121 . -1) (undo-tree-id10122 . -1) (undo-tree-id10123 . -1) (undo-tree-id10124 . -1) (undo-tree-id10125 . -1) (undo-tree-id10126 . -1) (undo-tree-id10127 . -1) (undo-tree-id10128 . -1) (undo-tree-id10129 . -1) (undo-tree-id10130 . -1) (undo-tree-id10131 . -1) (undo-tree-id10132 . -1) (undo-tree-id10133 . -1) (undo-tree-id10134 . -1) (undo-tree-id10135 . -1) (undo-tree-id10136 . -1) (undo-tree-id10137 . -1) (undo-tree-id10138 . -1) (undo-tree-id10139 . -1) (undo-tree-id10140 . -1) (undo-tree-id10141 . -1) (undo-tree-id10142 . -1) (undo-tree-id10143 . -1) (undo-tree-id10144 . -1) (undo-tree-id10145 . -1) (undo-tree-id10146 . -1) (undo-tree-id10147 . -1) (undo-tree-id10148 . -1) (undo-tree-id10149 . -1) (undo-tree-id10150 . -1) (undo-tree-id10151 . -1) (undo-tree-id10152 . -1) (undo-tree-id10153 . -1) (undo-tree-id10154 . -1) (undo-tree-id10155 . -1) (undo-tree-id10156 . -1) (undo-tree-id10157 . -1) (undo-tree-id10158 . -1) (undo-tree-id10159 . -1) (undo-tree-id10160 . -1) (undo-tree-id10161 . -1) (undo-tree-id10162 . -1) (undo-tree-id10163 . -1) (undo-tree-id10164 . -1) (undo-tree-id10165 . -1) (undo-tree-id10166 . -1) (undo-tree-id10167 . -1) (undo-tree-id10168 . -1) (undo-tree-id10169 . -1) (undo-tree-id10170 . -1) (undo-tree-id10171 . -1) (undo-tree-id10172 . -1) (undo-tree-id10173 . -1) (undo-tree-id10174 . -1) (undo-tree-id10175 . -1) (undo-tree-id10176 . -1) (undo-tree-id10177 . -1) (undo-tree-id10178 . -1) (undo-tree-id10179 . -1) (undo-tree-id10180 . -1) (undo-tree-id10181 . -1) (undo-tree-id10182 . -1) (undo-tree-id10183 . -1) (undo-tree-id10184 . -1) (undo-tree-id10185 . -1) (undo-tree-id10186 . -1) (undo-tree-id10187 . -1) (undo-tree-id10188 . -1) (undo-tree-id10189 . -1) (undo-tree-id10190 . -1) (undo-tree-id10191 . -1) (undo-tree-id10192 . -1) (undo-tree-id10193 . -1) (undo-tree-id10194 . -1) (undo-tree-id10195 . -1) (undo-tree-id10196 . -1) (undo-tree-id10197 . -1) (undo-tree-id10198 . -1) (undo-tree-id10199 . -1) (undo-tree-id10200 . -1) (undo-tree-id10201 . -1) (undo-tree-id10202 . -1) (undo-tree-id10203 . -1) (undo-tree-id10204 . -1) (undo-tree-id10205 . -1) (undo-tree-id10206 . -1) (undo-tree-id10207 . -1) (undo-tree-id10208 . -1) (undo-tree-id10209 . -1) (undo-tree-id10210 . -1) (undo-tree-id10211 . -1) (undo-tree-id10212 . -1) (undo-tree-id10213 . -1) (undo-tree-id10214 . -1) (undo-tree-id10215 . -1) (undo-tree-id10216 . -1) (undo-tree-id10217 . -1) (undo-tree-id10218 . -1) (undo-tree-id10219 . -1) (undo-tree-id10220 . -1) (undo-tree-id10221 . -1) (undo-tree-id10222 . -1) (undo-tree-id10223 . -1) (undo-tree-id10224 . -1) (undo-tree-id10225 . -1) (undo-tree-id10226 . -1) (undo-tree-id10227 . -1) (undo-tree-id10228 . -1) (undo-tree-id10229 . -1) (undo-tree-id10230 . -1) (undo-tree-id10231 . -1) (undo-tree-id10232 . -1) (undo-tree-id10233 . -1) (undo-tree-id10234 . -1) (undo-tree-id10235 . -1) (undo-tree-id10236 . -1) (undo-tree-id10237 . -1) (undo-tree-id10238 . -1) (undo-tree-id10239 . -1) (undo-tree-id10240 . -1) (undo-tree-id10241 . -1) (undo-tree-id10242 . -1) (undo-tree-id10243 . -1) (undo-tree-id10244 . -1) (undo-tree-id10245 . -1) (undo-tree-id10246 . -1) (undo-tree-id10247 . -1) (undo-tree-id10248 . -1) (undo-tree-id10249 . -1) (undo-tree-id10250 . -1) (undo-tree-id10251 . -1) (undo-tree-id10252 . -1) (undo-tree-id10253 . -1) (undo-tree-id10254 . -1) (undo-tree-id10255 . -1) (undo-tree-id10256 . -1) (undo-tree-id10257 . -1) (undo-tree-id10258 . -1) (undo-tree-id10259 . -1) (undo-tree-id10260 . -1) (undo-tree-id10261 . -1) (undo-tree-id10262 . -1) (undo-tree-id10263 . -1) (undo-tree-id10264 . -1) (undo-tree-id10265 . -1) (undo-tree-id10266 . -1) (undo-tree-id10267 . -1) (undo-tree-id10268 . -1) (undo-tree-id10269 . -1) (undo-tree-id10270 . -1) (undo-tree-id10271 . -1) (undo-tree-id10272 . -1) (undo-tree-id10273 . -1) (undo-tree-id10274 . -1) (undo-tree-id10275 . -1) (undo-tree-id10276 . -1) (undo-tree-id10277 . -1) (undo-tree-id10278 . -1) (undo-tree-id10279 . -1) (undo-tree-id10280 . -1) (undo-tree-id10281 . -1) (undo-tree-id10282 . -1) (undo-tree-id10283 . -1) (undo-tree-id10284 . -1) (undo-tree-id10285 . -1) (undo-tree-id10286 . -1) (undo-tree-id10287 . -1) (undo-tree-id10288 . -1) (undo-tree-id10289 . -1) (undo-tree-id10290 . -1) (undo-tree-id10291 . -1) (undo-tree-id10292 . -1) (undo-tree-id10293 . -1) (undo-tree-id10294 . -1) (undo-tree-id10295 . -1) (undo-tree-id10296 . -1) (undo-tree-id10297 . -1) (undo-tree-id10298 . -1) (undo-tree-id10299 . -1) (undo-tree-id10300 . -1) (undo-tree-id10301 . -1) (undo-tree-id10302 . -1) (undo-tree-id10303 . -1) (undo-tree-id10304 . -1) (undo-tree-id10305 . -1) (undo-tree-id10306 . -1) (undo-tree-id10307 . -1) (undo-tree-id10308 . -1) (undo-tree-id10309 . -1) (undo-tree-id10310 . -1) (undo-tree-id10311 . -1) (undo-tree-id10312 . -1) (undo-tree-id10313 . -1) (undo-tree-id10314 . -1) (undo-tree-id10315 . -1) (undo-tree-id10316 . -1) (undo-tree-id10317 . -1) (undo-tree-id10318 . -1) (undo-tree-id10319 . -1) (undo-tree-id10320 . -1) (undo-tree-id10321 . -1) (undo-tree-id10322 . -1) (undo-tree-id10323 . -1) (undo-tree-id10324 . -1) (undo-tree-id10325 . -1) (undo-tree-id10326 . -1) (undo-tree-id10327 . -1) (undo-tree-id10328 . -1) (undo-tree-id10329 . -1) (undo-tree-id10330 . -1) (undo-tree-id10331 . -1) (undo-tree-id10332 . -1) (undo-tree-id10333 . -1) (undo-tree-id10334 . -1) (undo-tree-id10335 . -1) (undo-tree-id10336 . -1) (undo-tree-id10337 . -1) (undo-tree-id10338 . -1) (undo-tree-id10339 . -1) (undo-tree-id10340 . -1) (undo-tree-id10341 . -1) (undo-tree-id10342 . -1) (undo-tree-id10343 . -1) (undo-tree-id10344 . -1) (undo-tree-id10345 . -1) (undo-tree-id10346 . -1) (undo-tree-id10347 . -1) (undo-tree-id10348 . -1) (undo-tree-id10349 . -1) (undo-tree-id10350 . -1) (undo-tree-id10351 . -1) (undo-tree-id10352 . -1) (undo-tree-id10353 . -1) (undo-tree-id10354 . -1) (undo-tree-id10355 . -1) (undo-tree-id10356 . -1) (undo-tree-id10357 . -1) (undo-tree-id10358 . -1) (undo-tree-id10359 . -1) (undo-tree-id10360 . -1) (undo-tree-id10361 . -1) (undo-tree-id10362 . -1) (undo-tree-id10363 . -1) (undo-tree-id10364 . -1) (undo-tree-id10365 . -1) (undo-tree-id10366 . -1) (undo-tree-id10367 . -1) (undo-tree-id10368 . -1) (undo-tree-id10369 . -1) (undo-tree-id10370 . -1) (undo-tree-id10371 . -1) (undo-tree-id10372 . -1) (undo-tree-id10373 . -1) (undo-tree-id10374 . -1) (undo-tree-id10375 . -1) (undo-tree-id10376 . -1) (undo-tree-id10377 . -1) (undo-tree-id10378 . -1) (undo-tree-id10379 . -1) (undo-tree-id10380 . -1) (undo-tree-id10381 . -1) (undo-tree-id10382 . -1) (undo-tree-id10383 . -1) (undo-tree-id10384 . -1) (undo-tree-id10385 . -1) (undo-tree-id10386 . -1) (undo-tree-id10387 . -1) (undo-tree-id10388 . -1) (undo-tree-id10389 . -1) (undo-tree-id10390 . -1) (undo-tree-id10391 . -1) (undo-tree-id10392 . -1) (undo-tree-id10393 . -1) (undo-tree-id10394 . -1) (undo-tree-id10395 . -1) (undo-tree-id10396 . -1) (undo-tree-id10397 . -1) (undo-tree-id10398 . -1) (undo-tree-id10399 . -1) (undo-tree-id10400 . -1) (undo-tree-id10401 . -1) (undo-tree-id10402 . -1) (undo-tree-id10403 . -1) (undo-tree-id10404 . -1) (undo-tree-id10405 . -1) (undo-tree-id10406 . -1) (undo-tree-id10407 . -1) (undo-tree-id10408 . -1) (undo-tree-id10409 . -1) (undo-tree-id10410 . -1) (undo-tree-id10411 . -1) (undo-tree-id10412 . -1) (undo-tree-id10413 . -1) (undo-tree-id10414 . -1) (undo-tree-id10415 . -1) (undo-tree-id10416 . -1) (undo-tree-id10417 . -1) (undo-tree-id10418 . -1) (undo-tree-id10419 . -1) (undo-tree-id10420 . -1) (undo-tree-id10421 . -1) (undo-tree-id10422 . -1) (undo-tree-id10423 . -1) (undo-tree-id10424 . -1) (undo-tree-id10425 . -1) (undo-tree-id10426 . -1) (undo-tree-id10427 . -1) (undo-tree-id10428 . -1) (undo-tree-id10429 . -1) (undo-tree-id10430 . -1) (undo-tree-id10431 . -1) (undo-tree-id10432 . -1) (undo-tree-id10433 . -1) (undo-tree-id10434 . -1) (undo-tree-id10435 . -1) (undo-tree-id10436 . -1) (undo-tree-id10437 . -1) (undo-tree-id10438 . -1) (undo-tree-id10439 . -1) (undo-tree-id10440 . -1) (undo-tree-id10441 . -1) (undo-tree-id10442 . -1) (undo-tree-id10443 . -1) (undo-tree-id10444 . -1) (undo-tree-id10445 . -1) (undo-tree-id10446 . -1) (undo-tree-id10447 . -1) (undo-tree-id10448 . -1) (undo-tree-id10449 . -1) (undo-tree-id10450 . -1) (undo-tree-id10451 . -1) (undo-tree-id10452 . -1) (undo-tree-id10453 . -1) (undo-tree-id10454 . -1) (undo-tree-id10455 . -1) (undo-tree-id10456 . -1) (undo-tree-id10457 . -1) (undo-tree-id10458 . -1) (undo-tree-id10459 . -1) (undo-tree-id10460 . -1) (undo-tree-id10461 . -1) (undo-tree-id10462 . -1) (undo-tree-id10463 . -1) (undo-tree-id10464 . -1) (undo-tree-id10465 . -1) (undo-tree-id10466 . -1) (undo-tree-id10467 . -1) (undo-tree-id10468 . -1) (undo-tree-id10469 . -1) (undo-tree-id10470 . -1) (undo-tree-id10471 . -1) (undo-tree-id10472 . -1) (undo-tree-id10473 . -1) (undo-tree-id10474 . -1) (undo-tree-id10475 . -1) (undo-tree-id10476 . -1) (undo-tree-id10477 . -1) (undo-tree-id10478 . -1) (undo-tree-id10479 . -1) (undo-tree-id10480 . -1) (undo-tree-id10481 . -1) (undo-tree-id10482 . -1) (undo-tree-id10483 . -1) (undo-tree-id10484 . -1) (undo-tree-id10485 . -1) (undo-tree-id10486 . -1) (undo-tree-id10487 . -1) (undo-tree-id10488 . -1) (undo-tree-id10489 . -1) (undo-tree-id10490 . -1) (undo-tree-id10491 . -1) (undo-tree-id10492 . -1) (undo-tree-id10493 . -1) (undo-tree-id10494 . -1) (undo-tree-id10495 . -1) (undo-tree-id10496 . -1) (undo-tree-id10497 . -1) (undo-tree-id10498 . -1) (undo-tree-id10499 . -1) (undo-tree-id10500 . -1) (undo-tree-id10501 . -1) (undo-tree-id10502 . -1) (undo-tree-id10503 . -1) (undo-tree-id10504 . -1) (undo-tree-id10505 . -1) (undo-tree-id10506 . -1) (undo-tree-id10507 . -1) (undo-tree-id10508 . -1) (undo-tree-id10509 . -1) (undo-tree-id10510 . -1) (undo-tree-id10511 . -1) (undo-tree-id10512 . -1) (undo-tree-id10513 . -1) (undo-tree-id10514 . -1) (undo-tree-id10515 . -1) (undo-tree-id10516 . -1) (undo-tree-id10517 . -1) (undo-tree-id10518 . -1) (undo-tree-id10519 . -1) (undo-tree-id10520 . -1) (undo-tree-id10521 . -1) (undo-tree-id10522 . -1) (undo-tree-id10523 . -1) (undo-tree-id10524 . -1) (undo-tree-id10525 . -1) (undo-tree-id10526 . -1) (undo-tree-id10527 . -1) (undo-tree-id10528 . -1) (undo-tree-id10529 . -1) (undo-tree-id10530 . -1) (undo-tree-id10531 . -1) (undo-tree-id10532 . -1) (undo-tree-id10533 . -1) (undo-tree-id10534 . -1) (undo-tree-id10535 . -1) (undo-tree-id10536 . -1) (undo-tree-id10537 . -1) (undo-tree-id10538 . -1) (undo-tree-id10539 . -1) (undo-tree-id10540 . -1) (undo-tree-id10541 . -1) (undo-tree-id10542 . -1) (undo-tree-id10543 . -1) (undo-tree-id10544 . -1) (undo-tree-id10545 . -1) (undo-tree-id10546 . -1) (undo-tree-id10547 . -1) (undo-tree-id10548 . -1) (undo-tree-id10549 . -1) (undo-tree-id10550 . -1) (undo-tree-id10551 . -1) (undo-tree-id10552 . -1) (undo-tree-id10553 . -1) (undo-tree-id10554 . -1) (undo-tree-id10555 . -1) (undo-tree-id10556 . -1) (undo-tree-id10557 . -1) (undo-tree-id10558 . -1) (undo-tree-id10559 . -1) (undo-tree-id10560 . -1) (undo-tree-id10561 . -1) (undo-tree-id10562 . -1) (undo-tree-id10563 . -1) (undo-tree-id10564 . -1) (undo-tree-id10565 . -1) (undo-tree-id10566 . -1) (undo-tree-id10567 . -1) (undo-tree-id10568 . -1) (undo-tree-id10569 . -1) (undo-tree-id10570 . -1) (undo-tree-id10571 . -1) (undo-tree-id10572 . -1) (undo-tree-id10573 . -1) (undo-tree-id10574 . -1) (undo-tree-id10575 . -1) (undo-tree-id10576 . -1) (undo-tree-id10577 . -1) (undo-tree-id10578 . -1) (undo-tree-id10579 . -1) (undo-tree-id10580 . -1) (undo-tree-id10581 . -1) (undo-tree-id10582 . -1) (undo-tree-id10583 . -1) (undo-tree-id10584 . -1) (undo-tree-id10585 . -1) (undo-tree-id10586 . -1) (undo-tree-id10587 . -1) (undo-tree-id10588 . -1) (undo-tree-id10589 . -1) (undo-tree-id10590 . -1) (undo-tree-id10591 . -1) (undo-tree-id10592 . -1) (undo-tree-id10593 . -1) (undo-tree-id10594 . -1) (undo-tree-id10595 . -1) (undo-tree-id10596 . -1) (undo-tree-id10597 . -1) (undo-tree-id10598 . -1) (undo-tree-id10599 . -1) (undo-tree-id10600 . -1) (undo-tree-id10601 . -1) (undo-tree-id10602 . -1) (undo-tree-id10603 . -1) (undo-tree-id10604 . -1) (undo-tree-id10605 . -1) (undo-tree-id10606 . -1) (undo-tree-id10607 . -1) (undo-tree-id10608 . -1) (undo-tree-id10609 . -1) (undo-tree-id10610 . -1) (undo-tree-id10611 . -1) (undo-tree-id10612 . -1) (undo-tree-id10613 . -1) (undo-tree-id10614 . -1) (undo-tree-id10615 . -1) (undo-tree-id10616 . -1) (undo-tree-id10617 . -1) (undo-tree-id10618 . -1) (undo-tree-id10619 . -1) (undo-tree-id10620 . -1) (undo-tree-id10621 . -1) (undo-tree-id10622 . -1) (undo-tree-id10623 . -1) (undo-tree-id10624 . -1) (undo-tree-id10625 . -1) (undo-tree-id10626 . -1) (undo-tree-id10627 . -1) (undo-tree-id10628 . -1) (undo-tree-id10629 . -1) (undo-tree-id10630 . -1) (undo-tree-id10631 . -1) (undo-tree-id10632 . -1) (undo-tree-id10633 . -1) (undo-tree-id10634 . -1) (undo-tree-id10635 . -1) (undo-tree-id10636 . -1) (undo-tree-id10637 . -1) (undo-tree-id10638 . -1) (undo-tree-id10639 . -1) (undo-tree-id10640 . -1) (undo-tree-id10641 . -1) (undo-tree-id10642 . -1) (undo-tree-id10643 . -1) (undo-tree-id10644 . -1) (undo-tree-id10645 . -1) (undo-tree-id10646 . -1) (undo-tree-id10647 . -1) (undo-tree-id10648 . -1) (undo-tree-id10649 . -1) (undo-tree-id10650 . -1) (undo-tree-id10651 . -1) (undo-tree-id10652 . -1) (undo-tree-id10653 . -1) (undo-tree-id10654 . -1) (undo-tree-id10655 . -1) (undo-tree-id10656 . -1) (undo-tree-id10657 . -1) (undo-tree-id10658 . -1) (undo-tree-id10659 . -1) (undo-tree-id10660 . -1) (undo-tree-id10661 . -1) (undo-tree-id10662 . -1) (undo-tree-id10663 . -1) (undo-tree-id10664 . -1) (undo-tree-id10665 . -1) (undo-tree-id10666 . -1) (undo-tree-id10667 . -1) (undo-tree-id10668 . -1) (undo-tree-id10669 . -1) (undo-tree-id10670 . -1) (undo-tree-id10671 . -1) (undo-tree-id10672 . -1) (undo-tree-id10673 . -1) (undo-tree-id10674 . -1) (undo-tree-id10675 . -1) (undo-tree-id10676 . -1) (undo-tree-id10677 . -1) (undo-tree-id10678 . -1) (undo-tree-id10679 . -1) (undo-tree-id10680 . -1) (undo-tree-id10681 . -1) (undo-tree-id10682 . -1) (undo-tree-id10683 . -1) (undo-tree-id10684 . -1) (undo-tree-id10685 . -1) (undo-tree-id10686 . -1) (undo-tree-id10687 . -1) (undo-tree-id10688 . -1) (undo-tree-id10689 . -1) (undo-tree-id10690 . -1) (undo-tree-id10691 . -1) (undo-tree-id10692 . -1) (undo-tree-id10693 . -1) (undo-tree-id10694 . -1) (undo-tree-id10695 . -1) (undo-tree-id10696 . -1) (undo-tree-id10697 . -1) (undo-tree-id10698 . -1) (undo-tree-id10699 . -1) (undo-tree-id10700 . -1) (undo-tree-id10701 . -1) (undo-tree-id10702 . -1) (undo-tree-id10703 . -1) (undo-tree-id10704 . -1) (undo-tree-id10705 . -1) (undo-tree-id10706 . -1) (undo-tree-id10707 . -1) (undo-tree-id10708 . -1) (undo-tree-id10709 . -1) (undo-tree-id10710 . -1) (undo-tree-id10711 . -1) (undo-tree-id10712 . -1) (undo-tree-id10713 . -1) (undo-tree-id10714 . -1) (undo-tree-id10715 . -1) (undo-tree-id10716 . -1) (undo-tree-id10717 . -1) (undo-tree-id10718 . -1) (undo-tree-id10719 . -1) (undo-tree-id10720 . -1) (undo-tree-id10721 . -1) (undo-tree-id10722 . -1) (undo-tree-id10723 . -1) (undo-tree-id10724 . -1) (undo-tree-id10725 . -1) (undo-tree-id10726 . -1) (undo-tree-id10727 . -1) (undo-tree-id10728 . -1) (undo-tree-id10729 . -1) (undo-tree-id10730 . -1) (undo-tree-id10731 . -1) (undo-tree-id10732 . -1) (undo-tree-id10733 . -1) (undo-tree-id10734 . -1) (undo-tree-id10735 . -1) (undo-tree-id10736 . -1) (undo-tree-id10737 . -1) (undo-tree-id10738 . -1) (undo-tree-id10739 . -1) (undo-tree-id10740 . -1) (undo-tree-id10741 . -1) (undo-tree-id10742 . -1) (undo-tree-id10743 . -1) (undo-tree-id10744 . -1) (undo-tree-id10745 . -1) (undo-tree-id10746 . -1) (undo-tree-id10747 . -1) (undo-tree-id10748 . -1) (undo-tree-id10749 . -1) (undo-tree-id10750 . -1) (undo-tree-id10751 . -1) (undo-tree-id10752 . -1) (undo-tree-id10753 . -1) (undo-tree-id10754 . -1) (undo-tree-id10755 . -1) (undo-tree-id10756 . -1) (undo-tree-id10757 . -1) (undo-tree-id10758 . -1) (undo-tree-id10759 . -1) (undo-tree-id10760 . -1) (undo-tree-id10761 . -1) (undo-tree-id10762 . -1) (undo-tree-id10763 . -1) (undo-tree-id10764 . -1) (undo-tree-id10765 . -1) (undo-tree-id10766 . -1) (undo-tree-id10767 . -1) (undo-tree-id10768 . -1) (undo-tree-id10769 . -1) (undo-tree-id10770 . -1) (undo-tree-id10771 . -1) (undo-tree-id10772 . -1) (undo-tree-id10773 . -1) (undo-tree-id10774 . -1) (undo-tree-id10775 . -1) (undo-tree-id10776 . -1) (undo-tree-id10777 . -1) (undo-tree-id10778 . -1) (undo-tree-id10779 . -1) (undo-tree-id10780 . -1) (undo-tree-id10781 . -1) (undo-tree-id10782 . -1) (undo-tree-id10783 . -1) (undo-tree-id10784 . -1) (undo-tree-id10785 . -1) (undo-tree-id10786 . -1) (undo-tree-id10787 . -1) (undo-tree-id10788 . -1) (undo-tree-id10789 . -1) (undo-tree-id10790 . -1) (undo-tree-id10791 . -1) (undo-tree-id10792 . -1) (undo-tree-id10793 . -1) (undo-tree-id10794 . -1) (undo-tree-id10795 . -1) (undo-tree-id10796 . -1) (undo-tree-id10797 . -1) (undo-tree-id10798 . -1) (undo-tree-id10799 . -1) (undo-tree-id10800 . -1) (undo-tree-id10801 . -1) (undo-tree-id10802 . -1) (undo-tree-id10803 . -1) (undo-tree-id10804 . -1) (undo-tree-id10805 . -1) (undo-tree-id10806 . -1) (undo-tree-id10807 . -1) (undo-tree-id10808 . -1) (undo-tree-id10809 . -1) (undo-tree-id10810 . -1) (undo-tree-id10811 . -1) (undo-tree-id10812 . -1) (undo-tree-id10813 . -1) (undo-tree-id10814 . -1) (undo-tree-id10815 . -1) (undo-tree-id10816 . -1) (undo-tree-id10817 . -1) (undo-tree-id10818 . -1) (undo-tree-id10819 . -1) (undo-tree-id10820 . -1) (undo-tree-id10821 . -1) (undo-tree-id10822 . -1) (undo-tree-id10823 . -1) (undo-tree-id10824 . -1) (undo-tree-id10825 . -1) (undo-tree-id10826 . -1) (undo-tree-id10827 . -1) (undo-tree-id10828 . -1) (undo-tree-id10829 . -1) (undo-tree-id10830 . -1) (undo-tree-id10831 . -1) (undo-tree-id10832 . -1) (undo-tree-id10833 . -1) (undo-tree-id10834 . -1) (undo-tree-id10835 . -1) (undo-tree-id10836 . -1) (undo-tree-id10837 . -1) (undo-tree-id10838 . -1) (undo-tree-id10839 . -1) (undo-tree-id10840 . -1) (undo-tree-id10841 . -1) (undo-tree-id10842 . -1) (undo-tree-id10843 . -1) (undo-tree-id10844 . -1) (undo-tree-id10845 . -1) (undo-tree-id10846 . -1) (undo-tree-id10847 . -1) (undo-tree-id10848 . -1) (undo-tree-id10849 . -1) (undo-tree-id10850 . -1) (undo-tree-id10851 . -1) (undo-tree-id10852 . -1) (undo-tree-id10853 . -1) (undo-tree-id10854 . -1) (undo-tree-id10855 . -1) (undo-tree-id10856 . -1) (undo-tree-id10857 . -1) (undo-tree-id10858 . -1) (undo-tree-id10859 . -1) (undo-tree-id10860 . -1) (undo-tree-id10861 . -1) (undo-tree-id10862 . -1) (undo-tree-id10863 . -1) (undo-tree-id10864 . -1) (undo-tree-id10865 . -1) (undo-tree-id10866 . -1) (undo-tree-id10867 . -1) (undo-tree-id10868 . -1) (undo-tree-id10869 . -1) (undo-tree-id10870 . -1) (undo-tree-id10871 . -1) (undo-tree-id10872 . -1) (undo-tree-id10873 . -1) (undo-tree-id10874 . -1) (undo-tree-id10875 . -1) (undo-tree-id10876 . -1) (undo-tree-id10877 . -1) (undo-tree-id10878 . -1) (undo-tree-id10879 . -1) (undo-tree-id10880 . -1) (undo-tree-id10881 . -1) (undo-tree-id10882 . -1) (undo-tree-id10883 . -1) (undo-tree-id10884 . -1) (undo-tree-id10885 . -1) (undo-tree-id10886 . -1) (undo-tree-id10887 . -1) (undo-tree-id10888 . -1) (undo-tree-id10889 . -1) (undo-tree-id10890 . -1) (undo-tree-id10891 . -1) (undo-tree-id10892 . -1) (undo-tree-id10893 . -1) (undo-tree-id10894 . -1) (undo-tree-id10895 . -1) (undo-tree-id10896 . -1) (undo-tree-id10897 . -1) (undo-tree-id10898 . -1) (undo-tree-id10899 . -1) (undo-tree-id10900 . -1) (undo-tree-id10901 . -1) (undo-tree-id10902 . -1) (undo-tree-id10903 . -1) (undo-tree-id10904 . -1) (undo-tree-id10905 . -1) (undo-tree-id10906 . -1) (undo-tree-id10907 . -1) (undo-tree-id10908 . -1) (undo-tree-id10909 . -1) (undo-tree-id10910 . -1) (undo-tree-id10911 . -1) (undo-tree-id10912 . -1) (undo-tree-id10913 . -1) (undo-tree-id10914 . -1) (undo-tree-id10915 . -1) (undo-tree-id10916 . -1) (undo-tree-id10917 . -1) (undo-tree-id10918 . -1) (undo-tree-id10919 . -1) (undo-tree-id10920 . -1) (undo-tree-id10921 . -1) (undo-tree-id10922 . -1) (undo-tree-id10923 . -1) (undo-tree-id10924 . -1) (undo-tree-id10925 . -1) (undo-tree-id10926 . -1) (undo-tree-id10927 . -1) (undo-tree-id10928 . -1) (undo-tree-id10929 . -1) (undo-tree-id10930 . -1) (undo-tree-id10931 . -1) (undo-tree-id10932 . -1) (undo-tree-id10933 . -1) (undo-tree-id10934 . -1) (undo-tree-id10935 . -1) (undo-tree-id10936 . -1) (undo-tree-id10937 . -1) (undo-tree-id10938 . -1) (undo-tree-id10939 . -1) (undo-tree-id10940 . -1) (undo-tree-id10941 . -1) (undo-tree-id10942 . -1) (undo-tree-id10943 . -1) (undo-tree-id10944 . -1) (undo-tree-id10945 . -1) (undo-tree-id10946 . -1) (undo-tree-id10947 . -1) (undo-tree-id10948 . -1) (undo-tree-id10949 . -1) (undo-tree-id10950 . -1) (undo-tree-id10951 . -1) (undo-tree-id10952 . -1) (undo-tree-id10953 . -1) (undo-tree-id10954 . -1) (undo-tree-id10955 . -1) (undo-tree-id10956 . -1) (undo-tree-id10957 . -1) (undo-tree-id10958 . -1) (undo-tree-id10959 . -1) (undo-tree-id10960 . -1) (undo-tree-id10961 . -1) (undo-tree-id10962 . -1) (undo-tree-id10963 . -1) (undo-tree-id10964 . -1) (undo-tree-id10965 . -1) (undo-tree-id10966 . -1) (undo-tree-id10967 . -1) (undo-tree-id10968 . -1) (undo-tree-id10969 . -1) (undo-tree-id10970 . -1) (undo-tree-id10971 . -1) (undo-tree-id10972 . -1) (undo-tree-id10973 . -1) (undo-tree-id10974 . -1) (undo-tree-id10975 . -1) (undo-tree-id10976 . -1) (undo-tree-id10977 . -1) (undo-tree-id10978 . -1) (undo-tree-id10979 . -1) (undo-tree-id10980 . -1) (undo-tree-id10981 . -1) (undo-tree-id10982 . -1) (undo-tree-id10983 . -1) (undo-tree-id10984 . -1) (undo-tree-id10985 . -1) (undo-tree-id10986 . -1) (undo-tree-id10987 . -1) (undo-tree-id10988 . -1) (undo-tree-id10989 . -1) (undo-tree-id10990 . -1) (undo-tree-id10991 . -1) (undo-tree-id10992 . -1) (undo-tree-id10993 . -1) (undo-tree-id10994 . -1) (undo-tree-id10995 . -1) (undo-tree-id10996 . -1) (undo-tree-id10997 . -1) (undo-tree-id10998 . -1) (undo-tree-id10999 . -1) (undo-tree-id11000 . -1) (undo-tree-id11001 . -1) (undo-tree-id11002 . -1) (undo-tree-id11003 . -1) (undo-tree-id11004 . -1) (undo-tree-id11005 . -1) (undo-tree-id11006 . -1) (undo-tree-id11007 . -1) (undo-tree-id11008 . -1) (undo-tree-id11009 . -1) (undo-tree-id11010 . -1) (undo-tree-id11011 . -1) (undo-tree-id11012 . -1) (undo-tree-id11013 . -1) (undo-tree-id11014 . -1) (undo-tree-id11015 . -1) (undo-tree-id11016 . -1) (undo-tree-id11017 . -1) (undo-tree-id11018 . -1) (undo-tree-id11019 . -1) (undo-tree-id11020 . -1) (undo-tree-id11021 . -1) (undo-tree-id11022 . -1) (undo-tree-id11023 . -1) (undo-tree-id11024 . -1) (undo-tree-id11025 . -1) (undo-tree-id11026 . -1) (undo-tree-id11027 . -1) (undo-tree-id11028 . -1) (undo-tree-id11029 . -1) (undo-tree-id11030 . -1) (undo-tree-id11031 . -1) (undo-tree-id11032 . -1) (undo-tree-id11033 . -1) (undo-tree-id11034 . -1) (undo-tree-id11035 . -1) (undo-tree-id11036 . -1) (undo-tree-id11037 . -1) (undo-tree-id11038 . -1) (undo-tree-id11039 . -1) (undo-tree-id11040 . -1) (undo-tree-id11041 . -1) (undo-tree-id11042 . -1) (undo-tree-id11043 . -1) (undo-tree-id11044 . -1) (undo-tree-id11045 . -1) (undo-tree-id11046 . -1) (undo-tree-id11047 . -1) (undo-tree-id11048 . -1) (undo-tree-id11049 . -1) (undo-tree-id11050 . -1) (undo-tree-id11051 . -1) (undo-tree-id11052 . -1) (undo-tree-id11053 . -1) (undo-tree-id11054 . -1) (undo-tree-id11055 . -1) (#("H" 0 1 (fontified t)) . -10305) (undo-tree-id11056 . -1) (undo-tree-id11057 . -1) (undo-tree-id11058 . -1) (undo-tree-id11059 . -1) (undo-tree-id11060 . -1) (undo-tree-id11061 . -1) (undo-tree-id11062 . -1) (undo-tree-id11063 . -1) (undo-tree-id11064 . -1) (undo-tree-id11065 . -1) (undo-tree-id11066 . -1) (undo-tree-id11067 . -1) (undo-tree-id11068 . -1) (undo-tree-id11069 . -1) (undo-tree-id11070 . -1) (undo-tree-id11071 . -1) (undo-tree-id11072 . -1) (undo-tree-id11073 . -1) (undo-tree-id11074 . -1) (undo-tree-id11075 . -1) (undo-tree-id11076 . -1) (undo-tree-id11077 . -1) (undo-tree-id11078 . -1) (undo-tree-id11079 . -1) (undo-tree-id11080 . -1) (undo-tree-id11081 . -1) (undo-tree-id11082 . -1) (undo-tree-id11083 . -1) (undo-tree-id11084 . -1) (undo-tree-id11085 . -1) (undo-tree-id11086 . -1) (undo-tree-id11087 . -1) (undo-tree-id11088 . -1) (undo-tree-id11089 . -1) (undo-tree-id11090 . -1) (undo-tree-id11091 . -1) (undo-tree-id11092 . -1) (undo-tree-id11093 . -1) (undo-tree-id11094 . -1) (undo-tree-id11095 . -1) (undo-tree-id11096 . -1) (undo-tree-id11097 . -1) (undo-tree-id11098 . -1) (undo-tree-id11099 . -1) (undo-tree-id11100 . -1) (undo-tree-id11101 . -1) (undo-tree-id11102 . -1) (undo-tree-id11103 . -1) (undo-tree-id11104 . -1) (undo-tree-id11105 . -1) (undo-tree-id11106 . -1) (undo-tree-id11107 . -1) (undo-tree-id11108 . -1) (undo-tree-id11109 . -1) (undo-tree-id11110 . -1) (undo-tree-id11111 . -1) (undo-tree-id11112 . -1) (undo-tree-id11113 . -1) (undo-tree-id11114 . -1) (undo-tree-id11115 . -1) (undo-tree-id11116 . -1) (undo-tree-id11117 . -1) (undo-tree-id11118 . -1) (undo-tree-id11119 . -1) (undo-tree-id11120 . -1) (undo-tree-id11121 . -1) (undo-tree-id11122 . -1) (undo-tree-id11123 . -1) (undo-tree-id11124 . -1) (undo-tree-id11125 . -1) (undo-tree-id11126 . -1) (undo-tree-id11127 . -1) (undo-tree-id11128 . -1) (undo-tree-id11129 . -1) (undo-tree-id11130 . -1) (undo-tree-id11131 . -1) (undo-tree-id11132 . -1) (undo-tree-id11133 . -1) (undo-tree-id11134 . -1) (undo-tree-id11135 . -1) (undo-tree-id11136 . -1) (undo-tree-id11137 . -1) (undo-tree-id11138 . -1) (undo-tree-id11139 . -1) (undo-tree-id11140 . -1) (undo-tree-id11141 . -1) (undo-tree-id11142 . -1) (undo-tree-id11143 . -1) (undo-tree-id11144 . -1) (undo-tree-id11145 . -1) (undo-tree-id11146 . -1) (undo-tree-id11147 . -1) (undo-tree-id11148 . -1) (undo-tree-id11149 . -1) (undo-tree-id11150 . -1) (undo-tree-id11151 . -1) (undo-tree-id11152 . -1) (undo-tree-id11153 . -1) (undo-tree-id11154 . -1) (undo-tree-id11155 . -1) (undo-tree-id11156 . -1) (undo-tree-id11157 . -1) (undo-tree-id11158 . -1) (undo-tree-id11159 . -1) (undo-tree-id11160 . -1) (undo-tree-id11161 . -1) (undo-tree-id11162 . -1) (undo-tree-id11163 . -1) (undo-tree-id11164 . -1) (undo-tree-id11165 . -1) (undo-tree-id11166 . -1) (undo-tree-id11167 . -1) (undo-tree-id11168 . -1) (undo-tree-id11169 . -1) (undo-tree-id11170 . -1) (undo-tree-id11171 . -1) (undo-tree-id11172 . -1) (undo-tree-id11173 . -1) (undo-tree-id11174 . -1) (undo-tree-id11175 . -1) (undo-tree-id11176 . -1) (undo-tree-id11177 . -1) (undo-tree-id11178 . -1) (undo-tree-id11179 . -1) (undo-tree-id11180 . -1) (undo-tree-id11181 . -1) (undo-tree-id11182 . -1) (undo-tree-id11183 . -1) (undo-tree-id11184 . -1) (undo-tree-id11185 . -1) (undo-tree-id11186 . -1) (undo-tree-id11187 . -1) (undo-tree-id11188 . -1) (undo-tree-id11189 . -1) (undo-tree-id11190 . -1) (undo-tree-id11191 . -1) (undo-tree-id11192 . -1) (undo-tree-id11193 . -1) (undo-tree-id11194 . -1) (undo-tree-id11195 . -1) (undo-tree-id11196 . -1) (undo-tree-id11197 . -1) (undo-tree-id11198 . -1) (undo-tree-id11199 . -1) (undo-tree-id11200 . -1) (undo-tree-id11201 . -1) (undo-tree-id11202 . -1) (undo-tree-id11203 . -1) (undo-tree-id11204 . -1) (undo-tree-id11205 . -1) (undo-tree-id11206 . -1) (undo-tree-id11207 . -1) (undo-tree-id11208 . -1) (undo-tree-id11209 . -1) (undo-tree-id11210 . -1) (undo-tree-id11211 . -1) (undo-tree-id11212 . -1) (undo-tree-id11213 . -1) (undo-tree-id11214 . -1) (undo-tree-id11215 . -1) (undo-tree-id11216 . -1) (undo-tree-id11217 . -1) (undo-tree-id11218 . -1) (undo-tree-id11219 . -1) (undo-tree-id11220 . -1) (undo-tree-id11221 . -1) (undo-tree-id11222 . -1) (undo-tree-id11223 . -1) (undo-tree-id11224 . -1) (undo-tree-id11225 . -1) (undo-tree-id11226 . -1) (undo-tree-id11227 . -1) (undo-tree-id11228 . -1) (undo-tree-id11229 . -1) (undo-tree-id11230 . -1) (undo-tree-id11231 . -1) (undo-tree-id11232 . -1) (undo-tree-id11233 . -1) (undo-tree-id11234 . -1) (undo-tree-id11235 . -1) (undo-tree-id11236 . -1) (undo-tree-id11237 . -1) (undo-tree-id11238 . -1) (undo-tree-id11239 . -1) (undo-tree-id11240 . -1) (undo-tree-id11241 . -1) (undo-tree-id11242 . -1) (undo-tree-id11243 . -1) (undo-tree-id11244 . -1) (undo-tree-id11245 . -1) (undo-tree-id11246 . -1) (undo-tree-id11247 . -1) (undo-tree-id11248 . -1) (undo-tree-id11249 . -1) (undo-tree-id11250 . -1) (undo-tree-id11251 . -1) (undo-tree-id11252 . -1) (undo-tree-id11253 . -1) (undo-tree-id11254 . -1) (undo-tree-id11255 . -1) (undo-tree-id11256 . -1) (undo-tree-id11257 . -1) (undo-tree-id11258 . -1) (undo-tree-id11259 . -1) (undo-tree-id11260 . -1) (undo-tree-id11261 . -1) (undo-tree-id11262 . -1) (undo-tree-id11263 . -1) (undo-tree-id11264 . -1) (undo-tree-id11265 . -1) (undo-tree-id11266 . -1) (undo-tree-id11267 . -1) (undo-tree-id11268 . -1) (undo-tree-id11269 . -1) (undo-tree-id11270 . -1) (undo-tree-id11271 . -1) (undo-tree-id11272 . -1) (undo-tree-id11273 . -1) (undo-tree-id11274 . -1) (undo-tree-id11275 . -1) (undo-tree-id11276 . -1) (undo-tree-id11277 . -1) (undo-tree-id11278 . -1) (undo-tree-id11279 . -1) (undo-tree-id11280 . -1) (undo-tree-id11281 . -1) (undo-tree-id11282 . -1) (undo-tree-id11283 . -1) (undo-tree-id11284 . -1) (undo-tree-id11285 . -1) (undo-tree-id11286 . -1) (undo-tree-id11287 . -1) (undo-tree-id11288 . -1) (undo-tree-id11289 . -1) (undo-tree-id11290 . -1) (undo-tree-id11291 . -1) (undo-tree-id11292 . -1) (undo-tree-id11293 . -1) (undo-tree-id11294 . -1) (undo-tree-id11295 . -1) (undo-tree-id11296 . -1) (undo-tree-id11297 . -1) (undo-tree-id11298 . -1) (undo-tree-id11299 . -1) (undo-tree-id11300 . -1) (undo-tree-id11301 . -1) (undo-tree-id11302 . -1) (undo-tree-id11303 . -1) (undo-tree-id11304 . -1) (undo-tree-id11305 . -1) (undo-tree-id11306 . -1) (undo-tree-id11307 . -1) (undo-tree-id11308 . -1) (undo-tree-id11309 . -1) (undo-tree-id11310 . -1) (undo-tree-id11311 . -1) (undo-tree-id11312 . -1) (undo-tree-id11313 . -1) (undo-tree-id11314 . -1) (undo-tree-id11315 . -1) (undo-tree-id11316 . -1) (undo-tree-id11317 . -1) (undo-tree-id11318 . -1) (undo-tree-id11319 . -1) (undo-tree-id11320 . -1) (undo-tree-id11321 . -1) (undo-tree-id11322 . -1) (undo-tree-id11323 . -1) (undo-tree-id11324 . -1) (undo-tree-id11325 . -1) (undo-tree-id11326 . -1) (undo-tree-id11327 . -1) (undo-tree-id11328 . -1) (undo-tree-id11329 . -1) (undo-tree-id11330 . -1) (undo-tree-id11331 . -1) (undo-tree-id11332 . -1) (undo-tree-id11333 . -1) (undo-tree-id11334 . -1) (undo-tree-id11335 . -1) (undo-tree-id11336 . -1) (undo-tree-id11337 . -1) (undo-tree-id11338 . -1) (undo-tree-id11339 . -1) (undo-tree-id11340 . -1) (undo-tree-id11341 . -1) (undo-tree-id11342 . -1) (undo-tree-id11343 . -1) (undo-tree-id11344 . -1) (undo-tree-id11345 . -1) (undo-tree-id11346 . -1) (undo-tree-id11347 . -1) (undo-tree-id11348 . -1) (undo-tree-id11349 . -1) (undo-tree-id11350 . -1) (undo-tree-id11351 . -1) (undo-tree-id11352 . -1) (undo-tree-id11353 . -1) (undo-tree-id11354 . -1) (undo-tree-id11355 . -1) (undo-tree-id11356 . -1) (undo-tree-id11357 . -1) (undo-tree-id11358 . -1) (undo-tree-id11359 . -1) (undo-tree-id11360 . -1) (undo-tree-id11361 . -1) (undo-tree-id11362 . -1) (undo-tree-id11363 . -1) (undo-tree-id11364 . -1) (undo-tree-id11365 . -1) (undo-tree-id11366 . -1) (undo-tree-id11367 . -1) (undo-tree-id11368 . -1) (undo-tree-id11369 . -1) (undo-tree-id11370 . -1) (undo-tree-id11371 . -1) (undo-tree-id11372 . -1) (undo-tree-id11373 . -1) (undo-tree-id11374 . -1) (undo-tree-id11375 . -1) (undo-tree-id11376 . -1) (undo-tree-id11377 . -1) (undo-tree-id11378 . -1) (undo-tree-id11379 . -1) (undo-tree-id11380 . -1) (undo-tree-id11381 . -1) (undo-tree-id11382 . -1) (undo-tree-id11383 . -1) (undo-tree-id11384 . -1) (undo-tree-id11385 . -1) (undo-tree-id11386 . -1) (undo-tree-id11387 . -1) (undo-tree-id11388 . -1) (undo-tree-id11389 . -1) (undo-tree-id11390 . -1) (undo-tree-id11391 . -1) (undo-tree-id11392 . -1) (undo-tree-id11393 . -1) (undo-tree-id11394 . -1) (undo-tree-id11395 . -1) (undo-tree-id11396 . -1) (undo-tree-id11397 . -1) (undo-tree-id11398 . -1) (undo-tree-id11399 . -1) (undo-tree-id11400 . -1) (undo-tree-id11401 . -1) (undo-tree-id11402 . -1) (undo-tree-id11403 . -1) (undo-tree-id11404 . -1) (undo-tree-id11405 . -1) (undo-tree-id11406 . -1) (undo-tree-id11407 . -1) (undo-tree-id11408 . -1) (undo-tree-id11409 . -1) (undo-tree-id11410 . -1) (undo-tree-id11411 . -1) (undo-tree-id11412 . -1) (undo-tree-id11413 . -1) (undo-tree-id11414 . -1) (undo-tree-id11415 . -1) (undo-tree-id11416 . -1) (undo-tree-id11417 . -1) (undo-tree-id11418 . -1) (undo-tree-id11419 . -1) (undo-tree-id11420 . -1) (undo-tree-id11421 . -1) (undo-tree-id11422 . -1) (undo-tree-id11423 . -1) (undo-tree-id11424 . -1) (undo-tree-id11425 . -1) (undo-tree-id11426 . -1) (undo-tree-id11427 . -1) (undo-tree-id11428 . -1) (undo-tree-id11429 . -1) (undo-tree-id11430 . -1) (undo-tree-id11431 . -1) (undo-tree-id11432 . -1) (undo-tree-id11433 . -1) (undo-tree-id11434 . -1) (undo-tree-id11435 . -1) (undo-tree-id11436 . -1) (undo-tree-id11437 . -1) (undo-tree-id11438 . -1) (undo-tree-id11439 . -1) (undo-tree-id11440 . -1) (undo-tree-id11441 . -1) (undo-tree-id11442 . -1) (undo-tree-id11443 . -1) (undo-tree-id11444 . -1) (undo-tree-id11445 . -1) (undo-tree-id11446 . -1) (undo-tree-id11447 . -1) (undo-tree-id11448 . -1) (undo-tree-id11449 . -1) (undo-tree-id11450 . -1) (undo-tree-id11451 . -1) (undo-tree-id11452 . -1) (undo-tree-id11453 . -1) (undo-tree-id11454 . -1) (undo-tree-id11455 . -1) (undo-tree-id11456 . -1) (undo-tree-id11457 . -1) (undo-tree-id11458 . -1) (undo-tree-id11459 . -1) (undo-tree-id11460 . -1) (undo-tree-id11461 . -1) (undo-tree-id11462 . -1) (undo-tree-id11463 . -1) (undo-tree-id11464 . -1) (undo-tree-id11465 . -1) (undo-tree-id11466 . -1) (undo-tree-id11467 . -1) (undo-tree-id11468 . -1) (undo-tree-id11469 . -1) (undo-tree-id11470 . -1) (undo-tree-id11471 . -1) (undo-tree-id11472 . -1) (undo-tree-id11473 . -1) (undo-tree-id11474 . -1) (undo-tree-id11475 . -1) (undo-tree-id11476 . -1) (undo-tree-id11477 . -1) (undo-tree-id11478 . -1) (undo-tree-id11479 . -1) (undo-tree-id11480 . -1) (undo-tree-id11481 . -1) (undo-tree-id11482 . -1) (undo-tree-id11483 . -1) (undo-tree-id11484 . -1) (undo-tree-id11485 . -1) (undo-tree-id11486 . -1) (undo-tree-id11487 . -1) (undo-tree-id11488 . -1) (undo-tree-id11489 . -1) (undo-tree-id11490 . -1) (undo-tree-id11491 . -1) (undo-tree-id11492 . -1) (undo-tree-id11493 . -1) (undo-tree-id11494 . -1) (undo-tree-id11495 . -1) (undo-tree-id11496 . -1) (undo-tree-id11497 . -1) (undo-tree-id11498 . -1) (undo-tree-id11499 . -1) (undo-tree-id11500 . -1) (undo-tree-id11501 . -1) (undo-tree-id11502 . -1) (undo-tree-id11503 . -1) (undo-tree-id11504 . -1) (undo-tree-id11505 . -1) (undo-tree-id11506 . -1) (undo-tree-id11507 . -1) (undo-tree-id11508 . -1) (undo-tree-id11509 . -1) (undo-tree-id11510 . -1) (undo-tree-id11511 . -1) (undo-tree-id11512 . -1) (undo-tree-id11513 . -1) (undo-tree-id11514 . -1) (undo-tree-id11515 . -1) (undo-tree-id11516 . -1) (undo-tree-id11517 . -1) (undo-tree-id11518 . -1) (undo-tree-id11519 . -1) (undo-tree-id11520 . -1) (undo-tree-id11521 . -1) (undo-tree-id11522 . -1) (undo-tree-id11523 . -1) (undo-tree-id11524 . -1) (undo-tree-id11525 . -1) (undo-tree-id11526 . -1) (undo-tree-id11527 . -1) (undo-tree-id11528 . -1) (undo-tree-id11529 . -1) (undo-tree-id11530 . -1) (undo-tree-id11531 . -1) (undo-tree-id11532 . -1) (undo-tree-id11533 . -1) (undo-tree-id11534 . -1) (undo-tree-id11535 . -1) (undo-tree-id11536 . -1) (undo-tree-id11537 . -1) (undo-tree-id11538 . -1) (undo-tree-id11539 . -1) (undo-tree-id11540 . -1) (undo-tree-id11541 . -1) (undo-tree-id11542 . -1) (undo-tree-id11543 . -1) (undo-tree-id11544 . -1) (undo-tree-id11545 . -1) (undo-tree-id11546 . -1) (undo-tree-id11547 . -1) (undo-tree-id11548 . -1) (undo-tree-id11549 . -1) (undo-tree-id11550 . -1) (undo-tree-id11551 . -1) (undo-tree-id11552 . -1) (undo-tree-id11553 . -1) (undo-tree-id11554 . -1) (undo-tree-id11555 . -1) (undo-tree-id11556 . -1) (undo-tree-id11557 . -1) (undo-tree-id11558 . -1) (undo-tree-id11559 . -1) (undo-tree-id11560 . -1) (undo-tree-id11561 . -1) (undo-tree-id11562 . -1) (undo-tree-id11563 . -1) (undo-tree-id11564 . -1) (undo-tree-id11565 . -1) (undo-tree-id11566 . -1) (undo-tree-id11567 . -1) (undo-tree-id11568 . -1) (undo-tree-id11569 . -1) (undo-tree-id11570 . -1) (undo-tree-id11571 . -1) (undo-tree-id11572 . -1) (undo-tree-id11573 . -1) (undo-tree-id11574 . -1) (undo-tree-id11575 . -1) (undo-tree-id11576 . -1) (undo-tree-id11577 . -1) (undo-tree-id11578 . -1) (undo-tree-id11579 . -1) (undo-tree-id11580 . -1) (undo-tree-id11581 . -1) (undo-tree-id11582 . -1) (undo-tree-id11583 . -1) (undo-tree-id11584 . -1) (undo-tree-id11585 . -1) (undo-tree-id11586 . -1) (undo-tree-id11587 . -1) (undo-tree-id11588 . -1) (undo-tree-id11589 . -1) (undo-tree-id11590 . -1) (undo-tree-id11591 . -1) (undo-tree-id11592 . -1) (undo-tree-id11593 . -1) (undo-tree-id11594 . -1) (undo-tree-id11595 . -1) (undo-tree-id11596 . -1) (undo-tree-id11597 . -1) (undo-tree-id11598 . -1) (undo-tree-id11599 . -1) (undo-tree-id11600 . -1) (undo-tree-id11601 . -1) (undo-tree-id11602 . -1) (undo-tree-id11603 . -1) (undo-tree-id11604 . -1) (undo-tree-id11605 . -1) (undo-tree-id11606 . -1) (undo-tree-id11607 . -1) (undo-tree-id11608 . -1) (undo-tree-id11609 . -1) (undo-tree-id11610 . -1) (undo-tree-id11611 . -1) (undo-tree-id11612 . -1) (undo-tree-id11613 . -1) (undo-tree-id11614 . -1) (undo-tree-id11615 . -1) (undo-tree-id11616 . -1) (undo-tree-id11617 . -1) (undo-tree-id11618 . -1) (undo-tree-id11619 . -1) (undo-tree-id11620 . -1) (undo-tree-id11621 . -1) (undo-tree-id11622 . -1) (undo-tree-id11623 . -1) (undo-tree-id11624 . -1) (undo-tree-id11625 . -1) (undo-tree-id11626 . -1) (undo-tree-id11627 . -1) (undo-tree-id11628 . -1) (undo-tree-id11629 . -1) (undo-tree-id11630 . -1) (undo-tree-id11631 . -1) (undo-tree-id11632 . -1) (undo-tree-id11633 . -1) (undo-tree-id11634 . -1) (undo-tree-id11635 . -1) (undo-tree-id11636 . -1) (undo-tree-id11637 . -1) (undo-tree-id11638 . -1) (undo-tree-id11639 . -1) (undo-tree-id11640 . -1) (undo-tree-id11641 . -1) (undo-tree-id11642 . -1) (undo-tree-id11643 . -1) (undo-tree-id11644 . -1) (undo-tree-id11645 . -1) (undo-tree-id11646 . -1) (undo-tree-id11647 . -1) (undo-tree-id11648 . -1) (undo-tree-id11649 . -1) (undo-tree-id11650 . -1) (undo-tree-id11651 . -1) (undo-tree-id11652 . -1) (undo-tree-id11653 . -1) (undo-tree-id11654 . -1) (undo-tree-id11655 . -1) (undo-tree-id11656 . -1) (undo-tree-id11657 . -1) (undo-tree-id11658 . -1) (undo-tree-id11659 . -1) (undo-tree-id11660 . -1) (undo-tree-id11661 . -1) (undo-tree-id11662 . -1) (undo-tree-id11663 . -1) (undo-tree-id11664 . -1) (undo-tree-id11665 . -1) (undo-tree-id11666 . -1) (undo-tree-id11667 . -1) (undo-tree-id11668 . -1) (undo-tree-id11669 . -1) (undo-tree-id11670 . -1) (undo-tree-id11671 . -1) (undo-tree-id11672 . -1) (undo-tree-id11673 . -1) (undo-tree-id11674 . -1) (undo-tree-id11675 . -1) (undo-tree-id11676 . -1) (undo-tree-id11677 . -1) (undo-tree-id11678 . -1) (undo-tree-id11679 . -1) (undo-tree-id11680 . -1) (undo-tree-id11681 . -1) (undo-tree-id11682 . -1) (undo-tree-id11683 . -1) (undo-tree-id11684 . -1) (undo-tree-id11685 . -1) (undo-tree-id11686 . -1) (undo-tree-id11687 . -1) (undo-tree-id11688 . -1) (undo-tree-id11689 . -1) (undo-tree-id11690 . -1) (undo-tree-id11691 . -1) (undo-tree-id11692 . -1) (undo-tree-id11693 . -1) (undo-tree-id11694 . -1) (undo-tree-id11695 . -1) (undo-tree-id11696 . -1) (undo-tree-id11697 . -1) (undo-tree-id11698 . -1) (undo-tree-id11699 . -1) (undo-tree-id11700 . -1) (undo-tree-id11701 . -1) (undo-tree-id11702 . -1) (undo-tree-id11703 . -1) (undo-tree-id11704 . -1) (undo-tree-id11705 . -1) (undo-tree-id11706 . -1) (undo-tree-id11707 . -1) (undo-tree-id11708 . -1) (undo-tree-id11709 . -1) (undo-tree-id11710 . -1) (undo-tree-id11711 . -1) (undo-tree-id11712 . -1) (undo-tree-id11713 . -1) (undo-tree-id11714 . -1) (undo-tree-id11715 . -1) (undo-tree-id11716 . -1) (undo-tree-id11717 . -1) (undo-tree-id11718 . -1) (undo-tree-id11719 . -1) (undo-tree-id11720 . -1) (undo-tree-id11721 . -1) (undo-tree-id11722 . -1) (undo-tree-id11723 . -1) (undo-tree-id11724 . -1) (undo-tree-id11725 . -1) (undo-tree-id11726 . -1) (undo-tree-id11727 . -1) (undo-tree-id11728 . -1) (undo-tree-id11729 . -1) (undo-tree-id11730 . -1) (undo-tree-id11731 . -1) (undo-tree-id11732 . -1) (undo-tree-id11733 . -1) (undo-tree-id11734 . -1) (undo-tree-id11735 . -1) (undo-tree-id11736 . -1) (undo-tree-id11737 . -1) (undo-tree-id11738 . -1) (undo-tree-id11739 . -1) (undo-tree-id11740 . -1) (undo-tree-id11741 . -1) (undo-tree-id11742 . -1) (undo-tree-id11743 . -1) (undo-tree-id11744 . -1) (undo-tree-id11745 . -1) (undo-tree-id11746 . -1) (undo-tree-id11747 . -1) (undo-tree-id11748 . -1) (undo-tree-id11749 . -1) (undo-tree-id11750 . -1) (undo-tree-id11751 . -1) (undo-tree-id11752 . -1) (undo-tree-id11753 . -1) (undo-tree-id11754 . -1) (undo-tree-id11755 . -1) (undo-tree-id11756 . -1) (undo-tree-id11757 . -1) (undo-tree-id11758 . -1) (undo-tree-id11759 . -1) (undo-tree-id11760 . -1) (undo-tree-id11761 . -1) (undo-tree-id11762 . -1) (undo-tree-id11763 . -1) (undo-tree-id11764 . -1) (undo-tree-id11765 . -1) (undo-tree-id11766 . -1) (undo-tree-id11767 . -1) (undo-tree-id11768 . -1) (undo-tree-id11769 . -1) (undo-tree-id11770 . -1) (undo-tree-id11771 . -1) (undo-tree-id11772 . -1) (undo-tree-id11773 . -1) (undo-tree-id11774 . -1) (undo-tree-id11775 . -1) (undo-tree-id11776 . -1) (undo-tree-id11777 . -1) (undo-tree-id11778 . -1) (undo-tree-id11779 . -1) (undo-tree-id11780 . -1) (undo-tree-id11781 . -1) (undo-tree-id11782 . -1) (undo-tree-id11783 . -1) (undo-tree-id11784 . -1) (undo-tree-id11785 . -1) (undo-tree-id11786 . -1) (undo-tree-id11787 . -1) (undo-tree-id11788 . -1) (undo-tree-id11789 . -1) (undo-tree-id11790 . -1) (undo-tree-id11791 . -1) (undo-tree-id11792 . -1) (undo-tree-id11793 . -1) (undo-tree-id11794 . -1) (undo-tree-id11795 . -1) (undo-tree-id11796 . -1) (undo-tree-id11797 . -1) (undo-tree-id11798 . -1) (undo-tree-id11799 . -1) (undo-tree-id11800 . -1) (undo-tree-id11801 . -1) (undo-tree-id11802 . -1) (undo-tree-id11803 . -1) (undo-tree-id11804 . -1) (undo-tree-id11805 . -1) (undo-tree-id11806 . -1) (undo-tree-id11807 . -1) (undo-tree-id11808 . -1) (undo-tree-id11809 . -1) (undo-tree-id11810 . -1) (undo-tree-id11811 . -1) (undo-tree-id11812 . -1) (undo-tree-id11813 . -1) (undo-tree-id11814 . -1) (undo-tree-id11815 . -1) (undo-tree-id11816 . -1) (undo-tree-id11817 . -1) (undo-tree-id11818 . -1) (undo-tree-id11819 . -1) (undo-tree-id11820 . -1) (undo-tree-id11821 . -1) (undo-tree-id11822 . -1) (undo-tree-id11823 . -1) (undo-tree-id11824 . -1) (undo-tree-id11825 . -1) (undo-tree-id11826 . -1) (undo-tree-id11827 . -1) (undo-tree-id11828 . -1) (undo-tree-id11829 . -1) (undo-tree-id11830 . -1) (undo-tree-id11831 . -1) (undo-tree-id11832 . -1) (undo-tree-id11833 . -1) (undo-tree-id11834 . -1) (undo-tree-id11835 . -1) (undo-tree-id11836 . -1) (undo-tree-id11837 . -1) (undo-tree-id11838 . -1) (undo-tree-id11839 . -1) (undo-tree-id11840 . -1) (undo-tree-id11841 . -1) (undo-tree-id11842 . -1) (undo-tree-id11843 . -1) (undo-tree-id11844 . -1) (undo-tree-id11845 . -1) (undo-tree-id11846 . -1) (undo-tree-id11847 . -1) (undo-tree-id11848 . -1) (undo-tree-id11849 . -1) (undo-tree-id11850 . -1) (undo-tree-id11851 . -1) (undo-tree-id11852 . -1) (undo-tree-id11853 . -1) (undo-tree-id11854 . -1) (undo-tree-id11855 . -1) (undo-tree-id11856 . -1) (undo-tree-id11857 . -1) (undo-tree-id11858 . -1) (undo-tree-id11859 . -1) (undo-tree-id11860 . -1) (undo-tree-id11861 . -1) (undo-tree-id11862 . -1) (undo-tree-id11863 . -1) (undo-tree-id11864 . -1) (undo-tree-id11865 . -1) (undo-tree-id11866 . -1) (undo-tree-id11867 . -1) (undo-tree-id11868 . -1) (undo-tree-id11869 . -1) (undo-tree-id11870 . -1) (undo-tree-id11871 . -1) (undo-tree-id11872 . -1) (undo-tree-id11873 . -1) (undo-tree-id11874 . -1) (undo-tree-id11875 . -1) (undo-tree-id11876 . -1) (undo-tree-id11877 . -1) (undo-tree-id11878 . -1) (undo-tree-id11879 . -1) (undo-tree-id11880 . -1) (undo-tree-id11881 . -1) (undo-tree-id11882 . -1) (undo-tree-id11883 . -1) (undo-tree-id11884 . -1) (undo-tree-id11885 . -1) (undo-tree-id11886 . -1) (undo-tree-id11887 . -1) (undo-tree-id11888 . -1) (undo-tree-id11889 . -1) (undo-tree-id11890 . -1) (undo-tree-id11891 . -1) (undo-tree-id11892 . -1) (undo-tree-id11893 . -1) (undo-tree-id11894 . -1) (undo-tree-id11895 . -1) (undo-tree-id11896 . -1) (undo-tree-id11897 . -1) (undo-tree-id11898 . -1) (undo-tree-id11899 . -1) (undo-tree-id11900 . -1) (undo-tree-id11901 . -1) (undo-tree-id11902 . -1) (undo-tree-id11903 . -1) (undo-tree-id11904 . -1) (undo-tree-id11905 . -1) (undo-tree-id11906 . -1) (undo-tree-id11907 . -1) (undo-tree-id11908 . -1) (undo-tree-id11909 . -1) (undo-tree-id11910 . -1) (undo-tree-id11911 . -1) (undo-tree-id11912 . -1) (undo-tree-id11913 . -1) (undo-tree-id11914 . -1) (undo-tree-id11915 . -1) (undo-tree-id11916 . -1) (undo-tree-id11917 . -1) (undo-tree-id11918 . -1) (undo-tree-id11919 . -1) (undo-tree-id11920 . -1) (undo-tree-id11921 . -1) (undo-tree-id11922 . -1) (undo-tree-id11923 . -1) (undo-tree-id11924 . -1) (undo-tree-id11925 . -1) (undo-tree-id11926 . -1) (undo-tree-id11927 . -1) (undo-tree-id11928 . -1) (undo-tree-id11929 . -1) (undo-tree-id11930 . -1) (undo-tree-id11931 . -1) (undo-tree-id11932 . -1) (undo-tree-id11933 . -1) (undo-tree-id11934 . -1) (undo-tree-id11935 . -1) (undo-tree-id11936 . -1) (undo-tree-id11937 . -1) (undo-tree-id11938 . -1) (undo-tree-id11939 . -1) (undo-tree-id11940 . -1) (undo-tree-id11941 . -1) (undo-tree-id11942 . -1) (undo-tree-id11943 . -1) (undo-tree-id11944 . -1) (undo-tree-id11945 . -1) (undo-tree-id11946 . -1) (undo-tree-id11947 . -1) (undo-tree-id11948 . -1) (undo-tree-id11949 . -1) (undo-tree-id11950 . -1) (undo-tree-id11951 . -1) (undo-tree-id11952 . -1) (undo-tree-id11953 . -1) (undo-tree-id11954 . -1) (undo-tree-id11955 . -1) (undo-tree-id11956 . -1) (undo-tree-id11957 . -1) (undo-tree-id11958 . -1) (undo-tree-id11959 . -1) (undo-tree-id11960 . -1) (undo-tree-id11961 . -1) (undo-tree-id11962 . -1) (undo-tree-id11963 . -1) (undo-tree-id11964 . -1) (undo-tree-id11965 . -1) (undo-tree-id11966 . -1) (undo-tree-id11967 . -1) (undo-tree-id11968 . -1) (undo-tree-id11969 . -1) (undo-tree-id11970 . -1) (undo-tree-id11971 . -1) (undo-tree-id11972 . -1) (undo-tree-id11973 . -1) (undo-tree-id11974 . -1) (undo-tree-id11975 . -1) (undo-tree-id11976 . -1) (undo-tree-id11977 . -1) (undo-tree-id11978 . -1) (undo-tree-id11979 . -1) (undo-tree-id11980 . -1) (undo-tree-id11981 . -1) (undo-tree-id11982 . -1) (undo-tree-id11983 . -1) (undo-tree-id11984 . -1) (undo-tree-id11985 . -1) (undo-tree-id11986 . -1) (undo-tree-id11987 . -1) (undo-tree-id11988 . -1) (undo-tree-id11989 . -1) (undo-tree-id11990 . -1) (undo-tree-id11991 . -1) (undo-tree-id11992 . -1) (undo-tree-id11993 . -1) (undo-tree-id11994 . -1) (undo-tree-id11995 . -1) (undo-tree-id11996 . -1) (undo-tree-id11997 . -1) (undo-tree-id11998 . -1) (undo-tree-id11999 . -1) (undo-tree-id12000 . -1) (undo-tree-id12001 . -1) (undo-tree-id12002 . -1) (undo-tree-id12003 . -1) (undo-tree-id12004 . -1) (undo-tree-id12005 . -1) (undo-tree-id12006 . -1) (undo-tree-id12007 . -1) (undo-tree-id12008 . -1) (undo-tree-id12009 . -1) (undo-tree-id12010 . -1) (undo-tree-id12011 . -1) (undo-tree-id12012 . -1) (undo-tree-id12013 . -1) (undo-tree-id12014 . -1) (undo-tree-id12015 . -1) (undo-tree-id12016 . -1) (undo-tree-id12017 . -1) (undo-tree-id12018 . -1) (undo-tree-id12019 . -1) (undo-tree-id12020 . -1) (undo-tree-id12021 . -1) (undo-tree-id12022 . -1) (undo-tree-id12023 . -1) (undo-tree-id12024 . -1) (undo-tree-id12025 . -1) (undo-tree-id12026 . -1) (undo-tree-id12027 . -1) (undo-tree-id12028 . -1) (undo-tree-id12029 . -1) (undo-tree-id12030 . -1) (undo-tree-id12031 . -1) (undo-tree-id12032 . -1) (undo-tree-id12033 . -1) (undo-tree-id12034 . -1) (undo-tree-id12035 . -1) (undo-tree-id12036 . -1) (undo-tree-id12037 . -1) (undo-tree-id12038 . -1) (undo-tree-id12039 . -1) (undo-tree-id12040 . -1) (undo-tree-id12041 . -1) (undo-tree-id12042 . -1) (undo-tree-id12043 . -1) (undo-tree-id12044 . -1) (undo-tree-id12045 . -1) (undo-tree-id12046 . -1) (undo-tree-id12047 . -1) (undo-tree-id12048 . -1) (undo-tree-id12049 . -1) (undo-tree-id12050 . -1) (undo-tree-id12051 . -1) (undo-tree-id12052 . -1) (undo-tree-id12053 . -1) (undo-tree-id12054 . -1) (undo-tree-id12055 . -1) (undo-tree-id12056 . -1) (undo-tree-id12057 . -1) (undo-tree-id12058 . -1) (undo-tree-id12059 . -1) (undo-tree-id12060 . -1) (undo-tree-id12061 . -1) (#("D" 0 1 (fontified t)) . -10306) (undo-tree-id12062 . -1) (undo-tree-id12063 . -1) (undo-tree-id12064 . -1) (undo-tree-id12065 . -1) (undo-tree-id12066 . -1) (undo-tree-id12067 . -1) (undo-tree-id12068 . -1) (undo-tree-id12069 . -1) (undo-tree-id12070 . -1) (undo-tree-id12071 . -1) (undo-tree-id12072 . -1) (undo-tree-id12073 . -1) (undo-tree-id12074 . -1) (undo-tree-id12075 . -1) (undo-tree-id12076 . -1) (undo-tree-id12077 . -1) (undo-tree-id12078 . -1) (undo-tree-id12079 . -1) (undo-tree-id12080 . -1) (undo-tree-id12081 . -1) (undo-tree-id12082 . -1) (undo-tree-id12083 . -1) (undo-tree-id12084 . -1) (undo-tree-id12085 . -1) (undo-tree-id12086 . -1) (undo-tree-id12087 . -1) (undo-tree-id12088 . -1) (undo-tree-id12089 . -1) (undo-tree-id12090 . -1) (undo-tree-id12091 . -1) (undo-tree-id12092 . -1) (undo-tree-id12093 . -1) (undo-tree-id12094 . -1) (undo-tree-id12095 . -1) (undo-tree-id12096 . -1) (undo-tree-id12097 . -1) (undo-tree-id12098 . -1) (undo-tree-id12099 . -1) (undo-tree-id12100 . -1) (undo-tree-id12101 . -1) (undo-tree-id12102 . -1) (undo-tree-id12103 . -1) (undo-tree-id12104 . -1) (undo-tree-id12105 . -1) (undo-tree-id12106 . -1) (undo-tree-id12107 . -1) (undo-tree-id12108 . -1) (undo-tree-id12109 . -1) (undo-tree-id12110 . -1) (undo-tree-id12111 . -1) (undo-tree-id12112 . -1) (undo-tree-id12113 . -1) (undo-tree-id12114 . -1) (undo-tree-id12115 . -1) (undo-tree-id12116 . -1) (undo-tree-id12117 . -1) (undo-tree-id12118 . -1) (undo-tree-id12119 . -1) (undo-tree-id12120 . -1) (undo-tree-id12121 . -1) (undo-tree-id12122 . -1) (undo-tree-id12123 . -1) (undo-tree-id12124 . -1) (undo-tree-id12125 . -1) (undo-tree-id12126 . -1) (undo-tree-id12127 . -1) (undo-tree-id12128 . -1) (undo-tree-id12129 . -1) (undo-tree-id12130 . -1) (undo-tree-id12131 . -1) (undo-tree-id12132 . -1) (undo-tree-id12133 . -1) (undo-tree-id12134 . -1) (undo-tree-id12135 . -1) (undo-tree-id12136 . -1) (undo-tree-id12137 . -1) (undo-tree-id12138 . -1) (undo-tree-id12139 . -1) (undo-tree-id12140 . -1) (undo-tree-id12141 . -1) (undo-tree-id12142 . -1) (undo-tree-id12143 . -1) (undo-tree-id12144 . -1) (undo-tree-id12145 . -1) (undo-tree-id12146 . -1) (undo-tree-id12147 . -1) (undo-tree-id12148 . -1) (undo-tree-id12149 . -1) (undo-tree-id12150 . -1) (undo-tree-id12151 . -1) (undo-tree-id12152 . -1) (undo-tree-id12153 . -1) (undo-tree-id12154 . -1) (undo-tree-id12155 . -1) (undo-tree-id12156 . -1) (undo-tree-id12157 . -1) (undo-tree-id12158 . -1) (undo-tree-id12159 . -1) (undo-tree-id12160 . -1) (undo-tree-id12161 . -1) (undo-tree-id12162 . -1) (undo-tree-id12163 . -1) (undo-tree-id12164 . -1) (undo-tree-id12165 . -1) (undo-tree-id12166 . -1) (undo-tree-id12167 . -1) (undo-tree-id12168 . -1) (undo-tree-id12169 . -1) (undo-tree-id12170 . -1) (undo-tree-id12171 . -1) (undo-tree-id12172 . -1) (undo-tree-id12173 . -1) (undo-tree-id12174 . -1) (undo-tree-id12175 . -1) (undo-tree-id12176 . -1) (undo-tree-id12177 . -1) (undo-tree-id12178 . -1) (undo-tree-id12179 . -1) (undo-tree-id12180 . -1) (undo-tree-id12181 . -1) (undo-tree-id12182 . -1) (undo-tree-id12183 . -1) (undo-tree-id12184 . -1) (undo-tree-id12185 . -1) (undo-tree-id12186 . -1) (undo-tree-id12187 . -1) (undo-tree-id12188 . -1) (undo-tree-id12189 . -1) (undo-tree-id12190 . -1) (undo-tree-id12191 . -1) (undo-tree-id12192 . -1) (undo-tree-id12193 . -1) (undo-tree-id12194 . -1) (undo-tree-id12195 . -1) (undo-tree-id12196 . -1) (undo-tree-id12197 . -1) (undo-tree-id12198 . -1) (undo-tree-id12199 . -1) (undo-tree-id12200 . -1) (undo-tree-id12201 . -1) (undo-tree-id12202 . -1) (undo-tree-id12203 . -1) (undo-tree-id12204 . -1) (undo-tree-id12205 . -1) (undo-tree-id12206 . -1) (undo-tree-id12207 . -1) (undo-tree-id12208 . -1) (undo-tree-id12209 . -1) (undo-tree-id12210 . -1) (undo-tree-id12211 . -1) (undo-tree-id12212 . -1) (undo-tree-id12213 . -1) (undo-tree-id12214 . -1) (undo-tree-id12215 . -1) (undo-tree-id12216 . -1) (undo-tree-id12217 . -1) (undo-tree-id12218 . -1) (undo-tree-id12219 . -1) (undo-tree-id12220 . -1) (undo-tree-id12221 . -1) (undo-tree-id12222 . -1) (undo-tree-id12223 . -1) (undo-tree-id12224 . -1) (undo-tree-id12225 . -1) (undo-tree-id12226 . -1) (undo-tree-id12227 . -1) (undo-tree-id12228 . -1) (undo-tree-id12229 . -1) (undo-tree-id12230 . -1) (undo-tree-id12231 . -1) (undo-tree-id12232 . -1) (undo-tree-id12233 . -1) (undo-tree-id12234 . -1) (undo-tree-id12235 . -1) (undo-tree-id12236 . -1) (undo-tree-id12237 . -1) (undo-tree-id12238 . -1) (undo-tree-id12239 . -1) (undo-tree-id12240 . -1) (undo-tree-id12241 . -1) (undo-tree-id12242 . -1) (undo-tree-id12243 . -1) (undo-tree-id12244 . -1) (undo-tree-id12245 . -1) (undo-tree-id12246 . -1) (undo-tree-id12247 . -1) (undo-tree-id12248 . -1) (undo-tree-id12249 . -1) (undo-tree-id12250 . -1) (undo-tree-id12251 . -1) (undo-tree-id12252 . -1) (undo-tree-id12253 . -1) (undo-tree-id12254 . -1) (undo-tree-id12255 . -1) (undo-tree-id12256 . -1) (undo-tree-id12257 . -1) (undo-tree-id12258 . -1) (undo-tree-id12259 . -1) (undo-tree-id12260 . -1) (undo-tree-id12261 . -1) (undo-tree-id12262 . -1) (undo-tree-id12263 . -1) (undo-tree-id12264 . -1) (undo-tree-id12265 . -1) (undo-tree-id12266 . -1) (undo-tree-id12267 . -1) (undo-tree-id12268 . -1) (undo-tree-id12269 . -1) (undo-tree-id12270 . -1) (undo-tree-id12271 . -1) (undo-tree-id12272 . -1) (undo-tree-id12273 . -1) (undo-tree-id12274 . -1) (undo-tree-id12275 . -1) (undo-tree-id12276 . -1) (undo-tree-id12277 . -1) (undo-tree-id12278 . -1) (undo-tree-id12279 . -1) (undo-tree-id12280 . -1) (undo-tree-id12281 . -1) (undo-tree-id12282 . -1) (undo-tree-id12283 . -1) (undo-tree-id12284 . -1) (undo-tree-id12285 . -1) (undo-tree-id12286 . -1) (undo-tree-id12287 . -1) (undo-tree-id12288 . -1) (undo-tree-id12289 . -1) (undo-tree-id12290 . -1) (undo-tree-id12291 . -1) (undo-tree-id12292 . -1) (undo-tree-id12293 . -1) (undo-tree-id12294 . -1) (undo-tree-id12295 . -1) (undo-tree-id12296 . -1) (undo-tree-id12297 . -1) (undo-tree-id12298 . -1) (undo-tree-id12299 . -1) (undo-tree-id12300 . -1) (undo-tree-id12301 . -1) (undo-tree-id12302 . -1) (undo-tree-id12303 . -1) (undo-tree-id12304 . -1) (undo-tree-id12305 . -1) (undo-tree-id12306 . -1) (undo-tree-id12307 . -1) (undo-tree-id12308 . -1) (undo-tree-id12309 . -1) (undo-tree-id12310 . -1) (undo-tree-id12311 . -1) (undo-tree-id12312 . -1) (undo-tree-id12313 . -1) (undo-tree-id12314 . -1) (undo-tree-id12315 . -1) (undo-tree-id12316 . -1) (undo-tree-id12317 . -1) (undo-tree-id12318 . -1) (undo-tree-id12319 . -1) (undo-tree-id12320 . -1) (undo-tree-id12321 . -1) (undo-tree-id12322 . -1) (undo-tree-id12323 . -1) (undo-tree-id12324 . -1) (undo-tree-id12325 . -1) (undo-tree-id12326 . -1) (undo-tree-id12327 . -1) (undo-tree-id12328 . -1) (undo-tree-id12329 . -1) (undo-tree-id12330 . -1) (undo-tree-id12331 . -1) (undo-tree-id12332 . -1) (undo-tree-id12333 . -1) (undo-tree-id12334 . -1) (undo-tree-id12335 . -1) (undo-tree-id12336 . -1) (undo-tree-id12337 . -1) (undo-tree-id12338 . -1) (undo-tree-id12339 . -1) (undo-tree-id12340 . -1) (undo-tree-id12341 . -1) (undo-tree-id12342 . -1) (undo-tree-id12343 . -1) (undo-tree-id12344 . -1) (undo-tree-id12345 . -1) (undo-tree-id12346 . -1) (undo-tree-id12347 . -1) (undo-tree-id12348 . -1) (undo-tree-id12349 . -1) (undo-tree-id12350 . -1) (undo-tree-id12351 . -1) (undo-tree-id12352 . -1) (undo-tree-id12353 . -1) (undo-tree-id12354 . -1) (undo-tree-id12355 . -1) (undo-tree-id12356 . -1) (undo-tree-id12357 . -1) (undo-tree-id12358 . -1) (undo-tree-id12359 . -1) (undo-tree-id12360 . -1) (undo-tree-id12361 . -1) (undo-tree-id12362 . -1) (undo-tree-id12363 . -1) (undo-tree-id12364 . -1) (undo-tree-id12365 . -1) (undo-tree-id12366 . -1) (undo-tree-id12367 . -1) (undo-tree-id12368 . -1) (undo-tree-id12369 . -1) (undo-tree-id12370 . -1) (undo-tree-id12371 . -1) (undo-tree-id12372 . -1) (undo-tree-id12373 . -1) (undo-tree-id12374 . -1) (undo-tree-id12375 . -1) (undo-tree-id12376 . -1) (undo-tree-id12377 . -1) (undo-tree-id12378 . -1) (undo-tree-id12379 . -1) (undo-tree-id12380 . -1) (undo-tree-id12381 . -1) (undo-tree-id12382 . -1) (undo-tree-id12383 . -1) (undo-tree-id12384 . -1) (undo-tree-id12385 . -1) (undo-tree-id12386 . -1) (undo-tree-id12387 . -1) (undo-tree-id12388 . -1) (undo-tree-id12389 . -1) (undo-tree-id12390 . -1) (undo-tree-id12391 . -1) (undo-tree-id12392 . -1) (undo-tree-id12393 . -1) (undo-tree-id12394 . -1) (undo-tree-id12395 . -1) (undo-tree-id12396 . -1) (undo-tree-id12397 . -1) (undo-tree-id12398 . -1) (undo-tree-id12399 . -1) (undo-tree-id12400 . -1) (undo-tree-id12401 . -1) (undo-tree-id12402 . -1) (undo-tree-id12403 . -1) (undo-tree-id12404 . -1) (undo-tree-id12405 . -1) (undo-tree-id12406 . -1) (undo-tree-id12407 . -1) (undo-tree-id12408 . -1) (undo-tree-id12409 . -1) (undo-tree-id12410 . -1) (undo-tree-id12411 . -1) (undo-tree-id12412 . -1) (undo-tree-id12413 . -1) (undo-tree-id12414 . -1) (undo-tree-id12415 . -1) (undo-tree-id12416 . -1) (undo-tree-id12417 . -1) (undo-tree-id12418 . -1) (undo-tree-id12419 . -1) (undo-tree-id12420 . -1) (undo-tree-id12421 . -1) (undo-tree-id12422 . -1) (undo-tree-id12423 . -1) (undo-tree-id12424 . -1) (undo-tree-id12425 . -1) (undo-tree-id12426 . -1) (undo-tree-id12427 . -1) (undo-tree-id12428 . -1) (undo-tree-id12429 . -1) (undo-tree-id12430 . -1) (undo-tree-id12431 . -1) (undo-tree-id12432 . -1) (undo-tree-id12433 . -1) (undo-tree-id12434 . -1) (undo-tree-id12435 . -1) (undo-tree-id12436 . -1) (undo-tree-id12437 . -1) (undo-tree-id12438 . -1) (undo-tree-id12439 . -1) (undo-tree-id12440 . -1) (undo-tree-id12441 . -1) (undo-tree-id12442 . -1) (undo-tree-id12443 . -1) (undo-tree-id12444 . -1) (undo-tree-id12445 . -1) (undo-tree-id12446 . -1) (undo-tree-id12447 . -1) (undo-tree-id12448 . -1) (undo-tree-id12449 . -1) (undo-tree-id12450 . -1) (undo-tree-id12451 . -1) (undo-tree-id12452 . -1) (undo-tree-id12453 . -1) (undo-tree-id12454 . -1) (undo-tree-id12455 . -1) (undo-tree-id12456 . -1) (undo-tree-id12457 . -1) (undo-tree-id12458 . -1) (undo-tree-id12459 . -1) (undo-tree-id12460 . -1) (undo-tree-id12461 . -1) (undo-tree-id12462 . -1) (undo-tree-id12463 . -1) (undo-tree-id12464 . -1) (undo-tree-id12465 . -1) (undo-tree-id12466 . -1) (undo-tree-id12467 . -1) (undo-tree-id12468 . -1) (undo-tree-id12469 . -1) (undo-tree-id12470 . -1) (undo-tree-id12471 . -1) (undo-tree-id12472 . -1) (undo-tree-id12473 . -1) (undo-tree-id12474 . -1) (undo-tree-id12475 . -1) (undo-tree-id12476 . -1) (undo-tree-id12477 . -1) (undo-tree-id12478 . -1) (undo-tree-id12479 . -1) (undo-tree-id12480 . -1) (undo-tree-id12481 . -1) (undo-tree-id12482 . -1) (undo-tree-id12483 . -1) (undo-tree-id12484 . -1) (undo-tree-id12485 . -1) (undo-tree-id12486 . -1) (undo-tree-id12487 . -1) (undo-tree-id12488 . -1) (undo-tree-id12489 . -1) (undo-tree-id12490 . -1) (undo-tree-id12491 . -1) (undo-tree-id12492 . -1) (undo-tree-id12493 . -1) (undo-tree-id12494 . -1) (undo-tree-id12495 . -1) (undo-tree-id12496 . -1) (undo-tree-id12497 . -1) (undo-tree-id12498 . -1) (undo-tree-id12499 . -1) (undo-tree-id12500 . -1) (undo-tree-id12501 . -1) (undo-tree-id12502 . -1) (undo-tree-id12503 . -1) (undo-tree-id12504 . -1) (undo-tree-id12505 . -1) (undo-tree-id12506 . -1) (undo-tree-id12507 . -1) (undo-tree-id12508 . -1) (undo-tree-id12509 . -1) (undo-tree-id12510 . -1) (undo-tree-id12511 . -1) (undo-tree-id12512 . -1) (undo-tree-id12513 . -1) (undo-tree-id12514 . -1) (undo-tree-id12515 . -1) (undo-tree-id12516 . -1) (undo-tree-id12517 . -1) (undo-tree-id12518 . -1) (undo-tree-id12519 . -1) (undo-tree-id12520 . -1) (undo-tree-id12521 . -1) (undo-tree-id12522 . -1) (undo-tree-id12523 . -1) (undo-tree-id12524 . -1) (undo-tree-id12525 . -1) (undo-tree-id12526 . -1) (undo-tree-id12527 . -1) (undo-tree-id12528 . -1) (undo-tree-id12529 . -1) (undo-tree-id12530 . -1) (undo-tree-id12531 . -1) (undo-tree-id12532 . -1) (undo-tree-id12533 . -1) (undo-tree-id12534 . -1) (undo-tree-id12535 . -1) (undo-tree-id12536 . -1) (undo-tree-id12537 . -1) (undo-tree-id12538 . -1) (undo-tree-id12539 . -1) (undo-tree-id12540 . -1) (undo-tree-id12541 . -1) (undo-tree-id12542 . -1) (undo-tree-id12543 . -1) (undo-tree-id12544 . -1) (undo-tree-id12545 . -1) (undo-tree-id12546 . -1) (undo-tree-id12547 . -1) (undo-tree-id12548 . -1) (undo-tree-id12549 . -1) (undo-tree-id12550 . -1) (undo-tree-id12551 . -1) (undo-tree-id12552 . -1) (undo-tree-id12553 . -1) (undo-tree-id12554 . -1) (undo-tree-id12555 . -1) (undo-tree-id12556 . -1) (undo-tree-id12557 . -1) (undo-tree-id12558 . -1) (undo-tree-id12559 . -1) (undo-tree-id12560 . -1) (undo-tree-id12561 . -1) (undo-tree-id12562 . -1) (undo-tree-id12563 . -1) (undo-tree-id12564 . -1) (undo-tree-id12565 . -1) (undo-tree-id12566 . -1) (undo-tree-id12567 . -1) (undo-tree-id12568 . -1) (undo-tree-id12569 . -1) (undo-tree-id12570 . -1) (undo-tree-id12571 . -1) (undo-tree-id12572 . -1) (undo-tree-id12573 . -1) (undo-tree-id12574 . -1) (undo-tree-id12575 . -1) (undo-tree-id12576 . -1) (undo-tree-id12577 . -1) (undo-tree-id12578 . -1) (undo-tree-id12579 . -1) (undo-tree-id12580 . -1) (undo-tree-id12581 . -1) (undo-tree-id12582 . -1) (undo-tree-id12583 . -1) (undo-tree-id12584 . -1) (undo-tree-id12585 . -1) (undo-tree-id12586 . -1) (undo-tree-id12587 . -1) (undo-tree-id12588 . -1) (undo-tree-id12589 . -1) (undo-tree-id12590 . -1) (undo-tree-id12591 . -1) (undo-tree-id12592 . -1) (undo-tree-id12593 . -1) (undo-tree-id12594 . -1) (undo-tree-id12595 . -1) (undo-tree-id12596 . -1) (undo-tree-id12597 . -1) (undo-tree-id12598 . -1) (undo-tree-id12599 . -1) (undo-tree-id12600 . -1) (undo-tree-id12601 . -1) (undo-tree-id12602 . -1) (undo-tree-id12603 . -1) (undo-tree-id12604 . -1) (undo-tree-id12605 . -1) (undo-tree-id12606 . -1) (undo-tree-id12607 . -1) (undo-tree-id12608 . -1) (undo-tree-id12609 . -1) (undo-tree-id12610 . -1) (undo-tree-id12611 . -1) (undo-tree-id12612 . -1) (undo-tree-id12613 . -1) (undo-tree-id12614 . -1) (undo-tree-id12615 . -1) (undo-tree-id12616 . -1) (undo-tree-id12617 . -1) (undo-tree-id12618 . -1) (undo-tree-id12619 . -1) (undo-tree-id12620 . -1) (undo-tree-id12621 . -1) (undo-tree-id12622 . -1) (undo-tree-id12623 . -1) (undo-tree-id12624 . -1) (undo-tree-id12625 . -1) (undo-tree-id12626 . -1) (undo-tree-id12627 . -1) (undo-tree-id12628 . -1) (undo-tree-id12629 . -1) (undo-tree-id12630 . -1) (undo-tree-id12631 . -1) (undo-tree-id12632 . -1) (undo-tree-id12633 . -1) (undo-tree-id12634 . -1) (undo-tree-id12635 . -1) (undo-tree-id12636 . -1) (undo-tree-id12637 . -1) (undo-tree-id12638 . -1) (undo-tree-id12639 . -1) (undo-tree-id12640 . -1) (undo-tree-id12641 . -1) (undo-tree-id12642 . -1) (undo-tree-id12643 . -1) (undo-tree-id12644 . -1) (undo-tree-id12645 . -1) (undo-tree-id12646 . -1) (undo-tree-id12647 . -1) (undo-tree-id12648 . -1) (undo-tree-id12649 . -1) (undo-tree-id12650 . -1) (undo-tree-id12651 . -1) (undo-tree-id12652 . -1) (undo-tree-id12653 . -1) (undo-tree-id12654 . -1) (undo-tree-id12655 . -1) (undo-tree-id12656 . -1) (undo-tree-id12657 . -1) (undo-tree-id12658 . -1) (undo-tree-id12659 . -1) (undo-tree-id12660 . -1) (undo-tree-id12661 . -1) (undo-tree-id12662 . -1) (undo-tree-id12663 . -1) (undo-tree-id12664 . -1) (undo-tree-id12665 . -1) (undo-tree-id12666 . -1) (undo-tree-id12667 . -1) (undo-tree-id12668 . -1) (undo-tree-id12669 . -1) (undo-tree-id12670 . -1) (undo-tree-id12671 . -1) (undo-tree-id12672 . -1) (undo-tree-id12673 . -1) (undo-tree-id12674 . -1) (undo-tree-id12675 . -1) (undo-tree-id12676 . -1) (undo-tree-id12677 . -1) (undo-tree-id12678 . -1) (undo-tree-id12679 . -1) (undo-tree-id12680 . -1) (undo-tree-id12681 . -1) (undo-tree-id12682 . -1) (undo-tree-id12683 . -1) (undo-tree-id12684 . -1) (undo-tree-id12685 . -1) (undo-tree-id12686 . -1) (undo-tree-id12687 . -1) (undo-tree-id12688 . -1) (undo-tree-id12689 . -1) (undo-tree-id12690 . -1) (undo-tree-id12691 . -1) (undo-tree-id12692 . -1) (undo-tree-id12693 . -1) (undo-tree-id12694 . -1) (undo-tree-id12695 . -1) (undo-tree-id12696 . -1) (undo-tree-id12697 . -1) (undo-tree-id12698 . -1) (undo-tree-id12699 . -1) (undo-tree-id12700 . -1) (undo-tree-id12701 . -1) (undo-tree-id12702 . -1) (undo-tree-id12703 . -1) (undo-tree-id12704 . -1) (undo-tree-id12705 . -1) (undo-tree-id12706 . -1) (undo-tree-id12707 . -1) (undo-tree-id12708 . -1) (undo-tree-id12709 . -1) (undo-tree-id12710 . -1) (undo-tree-id12711 . -1) (undo-tree-id12712 . -1) (undo-tree-id12713 . -1) (undo-tree-id12714 . -1) (undo-tree-id12715 . -1) (undo-tree-id12716 . -1) (undo-tree-id12717 . -1) (undo-tree-id12718 . -1) (undo-tree-id12719 . -1) (undo-tree-id12720 . -1) (undo-tree-id12721 . -1) (undo-tree-id12722 . -1) (undo-tree-id12723 . -1) (undo-tree-id12724 . -1) (undo-tree-id12725 . -1) (undo-tree-id12726 . -1) (undo-tree-id12727 . -1) (undo-tree-id12728 . -1) (undo-tree-id12729 . -1) (undo-tree-id12730 . -1) (undo-tree-id12731 . -1) (undo-tree-id12732 . -1) (undo-tree-id12733 . -1) (undo-tree-id12734 . -1) (undo-tree-id12735 . -1) (undo-tree-id12736 . -1) (undo-tree-id12737 . -1) (undo-tree-id12738 . -1) (undo-tree-id12739 . -1) (undo-tree-id12740 . -1) (undo-tree-id12741 . -1) (undo-tree-id12742 . -1) (undo-tree-id12743 . -1) (undo-tree-id12744 . -1) (undo-tree-id12745 . -1) (undo-tree-id12746 . -1) (undo-tree-id12747 . -1) (undo-tree-id12748 . -1) (undo-tree-id12749 . -1) (undo-tree-id12750 . -1) (undo-tree-id12751 . -1) (undo-tree-id12752 . -1) (undo-tree-id12753 . -1) (undo-tree-id12754 . -1) (undo-tree-id12755 . -1) (undo-tree-id12756 . -1) (undo-tree-id12757 . -1) (undo-tree-id12758 . -1) (undo-tree-id12759 . -1) (undo-tree-id12760 . -1) (undo-tree-id12761 . -1) (undo-tree-id12762 . -1) (undo-tree-id12763 . -1) (undo-tree-id12764 . -1) (undo-tree-id12765 . -1) (undo-tree-id12766 . -1) (undo-tree-id12767 . -1) (undo-tree-id12768 . -1) (undo-tree-id12769 . -1) (undo-tree-id12770 . -1) (undo-tree-id12771 . -1) (undo-tree-id12772 . -1) (undo-tree-id12773 . -1) (undo-tree-id12774 . -1) (undo-tree-id12775 . -1) (undo-tree-id12776 . -1) (undo-tree-id12777 . -1) (undo-tree-id12778 . -1) (undo-tree-id12779 . -1) (undo-tree-id12780 . -1) (undo-tree-id12781 . -1) (undo-tree-id12782 . -1) (undo-tree-id12783 . -1) (undo-tree-id12784 . -1) (undo-tree-id12785 . -1) (undo-tree-id12786 . -1) (undo-tree-id12787 . -1) (undo-tree-id12788 . -1) (undo-tree-id12789 . -1) (undo-tree-id12790 . -1) (undo-tree-id12791 . -1) (undo-tree-id12792 . -1) (undo-tree-id12793 . -1) (undo-tree-id12794 . -1) (undo-tree-id12795 . -1) (undo-tree-id12796 . -1) (undo-tree-id12797 . -1) (undo-tree-id12798 . -1) (undo-tree-id12799 . -1) (undo-tree-id12800 . -1) (undo-tree-id12801 . -1) (undo-tree-id12802 . -1) (undo-tree-id12803 . -1) (undo-tree-id12804 . -1) (undo-tree-id12805 . -1) (undo-tree-id12806 . -1) (undo-tree-id12807 . -1) (undo-tree-id12808 . -1) (undo-tree-id12809 . -1) (undo-tree-id12810 . -1) (undo-tree-id12811 . -1) (undo-tree-id12812 . -1) (undo-tree-id12813 . -1) (undo-tree-id12814 . -1) (undo-tree-id12815 . -1) (undo-tree-id12816 . -1) (undo-tree-id12817 . -1) (undo-tree-id12818 . -1) (undo-tree-id12819 . -1) (undo-tree-id12820 . -1) (undo-tree-id12821 . -1) (undo-tree-id12822 . -1) (undo-tree-id12823 . -1) (undo-tree-id12824 . -1) (undo-tree-id12825 . -1) (undo-tree-id12826 . -1) (undo-tree-id12827 . -1) (undo-tree-id12828 . -1) (undo-tree-id12829 . -1) (undo-tree-id12830 . -1) (undo-tree-id12831 . -1) (undo-tree-id12832 . -1) (undo-tree-id12833 . -1) (undo-tree-id12834 . -1) (undo-tree-id12835 . -1) (undo-tree-id12836 . -1) (undo-tree-id12837 . -1) (undo-tree-id12838 . -1) (undo-tree-id12839 . -1) (undo-tree-id12840 . -1) (undo-tree-id12841 . -1) (undo-tree-id12842 . -1) (undo-tree-id12843 . -1) (undo-tree-id12844 . -1) (undo-tree-id12845 . -1) (undo-tree-id12846 . -1) (undo-tree-id12847 . -1) (undo-tree-id12848 . -1) (undo-tree-id12849 . -1) (undo-tree-id12850 . -1) (undo-tree-id12851 . -1) (undo-tree-id12852 . -1) (undo-tree-id12853 . -1) (undo-tree-id12854 . -1) (undo-tree-id12855 . -1) (undo-tree-id12856 . -1) (undo-tree-id12857 . -1) (undo-tree-id12858 . -1) (undo-tree-id12859 . -1) (undo-tree-id12860 . -1) (undo-tree-id12861 . -1) (undo-tree-id12862 . -1) (undo-tree-id12863 . -1) (undo-tree-id12864 . -1) (undo-tree-id12865 . -1) (undo-tree-id12866 . -1) (undo-tree-id12867 . -1) (undo-tree-id12868 . -1) (undo-tree-id12869 . -1) (undo-tree-id12870 . -1) (undo-tree-id12871 . -1) (undo-tree-id12872 . -1) (undo-tree-id12873 . -1) (undo-tree-id12874 . -1) (undo-tree-id12875 . -1) (undo-tree-id12876 . -1) (undo-tree-id12877 . -1) (undo-tree-id12878 . -1) (undo-tree-id12879 . -1) (undo-tree-id12880 . -1) (undo-tree-id12881 . -1) (undo-tree-id12882 . -1) (undo-tree-id12883 . -1) (undo-tree-id12884 . -1) (undo-tree-id12885 . -1) (undo-tree-id12886 . -1) (undo-tree-id12887 . -1) (undo-tree-id12888 . -1) (undo-tree-id12889 . -1) (undo-tree-id12890 . -1) (undo-tree-id12891 . -1) (undo-tree-id12892 . -1) (undo-tree-id12893 . -1) (undo-tree-id12894 . -1) (undo-tree-id12895 . -1) (undo-tree-id12896 . -1) (undo-tree-id12897 . -1) (undo-tree-id12898 . -1) (undo-tree-id12899 . -1) (undo-tree-id12900 . -1) (undo-tree-id12901 . -1) (undo-tree-id12902 . -1) (undo-tree-id12903 . -1) (undo-tree-id12904 . -1) (undo-tree-id12905 . -1) (undo-tree-id12906 . -1) (undo-tree-id12907 . -1) (undo-tree-id12908 . -1) (undo-tree-id12909 . -1) (undo-tree-id12910 . -1) (undo-tree-id12911 . -1) (undo-tree-id12912 . -1) (undo-tree-id12913 . -1) (undo-tree-id12914 . -1) (undo-tree-id12915 . -1) (undo-tree-id12916 . -1) (undo-tree-id12917 . -1) (undo-tree-id12918 . -1) (undo-tree-id12919 . -1) (undo-tree-id12920 . -1) (undo-tree-id12921 . -1) (undo-tree-id12922 . -1) (undo-tree-id12923 . -1) (undo-tree-id12924 . -1) (undo-tree-id12925 . -1) (undo-tree-id12926 . -1) (undo-tree-id12927 . -1) (undo-tree-id12928 . -1) (undo-tree-id12929 . -1) (undo-tree-id12930 . -1) (undo-tree-id12931 . -1) (undo-tree-id12932 . -1) (undo-tree-id12933 . -1) (#("9" 0 1 (fontified t)) . -10307) (undo-tree-id12934 . -1) (undo-tree-id12935 . -1) (undo-tree-id12936 . -1) (undo-tree-id12937 . -1) (undo-tree-id12938 . -1) (undo-tree-id12939 . -1) (undo-tree-id12940 . -1) (undo-tree-id12941 . -1) (undo-tree-id12942 . -1) (undo-tree-id12943 . -1) (undo-tree-id12944 . -1) (undo-tree-id12945 . -1) (undo-tree-id12946 . -1) (undo-tree-id12947 . -1) (undo-tree-id12948 . -1) (undo-tree-id12949 . -1) (undo-tree-id12950 . -1) (undo-tree-id12951 . -1) (undo-tree-id12952 . -1) (undo-tree-id12953 . -1) (undo-tree-id12954 . -1) (undo-tree-id12955 . -1) (undo-tree-id12956 . -1) (undo-tree-id12957 . -1) (undo-tree-id12958 . -1) (undo-tree-id12959 . -1) (undo-tree-id12960 . -1) (undo-tree-id12961 . -1) (undo-tree-id12962 . -1) (undo-tree-id12963 . -1) (undo-tree-id12964 . -1) (undo-tree-id12965 . -1) (undo-tree-id12966 . -1) (undo-tree-id12967 . -1) (undo-tree-id12968 . -1) (undo-tree-id12969 . -1) (undo-tree-id12970 . -1) (undo-tree-id12971 . -1) (undo-tree-id12972 . -1) (undo-tree-id12973 . -1) (undo-tree-id12974 . -1) (undo-tree-id12975 . -1) (undo-tree-id12976 . -1) (undo-tree-id12977 . -1) (undo-tree-id12978 . -1) (undo-tree-id12979 . -1) (undo-tree-id12980 . -1) (undo-tree-id12981 . -1) (undo-tree-id12982 . -1) (undo-tree-id12983 . -1) (undo-tree-id12984 . -1) (undo-tree-id12985 . -1) (undo-tree-id12986 . -1) (undo-tree-id12987 . -1) (undo-tree-id12988 . -1) (undo-tree-id12989 . -1) (undo-tree-id12990 . -1) (undo-tree-id12991 . -1) (undo-tree-id12992 . -1) (undo-tree-id12993 . -1) (undo-tree-id12994 . -1) (undo-tree-id12995 . -1) (undo-tree-id12996 . -1) (undo-tree-id12997 . -1) (undo-tree-id12998 . -1) (undo-tree-id12999 . -1) (undo-tree-id13000 . -1) (undo-tree-id13001 . -1) (undo-tree-id13002 . -1) (undo-tree-id13003 . -1) (undo-tree-id13004 . -1) (undo-tree-id13005 . -1) (undo-tree-id13006 . -1) (undo-tree-id13007 . -1) (undo-tree-id13008 . -1) (undo-tree-id13009 . -1) (undo-tree-id13010 . -1) (undo-tree-id13011 . -1) (undo-tree-id13012 . -1) (undo-tree-id13013 . -1) (undo-tree-id13014 . -1) (undo-tree-id13015 . -1) (undo-tree-id13016 . -1) (undo-tree-id13017 . -1) (undo-tree-id13018 . -1) (undo-tree-id13019 . -1) (undo-tree-id13020 . -1) (undo-tree-id13021 . -1) (undo-tree-id13022 . -1) (undo-tree-id13023 . -1) (undo-tree-id13024 . -1) (undo-tree-id13025 . -1) (undo-tree-id13026 . -1) (undo-tree-id13027 . -1) (undo-tree-id13028 . -1) (undo-tree-id13029 . -1) (undo-tree-id13030 . -1) (undo-tree-id13031 . -1) (undo-tree-id13032 . -1) (undo-tree-id13033 . -1) (undo-tree-id13034 . -1) (undo-tree-id13035 . -1) (undo-tree-id13036 . -1) (undo-tree-id13037 . -1) (undo-tree-id13038 . -1) (undo-tree-id13039 . -1) (undo-tree-id13040 . -1) (undo-tree-id13041 . -1) (undo-tree-id13042 . -1) (undo-tree-id13043 . -1) (undo-tree-id13044 . -1) (undo-tree-id13045 . -1) (undo-tree-id13046 . -1) (undo-tree-id13047 . -1) (undo-tree-id13048 . -1) (undo-tree-id13049 . -1) (undo-tree-id13050 . -1) (undo-tree-id13051 . -1) (undo-tree-id13052 . -1) (undo-tree-id13053 . -1) (undo-tree-id13054 . -1) (undo-tree-id13055 . -1) (undo-tree-id13056 . -1) (undo-tree-id13057 . -1) (undo-tree-id13058 . -1) (undo-tree-id13059 . -1) (undo-tree-id13060 . -1) (undo-tree-id13061 . -1) (undo-tree-id13062 . -1) (undo-tree-id13063 . -1) (undo-tree-id13064 . -1) (undo-tree-id13065 . -1) (undo-tree-id13066 . -1) (undo-tree-id13067 . -1) (undo-tree-id13068 . -1) (undo-tree-id13069 . -1) (undo-tree-id13070 . -1) (undo-tree-id13071 . -1) (undo-tree-id13072 . -1) (undo-tree-id13073 . -1) (undo-tree-id13074 . -1) (undo-tree-id13075 . -1) (undo-tree-id13076 . -1) (undo-tree-id13077 . -1) (undo-tree-id13078 . -1) (undo-tree-id13079 . -1) (undo-tree-id13080 . -1) (undo-tree-id13081 . -1) (undo-tree-id13082 . -1) (undo-tree-id13083 . -1) (undo-tree-id13084 . -1) (undo-tree-id13085 . -1) (undo-tree-id13086 . -1) (undo-tree-id13087 . -1) (undo-tree-id13088 . -1) (undo-tree-id13089 . -1) (undo-tree-id13090 . -1) (undo-tree-id13091 . -1) (undo-tree-id13092 . -1) (undo-tree-id13093 . -1) (undo-tree-id13094 . -1) (undo-tree-id13095 . -1) (undo-tree-id13096 . -1) (undo-tree-id13097 . -1) (undo-tree-id13098 . -1) (undo-tree-id13099 . -1) (undo-tree-id13100 . -1) (undo-tree-id13101 . -1) (undo-tree-id13102 . -1) (undo-tree-id13103 . -1) (undo-tree-id13104 . -1) (undo-tree-id13105 . -1) (undo-tree-id13106 . -1) (undo-tree-id13107 . -1) (undo-tree-id13108 . -1) (undo-tree-id13109 . -1) (undo-tree-id13110 . -1) (undo-tree-id13111 . -1) (undo-tree-id13112 . -1) (undo-tree-id13113 . -1) (undo-tree-id13114 . -1) (undo-tree-id13115 . -1) (undo-tree-id13116 . -1) (undo-tree-id13117 . -1) (undo-tree-id13118 . -1) (undo-tree-id13119 . -1) (undo-tree-id13120 . -1) (undo-tree-id13121 . -1) (undo-tree-id13122 . -1) (undo-tree-id13123 . -1) (undo-tree-id13124 . -1) (undo-tree-id13125 . -1) (undo-tree-id13126 . -1) (undo-tree-id13127 . -1) (undo-tree-id13128 . -1) (undo-tree-id13129 . -1) (undo-tree-id13130 . -1) (undo-tree-id13131 . -1) (undo-tree-id13132 . -1) (undo-tree-id13133 . -1) (undo-tree-id13134 . -1) (undo-tree-id13135 . -1) (undo-tree-id13136 . -1) (undo-tree-id13137 . -1) (undo-tree-id13138 . -1) (undo-tree-id13139 . -1) (undo-tree-id13140 . -1) (undo-tree-id13141 . -1) (undo-tree-id13142 . -1) (undo-tree-id13143 . -1) (undo-tree-id13144 . -1) (undo-tree-id13145 . -1) (undo-tree-id13146 . -1) (undo-tree-id13147 . -1) (undo-tree-id13148 . -1) (undo-tree-id13149 . -1) (undo-tree-id13150 . -1) (undo-tree-id13151 . -1) (undo-tree-id13152 . -1) (undo-tree-id13153 . -1) (undo-tree-id13154 . -1) (undo-tree-id13155 . -1) (undo-tree-id13156 . -1) (undo-tree-id13157 . -1) (undo-tree-id13158 . -1) (undo-tree-id13159 . -1) (undo-tree-id13160 . -1) (undo-tree-id13161 . -1) (undo-tree-id13162 . -1) (undo-tree-id13163 . -1) (undo-tree-id13164 . -1) (undo-tree-id13165 . -1) (undo-tree-id13166 . -1) (undo-tree-id13167 . -1) (undo-tree-id13168 . -1) (undo-tree-id13169 . -1) (undo-tree-id13170 . -1) (undo-tree-id13171 . -1) (undo-tree-id13172 . -1) (undo-tree-id13173 . -1) (undo-tree-id13174 . -1) (undo-tree-id13175 . -1) (undo-tree-id13176 . -1) (undo-tree-id13177 . -1) (undo-tree-id13178 . -1) (undo-tree-id13179 . -1) (undo-tree-id13180 . -1) (undo-tree-id13181 . -1) (undo-tree-id13182 . -1) (undo-tree-id13183 . -1) (undo-tree-id13184 . -1) (undo-tree-id13185 . -1) (undo-tree-id13186 . -1) (undo-tree-id13187 . -1) (undo-tree-id13188 . -1) (undo-tree-id13189 . -1) (undo-tree-id13190 . -1) (undo-tree-id13191 . -1) (undo-tree-id13192 . -1) (undo-tree-id13193 . -1) (undo-tree-id13194 . -1) (undo-tree-id13195 . -1) (undo-tree-id13196 . -1) (undo-tree-id13197 . -1) (undo-tree-id13198 . -1) (undo-tree-id13199 . -1) (undo-tree-id13200 . -1) (undo-tree-id13201 . -1) (undo-tree-id13202 . -1) (undo-tree-id13203 . -1) (undo-tree-id13204 . -1) (undo-tree-id13205 . -1) (undo-tree-id13206 . -1) (undo-tree-id13207 . -1) (undo-tree-id13208 . -1) (undo-tree-id13209 . -1) (undo-tree-id13210 . -1) (undo-tree-id13211 . -1) (undo-tree-id13212 . -1) (undo-tree-id13213 . -1) (undo-tree-id13214 . -1) (undo-tree-id13215 . -1) (undo-tree-id13216 . -1) (undo-tree-id13217 . -1) (undo-tree-id13218 . -1) (undo-tree-id13219 . -1) (undo-tree-id13220 . -1) (undo-tree-id13221 . -1) (undo-tree-id13222 . -1) (undo-tree-id13223 . -1) (undo-tree-id13224 . -1) (undo-tree-id13225 . -1) (undo-tree-id13226 . -1) (undo-tree-id13227 . -1) (undo-tree-id13228 . -1) (undo-tree-id13229 . -1) (undo-tree-id13230 . -1) (undo-tree-id13231 . -1) (undo-tree-id13232 . -1) (undo-tree-id13233 . -1) (undo-tree-id13234 . -1) (undo-tree-id13235 . -1) (undo-tree-id13236 . -1) (undo-tree-id13237 . -1) (undo-tree-id13238 . -1) (undo-tree-id13239 . -1) (undo-tree-id13240 . -1) (undo-tree-id13241 . -1) (undo-tree-id13242 . -1) (undo-tree-id13243 . -1) (undo-tree-id13244 . -1) (undo-tree-id13245 . -1) (undo-tree-id13246 . -1) (undo-tree-id13247 . -1) (undo-tree-id13248 . -1) (undo-tree-id13249 . -1) (undo-tree-id13250 . -1) (undo-tree-id13251 . -1) (undo-tree-id13252 . -1) (undo-tree-id13253 . -1) (undo-tree-id13254 . -1) (undo-tree-id13255 . -1) (undo-tree-id13256 . -1) (undo-tree-id13257 . -1) (undo-tree-id13258 . -1) (undo-tree-id13259 . -1) (undo-tree-id13260 . -1) (undo-tree-id13261 . -1) (undo-tree-id13262 . -1) (undo-tree-id13263 . -1) (undo-tree-id13264 . -1) (undo-tree-id13265 . -1) (undo-tree-id13266 . -1) (undo-tree-id13267 . -1) (undo-tree-id13268 . -1) (undo-tree-id13269 . -1) (undo-tree-id13270 . -1) (undo-tree-id13271 . -1) (undo-tree-id13272 . -1) (undo-tree-id13273 . -1) (undo-tree-id13274 . -1) (undo-tree-id13275 . -1) (undo-tree-id13276 . -1) (undo-tree-id13277 . -1) (undo-tree-id13278 . -1) (undo-tree-id13279 . -1) (undo-tree-id13280 . -1) (undo-tree-id13281 . -1) (undo-tree-id13282 . -1) (undo-tree-id13283 . -1) (undo-tree-id13284 . -1) (undo-tree-id13285 . -1) (undo-tree-id13286 . -1) (undo-tree-id13287 . -1) (undo-tree-id13288 . -1) (undo-tree-id13289 . -1) (undo-tree-id13290 . -1) (undo-tree-id13291 . -1) (undo-tree-id13292 . -1) (undo-tree-id13293 . -1) (undo-tree-id13294 . -1) (undo-tree-id13295 . -1) (undo-tree-id13296 . -1) (undo-tree-id13297 . -1) (undo-tree-id13298 . -1) (undo-tree-id13299 . -1) (undo-tree-id13300 . -1) (undo-tree-id13301 . -1) (undo-tree-id13302 . -1) (undo-tree-id13303 . -1) (undo-tree-id13304 . -1) (undo-tree-id13305 . -1) (undo-tree-id13306 . -1) (undo-tree-id13307 . -1) (undo-tree-id13308 . -1) (undo-tree-id13309 . -1) (undo-tree-id13310 . -1) (undo-tree-id13311 . -1) (undo-tree-id13312 . -1) (undo-tree-id13313 . -1) (undo-tree-id13314 . -1) (undo-tree-id13315 . -1) (undo-tree-id13316 . -1) (undo-tree-id13317 . -1) (undo-tree-id13318 . -1) (undo-tree-id13319 . -1) (undo-tree-id13320 . -1) (undo-tree-id13321 . -1) (undo-tree-id13322 . -1) (undo-tree-id13323 . -1) (undo-tree-id13324 . -1) (undo-tree-id13325 . -1) (undo-tree-id13326 . -1) (undo-tree-id13327 . -1) (undo-tree-id13328 . -1) (undo-tree-id13329 . -1) (undo-tree-id13330 . -1) (undo-tree-id13331 . -1) (undo-tree-id13332 . -1) (undo-tree-id13333 . -1) (undo-tree-id13334 . -1) (undo-tree-id13335 . -1) (undo-tree-id13336 . -1) (undo-tree-id13337 . -1) (undo-tree-id13338 . -1) (undo-tree-id13339 . -1) (undo-tree-id13340 . -1) (undo-tree-id13341 . -1) (undo-tree-id13342 . -1) (undo-tree-id13343 . -1) (undo-tree-id13344 . -1) (undo-tree-id13345 . -1) (undo-tree-id13346 . -1) (undo-tree-id13347 . -1) (undo-tree-id13348 . -1) (undo-tree-id13349 . -1) (undo-tree-id13350 . -1) (undo-tree-id13351 . -1) (undo-tree-id13352 . -1) (undo-tree-id13353 . -1) (undo-tree-id13354 . -1) (undo-tree-id13355 . -1) (undo-tree-id13356 . -1) (undo-tree-id13357 . -1) (undo-tree-id13358 . -1) (undo-tree-id13359 . -1) (undo-tree-id13360 . -1) (undo-tree-id13361 . -1) (undo-tree-id13362 . -1) (undo-tree-id13363 . -1) (undo-tree-id13364 . -1) (undo-tree-id13365 . -1) (undo-tree-id13366 . -1) (undo-tree-id13367 . -1) (undo-tree-id13368 . -1) (undo-tree-id13369 . -1) (undo-tree-id13370 . -1) (undo-tree-id13371 . -1) (undo-tree-id13372 . -1) (undo-tree-id13373 . -1) (undo-tree-id13374 . -1) (undo-tree-id13375 . -1) (undo-tree-id13376 . -1) (undo-tree-id13377 . -1) (undo-tree-id13378 . -1) (undo-tree-id13379 . -1) (undo-tree-id13380 . -1) (undo-tree-id13381 . -1) (undo-tree-id13382 . -1) (undo-tree-id13383 . -1) (undo-tree-id13384 . -1) (undo-tree-id13385 . -1) (undo-tree-id13386 . -1) (undo-tree-id13387 . -1) (undo-tree-id13388 . -1) (undo-tree-id13389 . -1) (undo-tree-id13390 . -1) (undo-tree-id13391 . -1) (undo-tree-id13392 . -1) (undo-tree-id13393 . -1) (undo-tree-id13394 . -1) (undo-tree-id13395 . -1) (undo-tree-id13396 . -1) (undo-tree-id13397 . -1) (undo-tree-id13398 . -1) (undo-tree-id13399 . -1) (undo-tree-id13400 . -1) (undo-tree-id13401 . -1) (undo-tree-id13402 . -1) (undo-tree-id13403 . -1) (undo-tree-id13404 . -1) (undo-tree-id13405 . -1) (undo-tree-id13406 . -1) (undo-tree-id13407 . -1) (undo-tree-id13408 . -1) (undo-tree-id13409 . -1) (undo-tree-id13410 . -1) (undo-tree-id13411 . -1) (undo-tree-id13412 . -1) (undo-tree-id13413 . -1) (undo-tree-id13414 . -1) (undo-tree-id13415 . -1) (undo-tree-id13416 . -1) (undo-tree-id13417 . -1) (undo-tree-id13418 . -1) (undo-tree-id13419 . -1) (undo-tree-id13420 . -1) (undo-tree-id13421 . -1) (undo-tree-id13422 . -1) (undo-tree-id13423 . -1) (undo-tree-id13424 . -1) (undo-tree-id13425 . -1) (undo-tree-id13426 . -1) (undo-tree-id13427 . -1) (undo-tree-id13428 . -1) (undo-tree-id13429 . -1) (undo-tree-id13430 . -1) (undo-tree-id13431 . -1) (undo-tree-id13432 . -1) (undo-tree-id13433 . -1) (undo-tree-id13434 . -1) (undo-tree-id13435 . -1) (undo-tree-id13436 . -1) (undo-tree-id13437 . -1) (undo-tree-id13438 . -1) (undo-tree-id13439 . -1) (undo-tree-id13440 . -1) (undo-tree-id13441 . -1) (undo-tree-id13442 . -1) (undo-tree-id13443 . -1) (undo-tree-id13444 . -1) (undo-tree-id13445 . -1) (undo-tree-id13446 . -1) (undo-tree-id13447 . -1) (undo-tree-id13448 . -1) (undo-tree-id13449 . -1) (undo-tree-id13450 . -1) (undo-tree-id13451 . -1) (undo-tree-id13452 . -1) (undo-tree-id13453 . -1) (undo-tree-id13454 . -1) (undo-tree-id13455 . -1) (undo-tree-id13456 . -1) (undo-tree-id13457 . -1) (undo-tree-id13458 . -1) (undo-tree-id13459 . -1) (undo-tree-id13460 . -1) (undo-tree-id13461 . -1) (undo-tree-id13462 . -1) (undo-tree-id13463 . -1) (undo-tree-id13464 . -1) (undo-tree-id13465 . -1) (undo-tree-id13466 . -1) (undo-tree-id13467 . -1) (undo-tree-id13468 . -1) (undo-tree-id13469 . -1) (undo-tree-id13470 . -1) (undo-tree-id13471 . -1) (undo-tree-id13472 . -1) (undo-tree-id13473 . -1) (undo-tree-id13474 . -1) (undo-tree-id13475 . -1) (undo-tree-id13476 . -1) (undo-tree-id13477 . -1) (undo-tree-id13478 . -1) (undo-tree-id13479 . -1) (undo-tree-id13480 . -1) (undo-tree-id13481 . -1) (undo-tree-id13482 . -1) (undo-tree-id13483 . -1) (undo-tree-id13484 . -1) (undo-tree-id13485 . -1) (undo-tree-id13486 . -1) (undo-tree-id13487 . -1) (undo-tree-id13488 . -1) (undo-tree-id13489 . -1) (undo-tree-id13490 . -1) (undo-tree-id13491 . -1) (undo-tree-id13492 . -1) (undo-tree-id13493 . -1) (undo-tree-id13494 . -1) (undo-tree-id13495 . -1) (undo-tree-id13496 . -1) (undo-tree-id13497 . -1) (undo-tree-id13498 . -1) (undo-tree-id13499 . -1) (undo-tree-id13500 . -1) (undo-tree-id13501 . -1) (undo-tree-id13502 . -1) (undo-tree-id13503 . -1) (undo-tree-id13504 . -1) (undo-tree-id13505 . -1) (undo-tree-id13506 . -1) (undo-tree-id13507 . -1) (undo-tree-id13508 . -1) (undo-tree-id13509 . -1) (undo-tree-id13510 . -1) (undo-tree-id13511 . -1) (undo-tree-id13512 . -1) (undo-tree-id13513 . -1) (undo-tree-id13514 . -1) (undo-tree-id13515 . -1) (undo-tree-id13516 . -1) (undo-tree-id13517 . -1) (undo-tree-id13518 . -1) (undo-tree-id13519 . -1) (undo-tree-id13520 . -1) (undo-tree-id13521 . -1) (undo-tree-id13522 . -1) (undo-tree-id13523 . -1) (undo-tree-id13524 . -1) (undo-tree-id13525 . -1) (undo-tree-id13526 . -1) (undo-tree-id13527 . -1) (undo-tree-id13528 . -1) (undo-tree-id13529 . -1) (undo-tree-id13530 . -1) (undo-tree-id13531 . -1) (undo-tree-id13532 . -1) (undo-tree-id13533 . -1) (undo-tree-id13534 . -1) (undo-tree-id13535 . -1) (undo-tree-id13536 . -1) (undo-tree-id13537 . -1) (undo-tree-id13538 . -1) (undo-tree-id13539 . -1) (undo-tree-id13540 . -1) (undo-tree-id13541 . -1) (undo-tree-id13542 . -1) (undo-tree-id13543 . -1) (undo-tree-id13544 . -1) (undo-tree-id13545 . -1) (undo-tree-id13546 . -1) (undo-tree-id13547 . -1) (undo-tree-id13548 . -1) (undo-tree-id13549 . -1) (undo-tree-id13550 . -1) (undo-tree-id13551 . -1) (undo-tree-id13552 . -1) (undo-tree-id13553 . -1) (undo-tree-id13554 . -1) (undo-tree-id13555 . -1) (undo-tree-id13556 . -1) (undo-tree-id13557 . -1) (undo-tree-id13558 . -1) (undo-tree-id13559 . -1) (undo-tree-id13560 . -1) (undo-tree-id13561 . -1) (undo-tree-id13562 . -1) (undo-tree-id13563 . -1) (undo-tree-id13564 . -1) (undo-tree-id13565 . -1) (undo-tree-id13566 . -1) (undo-tree-id13567 . -1) (undo-tree-id13568 . -1) (undo-tree-id13569 . -1) (undo-tree-id13570 . -1) (undo-tree-id13571 . -1) (undo-tree-id13572 . -1) (undo-tree-id13573 . -1) (undo-tree-id13574 . -1) (undo-tree-id13575 . -1) (undo-tree-id13576 . -1) (undo-tree-id13577 . -1) (undo-tree-id13578 . -1) (undo-tree-id13579 . -1) (undo-tree-id13580 . -1) (undo-tree-id13581 . -1) (undo-tree-id13582 . -1) (undo-tree-id13583 . -1) (undo-tree-id13584 . -1) (undo-tree-id13585 . -1) (undo-tree-id13586 . -1) (undo-tree-id13587 . -1) (undo-tree-id13588 . -1) (undo-tree-id13589 . -1) (undo-tree-id13590 . -1) (undo-tree-id13591 . -1) (undo-tree-id13592 . -1) (undo-tree-id13593 . -1) (undo-tree-id13594 . -1) (undo-tree-id13595 . -1) (undo-tree-id13596 . -1) (undo-tree-id13597 . -1) (undo-tree-id13598 . -1) (undo-tree-id13599 . -1) (undo-tree-id13600 . -1) (undo-tree-id13601 . -1) (undo-tree-id13602 . -1) (undo-tree-id13603 . -1) (undo-tree-id13604 . -1) (undo-tree-id13605 . -1) (undo-tree-id13606 . -1) (undo-tree-id13607 . -1) (undo-tree-id13608 . -1) (undo-tree-id13609 . -1) (undo-tree-id13610 . -1) (undo-tree-id13611 . -1) (undo-tree-id13612 . -1) (undo-tree-id13613 . -1) (undo-tree-id13614 . -1) (undo-tree-id13615 . -1) (undo-tree-id13616 . -1) (undo-tree-id13617 . -1) (undo-tree-id13618 . -1) (undo-tree-id13619 . -1) (undo-tree-id13620 . -1) (undo-tree-id13621 . -1) (undo-tree-id13622 . -1) (undo-tree-id13623 . -1) (undo-tree-id13624 . -1) (undo-tree-id13625 . -1) (undo-tree-id13626 . -1) (undo-tree-id13627 . -1) (undo-tree-id13628 . -1) (undo-tree-id13629 . -1) (undo-tree-id13630 . -1) (undo-tree-id13631 . -1) (undo-tree-id13632 . -1) (undo-tree-id13633 . -1) (undo-tree-id13634 . -1) (undo-tree-id13635 . -1) (undo-tree-id13636 . -1) (undo-tree-id13637 . -1) (undo-tree-id13638 . -1) (undo-tree-id13639 . -1) (undo-tree-id13640 . -1) (undo-tree-id13641 . -1) (undo-tree-id13642 . -1) (undo-tree-id13643 . -1) (undo-tree-id13644 . -1) (undo-tree-id13645 . -1) (undo-tree-id13646 . -1) (undo-tree-id13647 . -1) (undo-tree-id13648 . -1) (undo-tree-id13649 . -1) (undo-tree-id13650 . -1) (undo-tree-id13651 . -1) (undo-tree-id13652 . -1) (undo-tree-id13653 . -1) (undo-tree-id13654 . -1) (undo-tree-id13655 . -1) (undo-tree-id13656 . -1) (undo-tree-id13657 . -1) (undo-tree-id13658 . -1) (undo-tree-id13659 . -1) (undo-tree-id13660 . -1) (undo-tree-id13661 . -1) (undo-tree-id13662 . -1) (undo-tree-id13663 . -1) (undo-tree-id13664 . -1) (undo-tree-id13665 . -1) (undo-tree-id13666 . -1) (undo-tree-id13667 . -1) (undo-tree-id13668 . -1) (undo-tree-id13669 . -1) (undo-tree-id13670 . -1) (undo-tree-id13671 . -1) (#("!" 0 1 (fontified t)) . -10308) (undo-tree-id13672 . -1) (undo-tree-id13673 . -1) (undo-tree-id13674 . -1) (undo-tree-id13675 . -1) (undo-tree-id13676 . -1) (undo-tree-id13677 . -1) (undo-tree-id13678 . -1) (undo-tree-id13679 . -1) (undo-tree-id13680 . -1) (undo-tree-id13681 . -1) (undo-tree-id13682 . -1) (undo-tree-id13683 . -1) (undo-tree-id13684 . -1) (undo-tree-id13685 . -1) (undo-tree-id13686 . -1) (undo-tree-id13687 . -1) (undo-tree-id13688 . -1) (undo-tree-id13689 . -1) (undo-tree-id13690 . -1) (undo-tree-id13691 . -1) (undo-tree-id13692 . -1) (undo-tree-id13693 . -1) (undo-tree-id13694 . -1) (undo-tree-id13695 . -1) (undo-tree-id13696 . -1) (undo-tree-id13697 . -1) (undo-tree-id13698 . -1) (undo-tree-id13699 . -1) (undo-tree-id13700 . -1) (undo-tree-id13701 . -1) (undo-tree-id13702 . -1) (undo-tree-id13703 . -1) (undo-tree-id13704 . -1) (undo-tree-id13705 . -1) (undo-tree-id13706 . -1) (undo-tree-id13707 . -1) (undo-tree-id13708 . -1) (undo-tree-id13709 . -1) (undo-tree-id13710 . -1) (undo-tree-id13711 . -1) (undo-tree-id13712 . -1) (undo-tree-id13713 . -1) (undo-tree-id13714 . -1) (undo-tree-id13715 . -1) (undo-tree-id13716 . -1) (undo-tree-id13717 . -1) (undo-tree-id13718 . -1) (undo-tree-id13719 . -1) (undo-tree-id13720 . -1) (undo-tree-id13721 . -1) (undo-tree-id13722 . -1) (undo-tree-id13723 . -1) (undo-tree-id13724 . -1) (undo-tree-id13725 . -1) (undo-tree-id13726 . -1) (undo-tree-id13727 . -1) (undo-tree-id13728 . -1) (undo-tree-id13729 . -1) (undo-tree-id13730 . -1) (undo-tree-id13731 . -1) (undo-tree-id13732 . -1) (undo-tree-id13733 . -1) (undo-tree-id13734 . -1) (undo-tree-id13735 . -1) (undo-tree-id13736 . -1) (undo-tree-id13737 . -1) (undo-tree-id13738 . -1) (undo-tree-id13739 . -1) (undo-tree-id13740 . -1) (undo-tree-id13741 . -1) (undo-tree-id13742 . -1) (undo-tree-id13743 . -1) (undo-tree-id13744 . -1) (undo-tree-id13745 . -1) (undo-tree-id13746 . -1) (undo-tree-id13747 . -1) (undo-tree-id13748 . -1) (undo-tree-id13749 . -1) (undo-tree-id13750 . -1) (undo-tree-id13751 . -1) (undo-tree-id13752 . -1) (undo-tree-id13753 . -1) (undo-tree-id13754 . -1) (undo-tree-id13755 . -1) (undo-tree-id13756 . -1) (undo-tree-id13757 . -1) (undo-tree-id13758 . -1) (undo-tree-id13759 . -1) (undo-tree-id13760 . -1) (undo-tree-id13761 . -1) (undo-tree-id13762 . -1) (undo-tree-id13763 . -1) (undo-tree-id13764 . -1) (undo-tree-id13765 . -1) (undo-tree-id13766 . -1) (undo-tree-id13767 . -1) (undo-tree-id13768 . -1) (undo-tree-id13769 . -1) (undo-tree-id13770 . -1) (undo-tree-id13771 . -1) (undo-tree-id13772 . -1) (undo-tree-id13773 . -1) (undo-tree-id13774 . -1) (undo-tree-id13775 . -1) (undo-tree-id13776 . -1) (undo-tree-id13777 . -1) (undo-tree-id13778 . -1) (undo-tree-id13779 . -1) (undo-tree-id13780 . -1) (undo-tree-id13781 . -1) (undo-tree-id13782 . -1) (undo-tree-id13783 . -1) (undo-tree-id13784 . -1) (undo-tree-id13785 . -1) (undo-tree-id13786 . -1) (undo-tree-id13787 . -1) (undo-tree-id13788 . -1) (undo-tree-id13789 . -1) (undo-tree-id13790 . -1) (undo-tree-id13791 . -1) (undo-tree-id13792 . -1) (undo-tree-id13793 . -1) (undo-tree-id13794 . -1) (undo-tree-id13795 . -1) (undo-tree-id13796 . -1) (undo-tree-id13797 . -1) (undo-tree-id13798 . -1) (undo-tree-id13799 . -1) (undo-tree-id13800 . -1) (undo-tree-id13801 . -1) (undo-tree-id13802 . -1) (undo-tree-id13803 . -1) (undo-tree-id13804 . -1) (undo-tree-id13805 . -1) (undo-tree-id13806 . -1) (undo-tree-id13807 . -1) (undo-tree-id13808 . -1) (undo-tree-id13809 . -1) (undo-tree-id13810 . -1) (undo-tree-id13811 . -1) (undo-tree-id13812 . -1) (undo-tree-id13813 . -1) (undo-tree-id13814 . -1) (undo-tree-id13815 . -1) (undo-tree-id13816 . -1) (undo-tree-id13817 . -1) (undo-tree-id13818 . -1) (undo-tree-id13819 . -1) (undo-tree-id13820 . -1) (undo-tree-id13821 . -1) (undo-tree-id13822 . -1) (undo-tree-id13823 . -1) (undo-tree-id13824 . -1) (undo-tree-id13825 . -1) (undo-tree-id13826 . -1) (undo-tree-id13827 . -1) (undo-tree-id13828 . -1) (undo-tree-id13829 . -1) (undo-tree-id13830 . -1) (undo-tree-id13831 . -1) (undo-tree-id13832 . -1) (undo-tree-id13833 . -1) (undo-tree-id13834 . -1) (undo-tree-id13835 . -1) (undo-tree-id13836 . -1) (undo-tree-id13837 . -1) (undo-tree-id13838 . -1) (undo-tree-id13839 . -1) (undo-tree-id13840 . -1) (undo-tree-id13841 . -1) (undo-tree-id13842 . -1) (undo-tree-id13843 . -1) (undo-tree-id13844 . -1) (undo-tree-id13845 . -1) (undo-tree-id13846 . -1) (undo-tree-id13847 . -1) (undo-tree-id13848 . -1) (undo-tree-id13849 . -1) (undo-tree-id13850 . -1) (undo-tree-id13851 . -1) (undo-tree-id13852 . -1) (undo-tree-id13853 . -1) (undo-tree-id13854 . -1) (undo-tree-id13855 . -1) (undo-tree-id13856 . -1) (undo-tree-id13857 . -1) (undo-tree-id13858 . -1) (undo-tree-id13859 . -1) (undo-tree-id13860 . -1) (undo-tree-id13861 . -1) (undo-tree-id13862 . -1) (undo-tree-id13863 . -1) (undo-tree-id13864 . -1) (undo-tree-id13865 . -1) (undo-tree-id13866 . -1) (undo-tree-id13867 . -1) (undo-tree-id13868 . -1) (undo-tree-id13869 . -1) (undo-tree-id13870 . -1) (undo-tree-id13871 . -1) (undo-tree-id13872 . -1) (undo-tree-id13873 . -1) (undo-tree-id13874 . -1) (undo-tree-id13875 . -1) (undo-tree-id13876 . -1) (undo-tree-id13877 . -1) (undo-tree-id13878 . -1) (undo-tree-id13879 . -1) (undo-tree-id13880 . -1) (undo-tree-id13881 . -1) (undo-tree-id13882 . -1) (undo-tree-id13883 . -1) (undo-tree-id13884 . -1) (undo-tree-id13885 . -1) (undo-tree-id13886 . -1) (undo-tree-id13887 . -1) (undo-tree-id13888 . -1) (undo-tree-id13889 . -1) (undo-tree-id13890 . -1) (undo-tree-id13891 . -1) (undo-tree-id13892 . -1) (undo-tree-id13893 . -1) (undo-tree-id13894 . -1) (undo-tree-id13895 . -1) (undo-tree-id13896 . -1) (undo-tree-id13897 . -1) (undo-tree-id13898 . -1) (undo-tree-id13899 . -1) (undo-tree-id13900 . -1) (undo-tree-id13901 . -1) (undo-tree-id13902 . -1) (undo-tree-id13903 . -1) (undo-tree-id13904 . -1) (undo-tree-id13905 . -1) (undo-tree-id13906 . -1) (undo-tree-id13907 . -1) (undo-tree-id13908 . -1) (undo-tree-id13909 . -1) (undo-tree-id13910 . -1) (undo-tree-id13911 . -1) (undo-tree-id13912 . -1) (undo-tree-id13913 . -1) (undo-tree-id13914 . -1) (undo-tree-id13915 . -1) (undo-tree-id13916 . -1) (undo-tree-id13917 . -1) (undo-tree-id13918 . -1) (undo-tree-id13919 . -1) (undo-tree-id13920 . -1) (undo-tree-id13921 . -1) (undo-tree-id13922 . -1) (undo-tree-id13923 . -1) (undo-tree-id13924 . -1) (undo-tree-id13925 . -1) (undo-tree-id13926 . -1) (undo-tree-id13927 . -1) (undo-tree-id13928 . -1) (undo-tree-id13929 . -1) (undo-tree-id13930 . -1) (undo-tree-id13931 . -1) (undo-tree-id13932 . -1) (undo-tree-id13933 . -1) (undo-tree-id13934 . -1) (undo-tree-id13935 . -1) (undo-tree-id13936 . -1) (undo-tree-id13937 . -1) (undo-tree-id13938 . -1) (undo-tree-id13939 . -1) (undo-tree-id13940 . -1) (undo-tree-id13941 . -1) (undo-tree-id13942 . -1) (undo-tree-id13943 . -1) (undo-tree-id13944 . -1) (undo-tree-id13945 . -1) (undo-tree-id13946 . -1) (undo-tree-id13947 . -1) (undo-tree-id13948 . -1) (undo-tree-id13949 . -1) (undo-tree-id13950 . -1) (undo-tree-id13951 . -1) (undo-tree-id13952 . -1) (undo-tree-id13953 . -1) (undo-tree-id13954 . -1) (undo-tree-id13955 . -1) (undo-tree-id13956 . -1) (undo-tree-id13957 . -1) (undo-tree-id13958 . -1) (undo-tree-id13959 . -1) (undo-tree-id13960 . -1) (undo-tree-id13961 . -1) (undo-tree-id13962 . -1) (undo-tree-id13963 . -1) (undo-tree-id13964 . -1) (undo-tree-id13965 . -1) (undo-tree-id13966 . -1) (undo-tree-id13967 . -1) (undo-tree-id13968 . -1) (undo-tree-id13969 . -1) (undo-tree-id13970 . -1) (undo-tree-id13971 . -1) (undo-tree-id13972 . -1) (undo-tree-id13973 . -1) (undo-tree-id13974 . -1) (undo-tree-id13975 . -1) (undo-tree-id13976 . -1) (undo-tree-id13977 . -1) (undo-tree-id13978 . -1) (undo-tree-id13979 . -1) (undo-tree-id13980 . -1) (undo-tree-id13981 . -1) (undo-tree-id13982 . -1) (undo-tree-id13983 . -1) (undo-tree-id13984 . -1) (undo-tree-id13985 . -1) (undo-tree-id13986 . -1) (undo-tree-id13987 . -1) (undo-tree-id13988 . -1) (undo-tree-id13989 . -1) (undo-tree-id13990 . -1) (undo-tree-id13991 . -1) (undo-tree-id13992 . -1) (undo-tree-id13993 . -1) (undo-tree-id13994 . -1) (undo-tree-id13995 . -1) (undo-tree-id13996 . -1) (undo-tree-id13997 . -1) (undo-tree-id13998 . -1) (undo-tree-id13999 . -1) (undo-tree-id14000 . -1) (undo-tree-id14001 . -1) (undo-tree-id14002 . -1) (undo-tree-id14003 . -1) (undo-tree-id14004 . -1) (undo-tree-id14005 . -1) (undo-tree-id14006 . -1) (undo-tree-id14007 . -1) (undo-tree-id14008 . -1) (undo-tree-id14009 . -1) (undo-tree-id14010 . -1) (undo-tree-id14011 . -1) (undo-tree-id14012 . -1) (undo-tree-id14013 . -1) (undo-tree-id14014 . -1) (undo-tree-id14015 . -1) (undo-tree-id14016 . -1) (undo-tree-id14017 . -1) (undo-tree-id14018 . -1) (undo-tree-id14019 . -1) (undo-tree-id14020 . -1) (undo-tree-id14021 . -1) (undo-tree-id14022 . -1) (undo-tree-id14023 . -1) (undo-tree-id14024 . -1) (undo-tree-id14025 . -1) (undo-tree-id14026 . -1) (undo-tree-id14027 . -1) (undo-tree-id14028 . -1) (undo-tree-id14029 . -1) (undo-tree-id14030 . -1) (undo-tree-id14031 . -1) (undo-tree-id14032 . -1) (undo-tree-id14033 . -1) (undo-tree-id14034 . -1) (undo-tree-id14035 . -1) (undo-tree-id14036 . -1) (undo-tree-id14037 . -1) (undo-tree-id14038 . -1) (undo-tree-id14039 . -1) (undo-tree-id14040 . -1) (undo-tree-id14041 . -1) (undo-tree-id14042 . -1) (undo-tree-id14043 . -1) (undo-tree-id14044 . -1) (undo-tree-id14045 . -1) (undo-tree-id14046 . -1) (undo-tree-id14047 . -1) (undo-tree-id14048 . -1) (undo-tree-id14049 . -1) (undo-tree-id14050 . -1) (undo-tree-id14051 . -1) (undo-tree-id14052 . -1) (undo-tree-id14053 . -1) (undo-tree-id14054 . -1) (undo-tree-id14055 . -1) (undo-tree-id14056 . -1) (undo-tree-id14057 . -1) (undo-tree-id14058 . -1) (undo-tree-id14059 . -1) (undo-tree-id14060 . -1) (undo-tree-id14061 . -1) (undo-tree-id14062 . -1) (undo-tree-id14063 . -1) (undo-tree-id14064 . -1) (undo-tree-id14065 . -1) (undo-tree-id14066 . -1) (undo-tree-id14067 . -1) (undo-tree-id14068 . -1) (undo-tree-id14069 . -1) (undo-tree-id14070 . -1) (undo-tree-id14071 . -1) (undo-tree-id14072 . -1) (undo-tree-id14073 . -1) (undo-tree-id14074 . -1) (undo-tree-id14075 . -1) (undo-tree-id14076 . -1) (undo-tree-id14077 . -1) (undo-tree-id14078 . -1) (undo-tree-id14079 . -1) (undo-tree-id14080 . -1) (undo-tree-id14081 . -1) (undo-tree-id14082 . -1) (undo-tree-id14083 . -1) (undo-tree-id14084 . -1) (undo-tree-id14085 . -1) (undo-tree-id14086 . -1) (undo-tree-id14087 . -1) (undo-tree-id14088 . -1) (undo-tree-id14089 . -1) (undo-tree-id14090 . -1) (undo-tree-id14091 . -1) (undo-tree-id14092 . -1) (undo-tree-id14093 . -1) (undo-tree-id14094 . -1) (undo-tree-id14095 . -1) (undo-tree-id14096 . -1) (undo-tree-id14097 . -1) (undo-tree-id14098 . -1) (undo-tree-id14099 . -1) (undo-tree-id14100 . -1) (undo-tree-id14101 . -1) (undo-tree-id14102 . -1) (undo-tree-id14103 . -1) (undo-tree-id14104 . -1) (undo-tree-id14105 . -1) (undo-tree-id14106 . -1) (undo-tree-id14107 . -1) (undo-tree-id14108 . -1) (undo-tree-id14109 . -1) (undo-tree-id14110 . -1) (undo-tree-id14111 . -1) (undo-tree-id14112 . -1) (undo-tree-id14113 . -1) (undo-tree-id14114 . -1) (undo-tree-id14115 . -1) (undo-tree-id14116 . -1) (undo-tree-id14117 . -1) (undo-tree-id14118 . -1) (undo-tree-id14119 . -1) (undo-tree-id14120 . -1) (undo-tree-id14121 . -1) (undo-tree-id14122 . -1) (undo-tree-id14123 . -1) (undo-tree-id14124 . -1) (undo-tree-id14125 . -1) (undo-tree-id14126 . -1) (undo-tree-id14127 . -1) (undo-tree-id14128 . -1) (undo-tree-id14129 . -1) (undo-tree-id14130 . -1) (undo-tree-id14131 . -1) (undo-tree-id14132 . -1) (undo-tree-id14133 . -1) (undo-tree-id14134 . -1) (undo-tree-id14135 . -1) (undo-tree-id14136 . -1) (undo-tree-id14137 . -1) (undo-tree-id14138 . -1) (undo-tree-id14139 . -1) (undo-tree-id14140 . -1) (undo-tree-id14141 . -1) (undo-tree-id14142 . -1) (undo-tree-id14143 . -1) (undo-tree-id14144 . -1) (undo-tree-id14145 . -1) (undo-tree-id14146 . -1) (undo-tree-id14147 . -1) (undo-tree-id14148 . -1) (undo-tree-id14149 . -1) (undo-tree-id14150 . -1) (undo-tree-id14151 . -1) (undo-tree-id14152 . -1) (undo-tree-id14153 . -1) (undo-tree-id14154 . -1) (undo-tree-id14155 . -1) (undo-tree-id14156 . -1) (undo-tree-id14157 . -1) (undo-tree-id14158 . -1) (undo-tree-id14159 . -1) (undo-tree-id14160 . -1) (undo-tree-id14161 . -1) (undo-tree-id14162 . -1) (undo-tree-id14163 . -1) (undo-tree-id14164 . -1) (undo-tree-id14165 . -1) (undo-tree-id14166 . -1) (undo-tree-id14167 . -1) (undo-tree-id14168 . -1) (undo-tree-id14169 . -1) (undo-tree-id14170 . -1) (undo-tree-id14171 . -1) (undo-tree-id14172 . -1) (undo-tree-id14173 . -1) (undo-tree-id14174 . -1) (undo-tree-id14175 . -1) (undo-tree-id14176 . -1) (undo-tree-id14177 . -1) (undo-tree-id14178 . -1) (undo-tree-id14179 . -1) (undo-tree-id14180 . -1) (undo-tree-id14181 . -1) (undo-tree-id14182 . -1) (undo-tree-id14183 . -1) (undo-tree-id14184 . -1) (undo-tree-id14185 . -1) (undo-tree-id14186 . -1) (undo-tree-id14187 . -1) (undo-tree-id14188 . -1) (undo-tree-id14189 . -1) (undo-tree-id14190 . -1) (undo-tree-id14191 . -1) (undo-tree-id14192 . -1) (undo-tree-id14193 . -1) (undo-tree-id14194 . -1) (undo-tree-id14195 . -1) (undo-tree-id14196 . -1) (undo-tree-id14197 . -1) (undo-tree-id14198 . -1) (undo-tree-id14199 . -1) (undo-tree-id14200 . -1) (undo-tree-id14201 . -1) (undo-tree-id14202 . -1) (undo-tree-id14203 . -1) (undo-tree-id14204 . -1) (undo-tree-id14205 . -1) (undo-tree-id14206 . -1) (undo-tree-id14207 . -1) (undo-tree-id14208 . -1) (undo-tree-id14209 . -1) (undo-tree-id14210 . -1) (undo-tree-id14211 . -1) (undo-tree-id14212 . -1) (undo-tree-id14213 . -1) (undo-tree-id14214 . -1) (undo-tree-id14215 . -1) (undo-tree-id14216 . -1) (undo-tree-id14217 . -1) (undo-tree-id14218 . -1) (undo-tree-id14219 . -1) (undo-tree-id14220 . -1) (undo-tree-id14221 . -1) (undo-tree-id14222 . -1) (undo-tree-id14223 . -1) (undo-tree-id14224 . -1) (undo-tree-id14225 . -1) (undo-tree-id14226 . -1) (undo-tree-id14227 . -1) (undo-tree-id14228 . -1) (undo-tree-id14229 . -1) (undo-tree-id14230 . -1) (undo-tree-id14231 . -1) (undo-tree-id14232 . -1) (undo-tree-id14233 . -1) (undo-tree-id14234 . -1) (undo-tree-id14235 . -1) (undo-tree-id14236 . -1) (undo-tree-id14237 . -1) (undo-tree-id14238 . -1) (undo-tree-id14239 . -1) (undo-tree-id14240 . -1) (undo-tree-id14241 . -1) (undo-tree-id14242 . -1) (undo-tree-id14243 . -1) (undo-tree-id14244 . -1) (undo-tree-id14245 . -1) (undo-tree-id14246 . -1) (undo-tree-id14247 . -1) (undo-tree-id14248 . -1) (undo-tree-id14249 . -1) (undo-tree-id14250 . -1) (undo-tree-id14251 . -1) (undo-tree-id14252 . -1) (undo-tree-id14253 . -1) (undo-tree-id14254 . -1) (undo-tree-id14255 . -1) (undo-tree-id14256 . -1) (undo-tree-id14257 . -1) (undo-tree-id14258 . -1) (undo-tree-id14259 . -1) (undo-tree-id14260 . -1) (undo-tree-id14261 . -1) (undo-tree-id14262 . -1) (undo-tree-id14263 . -1) (undo-tree-id14264 . -1) (undo-tree-id14265 . -1) (undo-tree-id14266 . -1) (undo-tree-id14267 . -1) (undo-tree-id14268 . -1) (undo-tree-id14269 . -1) (undo-tree-id14270 . -1) (undo-tree-id14271 . -1) (undo-tree-id14272 . -1) (undo-tree-id14273 . -1) (undo-tree-id14274 . -1) (undo-tree-id14275 . -1) (#("b" 0 1 (fontified t face font-lock-type-face)) . -10309) (undo-tree-id14276 . -1) (undo-tree-id14277 . -1) (undo-tree-id14278 . -1) (undo-tree-id14279 . -1) (undo-tree-id14280 . -1) (undo-tree-id14281 . -1) (undo-tree-id14282 . -1) (undo-tree-id14283 . -1) (undo-tree-id14284 . -1) (undo-tree-id14285 . -1) (undo-tree-id14286 . -1) (undo-tree-id14287 . -1) (undo-tree-id14288 . -1) (undo-tree-id14289 . -1) (undo-tree-id14290 . -1) (undo-tree-id14291 . -1) (undo-tree-id14292 . -1) (undo-tree-id14293 . -1) (undo-tree-id14294 . -1) (undo-tree-id14295 . -1) (undo-tree-id14296 . -1) (undo-tree-id14297 . -1) (undo-tree-id14298 . -1) (undo-tree-id14299 . -1) (undo-tree-id14300 . -1) (undo-tree-id14301 . -1) (undo-tree-id14302 . -1) (undo-tree-id14303 . -1) (undo-tree-id14304 . -1) (undo-tree-id14305 . -1) (undo-tree-id14306 . -1) (undo-tree-id14307 . -1) (undo-tree-id14308 . -1) (undo-tree-id14309 . -1) (undo-tree-id14310 . -1) (undo-tree-id14311 . -1) (undo-tree-id14312 . -1) (undo-tree-id14313 . -1) (undo-tree-id14314 . -1) (undo-tree-id14315 . -1) (undo-tree-id14316 . -1) (undo-tree-id14317 . -1) (undo-tree-id14318 . -1) (undo-tree-id14319 . -1) (undo-tree-id14320 . -1) (undo-tree-id14321 . -1) (undo-tree-id14322 . -1) (undo-tree-id14323 . -1) (undo-tree-id14324 . -1) (undo-tree-id14325 . -1) (undo-tree-id14326 . -1) (undo-tree-id14327 . -1) (undo-tree-id14328 . -1) (undo-tree-id14329 . -1) (undo-tree-id14330 . -1) (undo-tree-id14331 . -1) (undo-tree-id14332 . -1) (undo-tree-id14333 . -1) (undo-tree-id14334 . -1) (undo-tree-id14335 . -1) (undo-tree-id14336 . -1) (undo-tree-id14337 . -1) (undo-tree-id14338 . -1) (undo-tree-id14339 . -1) (undo-tree-id14340 . -1) (undo-tree-id14341 . -1) (undo-tree-id14342 . -1) (undo-tree-id14343 . -1) (undo-tree-id14344 . -1) (undo-tree-id14345 . -1) (undo-tree-id14346 . -1) (undo-tree-id14347 . -1) (undo-tree-id14348 . -1) (undo-tree-id14349 . -1) (undo-tree-id14350 . -1) (undo-tree-id14351 . -1) (undo-tree-id14352 . -1) (undo-tree-id14353 . -1) (undo-tree-id14354 . -1) (undo-tree-id14355 . -1) (undo-tree-id14356 . -1) (undo-tree-id14357 . -1) (undo-tree-id14358 . -1) (undo-tree-id14359 . -1) (undo-tree-id14360 . -1) (undo-tree-id14361 . -1) (undo-tree-id14362 . -1) (undo-tree-id14363 . -1) (undo-tree-id14364 . -1) (undo-tree-id14365 . -1) (undo-tree-id14366 . -1) (undo-tree-id14367 . -1) (undo-tree-id14368 . -1) (undo-tree-id14369 . -1) (undo-tree-id14370 . -1) (undo-tree-id14371 . -1) (undo-tree-id14372 . -1) (undo-tree-id14373 . -1) (undo-tree-id14374 . -1) (undo-tree-id14375 . -1) (undo-tree-id14376 . -1) (undo-tree-id14377 . -1) (undo-tree-id14378 . -1) (undo-tree-id14379 . -1) (undo-tree-id14380 . -1) (undo-tree-id14381 . -1) (undo-tree-id14382 . -1) (undo-tree-id14383 . -1) (undo-tree-id14384 . -1) (undo-tree-id14385 . -1) (undo-tree-id14386 . -1) (undo-tree-id14387 . -1) (undo-tree-id14388 . -1) (undo-tree-id14389 . -1) (undo-tree-id14390 . -1) (undo-tree-id14391 . -1) (undo-tree-id14392 . -1) (undo-tree-id14393 . -1) (undo-tree-id14394 . -1) (undo-tree-id14395 . -1) (undo-tree-id14396 . -1) (undo-tree-id14397 . -1) (undo-tree-id14398 . -1) (undo-tree-id14399 . -1) (undo-tree-id14400 . -1) (undo-tree-id14401 . -1) (undo-tree-id14402 . -1) (undo-tree-id14403 . -1) (undo-tree-id14404 . -1) (undo-tree-id14405 . -1) (undo-tree-id14406 . -1) (undo-tree-id14407 . -1) (undo-tree-id14408 . -1) (undo-tree-id14409 . -1) (undo-tree-id14410 . -1) (undo-tree-id14411 . -1) (undo-tree-id14412 . -1) (undo-tree-id14413 . -1) (undo-tree-id14414 . -1) (undo-tree-id14415 . -1) (undo-tree-id14416 . -1) (undo-tree-id14417 . -1) (undo-tree-id14418 . -1) (undo-tree-id14419 . -1) (undo-tree-id14420 . -1) (undo-tree-id14421 . -1) (undo-tree-id14422 . -1) (undo-tree-id14423 . -1) (undo-tree-id14424 . -1) (undo-tree-id14425 . -1) (undo-tree-id14426 . -1) (undo-tree-id14427 . -1) (undo-tree-id14428 . -1) (undo-tree-id14429 . -1) (undo-tree-id14430 . -1) (undo-tree-id14431 . -1) (undo-tree-id14432 . -1) (undo-tree-id14433 . -1) (undo-tree-id14434 . -1) (undo-tree-id14435 . -1) (undo-tree-id14436 . -1) (undo-tree-id14437 . -1) (undo-tree-id14438 . -1) (undo-tree-id14439 . -1) (undo-tree-id14440 . -1) (undo-tree-id14441 . -1) (undo-tree-id14442 . -1) (undo-tree-id14443 . -1) (undo-tree-id14444 . -1) (undo-tree-id14445 . -1) (undo-tree-id14446 . -1) (undo-tree-id14447 . -1) (undo-tree-id14448 . -1) (undo-tree-id14449 . -1) (undo-tree-id14450 . -1) (undo-tree-id14451 . -1) (undo-tree-id14452 . -1) (undo-tree-id14453 . -1) (undo-tree-id14454 . -1) (undo-tree-id14455 . -1) (undo-tree-id14456 . -1) (undo-tree-id14457 . -1) (undo-tree-id14458 . -1) (undo-tree-id14459 . -1) (undo-tree-id14460 . -1) (undo-tree-id14461 . -1) (undo-tree-id14462 . -1) (undo-tree-id14463 . -1) (undo-tree-id14464 . -1) (undo-tree-id14465 . -1) (undo-tree-id14466 . -1) (undo-tree-id14467 . -1) (undo-tree-id14468 . -1) (undo-tree-id14469 . -1) (undo-tree-id14470 . -1) (undo-tree-id14471 . -1) (undo-tree-id14472 . -1) (undo-tree-id14473 . -1) (undo-tree-id14474 . -1) (undo-tree-id14475 . -1) (undo-tree-id14476 . -1) (undo-tree-id14477 . -1) (undo-tree-id14478 . -1) (undo-tree-id14479 . -1) (undo-tree-id14480 . -1) (undo-tree-id14481 . -1) (undo-tree-id14482 . -1) (undo-tree-id14483 . -1) (undo-tree-id14484 . -1) (undo-tree-id14485 . -1) (undo-tree-id14486 . -1) (undo-tree-id14487 . -1) (undo-tree-id14488 . -1) (undo-tree-id14489 . -1) (undo-tree-id14490 . -1) (undo-tree-id14491 . -1) (undo-tree-id14492 . -1) (undo-tree-id14493 . -1) (undo-tree-id14494 . -1) (undo-tree-id14495 . -1) (undo-tree-id14496 . -1) (undo-tree-id14497 . -1) (undo-tree-id14498 . -1) (undo-tree-id14499 . -1) (undo-tree-id14500 . -1) (undo-tree-id14501 . -1) (undo-tree-id14502 . -1) (undo-tree-id14503 . -1) (undo-tree-id14504 . -1) (undo-tree-id14505 . -1) (undo-tree-id14506 . -1) (undo-tree-id14507 . -1) (undo-tree-id14508 . -1) (undo-tree-id14509 . -1) (undo-tree-id14510 . -1) (undo-tree-id14511 . -1) (undo-tree-id14512 . -1) (undo-tree-id14513 . -1) (undo-tree-id14514 . -1) (undo-tree-id14515 . -1) (undo-tree-id14516 . -1) (undo-tree-id14517 . -1) (undo-tree-id14518 . -1) (undo-tree-id14519 . -1) (undo-tree-id14520 . -1) (undo-tree-id14521 . -1) (undo-tree-id14522 . -1) (undo-tree-id14523 . -1) (undo-tree-id14524 . -1) (undo-tree-id14525 . -1) (undo-tree-id14526 . -1) (undo-tree-id14527 . -1) (undo-tree-id14528 . -1) (undo-tree-id14529 . -1) (undo-tree-id14530 . -1) (undo-tree-id14531 . -1) (undo-tree-id14532 . -1) (undo-tree-id14533 . -1) (undo-tree-id14534 . -1) (undo-tree-id14535 . -1) (undo-tree-id14536 . -1) (undo-tree-id14537 . -1) (undo-tree-id14538 . -1) (undo-tree-id14539 . -1) (undo-tree-id14540 . -1) (undo-tree-id14541 . -1) (undo-tree-id14542 . -1) (undo-tree-id14543 . -1) (undo-tree-id14544 . -1) (undo-tree-id14545 . -1) (undo-tree-id14546 . -1) (undo-tree-id14547 . -1) (undo-tree-id14548 . -1) (undo-tree-id14549 . -1) (undo-tree-id14550 . -1) (undo-tree-id14551 . -1) (undo-tree-id14552 . -1) (undo-tree-id14553 . -1) (undo-tree-id14554 . -1) (undo-tree-id14555 . -1) (undo-tree-id14556 . -1) (undo-tree-id14557 . -1) (undo-tree-id14558 . -1) (undo-tree-id14559 . -1) (undo-tree-id14560 . -1) (undo-tree-id14561 . -1) (undo-tree-id14562 . -1) (undo-tree-id14563 . -1) (undo-tree-id14564 . -1) (undo-tree-id14565 . -1) (undo-tree-id14566 . -1) (undo-tree-id14567 . -1) (undo-tree-id14568 . -1) (undo-tree-id14569 . -1) (undo-tree-id14570 . -1) (undo-tree-id14571 . -1) (undo-tree-id14572 . -1) (undo-tree-id14573 . -1) (undo-tree-id14574 . -1) (undo-tree-id14575 . -1) (undo-tree-id14576 . -1) (undo-tree-id14577 . -1) (undo-tree-id14578 . -1) (undo-tree-id14579 . -1) (undo-tree-id14580 . -1) (undo-tree-id14581 . -1) (undo-tree-id14582 . -1) (undo-tree-id14583 . -1) (undo-tree-id14584 . -1) (undo-tree-id14585 . -1) (undo-tree-id14586 . -1) (undo-tree-id14587 . -1) (undo-tree-id14588 . -1) (undo-tree-id14589 . -1) (undo-tree-id14590 . -1) (undo-tree-id14591 . -1) (undo-tree-id14592 . -1) (undo-tree-id14593 . -1) (undo-tree-id14594 . -1) (undo-tree-id14595 . -1) (undo-tree-id14596 . -1) (undo-tree-id14597 . -1) (undo-tree-id14598 . -1) (undo-tree-id14599 . -1) (undo-tree-id14600 . -1) (undo-tree-id14601 . -1) (undo-tree-id14602 . -1) (undo-tree-id14603 . -1) (undo-tree-id14604 . -1) (undo-tree-id14605 . -1) (undo-tree-id14606 . -1) (undo-tree-id14607 . -1) (undo-tree-id14608 . -1) (undo-tree-id14609 . -1) (undo-tree-id14610 . -1) (undo-tree-id14611 . -1) (undo-tree-id14612 . -1) (undo-tree-id14613 . -1) (undo-tree-id14614 . -1) (undo-tree-id14615 . -1) (undo-tree-id14616 . -1) (undo-tree-id14617 . -1) (undo-tree-id14618 . -1) (undo-tree-id14619 . -1) (undo-tree-id14620 . -1) (undo-tree-id14621 . -1) (undo-tree-id14622 . -1) (undo-tree-id14623 . -1) (undo-tree-id14624 . -1) (undo-tree-id14625 . -1) (undo-tree-id14626 . -1) (undo-tree-id14627 . -1) (undo-tree-id14628 . -1) (undo-tree-id14629 . -1) (undo-tree-id14630 . -1) (undo-tree-id14631 . -1) (undo-tree-id14632 . -1) (undo-tree-id14633 . -1) (undo-tree-id14634 . -1) (undo-tree-id14635 . -1) (undo-tree-id14636 . -1) (undo-tree-id14637 . -1) (undo-tree-id14638 . -1) (undo-tree-id14639 . -1) (undo-tree-id14640 . -1) (undo-tree-id14641 . -1) (undo-tree-id14642 . -1) (undo-tree-id14643 . -1) (undo-tree-id14644 . -1) (undo-tree-id14645 . -1) (undo-tree-id14646 . -1) (undo-tree-id14647 . -1) (undo-tree-id14648 . -1) (undo-tree-id14649 . -1) (undo-tree-id14650 . -1) (undo-tree-id14651 . -1) (undo-tree-id14652 . -1) (undo-tree-id14653 . -1) (undo-tree-id14654 . -1) (undo-tree-id14655 . -1) (undo-tree-id14656 . -1) (undo-tree-id14657 . -1) (undo-tree-id14658 . -1) (undo-tree-id14659 . -1) (undo-tree-id14660 . -1) (undo-tree-id14661 . -1) (undo-tree-id14662 . -1) (undo-tree-id14663 . -1) (undo-tree-id14664 . -1) (undo-tree-id14665 . -1) (undo-tree-id14666 . -1) (undo-tree-id14667 . -1) (undo-tree-id14668 . -1) (undo-tree-id14669 . -1) (undo-tree-id14670 . -1) (undo-tree-id14671 . -1) (undo-tree-id14672 . -1) (undo-tree-id14673 . -1) (undo-tree-id14674 . -1) (undo-tree-id14675 . -1) (undo-tree-id14676 . -1) (undo-tree-id14677 . -1) (undo-tree-id14678 . -1) (undo-tree-id14679 . -1) (undo-tree-id14680 . -1) (undo-tree-id14681 . -1) (undo-tree-id14682 . -1) (undo-tree-id14683 . -1) (undo-tree-id14684 . -1) (undo-tree-id14685 . -1) (undo-tree-id14686 . -1) (undo-tree-id14687 . -1) (undo-tree-id14688 . -1) (undo-tree-id14689 . -1) (undo-tree-id14690 . -1) (undo-tree-id14691 . -1) (undo-tree-id14692 . -1) (undo-tree-id14693 . -1) (undo-tree-id14694 . -1) (undo-tree-id14695 . -1) (undo-tree-id14696 . -1) (undo-tree-id14697 . -1) (undo-tree-id14698 . -1) (undo-tree-id14699 . -1) (undo-tree-id14700 . -1) (undo-tree-id14701 . -1) (undo-tree-id14702 . -1) (undo-tree-id14703 . -1) (undo-tree-id14704 . -1) (undo-tree-id14705 . -1) (undo-tree-id14706 . -1) (undo-tree-id14707 . -1) (undo-tree-id14708 . -1) (undo-tree-id14709 . -1) (undo-tree-id14710 . -1) (undo-tree-id14711 . -1) (undo-tree-id14712 . -1) (undo-tree-id14713 . -1) (undo-tree-id14714 . -1) (undo-tree-id14715 . -1) (undo-tree-id14716 . -1) (undo-tree-id14717 . -1) (undo-tree-id14718 . -1) (undo-tree-id14719 . -1) (undo-tree-id14720 . -1) (undo-tree-id14721 . -1) (undo-tree-id14722 . -1) (undo-tree-id14723 . -1) (undo-tree-id14724 . -1) (undo-tree-id14725 . -1) (undo-tree-id14726 . -1) (undo-tree-id14727 . -1) (undo-tree-id14728 . -1) (undo-tree-id14729 . -1) (undo-tree-id14730 . -1) (undo-tree-id14731 . -1) (undo-tree-id14732 . -1) (undo-tree-id14733 . -1) (undo-tree-id14734 . -1) (undo-tree-id14735 . -1) (undo-tree-id14736 . -1) (undo-tree-id14737 . -1) (undo-tree-id14738 . -1) (undo-tree-id14739 . -1) (undo-tree-id14740 . -1) (undo-tree-id14741 . -1) (undo-tree-id14742 . -1) (undo-tree-id14743 . -1) (undo-tree-id14744 . -1) (undo-tree-id14745 . -1) (#("t" 0 1 (fontified t face font-lock-type-face)) . -10310) (undo-tree-id14746 . -1) (undo-tree-id14747 . -1) (undo-tree-id14748 . -1) (undo-tree-id14749 . -1) (undo-tree-id14750 . -1) (undo-tree-id14751 . -1) (undo-tree-id14752 . -1) (undo-tree-id14753 . -1) (undo-tree-id14754 . -1) (undo-tree-id14755 . -1) (undo-tree-id14756 . -1) (undo-tree-id14757 . -1) (undo-tree-id14758 . -1) (undo-tree-id14759 . -1) (undo-tree-id14760 . -1) (undo-tree-id14761 . -1) (undo-tree-id14762 . -1) (undo-tree-id14763 . -1) (undo-tree-id14764 . -1) (undo-tree-id14765 . -1) (undo-tree-id14766 . -1) (undo-tree-id14767 . -1) (undo-tree-id14768 . -1) (undo-tree-id14769 . -1) (undo-tree-id14770 . -1) (undo-tree-id14771 . -1) (undo-tree-id14772 . -1) (undo-tree-id14773 . -1) (undo-tree-id14774 . -1) (undo-tree-id14775 . -1) (undo-tree-id14776 . -1) (undo-tree-id14777 . -1) (undo-tree-id14778 . -1) (undo-tree-id14779 . -1) (undo-tree-id14780 . -1) (undo-tree-id14781 . -1) (undo-tree-id14782 . -1) (undo-tree-id14783 . -1) (undo-tree-id14784 . -1) (undo-tree-id14785 . -1) (undo-tree-id14786 . -1) (undo-tree-id14787 . -1) (undo-tree-id14788 . -1) (undo-tree-id14789 . -1) (undo-tree-id14790 . -1) (undo-tree-id14791 . -1) (undo-tree-id14792 . -1) (undo-tree-id14793 . -1) (undo-tree-id14794 . -1) (undo-tree-id14795 . -1) (undo-tree-id14796 . -1) (undo-tree-id14797 . -1) (undo-tree-id14798 . -1) (undo-tree-id14799 . -1) (undo-tree-id14800 . -1) (undo-tree-id14801 . -1) (undo-tree-id14802 . -1) (undo-tree-id14803 . -1) (undo-tree-id14804 . -1) (undo-tree-id14805 . -1) (undo-tree-id14806 . -1) (undo-tree-id14807 . -1) (undo-tree-id14808 . -1) (undo-tree-id14809 . -1) (undo-tree-id14810 . -1) (undo-tree-id14811 . -1) (undo-tree-id14812 . -1) (undo-tree-id14813 . -1) (undo-tree-id14814 . -1) (undo-tree-id14815 . -1) (undo-tree-id14816 . -1) (undo-tree-id14817 . -1) (undo-tree-id14818 . -1) (undo-tree-id14819 . -1) (undo-tree-id14820 . -1) (undo-tree-id14821 . -1) (undo-tree-id14822 . -1) (undo-tree-id14823 . -1) (undo-tree-id14824 . -1) (undo-tree-id14825 . -1) (undo-tree-id14826 . -1) (undo-tree-id14827 . -1) (undo-tree-id14828 . -1) (undo-tree-id14829 . -1) (undo-tree-id14830 . -1) (undo-tree-id14831 . -1) (undo-tree-id14832 . -1) (undo-tree-id14833 . -1) (undo-tree-id14834 . -1) (undo-tree-id14835 . -1) (undo-tree-id14836 . -1) (undo-tree-id14837 . -1) (undo-tree-id14838 . -1) (undo-tree-id14839 . -1) (undo-tree-id14840 . -1) (undo-tree-id14841 . -1) (undo-tree-id14842 . -1) (undo-tree-id14843 . -1) (undo-tree-id14844 . -1) (undo-tree-id14845 . -1) (undo-tree-id14846 . -1) (undo-tree-id14847 . -1) (undo-tree-id14848 . -1) (undo-tree-id14849 . -1) (undo-tree-id14850 . -1) (undo-tree-id14851 . -1) (undo-tree-id14852 . -1) (undo-tree-id14853 . -1) (undo-tree-id14854 . -1) (undo-tree-id14855 . -1) (undo-tree-id14856 . -1) (undo-tree-id14857 . -1) (undo-tree-id14858 . -1) (undo-tree-id14859 . -1) (undo-tree-id14860 . -1) (undo-tree-id14861 . -1) (undo-tree-id14862 . -1) (undo-tree-id14863 . -1) (undo-tree-id14864 . -1) (undo-tree-id14865 . -1) (undo-tree-id14866 . -1) (undo-tree-id14867 . -1) (undo-tree-id14868 . -1) (undo-tree-id14869 . -1) (undo-tree-id14870 . -1) (undo-tree-id14871 . -1) (undo-tree-id14872 . -1) (undo-tree-id14873 . -1) (undo-tree-id14874 . -1) (undo-tree-id14875 . -1) (undo-tree-id14876 . -1) (undo-tree-id14877 . -1) (undo-tree-id14878 . -1) (undo-tree-id14879 . -1) (undo-tree-id14880 . -1) (undo-tree-id14881 . -1) (undo-tree-id14882 . -1) (undo-tree-id14883 . -1) (undo-tree-id14884 . -1) (undo-tree-id14885 . -1) (undo-tree-id14886 . -1) (undo-tree-id14887 . -1) (undo-tree-id14888 . -1) (undo-tree-id14889 . -1) (undo-tree-id14890 . -1) (undo-tree-id14891 . -1) (undo-tree-id14892 . -1) (undo-tree-id14893 . -1) (undo-tree-id14894 . -1) (undo-tree-id14895 . -1) (undo-tree-id14896 . -1) (undo-tree-id14897 . -1) (undo-tree-id14898 . -1) (undo-tree-id14899 . -1) (undo-tree-id14900 . -1) (undo-tree-id14901 . -1) (undo-tree-id14902 . -1) (undo-tree-id14903 . -1) (undo-tree-id14904 . -1) (undo-tree-id14905 . -1) (undo-tree-id14906 . -1) (undo-tree-id14907 . -1) (undo-tree-id14908 . -1) (undo-tree-id14909 . -1) (undo-tree-id14910 . -1) (undo-tree-id14911 . -1) (undo-tree-id14912 . -1) (undo-tree-id14913 . -1) (undo-tree-id14914 . -1) (undo-tree-id14915 . -1) (undo-tree-id14916 . -1) (undo-tree-id14917 . -1) (undo-tree-id14918 . -1) (undo-tree-id14919 . -1) (undo-tree-id14920 . -1) (undo-tree-id14921 . -1) (undo-tree-id14922 . -1) (undo-tree-id14923 . -1) (undo-tree-id14924 . -1) (undo-tree-id14925 . -1) (undo-tree-id14926 . -1) (undo-tree-id14927 . -1) (undo-tree-id14928 . -1) (undo-tree-id14929 . -1) (undo-tree-id14930 . -1) (undo-tree-id14931 . -1) (undo-tree-id14932 . -1) (undo-tree-id14933 . -1) (undo-tree-id14934 . -1) (undo-tree-id14935 . -1) (undo-tree-id14936 . -1) (undo-tree-id14937 . -1) (undo-tree-id14938 . -1) (undo-tree-id14939 . -1) (undo-tree-id14940 . -1) (undo-tree-id14941 . -1) (undo-tree-id14942 . -1) (undo-tree-id14943 . -1) (undo-tree-id14944 . -1) (undo-tree-id14945 . -1) (undo-tree-id14946 . -1) (undo-tree-id14947 . -1) (undo-tree-id14948 . -1) (undo-tree-id14949 . -1) (undo-tree-id14950 . -1) (undo-tree-id14951 . -1) (undo-tree-id14952 . -1) (undo-tree-id14953 . -1) (undo-tree-id14954 . -1) (undo-tree-id14955 . -1) (undo-tree-id14956 . -1) (undo-tree-id14957 . -1) (undo-tree-id14958 . -1) (undo-tree-id14959 . -1) (undo-tree-id14960 . -1) (undo-tree-id14961 . -1) (undo-tree-id14962 . -1) (undo-tree-id14963 . -1) (undo-tree-id14964 . -1) (undo-tree-id14965 . -1) (undo-tree-id14966 . -1) (undo-tree-id14967 . -1) (undo-tree-id14968 . -1) (undo-tree-id14969 . -1) (undo-tree-id14970 . -1) (undo-tree-id14971 . -1) (undo-tree-id14972 . -1) (undo-tree-id14973 . -1) (undo-tree-id14974 . -1) (undo-tree-id14975 . -1) (undo-tree-id14976 . -1) (undo-tree-id14977 . -1) (undo-tree-id14978 . -1) (undo-tree-id14979 . -1) (undo-tree-id14980 . -1) (undo-tree-id14981 . -1) (undo-tree-id14982 . -1) (undo-tree-id14983 . -1) (undo-tree-id14984 . -1) (undo-tree-id14985 . -1) (undo-tree-id14986 . -1) (undo-tree-id14987 . -1) (undo-tree-id14988 . -1) (undo-tree-id14989 . -1) (undo-tree-id14990 . -1) (undo-tree-id14991 . -1) (undo-tree-id14992 . -1) (undo-tree-id14993 . -1) (undo-tree-id14994 . -1) (undo-tree-id14995 . -1) (undo-tree-id14996 . -1) (undo-tree-id14997 . -1) (undo-tree-id14998 . -1) (undo-tree-id14999 . -1) (undo-tree-id15000 . -1) (undo-tree-id15001 . -1) (undo-tree-id15002 . -1) (undo-tree-id15003 . -1) (undo-tree-id15004 . -1) (undo-tree-id15005 . -1) (undo-tree-id15006 . -1) (undo-tree-id15007 . -1) (undo-tree-id15008 . -1) (undo-tree-id15009 . -1) (undo-tree-id15010 . -1) (undo-tree-id15011 . -1) (undo-tree-id15012 . -1) (undo-tree-id15013 . -1) (undo-tree-id15014 . -1) (undo-tree-id15015 . -1) (undo-tree-id15016 . -1) (undo-tree-id15017 . -1) (undo-tree-id15018 . -1) (undo-tree-id15019 . -1) (undo-tree-id15020 . -1) (undo-tree-id15021 . -1) (undo-tree-id15022 . -1) (undo-tree-id15023 . -1) (undo-tree-id15024 . -1) (undo-tree-id15025 . -1) (undo-tree-id15026 . -1) (undo-tree-id15027 . -1) (undo-tree-id15028 . -1) (undo-tree-id15029 . -1) (undo-tree-id15030 . -1) (undo-tree-id15031 . -1) (undo-tree-id15032 . -1) (undo-tree-id15033 . -1) (undo-tree-id15034 . -1) (undo-tree-id15035 . -1) (undo-tree-id15036 . -1) (undo-tree-id15037 . -1) (undo-tree-id15038 . -1) (undo-tree-id15039 . -1) (undo-tree-id15040 . -1) (undo-tree-id15041 . -1) (undo-tree-id15042 . -1) (undo-tree-id15043 . -1) (undo-tree-id15044 . -1) (undo-tree-id15045 . -1) (undo-tree-id15046 . -1) (undo-tree-id15047 . -1) (undo-tree-id15048 . -1) (undo-tree-id15049 . -1) (undo-tree-id15050 . -1) (undo-tree-id15051 . -1) (undo-tree-id15052 . -1) (undo-tree-id15053 . -1) (undo-tree-id15054 . -1) (undo-tree-id15055 . -1) (undo-tree-id15056 . -1) (undo-tree-id15057 . -1) (undo-tree-id15058 . -1) (undo-tree-id15059 . -1) (undo-tree-id15060 . -1) (undo-tree-id15061 . -1) (undo-tree-id15062 . -1) (undo-tree-id15063 . -1) (undo-tree-id15064 . -1) (undo-tree-id15065 . -1) (undo-tree-id15066 . -1) (undo-tree-id15067 . -1) (undo-tree-id15068 . -1) (undo-tree-id15069 . -1) (undo-tree-id15070 . -1) (undo-tree-id15071 . -1) (undo-tree-id15072 . -1) (undo-tree-id15073 . -1) (undo-tree-id15074 . -1) (undo-tree-id15075 . -1) (undo-tree-id15076 . -1) (undo-tree-id15077 . -1) (undo-tree-id15078 . -1) (undo-tree-id15079 . -1) (undo-tree-id15080 . -1) (undo-tree-id15081 . -1) (#("6" 0 1 (fontified t face font-lock-type-face)) . -10311) (undo-tree-id15082 . -1) (undo-tree-id15083 . -1) (undo-tree-id15084 . -1) (undo-tree-id15085 . -1) (undo-tree-id15086 . -1) (undo-tree-id15087 . -1) (undo-tree-id15088 . -1) (undo-tree-id15089 . -1) (undo-tree-id15090 . -1) (undo-tree-id15091 . -1) (undo-tree-id15092 . -1) (undo-tree-id15093 . -1) (undo-tree-id15094 . -1) (undo-tree-id15095 . -1) (undo-tree-id15096 . -1) (undo-tree-id15097 . -1) (undo-tree-id15098 . -1) (undo-tree-id15099 . -1) (undo-tree-id15100 . -1) (undo-tree-id15101 . -1) (undo-tree-id15102 . -1) (undo-tree-id15103 . -1) (undo-tree-id15104 . -1) (undo-tree-id15105 . -1) (undo-tree-id15106 . -1) (undo-tree-id15107 . -1) (undo-tree-id15108 . -1) (undo-tree-id15109 . -1) (undo-tree-id15110 . -1) (undo-tree-id15111 . -1) (undo-tree-id15112 . -1) (undo-tree-id15113 . -1) (undo-tree-id15114 . -1) (undo-tree-id15115 . -1) (undo-tree-id15116 . -1) (undo-tree-id15117 . -1) (undo-tree-id15118 . -1) (undo-tree-id15119 . -1) (undo-tree-id15120 . -1) (undo-tree-id15121 . -1) (undo-tree-id15122 . -1) (undo-tree-id15123 . -1) (undo-tree-id15124 . -1) (undo-tree-id15125 . -1) (undo-tree-id15126 . -1) (undo-tree-id15127 . -1) (undo-tree-id15128 . -1) (undo-tree-id15129 . -1) (undo-tree-id15130 . -1) (undo-tree-id15131 . -1) (undo-tree-id15132 . -1) (undo-tree-id15133 . -1) (undo-tree-id15134 . -1) (undo-tree-id15135 . -1) (undo-tree-id15136 . -1) (undo-tree-id15137 . -1) (undo-tree-id15138 . -1) (undo-tree-id15139 . -1) (undo-tree-id15140 . -1) (undo-tree-id15141 . -1) (undo-tree-id15142 . -1) (undo-tree-id15143 . -1) (undo-tree-id15144 . -1) (undo-tree-id15145 . -1) (undo-tree-id15146 . -1) (undo-tree-id15147 . -1) (undo-tree-id15148 . -1) (undo-tree-id15149 . -1) (undo-tree-id15150 . -1) (undo-tree-id15151 . -1) (undo-tree-id15152 . -1) (undo-tree-id15153 . -1) (undo-tree-id15154 . -1) (undo-tree-id15155 . -1) (undo-tree-id15156 . -1) (undo-tree-id15157 . -1) (undo-tree-id15158 . -1) (undo-tree-id15159 . -1) (undo-tree-id15160 . -1) (undo-tree-id15161 . -1) (undo-tree-id15162 . -1) (undo-tree-id15163 . -1) (undo-tree-id15164 . -1) (undo-tree-id15165 . -1) (undo-tree-id15166 . -1) (undo-tree-id15167 . -1) (undo-tree-id15168 . -1) (undo-tree-id15169 . -1) (undo-tree-id15170 . -1) (undo-tree-id15171 . -1) (undo-tree-id15172 . -1) (undo-tree-id15173 . -1) (undo-tree-id15174 . -1) (undo-tree-id15175 . -1) (undo-tree-id15176 . -1) (undo-tree-id15177 . -1) (undo-tree-id15178 . -1) (undo-tree-id15179 . -1) (undo-tree-id15180 . -1) (undo-tree-id15181 . -1) (undo-tree-id15182 . -1) (undo-tree-id15183 . -1) (undo-tree-id15184 . -1) (undo-tree-id15185 . -1) (undo-tree-id15186 . -1) (undo-tree-id15187 . -1) (undo-tree-id15188 . -1) (undo-tree-id15189 . -1) (undo-tree-id15190 . -1) (undo-tree-id15191 . -1) (undo-tree-id15192 . -1) (undo-tree-id15193 . -1) (undo-tree-id15194 . -1) (undo-tree-id15195 . -1) (undo-tree-id15196 . -1) (undo-tree-id15197 . -1) (undo-tree-id15198 . -1) (undo-tree-id15199 . -1) (undo-tree-id15200 . -1) (undo-tree-id15201 . -1) (undo-tree-id15202 . -1) (undo-tree-id15203 . -1) (undo-tree-id15204 . -1) (undo-tree-id15205 . -1) (undo-tree-id15206 . -1) (undo-tree-id15207 . -1) (undo-tree-id15208 . -1) (undo-tree-id15209 . -1) (undo-tree-id15210 . -1) (undo-tree-id15211 . -1) (undo-tree-id15212 . -1) (undo-tree-id15213 . -1) (undo-tree-id15214 . -1) (undo-tree-id15215 . -1) (undo-tree-id15216 . -1) (undo-tree-id15217 . -1) (undo-tree-id15218 . -1) (undo-tree-id15219 . -1) (undo-tree-id15220 . -1) (undo-tree-id15221 . -1) (undo-tree-id15222 . -1) (undo-tree-id15223 . -1) (undo-tree-id15224 . -1) (undo-tree-id15225 . -1) (undo-tree-id15226 . -1) (undo-tree-id15227 . -1) (undo-tree-id15228 . -1) (undo-tree-id15229 . -1) (undo-tree-id15230 . -1) (undo-tree-id15231 . -1) (undo-tree-id15232 . -1) (undo-tree-id15233 . -1) (undo-tree-id15234 . -1) (undo-tree-id15235 . -1) (undo-tree-id15236 . -1) (undo-tree-id15237 . -1) (undo-tree-id15238 . -1) (undo-tree-id15239 . -1) (undo-tree-id15240 . -1) (undo-tree-id15241 . -1) (undo-tree-id15242 . -1) (undo-tree-id15243 . -1) (undo-tree-id15244 . -1) (undo-tree-id15245 . -1) (undo-tree-id15246 . -1) (undo-tree-id15247 . -1) (undo-tree-id15248 . -1) (undo-tree-id15249 . -1) (undo-tree-id15250 . -1) (undo-tree-id15251 . -1) (undo-tree-id15252 . -1) (undo-tree-id15253 . -1) (undo-tree-id15254 . -1) (undo-tree-id15255 . -1) (undo-tree-id15256 . -1) (undo-tree-id15257 . -1) (undo-tree-id15258 . -1) (undo-tree-id15259 . -1) (undo-tree-id15260 . -1) (undo-tree-id15261 . -1) (undo-tree-id15262 . -1) (undo-tree-id15263 . -1) (undo-tree-id15264 . -1) (undo-tree-id15265 . -1) (undo-tree-id15266 . -1) (undo-tree-id15267 . -1) (undo-tree-id15268 . -1) (undo-tree-id15269 . -1) (undo-tree-id15270 . -1) (undo-tree-id15271 . -1) (undo-tree-id15272 . -1) (undo-tree-id15273 . -1) (undo-tree-id15274 . -1) (undo-tree-id15275 . -1) (undo-tree-id15276 . -1) (undo-tree-id15277 . -1) (undo-tree-id15278 . -1) (undo-tree-id15279 . -1) (undo-tree-id15280 . -1) (undo-tree-id15281 . -1) (undo-tree-id15282 . -1) (undo-tree-id15283 . -1) (#("d" 0 1 (fontified t face font-lock-type-face)) . -10312) (undo-tree-id15284 . -1) (undo-tree-id15285 . -1) (undo-tree-id15286 . -1) (undo-tree-id15287 . -1) (undo-tree-id15288 . -1) (undo-tree-id15289 . -1) (undo-tree-id15290 . -1) (undo-tree-id15291 . -1) (undo-tree-id15292 . -1) (undo-tree-id15293 . -1) (undo-tree-id15294 . -1) (undo-tree-id15295 . -1) (undo-tree-id15296 . -1) (undo-tree-id15297 . -1) (undo-tree-id15298 . -1) (undo-tree-id15299 . -1) (undo-tree-id15300 . -1) (undo-tree-id15301 . -1) (undo-tree-id15302 . -1) (undo-tree-id15303 . -1) (undo-tree-id15304 . -1) (undo-tree-id15305 . -1) (undo-tree-id15306 . -1) (undo-tree-id15307 . -1) (undo-tree-id15308 . -1) (undo-tree-id15309 . -1) (undo-tree-id15310 . -1) (undo-tree-id15311 . -1) (undo-tree-id15312 . -1) (undo-tree-id15313 . -1) (undo-tree-id15314 . -1) (undo-tree-id15315 . -1) (undo-tree-id15316 . -1) (undo-tree-id15317 . -1) (undo-tree-id15318 . -1) (undo-tree-id15319 . -1) (undo-tree-id15320 . -1) (undo-tree-id15321 . -1) (undo-tree-id15322 . -1) (undo-tree-id15323 . -1) (undo-tree-id15324 . -1) (undo-tree-id15325 . -1) (undo-tree-id15326 . -1) (undo-tree-id15327 . -1) (undo-tree-id15328 . -1) (undo-tree-id15329 . -1) (undo-tree-id15330 . -1) (undo-tree-id15331 . -1) (undo-tree-id15332 . -1) (undo-tree-id15333 . -1) (undo-tree-id15334 . -1) (undo-tree-id15335 . -1) (undo-tree-id15336 . -1) (undo-tree-id15337 . -1) (undo-tree-id15338 . -1) (undo-tree-id15339 . -1) (undo-tree-id15340 . -1) (undo-tree-id15341 . -1) (undo-tree-id15342 . -1) (undo-tree-id15343 . -1) (undo-tree-id15344 . -1) (undo-tree-id15345 . -1) (undo-tree-id15346 . -1) (undo-tree-id15347 . -1) (undo-tree-id15348 . -1) (undo-tree-id15349 . -1) (undo-tree-id15350 . -1) (undo-tree-id15351 . -1) 10313 (1267 . 1271) (#("f" 0 1 (fontified t)) . -1267) (undo-tree-id15352 . -1) (#("a" 0 1 (fontified t)) . -1268) (undo-tree-id15353 . -1) (#("l" 0 1 (fontified t)) . -1269) (undo-tree-id15354 . -1) (#("s" 0 1 (fontified t)) . -1270) (undo-tree-id15355 . -1) (#("e" 0 1 (fontified t)) . -1271) (undo-tree-id15356 . -1) 1272 (t 25347 57014 0 0)) nil (25349 43110 20006 375000) 0 nil]) +nil diff --git a/gitea/CONTRIBUTING.md b/gitea/CONTRIBUTING.md new file mode 100644 index 0000000..d06973c --- /dev/null +++ b/gitea/CONTRIBUTING.md @@ -0,0 +1,52 @@ +# Contribution Guidelines + +Any type of contribution is welcome; from new features, bug fixes, tests, +refactorings for easier maintainability or documentation improvements. + +## Development environment + +- [`node`](https://nodejs.org/en/) at least current LTS +- [`helm`](https://helm.sh/docs/intro/install/) +- `make` is optional; you may call the commands directly + +When using Visual Studio Code as IDE, following plugins might be useful: + +- [Markdown All in One](https://marketplace.visualstudio.com/items?itemName=yzhang.markdown-all-in-one) +- [markdownlint](https://marketplace.visualstudio.com/items?itemName=DavidAnson.vscode-markdownlint) +- [Helm Intellisense](https://marketplace.visualstudio.com/items?itemName=Tim-Koehler.helm-intellisense) + +## Documentation Requirements + +The `README.md` must include all configuration options. The parameters section +is generated by extracting the parameter annotations from the `values.yaml` file, +by using [this tool](https://github.com/bitnami-labs/readme-generator-for-helm). + +If changes were made on configuration options, run `make readme` to update the +README file. + +## Pull Request Requirements + +When submitting or updating a PR: + +- make sure it passes CI builds. +- do not make independent changes in one PR. +- try to avoid rebases. They make code reviews for large PRs and comments much harder. +- if applicable, use the PR template for a well-defined PR description. +- clearly mark breaking changes. + +## Local development & testing + +For local development and testing of pull requests, the following workflow can +be used: + +1. Install `minikube` and `helm`. +2. Start a `minikube` cluster via `minikube start`. +3. From the `gitea/helm-chart` directory execute the following command. This + will install the dependencies listed in `Chart.yml` and deploy the current + state of the helm chart found locally. If you want to test a branch, make + sure to switch to the respective branch first. + `helm install --dependency-update gitea . -f values.yaml`. +4. Gitea is now deployed in `minikube`. To access it, it's port needs to be + forwarded first from `minikube` to localhost first via `kubectl --namespace + default port-forward svc/gitea-http 3000:3000`. Now Gitea is accessible at + [http://localhost:3000](http://localhost:3000). diff --git a/gitea/Chart.lock b/gitea/Chart.lock new file mode 100644 index 0000000..245110d --- /dev/null +++ b/gitea/Chart.lock @@ -0,0 +1,15 @@ +dependencies: +- name: memcached + repository: https://raw.githubusercontent.com/bitnami/charts/pre-2022/bitnami + version: 5.9.0 +- name: mysql + repository: https://raw.githubusercontent.com/bitnami/charts/pre-2022/bitnami + version: 6.14.10 +- name: postgresql + repository: https://raw.githubusercontent.com/bitnami/charts/pre-2022/bitnami + version: 10.3.17 +- name: mariadb + repository: https://raw.githubusercontent.com/bitnami/charts/pre-2022/bitnami + version: 9.3.6 +digest: sha256:08f967276fa0c083e9756a974a9791a487a71be0a226dc14351b3e5a2641e8fd +generated: "2022-06-11T12:18:36.672047+02:00" diff --git a/gitea/Chart.yaml b/gitea/Chart.yaml new file mode 100644 index 0000000..03879dc --- /dev/null +++ b/gitea/Chart.yaml @@ -0,0 +1,46 @@ +apiVersion: v2 +appVersion: 1.17.1 +dependencies: +- condition: memcached.enabled + name: memcached + repository: https://raw.githubusercontent.com/bitnami/charts/pre-2022/bitnami + version: 5.9.0 +- condition: mysql.enabled + name: mysql + repository: https://raw.githubusercontent.com/bitnami/charts/pre-2022/bitnami + version: 6.14.10 +- condition: postgresql.enabled + name: postgresql + repository: https://raw.githubusercontent.com/bitnami/charts/pre-2022/bitnami + version: 10.3.17 +- condition: mariadb.enabled + name: mariadb + repository: https://raw.githubusercontent.com/bitnami/charts/pre-2022/bitnami + version: 9.3.6 +description: Gitea Helm chart for Kubernetes +icon: https://docs.gitea.io/images/gitea.png +keywords: +- git +- issue tracker +- code review +- wiki +- gitea +- gogs +maintainers: +- email: charlie@charliedrage.com + name: Charlie Drage +- email: maintainers@gitea.io + name: Gitea Authors +- email: konrad.lother@novum-rgi.de + name: Konrad Lother +- email: lucas.hahn@novum-rgi.de + name: Lucas Hahn +- email: sk.bunsenbrenner@gmail.com + name: Steven Kriegler +name: gitea +sources: +- https://gitea.com/gitea/helm-chart +- https://github.com/go-gitea/gitea +- https://hub.docker.com/r/gitea/gitea/ +type: application +version: 6.0.0 diff --git a/gitea/LICENSE b/gitea/LICENSE new file mode 100644 index 0000000..bbf54de --- /dev/null +++ b/gitea/LICENSE @@ -0,0 +1,24 @@ +MIT License + +Copyright (c) 2020 The Gitea Authors +Copyright (c) 2020 NOVUM-RGI +Copyright (c) 2019 - 2020 Charlie Drage +Copyright (c) 2018 John Felten + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all +copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +SOFTWARE. diff --git a/gitea/Makefile b/gitea/Makefile new file mode 100644 index 0000000..720a657 --- /dev/null +++ b/gitea/Makefile @@ -0,0 +1,8 @@ +.PHONY: prepare-environment +prepare-environment: + npm install + +.PHONY: readme +readme: prepare-environment + npm run readme:parameters + npm run readme:lint diff --git a/gitea/README.md b/gitea/README.md new file mode 100644 index 0000000..2fc73f7 --- /dev/null +++ b/gitea/README.md @@ -0,0 +1,966 @@ +# Gitea Helm Chart + +[Gitea](https://gitea.io/en-us/) is a community managed lightweight code hosting +solution written in Go. It is published under the MIT license. + +## Introduction + +This helm chart has taken some inspiration from [jfelten's helm +chart](https://github.com/jfelten/gitea-helm-chart). But takes a completely +different approach in providing a database and cache with dependencies. +Additionally, this chart provides LDAP and admin user configuration with values, +as well as being deployed as a statefulset to retain stored repositories. + +## Dependencies + +Gitea can be run with an external database and cache. This chart provides those +dependencies, which can be enabled, or disabled via +configuration. + +Dependencies: + +- PostgreSQL ([configuration](#postgresql)) +- Memcached ([configuration](#memcached)) +- MySQL ([configuration](#mysql)) +- MariaDB ([configuration](#mariadb)) + +## Installing + +```sh +helm repo add gitea-charts https://dl.gitea.io/charts/ +helm repo update +helm install gitea gitea-charts/gitea +``` + +When upgrading, please refer to the [Upgrading](#upgrading) section at the bottom +of this document for major and breaking changes. + +## Prerequisites + +- Kubernetes 1.12+ +- Helm 3.0+ +- PV provisioner for persistent data support + +## Configure Commit Signing + +When using the rootless image the gpg key folder was is not persistent by +default. If you consider using signed commits for internal Gitea activities +(e.g. initial commit), you'd need to provide a signing key. Prior to +[PR186](https://gitea.com/gitea/helm-chart/pulls/186), imported keys had to be +re-imported once the container got replaced by another. + +The mentioned PR introduced a new configuration object `signing` allowing you to +configure prerequisites for commit signing. By default this section is disabled +to maintain backwards compatibility. + +```yaml +signing: + enabled: false + gpgHome: /data/git/.gnupg +``` + +## Examples + +### Gitea Configuration + +Gitea offers lots of configuration options. This is fully described in the +[Gitea Cheat Sheet](https://docs.gitea.io/en-us/config-cheat-sheet/). + +```yaml +gitea: + config: + APP_NAME: "Gitea: With a cup of tea." + repository: + ROOT: "~/gitea-repositories" + repository.pull-request: + WORK_IN_PROGRESS_PREFIXES: "WIP:,[WIP]:" +``` + +### Default Configuration + +This chart will set a few defaults in the Gitea configuration based on the +service and ingress settings. All defaults can be overwritten in `gitea.config`. + +INSTALL_LOCK is always set to true, since we want to configure Gitea with this +helm chart and everything is taken care of. + +_All default settings are made directly in the generated app.ini, not in the Values._ + +#### Database defaults + +If a builtIn database is enabled the database configuration is set +automatically. For example, PostgreSQL builtIn will appear in the app.ini as: + +```ini +[database] +DB_TYPE = postgres +HOST = RELEASE-NAME-postgresql.default.svc.cluster.local:5432 +NAME = gitea +PASSWD = gitea +USER = gitea +``` + +#### Memcached defaults + +Memcached is handled the exact same way as database builtIn. Once Memcached +builtIn is enabled, this chart will generate the following part in the `app.ini`: + +```ini +[cache] +ADAPTER = memcache +ENABLED = true +HOST = RELEASE-NAME-memcached.default.svc.cluster.local:11211 +``` + +#### Server defaults + +The server defaults are a bit more complex. If ingress is `enabled`, the +`ROOT_URL`, `DOMAIN` and `SSH_DOMAIN` will be set accordingly. `HTTP_PORT` +always defaults to `3000` as well as `SSH_PORT` to `22`. + +```ini +[server] +APP_DATA_PATH = /data +DOMAIN = git.example.com +HTTP_PORT = 3000 +PROTOCOL = http +ROOT_URL = http://git.example.com +SSH_DOMAIN = git.example.com +SSH_LISTEN_PORT = 22 +SSH_PORT = 22 +ENABLE_PPROF = false +``` + +#### Metrics defaults + +The Prometheus `/metrics` endpoint is disabled by default. + +```ini +[metrics] +ENABLED = false +``` + +### Additional _app.ini_ settings + +> **The [generic](https://docs.gitea.io/en-us/config-cheat-sheet/#overall-default) +section cannot be defined that way.** + +Some settings inside _app.ini_ (like passwords or whole authentication configurations) +must be considered sensitive and therefore should not be passed via plain text +inside the _values.yaml_ file. In times of _GitOps_ the values.yaml could be stored +in a Git repository where sensitive data should never be accessible. + +The Helm Chart supports this approach and let the user define custom sources like +Kubernetes Secrets to be loaded as environment variables during _app.ini_ creation +or update. + +```yaml +gitea: + additionalConfigSources: + - secret: + secretName: gitea-app-ini-oauth + - configMap: + name: gitea-app-ini-plaintext +``` + +This would mount the two additional volumes (`oauth` and `some-additionals`) +from different sources to the init containerwhere the _app.ini_ gets updated. +All files mounted that way will be read and converted to environment variables +and then added to the _app.ini_ using [environment-to-ini](https://github.com/go-gitea/gitea/tree/main/contrib/environment-to-ini). + +The key of such additional source represents the section inside the _app.ini_. +The value for each key can be multiline ini-like definitions. + +In example, the referenced `gitea-app-ini-plaintext` could look like this. + +```yaml +apiVersion: v1 +kind: ConfigMap +metadata: + name: gitea-app-ini-plaintext +data: + session: | + PROVIDER=memory + SAME_SITE=strict + cron.archive_cleanup: | + ENABLED=true +``` + +Or when using a Kubernetes secret, having the same data structure: + +```yaml +apiVersion: v1 +kind: Secret +metadata: + name: gitea-security-related-configuration +type: Opaque +stringData: + security: | + PASSWORD_COMPLEXITY=off + session: | + SAME_SITE=strict +``` + +#### User defined environment variables in app.ini + +Users are able to define their own environment variables, +which are loaded into the containers. We also support to +directly interact with the generated _app.ini_. + +To inject self defined variables into the _app.ini_ a +certain format needs to be honored. This is +described in detail on the [env-to-ini](https://github.com/go-gitea/gitea/tree/main/contrib/environment-to-ini) +page. + +Note that the Prefix on this helm chart is `ENV_TO_INI`. + +For example a database setting needs to have the following +format: + +```yaml +gitea: + additionalConfigFromEnvs: + - name: ENV_TO_INI__DATABASE__HOST + value: my.own.host + - name: ENV_TO_INI__DATABASE__PASSWD + valueFrom: + secretKeyRef: + name: postgres-secret + key: password +``` + +Priority (highest to lowest) for defining app.ini variables: + +1. Environment variables prefixed with `ENV_TO_INI` +2. Additional config sources +3. Values defined in `gitea.config` + +### External Database + +An external Database can be used instead of builtIn PostgreSQL or MySQL. + +```yaml +gitea: + config: + database: + DB_TYPE: mysql + HOST: 127.0.0.1:3306 + NAME: gitea + USER: root + PASSWD: gitea + SCHEMA: gitea + +postgresql: + enabled: false +``` + +### Ports and external url + +By default port `3000` is used for web traffic and `22` for ssh. Those can be changed: + +```yaml +service: + http: + port: 3000 + ssh: + port: 22 +``` + +This helm chart automatically configures the clone urls to use the correct +ports. You can change these ports by hand using the `gitea.config` dict. However +you should know what you're doing. + +### ClusterIP + +By default the clusterIP will be set to None, which is the default for headless +services. However if you want to omit the clusterIP field in the service, use +the following values: + +```yaml +service: + http: + type: ClusterIP + port: 3000 + clusterIP: + ssh: + type: ClusterIP + port: 22 + clusterIP: +``` + +### SSH and Ingress + +If you're using ingress and want to use SSH, keep in mind, that ingress is not +able to forward SSH Ports. You will need a LoadBalancer like `metallb` and a +setting in your ssh service annotations. + +```yaml +service: + ssh: + annotations: + metallb.universe.tf/allow-shared-ip: test +``` + +### SSH on crio based kubernetes cluster + +If you use crio as container runtime it is not possible to read from a remote +repository. You should get an error message like this: + +```bash +$ git clone git@k8s-demo.internal:admin/test.git +Cloning into 'test'... +Connection reset by 192.168.179.217 port 22 +fatal: Could not read from remote repository. + +Please make sure you have the correct access rights +and the repository exists. +``` + +To solve this problem add the capability `SYS_CHROOT` to the `securityContext`. +More about this issue [here](https://gitea.com/gitea/helm-chart/issues/161). + +### Cache + +This helm chart can use a built in cache. The default is Memcached from bitnami. + +```yaml +memcached: + enabled: true +``` + +If the built in cache should not be used simply configure the cache in +`gitea.config`. + +```yaml +gitea: + config: + cache: + ENABLED: true + ADAPTER: memory + INTERVAL: 60 + HOST: 127.0.0.1:9090 +``` + +### Persistence + +Gitea will be deployed as a statefulset. By simply enabling the persistence and +setting the storage class according to your cluster everything else will be +taken care of. The following example will create a PVC as a part of the +statefulset. This PVC will not be deleted even if you uninstall the chart. + +Please note, that an empty storageClass in the persistence will result in +kubernetes using your default storage class. + +If you want to use your own storageClass define it as followed: + +```yaml +persistence: + enabled: true + storageClass: myOwnStorageClass +``` + +When using PostgreSQL as dependency, this will also be deployed as a statefulset +by default. + +If you want to manage your own PVC you can simply pass the PVC name to the chart. + +```yaml + persistence: + enabled: true + existingClaim: MyAwesomeGiteaClaim +``` + +In case that peristence has been disabled it will simply use an empty dir volume. + +PostgreSQL handles the persistence in the exact same way. +You can interact with the postgres settings as displayed in the following example: + +```yaml + postgresql: + persistence: + enabled: true + existingClaim: MyAwesomeGiteaPostgresClaim +``` + +MySQL also handles persistence the same, even though it is not deployed as a statefulset. +You can interact with the postgres settings as displayed in the following example: + +```yaml + mysql: + persistence: + enabled: true + existingClaim: MyAwesomeGiteaMysqlClaim +``` + +### Admin User + +This chart enables you to create a default admin user. It is also possible to +update the password for this user by upgrading or redeloying the chart. It is +not possible to delete an admin user after it has been created. This has to be +done in the ui. You cannot use `admin` as username. + +```yaml + gitea: + admin: + username: "MyAwesomeGiteaAdmin" + password: "AReallyAwesomeGiteaPassword" + email: "gi@tea.com" +``` + +You can also use an existing Secret to configure the admin user: + +```yaml +apiVersion: v1 +kind: Secret +metadata: + name: gitea-admin-secret +type: Opaque +stringData: + username: MyAwesomeGiteaAdmin + password: AReallyAwesomeGiteaPassword +``` + +```yaml +gitea: + admin: + existingSecret: gitea-admin-secret +``` + +### LDAP Settings + +Like the admin user the LDAP settings can be updated. +All LDAP values from are available. + +Multiple LDAP sources can be configured with additional LDAP list items. + +```yaml + gitea: + ldap: + - name: MyAwesomeGiteaLdap + securityProtocol: unencrypted + host: "127.0.0.1" + port: "389" + userSearchBase: ou=Users,dc=example,dc=com + userFilter: sAMAccountName=%s + adminFilter: CN=Admin,CN=Group,DC=example,DC=com + emailAttribute: mail + bindDn: CN=ldap read,OU=Spezial,DC=example,DC=com + bindPassword: JustAnotherBindPw + usernameAttribute: CN + publicSSHKeyAttribute: publicSSHKey +``` + +You can also use an existing secret to set the bindDn and bindPassword: + +```yaml +apiVersion: v1 +kind: Secret +metadata: + name: gitea-ldap-secret +type: Opaque +stringData: + bindDn: CN=ldap read,OU=Spezial,DC=example,DC=com + bindPassword: JustAnotherBindPw +``` + +```yaml +gitea: + ldap: + - existingSecret: gitea-ldap-secret + ... +``` + +⚠️ Some options are just flags and therefore don't have any values. If they +are defined in `gitea.ldap` configuration, they will be passed to the Gitea CLI +without any value. Affected options: + +- notActive +- skipTlsVerify +- allowDeactivateAll +- synchronizeUsers +- attributesInBind + +### OAuth2 Settings + +Like the admin user, OAuth2 settings can be updated and disabled but not +deleted. Deleting OAuth2 settings has to be done in the ui. All OAuth2 values, +which are documented [here](https://docs.gitea.io/en-us/command-line/#admin), are +available. + +Multiple OAuth2 sources can be configured with additional OAuth list items. + +```yaml +gitea: + oauth: + - name: 'MyAwesomeGiteaOAuth' + provider: 'openidConnect' + key: 'hello' + secret: 'world' + autoDiscoverUrl: 'https://gitea.example.com/.well-known/openid-configuration' + #useCustomUrls: + #customAuthUrl: + #customTokenUrl: + #customProfileUrl: + #customEmailUrl: +``` + +You can also use an existing secret to set the `key` and `secret`: + +```yaml +apiVersion: v1 +kind: Secret +metadata: + name: gitea-oauth-secret +type: Opaque +stringData: + key: hello + secret: world +``` + +```yaml +gitea: + oauth: + - name: 'MyAwesomeGiteaOAuth' + existingSecret: gitea-oauth-secret + ... +``` + +### Metrics and profiling + +A Prometheus `/metrics` endpoint on the `HTTP_PORT` and `pprof` profiling +endpoints on port 6060 can be enabled under `gitea`. Beware that the metrics +endpoint is exposed via the ingress, manage access using ingress annotations for +example. + +To deploy the `ServiceMonitor`, you first need to ensure that you have deployed +`prometheus-operator` and its +[CRDs](https://github.com/prometheus-operator/prometheus-operator#customresourcedefinitions). + +```yaml +gitea: + metrics: + enabled: true + serviceMonitor: + enabled: true + + config: + server: + ENABLE_PPROF: true +``` + +### Pod Annotations + +Annotations can be added to the Gitea pod. + +```yaml +gitea: + podAnnotations: {} +``` + +## Parameters + +### Global + +| Name | Description | Value | +| ------------------------- | ------------------------------------------------------------------------- | --------------- | +| `global.imageRegistry` | global image registry override | `""` | +| `global.imagePullSecrets` | global image pull secrets override; can be extended by `imagePullSecrets` | `[]` | +| `global.storageClass` | global storage class override | `""` | +| `replicaCount` | number of replicas for the statefulset | `1` | +| `clusterDomain` | cluster domain | `cluster.local` | + +### Image + +| Name | Description | Value | +| ------------------ | --------------------------------------------------------------------------------------------------------------------------------------- | ------------- | +| `image.registry` | image registry, e.g. gcr.io,docker.io | `""` | +| `image.repository` | Image to start for this pod | `gitea/gitea` | +| `image.tag` | Visit: [Image tag](https://hub.docker.com/r/gitea/gitea/tags?page=1&ordering=last_updated). Defaults to `appVersion` within Chart.yaml. | `""` | +| `image.pullPolicy` | Image pull policy | `Always` | +| `image.rootless` | Wether or not to pull the rootless version of Gitea, only works on Gitea 1.14.x or higher | `false` | +| `imagePullSecrets` | Secret to use for pulling the image | `[]` | + +### Security + +| Name | Description | Value | +| ---------------------------- | --------------------------------------------------------------- | ------ | +| `podSecurityContext.fsGroup` | Set the shared file system group for all containers in the pod. | `1000` | +| `containerSecurityContext` | Security context | `{}` | +| `securityContext` | Run init and Gitea containers as a specific securityContext | `{}` | + +### Service + +| Name | Description | Value | +| --------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ----------- | +| `service.http.type` | Kubernetes service type for web traffic | `ClusterIP` | +| `service.http.port` | Port number for web traffic | `3000` | +| `service.http.clusterIP` | ClusterIP setting for http autosetup for statefulset is None | `None` | +| `service.http.loadBalancerIP` | LoadBalancer IP setting | `nil` | +| `service.http.nodePort` | NodePort for http service | `nil` | +| `service.http.externalTrafficPolicy` | If `service.http.type` is `NodePort` or `LoadBalancer`, set this to `Local` to enable source IP preservation | `nil` | +| `service.http.externalIPs` | External IPs for service | `nil` | +| `service.http.ipFamilyPolicy` | HTTP service dual-stack policy | `nil` | +| `service.http.ipFamilies` | HTTP service dual-stack familiy selection,for dual-stack parameters see official kubernetes [dual-stack concept documentation](https://kubernetes.io/docs/concepts/services-networking/dual-stack/). | `nil` | +| `service.http.loadBalancerSourceRanges` | Source range filter for http loadbalancer | `[]` | +| `service.http.annotations` | HTTP service annotations | `{}` | +| `service.ssh.type` | Kubernetes service type for ssh traffic | `ClusterIP` | +| `service.ssh.port` | Port number for ssh traffic | `22` | +| `service.ssh.clusterIP` | ClusterIP setting for ssh autosetup for statefulset is None | `None` | +| `service.ssh.loadBalancerIP` | LoadBalancer IP setting | `nil` | +| `service.ssh.nodePort` | NodePort for ssh service | `nil` | +| `service.ssh.externalTrafficPolicy` | If `service.ssh.type` is `NodePort` or `LoadBalancer`, set this to `Local` to enable source IP preservation | `nil` | +| `service.ssh.externalIPs` | External IPs for service | `nil` | +| `service.ssh.ipFamilyPolicy` | SSH service dual-stack policy | `nil` | +| `service.ssh.ipFamilies` | SSH service dual-stack familiy selection,for dual-stack parameters see official kubernetes [dual-stack concept documentation](https://kubernetes.io/docs/concepts/services-networking/dual-stack/). | `nil` | +| `service.ssh.hostPort` | HostPort for ssh service | `nil` | +| `service.ssh.loadBalancerSourceRanges` | Source range filter for ssh loadbalancer | `[]` | +| `service.ssh.annotations` | SSH service annotations | `{}` | + +### Ingress + +| Name | Description | Value | +| ------------------------------------ | --------------------------------------------------------------------------- | ----------------- | +| `ingress.enabled` | Enable ingress | `false` | +| `ingress.className` | Ingress class name | `nil` | +| `ingress.annotations` | Ingress annotations | `{}` | +| `ingress.hosts[0].host` | Default Ingress host | `git.example.com` | +| `ingress.hosts[0].paths[0].path` | Default Ingress path | `/` | +| `ingress.hosts[0].paths[0].pathType` | Ingress path type | `Prefix` | +| `ingress.tls` | Ingress tls settings | `[]` | +| `ingress.apiVersion` | Specify APIVersion of ingress object. Mostly would only be used for argocd. | | + +### StatefulSet + +| Name | Description | Value | +| ------------------------------------------- | ------------------------------------------------------ | ----- | +| `resources` | Kubernetes resources | `{}` | +| `schedulerName` | Use an alternate scheduler, e.g. "stork" | `""` | +| `nodeSelector` | NodeSelector for the statefulset | `{}` | +| `tolerations` | Tolerations for the statefulset | `[]` | +| `affinity` | Affinity for the statefulset | `{}` | +| `dnsConfig` | dnsConfig for the statefulset | `{}` | +| `statefulset.env` | Additional environment variables to pass to containers | `[]` | +| `statefulset.terminationGracePeriodSeconds` | How long to wait until forcefully kill the pod | `60` | +| `statefulset.labels` | Labels for the statefulset | `{}` | +| `statefulset.annotations` | Annotations for the Gitea StatefulSet to be created | `{}` | + +### Persistence + +| Name | Description | Value | +| ---------------------------- | ----------------------------------------------------------------------------------------------------- | ------------------- | +| `persistence.enabled` | Enable persistent storage | `true` | +| `persistence.existingClaim` | Use an existing claim to store repository information | `nil` | +| `persistence.size` | Size for persistence to store repo information | `10Gi` | +| `persistence.accessModes` | AccessMode for persistence | `["ReadWriteOnce"]` | +| `persistence.labels` | Labels for the persistence volume claim to be created | `{}` | +| `persistence.annotations` | Annotations for the persistence volume claim to be created | `{}` | +| `persistence.storageClass` | Name of the storage class to use | `nil` | +| `persistence.subPath` | Subdirectory of the volume to mount at | `nil` | +| `extraVolumes` | Additional volumes to mount to the Gitea statefulset | `[]` | +| `extraContainerVolumeMounts` | Mounts that are only mapped into the Gitea runtime/main container, to e.g. override custom templates. | `[]` | +| `extraInitVolumeMounts` | Mounts that are only mapped into the init-containers. Can be used for additional preconfiguration. | `[]` | +| `extraVolumeMounts` | **DEPRECATED** Additional volume mounts for init containers and the Gitea main container | `[]` | + +### Init + +| Name | Description | Value | +| --------------- | --------------------------------------------------------------------- | ----- | +| `initPreScript` | Bash shell script copied verbatim to the start of the init-container. | `""` | + +### Signing + +| Name | Description | Value | +| ----------------- | ---------------------------- | ------------------ | +| `signing.enabled` | Enable commit/action signing | `false` | +| `signing.gpgHome` | GPG home directory | `/data/git/.gnupg` | + +### Gitea + +| Name | Description | Value | +| -------------------------------------- | ------------------------------------------------------------------------------------------------------------- | -------------------- | +| `gitea.admin.username` | Username for the Gitea admin user | `gitea_admin` | +| `gitea.admin.existingSecret` | Use an existing secret to store admin user credentials | `nil` | +| `gitea.admin.password` | Password for the Gitea admin user | `r8sA8CPHD9!bt6d` | +| `gitea.admin.email` | Email for the Gitea admin user | `gitea@local.domain` | +| `gitea.metrics.enabled` | Enable Gitea metrics | `false` | +| `gitea.metrics.serviceMonitor.enabled` | Enable Gitea metrics service monitor | `false` | +| `gitea.ldap` | LDAP configuration | `[]` | +| `gitea.oauth` | OAuth configuration | `[]` | +| `gitea.config` | Configuration for the Gitea server,ref: [config-cheat-sheet](https://docs.gitea.io/en-us/config-cheat-sheet/) | `{}` | +| `gitea.additionalConfigSources` | Additional configuration from secret or configmap | `[]` | +| `gitea.additionalConfigFromEnvs` | Additional configuration sources from environment variables | `[]` | +| `gitea.podAnnotations` | Annotations for the Gitea pod | `{}` | + +### LivenessProbe + +| Name | Description | Value | +| ----------------------------------------- | ------------------------------------------------ | ------ | +| `gitea.livenessProbe.enabled` | Enable liveness probe | `true` | +| `gitea.livenessProbe.tcpSocket.port` | Port to probe for liveness | `http` | +| `gitea.livenessProbe.initialDelaySeconds` | Initial delay before liveness probe is initiated | `200` | +| `gitea.livenessProbe.timeoutSeconds` | Timeout for liveness probe | `1` | +| `gitea.livenessProbe.periodSeconds` | Period for liveness probe | `10` | +| `gitea.livenessProbe.successThreshold` | Success threshold for liveness probe | `1` | +| `gitea.livenessProbe.failureThreshold` | Failure threshold for liveness probe | `10` | + +### ReadinessProbe + +| Name | Description | Value | +| ------------------------------------------ | ------------------------------------------------- | ------ | +| `gitea.readinessProbe.enabled` | Enable readiness probe | `true` | +| `gitea.readinessProbe.tcpSocket.port` | Port to probe for readiness | `http` | +| `gitea.readinessProbe.initialDelaySeconds` | Initial delay before readiness probe is initiated | `5` | +| `gitea.readinessProbe.timeoutSeconds` | Timeout for readiness probe | `1` | +| `gitea.readinessProbe.periodSeconds` | Period for readiness probe | `10` | +| `gitea.readinessProbe.successThreshold` | Success threshold for readiness probe | `1` | +| `gitea.readinessProbe.failureThreshold` | Failure threshold for readiness probe | `3` | + +### StartupProbe + +| Name | Description | Value | +| ---------------------------------------- | ----------------------------------------------- | ------- | +| `gitea.startupProbe.enabled` | Enable startup probe | `false` | +| `gitea.startupProbe.tcpSocket.port` | Port to probe for startup | `http` | +| `gitea.startupProbe.initialDelaySeconds` | Initial delay before startup probe is initiated | `60` | +| `gitea.startupProbe.timeoutSeconds` | Timeout for startup probe | `1` | +| `gitea.startupProbe.periodSeconds` | Period for startup probe | `10` | +| `gitea.startupProbe.successThreshold` | Success threshold for startup probe | `1` | +| `gitea.startupProbe.failureThreshold` | Failure threshold for startup probe | `10` | + +### Memcached + +| Name | Description | Value | +| ------------------------ | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------- | +| `memcached.enabled` | Memcached is loaded as a dependency from [Bitnami](https://github.com/bitnami/charts/tree/master/bitnami/memcached) if enabled in the values. Complete Configuration can be taken from their website. | `true` | +| `memcached.service.port` | Port for Memcached | `11211` | + +### PostgreSQL + +| Name | Description | Value | +| ------------------------------------------------- | -------------------------------------------------------- | ------- | +| `postgresql.enabled` | Enable PostgreSQL | `true` | +| `postgresql.global.postgresql.postgresqlDatabase` | PostgreSQL database (overrides postgresqlDatabase) | `gitea` | +| `postgresql.global.postgresql.postgresqlUsername` | PostgreSQL username (overrides postgresqlUsername) | `gitea` | +| `postgresql.global.postgresql.postgresqlPassword` | PostgreSQL admin password (overrides postgresqlPassword) | `gitea` | +| `postgresql.global.postgresql.servicePort` | PostgreSQL port (overrides service.port) | `5432` | +| `postgresql.persistence.size` | PVC Storage Request for PostgreSQL volume | `10Gi` | + +### MySQL + +| Name | Description | Value | +| ------------------------ | ------------------------------------------------------------------ | ------- | +| `mysql.enabled` | Enable MySQL | `false` | +| `mysql.root.password` | Password for the root user. Ignored if existing secret is provided | `gitea` | +| `mysql.db.user` | Username of new user to create. | `gitea` | +| `mysql.db.password` | Password for the new user.Ignored if existing secret is provided | `gitea` | +| `mysql.db.name` | Name for new database to create. | `gitea` | +| `mysql.service.port` | Port to connect to MySQL service | `3306` | +| `mysql.persistence.size` | PVC Storage Request for MySQL volume | `10Gi` | + +### MariaDB + +| Name | Description | Value | +| ---------------------------------- | ----------------------------------------------------------------- | ------- | +| `mariadb.enabled` | Enable MariaDB | `false` | +| `mariadb.auth.database` | Name of the database to create. | `gitea` | +| `mariadb.auth.username` | Username of the new user to create. | `gitea` | +| `mariadb.auth.password` | Password for the new user. Ignored if existing secret is provided | `gitea` | +| `mariadb.auth.rootPassword` | Password for the root user. | `gitea` | +| `mariadb.primary.service.port` | Port to connect to MariaDB service | `3306` | +| `mariadb.primary.persistence.size` | Persistence size for MariaDB | `10Gi` | + +### Advanced + +| Name | Description | Value | +| ------------------ | ---------------------------------------------------- | ------ | +| `checkDeprecation` | Set it to false to skip this basic validation check. | `true` | + +## Contributing + +Expected workflow is: Fork -> Patch -> Push -> Pull Request + +See [CONTRIBUTORS GUIDE](CONTRIBUTING.md) for details. + +## Upgrading + +This section lists major and breaking changes of each Helm Chart version. +Please read them carefully to upgrade successfully. + +### To 6.0.0 + +#### Different volume mounts for init-containers and runtime container + +**The `extraVolumeMounts` is deprecated** in favor of `extraInitVolumeMounts` and +`extraContainerVolumeMounts`. You can now have different mounts for the initialization +phase and Gitea runtime. The deprecated `extraVolumeMounts` will still be available +for the time being and is mounted into every container. If you want to switch to +the new settings and want to mount specific volumes into all containers, you have +to configure their mount points within both new settings. + +**Combining values from the deprecated setting with values from the new settings +is not possible.** + +#### New `enabled` flag for `startupProbe` + +Prior to this version the `startupProbe` was just a commented sample within the +`values.yaml`. With the migration to an auto-generated [Parameters](#parameters) +section, a new parameter `gitea.startupProbe.enabled` has been introduced set to +`false` by default. + +If you are using the `startupProbe` you need to add that new +parameter and set it to `true`. Otherwise, your defined probe won't be considered +after the upgrade. + +### To 5.0.0 + +> 💥 The Helm Chart now requires Gitea versions of at least 1.11.0. + +#### Enable Dependencies + +The values to enable the dependencies, +such as PostgreSQL, Memcached, MySQL and MariaDB +have been moved from `gitea.database.builtIn.` to the dependency values. + +You can now enable the dependencies as followed: + +```yaml +memcached: + enabled: true + +postgresql: + enabled: true + +mysql: + enabled: false + +mariadb: + enabled: false +``` + +#### App.ini generation + +The app.ini generation has changed and now utilizes the environment-to-ini +script provided by newer Gitea versions. This change ensures, that the app.ini +is now persistent. + +##### Secret Key generation + +Gitea secret keys (SECRET_KEY, INTERNAL_TOKEN, JWT_SECRET) are now generated +automatically in certain situations: + +- New install: By default the secrets are created automatically. If you provide + secrets via `gitea.config` they will be used instead of automatic generation. +- Existing installs: The secrets won't be deployed, neither via + configuration nor via auto generation. We explicitly prevent to set new secrets. + +> 💡 It would be possible to set new secret keys manually by entering +the running container and rewriting the app.ini by hand. However, this it is +not advisable to do so for existing installations. Certain settings like +_LDAP_ would not be readable anymore. + +#### Probes + +`gitea.customLivenessProbe`, `gitea.customReadinessProbe` and `gitea.customStartupProbe` +have been removed. + +They are replaced by the settings `gitea.livenessProbe`, `gitea.readinessProbe` +and `gitea.startupProbe` which are now fully configurable and used _as-is_ for +a Chart deployment. +If you have customized their values instead of using the `custom` prefixed settings, +please ensure that you remove the `enabled` property from each of them. + +In case you want to disable one of these probes, let's say the `livenessProbe`, add +the following to your values. The `podAnnotation` is just there to have a bit more +context. + +```diff +gitea: ++ livenessProbe: + podAnnotations: {} +``` + +#### Multiple OAuth and LDAP authentication sources + +With `5.0.0` of this Chart it is now possible to configure Gitea with multiple +OAuth and LDAP sources. As a result, you need to update an existing OAuth/LDAP configuration +in your customized `values.yaml` by replacing the object with settings to a list +of settings objects. See [OAuth2 Settings](#oauth2-settings) and +[LDAP Settings](#ldap-settings) section for details. + +### To 4.0.0 + +#### Ingress changes + +To provide a more flexible Ingress configuration we now support not only host +settings but also provide configuration for the path and pathType. So this +change changes the hosts from a simple string list, to a list containing a more +complex object for more configuration. + +```diff +ingress: + enabled: false + annotations: {} + # kubernetes.io/ingress.class: nginx + # kubernetes.io/tls-acme: "true" +- hosts: +- - git.example.com ++ hosts: ++ - host: git.example.com ++ paths: ++ - path: / ++ pathType: Prefix + tls: [] + # - secretName: chart-example-tls + # hosts: + # - git.example.com +``` + +If you want everything as it was before, you can simply add the following code +to all your host entries. + +```yaml +paths: + - path: / + pathType: Prefix +``` + +#### Dropped kebab-case support + +In 3.x.x it was possible to provide an ldap configuration via kebab-case, this +support has now been dropped and only camel case is supported. See [LDAP +section](#ldap-settings) for more information. + +#### Dependency update + +The chart comes with multiple databases and Memcached as dependency, the latest +release updated the dependencies. + +- Memcached: `4.2.20` -> `5.9.0` +- PostgreSQL: `9.7.2` -> `10.3.17` +- MariaDB: `8.0.0` -> `9.3.6` + +If you're using the builtin databases you will most likely redeploy the chart in +order to update the database correctly. + +#### Execution of initPreScript + +Generally spoken, this might not be a breaking change, but it is worth to be +mentioned. + +Prior to `4.0.0` only one init container was used to both setup directories and +configure Gitea. As of now the actual Gitea configuration is separated from the +other pre-execution. This also includes the execution of _initPreScript_. If you +have such script, please be aware of this. Dynamically prepare the Gitea setup +during execution by e.g. adding environment variables to the execution context +won't work anymore. + +### Misc + +#### Gitea Version 1.14.X repository ROOT + +Previously the ROOT folder for the Gitea repositories was located at +`/data/git/gitea-repositories`. In version `1.14` has the path been changed to +`/data/gitea-repositories`. + +This chart will set the `gitea.config.repository.ROOT` value default to +`/data/git/gitea-repositories`. diff --git a/gitea/charts/mariadb/.helmignore b/gitea/charts/mariadb/.helmignore new file mode 100644 index 0000000..f0c1319 --- /dev/null +++ b/gitea/charts/mariadb/.helmignore @@ -0,0 +1,21 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj diff --git a/gitea/charts/mariadb/Chart.lock b/gitea/charts/mariadb/Chart.lock new file mode 100644 index 0000000..c364b7c --- /dev/null +++ b/gitea/charts/mariadb/Chart.lock @@ -0,0 +1,6 @@ +dependencies: +- name: common + repository: https://charts.bitnami.com/bitnami + version: 1.4.1 +digest: sha256:81be4c0ebd0a81952423b24268e82697231b8c07991ee60b23b950ff1db003a2 +generated: "2021-03-24T01:26:15.013812575Z" diff --git a/gitea/charts/mariadb/Chart.yaml b/gitea/charts/mariadb/Chart.yaml new file mode 100644 index 0000000..84a408e --- /dev/null +++ b/gitea/charts/mariadb/Chart.yaml @@ -0,0 +1,30 @@ +annotations: + category: Database +apiVersion: v2 +appVersion: 10.5.9 +dependencies: +- name: common + repository: https://charts.bitnami.com/bitnami + tags: + - bitnami-common + version: 1.x.x +description: Fast, reliable, scalable, and easy to use open-source relational database + system. MariaDB Server is intended for mission-critical, heavy-load production systems + as well as for embedding into mass-deployed software. Highly available MariaDB cluster. +home: https://github.com/bitnami/charts/tree/master/bitnami/mariadb +icon: https://bitnami.com/assets/stacks/mariadb/img/mariadb-stack-220x234.png +keywords: +- mariadb +- mysql +- database +- sql +- prometheus +maintainers: +- email: containers@bitnami.com + name: Bitnami +name: mariadb +sources: +- https://github.com/bitnami/bitnami-docker-mariadb +- https://github.com/prometheus/mysqld_exporter +- https://mariadb.org +version: 9.3.6 diff --git a/gitea/charts/mariadb/README.md b/gitea/charts/mariadb/README.md new file mode 100644 index 0000000..3b914ee --- /dev/null +++ b/gitea/charts/mariadb/README.md @@ -0,0 +1,391 @@ +# MariaDB + +[MariaDB](https://mariadb.org) is one of the most popular database servers in the world. It’s made by the original developers of MySQL and guaranteed to stay open source. Notable users include Wikipedia, Facebook and Google. + +MariaDB is developed as open source software and as a relational database it provides an SQL interface for accessing data. The latest versions of MariaDB also include GIS and JSON features. + +## TL;DR + +```bash +$ helm repo add bitnami https://charts.bitnami.com/bitnami +$ helm install my-release bitnami/mariadb +``` + +## Introduction + +This chart bootstraps a [MariaDB](https://github.com/bitnami/bitnami-docker-mariadb) replication cluster deployment on a [Kubernetes](http://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager. + +Bitnami charts can be used with [Kubeapps](https://kubeapps.com/) for deployment and management of Helm Charts in clusters. This chart has been tested to work with NGINX Ingress, cert-manager, fluentd and Prometheus on top of the [BKPR](https://kubeprod.io/). + +## Prerequisites + +- Kubernetes 1.12+ +- Helm 3.1.0 +- PV provisioner support in the underlying infrastructure + +## Installing the Chart + +To install the chart with the release name `my-release`: + +```bash +$ helm install my-release bitnami/mariadb +``` + +The command deploys MariaDB on the Kubernetes cluster in the default configuration. The [Parameters](#parameters) section lists the parameters that can be configured during installation. + +> **Tip**: List all releases using `helm list` + +## Uninstalling the Chart + +To uninstall/delete the `my-release` deployment: + +```bash +$ helm delete my-release +``` + +The command removes all the Kubernetes components associated with the chart and deletes the release. + +## Parameters + +The following table lists the configurable parameters of the MariaDB chart and their default values. + +| Parameter | Description | Default | +|---------------------------|-------------------------------------------------|---------------------------------------------------------| +| `global.imageRegistry` | Global Docker Image registry | `nil` | +| `global.imagePullSecrets` | Global Docker registry secret names as an array | `[]` (does not add image pull secrets to deployed pods) | +| `global.storageClass` | Global storage class for dynamic provisioning | `nil` | + +### Common parameters + +| Parameter | Description | Default | +|---------------------|-----------------------------------------------------------------------------|-----------------| +| `nameOverride` | String to partially override mariadb.fullname | `nil` | +| `fullnameOverride` | String to fully override mariadb.fullname | `nil` | +| `clusterDomain` | Default Kubernetes cluster domain | `cluster.local` | +| `commonLabels` | Labels to add to all deployed objects | `nil` | +| `commonAnnotations` | Annotations to add to all deployed objects | `[]` | +| `schedulerName` | Name of the scheduler (other than default) to dispatch pods | `nil` | +| `extraDeploy` | Array of extra objects to deploy with the release (evaluated as a template) | `nil` | + +### MariaDB common parameters + +| Parameter | Description | Default | +|----------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|---------------------------------------------------------| +| `image.registry` | MariaDB image registry | `docker.io` | +| `image.repository` | MariaDB image name | `bitnami/mariadb` | +| `image.tag` | MariaDB image tag | `{TAG_NAME}` | +| `image.pullPolicy` | MariaDB image pull policy | `IfNotPresent` | +| `image.pullSecrets` | Specify docker-registry secret names as an array | `[]` (does not add image pull secrets to deployed pods) | +| `image.debug` | Specify if debug logs should be enabled | `false` | +| `architecture` | MariaDB architecture (`standalone` or `replication`) | `standalone` | +| `auth.rootPassword` | Password for the `root` user. Ignored if existing secret is provided. | _random 10 character alphanumeric string_ | +| `auth.database` | Name for a custom database to create | `my_database` | +| `auth.username` | Name for a custom user to create | `""` | +| `auth.password` | Password for the new user. Ignored if existing secret is provided | _random 10 character long alphanumeric string_ | +| `auth.replicationUser` | MariaDB replication user | `nil` | +| `auth.replicationPassword` | MariaDB replication user password. Ignored if existing secret is provided | _random 10 character long alphanumeric string_ | +| `auth.forcePassword` | Force users to specify required passwords | `false` | +| `auth.usePasswordFiles` | Mount credentials as a files instead of using an environment variable | `false` | +| `auth.customPasswordFiles` | Use custom password files when `auth.usePasswordFiles` is set to `true`. Define path for keys `root` and `user`, also define `replicator` if `architecture` is set to `replication` | `{}` | +| `auth.existingSecret` | Use existing secret for password details (`auth.rootPassword`, `auth.password`, `auth.replicationPassword` will be ignored and picked up from this secret). The secret has to contain the keys `mariadb-root-password`, `mariadb-replication-password` and `mariadb-password` | `nil` | +| `initdbScripts` | Dictionary of initdb scripts | `nil` | +| `initdbScriptsConfigMap` | ConfigMap with the initdb scripts (Note: Overrides `initdbScripts`) | `nil` | + +### MariaDB Primary parameters + +| Parameter | Description | Default | +|----------------------------------------------|-------------------------------------------------------------------------------------------------------------------|--------------------------------| +| `primary.command` | Override default container command on MariaDB Primary container(s) (useful when using custom images) | `nil` | +| `primary.args` | Override default container args on MariaDB Primary container(s) (useful when using custom images) | `nil` | +| `primary.configuration` | MariaDB Primary configuration to be injected as ConfigMap | Check `values.yaml` file | +| `primary.existingConfigmap` | Name of existing ConfigMap with MariaDB Primary configuration | `nil` | +| `primary.hostAliases` | Add deployment host aliases | `[]` | +| `primary.updateStrategy` | Update strategy type for the MariaDB primary statefulset | `RollingUpdate` | +| `primary.podAnnotations` | Additional pod annotations for MariaDB primary pods | `{}` (evaluated as a template) | +| `primary.podLabels` | Additional pod labels for MariaDB primary pods | `{}` (evaluated as a template) | +| `primary.podAffinityPreset` | MariaDB primary pod affinity preset. Ignored if `primary.affinity` is set. Allowed values: `soft` or `hard` | `""` | +| `primary.podAntiAffinityPreset` | MariaDB primary pod anti-affinity preset. Ignored if `primary.affinity` is set. Allowed values: `soft` or `hard` | `soft` | +| `primary.nodeAffinityPreset.type` | MariaDB primary node affinity preset type. Ignored if `primary.affinity` is set. Allowed values: `soft` or `hard` | `""` | +| `primary.nodeAffinityPreset.key` | MariaDB primary node label key to match Ignored if `primary.affinity` is set. | `""` | +| `primary.nodeAffinityPreset.values` | MariaDB primary node label values to match. Ignored if `primary.affinity` is set. | `[]` | +| `primary.affinity` | Affinity for MariaDB primary pods assignment | `{}` (evaluated as a template) | +| `primary.nodeSelector` | Node labels for MariaDB primary pods assignment | `{}` (evaluated as a template) | +| `primary.tolerations` | Tolerations for MariaDB primary pods assignment | `[]` (evaluated as a template) | +| `primary.priorityClassName` | Priority class for MariaDB primary pods assignment | `nil` | +| `primary.podSecurityContext.enabled` | Enable security context for MariaDB primary pods | `true` | +| `primary.podSecurityContext.fsGroup` | Group ID for the mounted volumes' filesystem | `1001` | +| `primary.containerSecurityContext.enabled` | MariaDB primary container securityContext | `true` | +| `primary.containerSecurityContext.runAsUser` | User ID for the MariaDB primary container | `1001` | +| `primary.livenessProbe` | Liveness probe configuration for MariaDB primary containers | Check `values.yaml` file | +| `primary.readinessProbe` | Readiness probe configuration for MariaDB primary containers | Check `values.yaml` file | +| `primary.customLivenessProbe` | Override default liveness probe for MariaDB primary containers | `nil` | +| `primary.customReadinessProbe` | Override default readiness probe for MariaDB primary containers | `nil` | +| `primary.resources.limits` | The resources limits for MariaDB primary containers | `{}` | +| `primary.resources.requests` | The requested resources for MariaDB primary containers | `{}` | +| `primary.extraEnvVars` | Extra environment variables to be set on MariaDB primary containers | `{}` | +| `primary.extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars for MariaDB primary containers | `nil` | +| `primary.extraEnvVarsSecret` | Name of existing Secret containing extra env vars for MariaDB primary containers | `nil` | +| `primary.extraFlags` | MariaDB primary additional command line flags | `nil` | +| `primary.persistence.enabled` | Enable persistence on MariaDB primary replicas using a `PersistentVolumeClaim` | `true` | +| `primary.persistence.existingClaim` | Name of an existing `PersistentVolumeClaim` for MariaDB primary replicas | `nil` | +| `primary.persistence.subPath` | Subdirectory of the volume to mount at | `nil` | +| `primary.persistence.annotations` | MariaDB primary persistent volume claim annotations | `{}` (evaluated as a template) | +| `primary.persistence.storageClass` | MariaDB primary persistent volume storage Class | `nil` | +| `primary.persistence.accessModes` | MariaDB primary persistent volume access Modes | `[ReadWriteOnce]` | +| `primary.persistence.size` | MariaDB primary persistent volume size | `8Gi` | +| `primary.persistence.selector` | Selector to match an existing Persistent Volume | `{}` (evaluated as a template) | +| `primary.initContainers` | Add additional init containers for the MariaDB Primary pod(s) | `{}` (evaluated as a template) | +| `primary.sidecars` | Add additional sidecar containers for the MariaDB Primary pod(s) | `{}` (evaluated as a template) | +| `primary.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the MariaDB Primary container(s) | `{}` | +| `primary.extraVolumes` | Optionally specify extra list of additional volumes to the MariaDB Primary pod(s) | `{}` | +| `primary.service.type` | MariaDB Primary K8s service type | `ClusterIP` | +| `primary.service.clusterIP` | MariaDB Primary K8s service clusterIP IP | `nil` | +| `primary.service.port` | MariaDB Primary K8s service port | `3306` | +| `primary.service.nodePort` | MariaDB Primary K8s service node port | `nil` | +| `primary.service.loadBalancerIP` | MariaDB Primary loadBalancerIP if service type is `LoadBalancer` | `nil` | +| `primary.service.loadBalancerSourceRanges` | Address that are allowed when MariaDB Primary service is LoadBalancer | `[]` | +| `primary.pdb.enabled` | Enable/disable a Pod Disruption Budget creation for MariaDB primary pods | `false` | +| `primary.pdb.minAvailable` | Minimum number/percentage of MariaDB primary pods that should remain scheduled | `1` | +| `primary.pdb.maxUnavailable` | Maximum number/percentage of MariaDB primary pods that may be made unavailable | `nil` | + +### MariaDB Secondary parameters + +| Parameter | Description | Default | +|------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------|--------------------------------| +| `secondary.command` | Override default container command on MariaDB Secondary container(s) (useful when using custom images) | `nil` | +| `secondary.args` | Override default container args on MariaDB Secondary container(s) (useful when using custom images) | `nil` | +| `secondary.configuration` | MariaDB Secondary configuration to be injected as ConfigMap | Check `values.yaml` file | +| `secondary.existingConfigmap` | Name of existing ConfigMap with MariaDB Secondary configuration | `nil` | +| `secondary.replicaCount` | Number of MariaDB secondary replicas | `1` | +| `secondary.updateStrategy` | Update strategy type for the MariaDB secondary statefulset | `RollingUpdate` | +| `secondary.podAnnotations` | Additional pod annotations for MariaDB secondary pods | `{}` (evaluated as a template) | +| `secondary.hostAliases` | Add deployment host aliases | `[]` | +| `secondary.podLabels` | Additional pod labels for MariaDB secondary pods | `{}` (evaluated as a template) | +| `secondary.podAffinityPreset` | MariaDB secondary pod affinity preset. Ignored if `secondary.affinity` is set. Allowed values: `soft` or `hard` | `""` | +| `secondary.podAntiAffinityPreset` | MariaDB secondary pod anti-affinity preset. Ignored if `secondary.affinity` is set. Allowed values: `soft` or `hard` | `soft` | +| `secondary.nodeAffinityPreset.type` | MariaDB secondary node affinity preset type. Ignored if `secondary.affinity` is set. Allowed values: `soft` or `hard` | `""` | +| `secondary.nodeAffinityPreset.key` | MariaDB secondary node label key to match Ignored if `secondary.affinity` is set. | `""` | +| `secondary.nodeAffinityPreset.values` | MariaDB secondary node label values to match. Ignored if `secondary.affinity` is set. | `[]` | +| `secondary.affinity` | Affinity for MariaDB secondary pods assignment | `{}` (evaluated as a template) | +| `secondary.nodeSelector` | Node labels for MariaDB secondary pods assignment | `{}` (evaluated as a template) | +| `secondary.tolerations` | Tolerations for MariaDB secondary pods assignment | `[]` (evaluated as a template) | +| `secondary.priorityClassName` | Priority class for MariaDB secondary pods assignment | `nil` | +| `secondary.podSecurityContext.enabled` | Enable security context for MariaDB secondary pods | `true` | +| `secondary.podSecurityContext.fsGroup` | Group ID for the mounted volumes' filesystem | `1001` | +| `secondary.containerSecurityContext.enabled` | MariaDB secondary container securityContext | `true` | +| `secondary.containerSecurityContext.runAsUser` | User ID for the MariaDB secondary container | `1001` | +| `secondary.livenessProbe` | Liveness probe configuration for MariaDB secondary containers | Check `values.yaml` file | +| `secondary.readinessProbe` | Readiness probe configuration for MariaDB secondary containers | Check `values.yaml` file | +| `secondary.customLivenessProbe` | Override default liveness probe for MariaDB secondary containers | `nil` | +| `secondary.customReadinessProbe` | Override default readiness probe for MariaDB secondary containers | `nil` | +| `secondary.resources.limits` | The resources limits for MariaDB secondary containers | `{}` | +| `secondary.resources.requests` | The requested resources for MariaDB secondary containers | `{}` | +| `secondary.extraEnvVars` | Extra environment variables to be set on MariaDB secondary containers | `{}` | +| `secondary.extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars for MariaDB secondary containers | `nil` | +| `secondary.extraEnvVarsSecret` | Name of existing Secret containing extra env vars for MariaDB secondary containers | `nil` | +| `secondary.extraFlags` | MariaDB secondary additional command line flags | `nil` | +| `secondary.extraFlags` | MariaDB secondary additional command line flags | `nil` | +| `secondary.persistence.enabled` | Enable persistence on MariaDB secondary replicas using a `PersistentVolumeClaim` | `true` | +| `secondary.persistence.subPath` | Subdirectory of the volume to mount at | `nil` | +| `secondary.persistence.annotations` | MariaDB secondary persistent volume claim annotations | `{}` (evaluated as a template) | +| `secondary.persistence.storageClass` | MariaDB secondary persistent volume storage Class | `nil` | +| `secondary.persistence.accessModes` | MariaDB secondary persistent volume access Modes | `[ReadWriteOnce]` | +| `secondary.persistence.size` | MariaDB secondary persistent volume size | `8Gi` | +| `secondary.persistence.selector` | Selector to match an existing Persistent Volume | `{}` (evaluated as a template) | +| `secondary.initContainers` | Add additional init containers for the MariaDB secondary pod(s) | `{}` (evaluated as a template) | +| `secondary.sidecars` | Add additional sidecar containers for the MariaDB secondary pod(s) | `{}` (evaluated as a template) | +| `secondary.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the MariaDB secondary container(s) | `{}` | +| `secondary.extraVolumes` | Optionally specify extra list of additional volumes to the MariaDB secondary pod(s) | `{}` | +| `secondary.service.type` | MariaDB secondary K8s service type | `ClusterIP` | +| `secondary.service.clusterIP` | MariaDB secondary K8s service clusterIP IP | `nil` | +| `secondary.service.port` | MariaDB secondary K8s service port | `3306` | +| `secondary.service.nodePort` | MariaDB secondary K8s service node port | `nil` | +| `secondary.service.loadBalancerIP` | MariaDB secondary loadBalancerIP if service type is `LoadBalancer` | `nil` | +| `secondary.service.loadBalancerSourceRanges` | Address that are allowed when MariaDB secondary service is LoadBalancer | `[]` | +| `secondary.pdb.enabled` | Enable/disable a Pod Disruption Budget creation for MariaDB secondary pods | `false` | +| `secondary.pdb.minAvailable` | Minimum number/percentage of MariaDB secondary pods that should remain scheduled | `1` | +| `secondary.pdb.maxUnavailable` | Maximum number/percentage of MariaDB secondary pods that may be made unavailable | `nil` | + +### RBAC parameters + +| Parameter | Description | Default | +|------------------------------|----------------------------------------------------------|-------------------------------------------------| +| `serviceAccount.create` | Enable the creation of a ServiceAccount for MariaDB pods | `true` | +| `serviceAccount.name` | Name of the created ServiceAccount | Generated using the `mariadb.fullname` template | +| `serviceAccount.annotations` | Annotations for MariaDB Service Account | `{}` (evaluated as a template) | +| `rbac.create` | Weather to create & use RBAC resources or not | `false` | + +### Volume Permissions parameters + +| Parameter | Description | Default | +|----------------------------------------|----------------------------------------------------------------------------------------------------------------------|---------------------------------------------------------| +| `volumePermissions.enabled` | Enable init container that changes the owner and group of the persistent volume(s) mountpoint to `runAsUser:fsGroup` | `false` | +| `volumePermissions.image.registry` | Init container volume-permissions image registry | `docker.io` | +| `volumePermissions.image.repository` | Init container volume-permissions image name | `bitnami/bitnami-shell` | +| `volumePermissions.image.tag` | Init container volume-permissions image tag | `"10"` | +| `volumePermissions.image.pullPolicy` | Init container volume-permissions image pull policy | `Always` | +| `volumePermissions.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` (does not add image pull secrets to deployed pods) | +| `volumePermissions.resources.limits` | Init container volume-permissions resource limits | `{}` | +| `volumePermissions.resources.requests` | Init container volume-permissions resource requests | `{}` | + +### Metrics parameters + +| Parameter | Description | Default | +|-------------------------------------------|-------------------------------------------------------------------------------------|---------------------------| +| `metrics.enabled` | Start a side-car prometheus exporter | `false` | +| `metrics.image.registry` | Exporter image registry | `docker.io` | +| `metrics.image.repository` | Exporter image name | `bitnami/mysqld-exporter` | +| `metrics.image.tag` | Exporter image tag | `{TAG_NAME}` | +| `metrics.image.pullPolicy` | Exporter image pull policy | `IfNotPresent` | +| `metrics.extraArgs.primary` | Extra args to be passed to mysqld_exporter on Primary pods | `[]` | +| `metrics.extraArgs.secondary` | Extra args to be passed to mysqld_exporter on Secondary pods | `[]` | +| `metrics.resources.limits` | The resources limits for MariaDB prometheus exporter containers | `{}` | +| `metrics.resources.requests` | The requested resources for MariaDB prometheus exporter containers | `{}` | +| `metrics.livenessProbe` | Liveness probe configuration for MariaDB prometheus exporter containers | Check `values.yaml` file | +| `metrics.readinessProbe` | Readiness probe configuration for MariaDB prometheus exporter containers | Check `values.yaml` file | +| `metrics.serviceMonitor.enabled` | Create ServiceMonitor Resource for scraping metrics using PrometheusOperator | `false` | +| `metrics.serviceMonitor.namespace` | Namespace which Prometheus is running in | `nil` | +| `metrics.serviceMonitor.interval` | Interval at which metrics should be scraped | `30s` | +| `metrics.serviceMonitor.scrapeTimeout` | Specify the timeout after which the scrape is ended | `nil` | +| `metrics.serviceMonitor.relabellings` | Specify Metric Relabellings to add to the scrape endpoint | `nil` | +| `metrics.serviceMonitor.honorLabels` | honorLabels chooses the metric's labels on collisions with target labels. | `false` | +| `metrics.serviceMonitor.additionalLabels` | Used to pass Labels that are required by the Installed Prometheus Operator | `{}` | +| `metrics.serviceMonitor.release` | Used to pass Labels release that sometimes should be custom for Prometheus Operator | `nil` | + +The above parameters map to the env variables defined in [bitnami/mariadb](http://github.com/bitnami/bitnami-docker-mariadb). For more information please refer to the [bitnami/mariadb](http://github.com/bitnami/bitnami-docker-mariadb) image documentation. + +Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example, + +```bash +$ helm install my-release \ + --set auth.rootPassword=secretpassword,auth.database=app_database \ + bitnami/mariadb +``` + +The above command sets the MariaDB `root` account password to `secretpassword`. Additionally it creates a database named `my_database`. + +> NOTE: Once this chart is deployed, it is not possible to change the application's access credentials, such as usernames or passwords, using Helm. To change these application credentials after deployment, delete any persistent volumes (PVs) used by the chart and re-deploy it, or use the application's built-in administrative tools if available. + +Alternatively, a YAML file that specifies the values for the parameters can be provided while installing the chart. For example, + +```bash +$ helm install my-release -f values.yaml bitnami/mariadb +``` + +> **Tip**: You can use the default [values.yaml](values.yaml) + +## Configuration and installation details + +### [Rolling VS Immutable tags](https://docs.bitnami.com/containers/how-to/understand-rolling-tags-containers/) + +It is strongly recommended to use immutable tags in a production environment. This ensures your deployment does not change automatically if the same tag is updated with a different image. + +Bitnami will release a new chart updating its containers if a new version of the main container, significant changes, or critical vulnerabilities exist. + +### Change MariaDB version + +To modify the MariaDB version used in this chart you can specify a [valid image tag](https://hub.docker.com/r/bitnami/mariadb/tags/) using the `image.tag` parameter. For example, `image.tag=X.Y.Z`. This approach is also applicable to other images like exporters. + +### Initialize a fresh instance + +The [Bitnami MariaDB](https://github.com/bitnami/bitnami-docker-mariadb) image allows you to use your custom scripts to initialize a fresh instance. Custom scripts may be specified using the `initdbScripts` parameter. Alternatively, an external ConfigMap may be created with all the initialization scripts and the ConfigMap passed to the chart via the `initdbScriptsConfigMap` parameter. Note that this will override the `initdbScripts` parameter. + +The allowed extensions are `.sh`, `.sql` and `.sql.gz`. + +These scripts are treated differently depending on their extension. While `.sh` scripts are executed on all the nodes, `.sql` and `.sql.gz` scripts are only executed on the primary nodes. This is because `.sh` scripts support conditional tests to identify the type of node they are running on, while such tests are not supported in `.sql` or `.sql.gz` files. + +[Refer to the chart documentation for more information and a usage example](https://docs.bitnami.com/kubernetes/infrastructure/mariadb/configuration/customize-new-instance/). + +### Sidecars and Init Containers + +If additional containers are needed in the same pod as MariaDB (such as additional metrics or logging exporters), they can be defined using the sidecars parameter. + +The Helm chart already includes sidecar containers for the Prometheus exporters. These can be activated by adding the `–enable-metrics=true` parameter at deployment time. The `sidecars` parameter should therefore only be used for any extra sidecar containers. [See an example of configuring and using sidecar containers](https://docs.bitnami.com/kubernetes/infrastructure/mariadb/administration/configure-use-sidecars/). + +Similarly, additional containers can be added to MariaDB pods using the `initContainers` parameter. [See an example of configuring and using init containers](https://docs.bitnami.com/kubernetes/infrastructure/mariadb/administration/configure-use-init-containers/). + +## Persistence + +The [Bitnami MariaDB](https://github.com/bitnami/bitnami-docker-mariadb) image stores the MariaDB data and configurations at the `/bitnami/mariadb` path of the container. + +The chart mounts a [Persistent Volume](https://kubernetes.io/docs/user-guide/persistent-volumes/) volume at this location. The volume is created using dynamic volume provisioning, by default. An existing PersistentVolumeClaim can also be defined. + +[Learn more about persistence in the chart documentation](https://docs.bitnami.com/kubernetes/infrastructure/mariadb/configuration/understand-chart-persistence/). + +### Adjust permissions of persistent volume mountpoint + +As the image run as non-root by default, it is necessary to adjust the ownership of the persistent volume so that the container can write data into it. + +By default, the chart is configured to use Kubernetes Security Context to automatically change the ownership of the volume. However, this feature does not work in all Kubernetes distributions. + +As an alternative, this chart supports using an initContainer to change the ownership of the volume before mounting it in the final destination. You can enable this initContainer by setting `volumePermissions.enabled` to `true`. + +## Troubleshooting + +Find more information about how to deal with common errors related to Bitnami’s Helm charts in [this troubleshooting guide](https://docs.bitnami.com/general/how-to/troubleshoot-helm-chart-issues). + +## Upgrading + +It's necessary to set the `auth.rootPassword` parameter when upgrading for readiness/liveness probes to work properly. When you install this chart for the first time, some notes will be displayed providing the credentials you must use under the 'Administrator credentials' section. Please note down the password and run the command below to upgrade your chart: + +```bash +$ helm upgrade my-release bitnami/mariadb --set auth.rootPassword=[ROOT_PASSWORD] +``` + +| Note: you need to substitute the placeholder _[ROOT_PASSWORD]_ with the value obtained in the installation notes. + +### To 9.0.0 + +[On November 13, 2020, Helm v2 support was formally finished](https://github.com/helm/charts#status-of-the-project), this major version is the result of the required changes applied to the Helm Chart to be able to incorporate the different features added in Helm v3 and to be consistent with the Helm project itself regarding the Helm v2 EOL. + +[Learn more about this change and related upgrade considerations](https://docs.bitnami.com/kubernetes/infrastructure/mariadb/administration/upgrade-helm3/). + +### To 8.0.0 + +- Several parameters were renamed or disappeared in favor of new ones on this major version: + - The terms *master* and *slave* have been replaced by the terms *primary* and *secondary*. Therefore, parameters prefixed with `master` or `slave` are now prefixed with `primary` or `secondary`, respectively. + - `securityContext.*` is deprecated in favor of `primary.podSecurityContext`, `primary.containerSecurityContext`, `secondary.podSecurityContext`, and `secondary.containerSecurityContext`. + - Credentials parameter are reorganized under the `auth` parameter. + - `replication.enabled` parameter is deprecated in favor of `architecture` parameter that accepts two values: `standalone` and `replication`. +- The default MariaDB version was updated from 10.3 to 10.5. According to the official documentation, upgrading from 10.3 should be painless. However, there are some things that have changed which could affect an upgrade: + - [Incompatible changes upgrading from MariaDB 10.3 to MariaDB 10.4](https://mariadb.com/kb/en/upgrading-from-mariadb-103-to-mariadb-104/#incompatible-changes-between-103-and-104). + - [Incompatible changes upgrading from MariaDB 10.4 to MariaDB 10.5](https://mariadb.com/kb/en/upgrading-from-mariadb-104-to-mariadb-105/#incompatible-changes-between-104-and-105). +- Chart labels were adapted to follow the [Helm charts standard labels](https://helm.sh/docs/chart_best_practices/labels/#standard-labels). +- This version also introduces `bitnami/common`, a [library chart](https://helm.sh/docs/topics/library_charts/#helm) as a dependency. More documentation about this new utility could be found [here](https://github.com/bitnami/charts/tree/master/bitnami/common#bitnami-common-library-chart). Please, make sure that you have updated the chart dependencies before executing any upgrade. + +Consequences: + +Backwards compatibility is not guaranteed. To upgrade to `8.0.0`, install a new release of the MariaDB chart, and migrate the data from your previous release. You have 2 alternatives to do so: + +- Create a backup of the database, and restore it on the new release using tools such as [mysqldump](https://mariadb.com/kb/en/mysqldump/). +- Reuse the PVC used to hold the master data on your previous release. To do so, use the `primary.persistence.existingClaim` parameter. The following example assumes that the release name is `mariadb`: + +```bash +$ helm install mariadb bitnami/mariadb --set auth.rootPassword=[ROOT_PASSWORD] --set primary.persistence.existingClaim=[EXISTING_PVC] +``` + +| Note: you need to substitute the placeholder _[EXISTING_PVC]_ with the name of the PVC used on your previous release, and _[ROOT_PASSWORD]_ with the root password used in your previous release. + +### To 7.0.0 + +Helm performs a lookup for the object based on its group (apps), version (v1), and kind (Deployment). Also known as its GroupVersionKind, or GVK. Changing the GVK is considered a compatibility breaker from Kubernetes' point of view, so you cannot "upgrade" those objects to the new GVK in-place. Earlier versions of Helm 3 did not perform the lookup correctly which has since been fixed to match the spec. + +In https://github.com/helm/charts/pull/17308 the `apiVersion` of the statefulset resources was updated to `apps/v1` in tune with the api's deprecated, resulting in compatibility breakage. + +This major version bump signifies this change. + +### To 6.0.0 + +MariaDB version was updated from 10.1 to 10.3, there are no changes in the chart itself. According to the official documentation, upgrading from 10.1 should be painless. However, there are some things that have changed which could affect an upgrade: + +- [Incompatible changes upgrading from MariaDB 10.1 to MariaDB 10.2](https://mariadb.com/kb/en/library/upgrading-from-mariadb-101-to-mariadb-102//#incompatible-changes-between-101-and-102) +- [Incompatible changes upgrading from MariaDB 10.2 to MariaDB 10.3](https://mariadb.com/kb/en/library/upgrading-from-mariadb-102-to-mariadb-103/#incompatible-changes-between-102-and-103) + +### To 5.0.0 + +Backwards compatibility is not guaranteed unless you modify the labels used on the chart's deployments. +Use the workaround below to upgrade from versions previous to 5.0.0. The following example assumes that the release name is mariadb: + +```console +$ kubectl delete statefulset opencart-mariadb --cascade=false +``` diff --git a/gitea/charts/mariadb/charts/common/.helmignore b/gitea/charts/mariadb/charts/common/.helmignore new file mode 100644 index 0000000..50af031 --- /dev/null +++ b/gitea/charts/mariadb/charts/common/.helmignore @@ -0,0 +1,22 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/gitea/charts/mariadb/charts/common/Chart.yaml b/gitea/charts/mariadb/charts/common/Chart.yaml new file mode 100644 index 0000000..2fa404c --- /dev/null +++ b/gitea/charts/mariadb/charts/common/Chart.yaml @@ -0,0 +1,23 @@ +annotations: + category: Infrastructure +apiVersion: v2 +appVersion: 1.4.1 +description: A Library Helm Chart for grouping common logic between bitnami charts. + This chart is not deployable by itself. +home: https://github.com/bitnami/charts/tree/master/bitnami/common +icon: https://bitnami.com/downloads/logos/bitnami-mark.png +keywords: +- common +- helper +- template +- function +- bitnami +maintainers: +- email: containers@bitnami.com + name: Bitnami +name: common +sources: +- https://github.com/bitnami/charts +- http://www.bitnami.com/ +type: library +version: 1.4.1 diff --git a/gitea/charts/mariadb/charts/common/README.md b/gitea/charts/mariadb/charts/common/README.md new file mode 100644 index 0000000..7287cbb --- /dev/null +++ b/gitea/charts/mariadb/charts/common/README.md @@ -0,0 +1,322 @@ +# Bitnami Common Library Chart + +A [Helm Library Chart](https://helm.sh/docs/topics/library_charts/#helm) for grouping common logic between bitnami charts. + +## TL;DR + +```yaml +dependencies: + - name: common + version: 0.x.x + repository: https://charts.bitnami.com/bitnami +``` + +```bash +$ helm dependency update +``` + +```yaml +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.names.fullname" . }} +data: + myvalue: "Hello World" +``` + +## Introduction + +This chart provides a common template helpers which can be used to develop new charts using [Helm](https://helm.sh) package manager. + +Bitnami charts can be used with [Kubeapps](https://kubeapps.com/) for deployment and management of Helm Charts in clusters. This Helm chart has been tested on top of [Bitnami Kubernetes Production Runtime](https://kubeprod.io/) (BKPR). Deploy BKPR to get automated TLS certificates, logging and monitoring for your applications. + +## Prerequisites + +- Kubernetes 1.12+ +- Helm 3.1.0 + +## Parameters + +The following table lists the helpers available in the library which are scoped in different sections. + +### Affinities + +| Helper identifier | Description | Expected Input | +|-------------------------------|------------------------------------------------------|------------------------------------------------| +| `common.affinities.node.soft` | Return a soft nodeAffinity definition | `dict "key" "FOO" "values" (list "BAR" "BAZ")` | +| `common.affinities.node.hard` | Return a hard nodeAffinity definition | `dict "key" "FOO" "values" (list "BAR" "BAZ")` | +| `common.affinities.pod.soft` | Return a soft podAffinity/podAntiAffinity definition | `dict "component" "FOO" "context" $` | +| `common.affinities.pod.hard` | Return a hard podAffinity/podAntiAffinity definition | `dict "component" "FOO" "context" $` | + +### Capabilities + +| Helper identifier | Description | Expected Input | +|----------------------------------------------|------------------------------------------------------------------------------------------------|-------------------| +| `common.capabilities.kubeVersion` | Return the target Kubernetes version (using client default if .Values.kubeVersion is not set). | `.` Chart context | +| `common.capabilities.deployment.apiVersion` | Return the appropriate apiVersion for deployment. | `.` Chart context | +| `common.capabilities.statefulset.apiVersion` | Return the appropriate apiVersion for statefulset. | `.` Chart context | +| `common.capabilities.ingress.apiVersion` | Return the appropriate apiVersion for ingress. | `.` Chart context | +| `common.capabilities.rbac.apiVersion` | Return the appropriate apiVersion for RBAC resources. | `.` Chart context | +| `common.capabilities.crd.apiVersion` | Return the appropriate apiVersion for CRDs. | `.` Chart context | +| `common.capabilities.supportsHelmVersion` | Returns true if the used Helm version is 3.3+ | `.` Chart context | + +### Errors + +| Helper identifier | Description | Expected Input | +|-----------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-------------------------------------------------------------------------------------| +| `common.errors.upgrade.passwords.empty` | It will ensure required passwords are given when we are upgrading a chart. If `validationErrors` is not empty it will throw an error and will stop the upgrade action. | `dict "validationErrors" (list $validationError00 $validationError01) "context" $` | + +### Images + +| Helper identifier | Description | Expected Input | +|-----------------------------|------------------------------------------------------|---------------------------------------------------------------------------------------------------------| +| `common.images.image` | Return the proper and full image name | `dict "imageRoot" .Values.path.to.the.image "global" $`, see [ImageRoot](#imageroot) for the structure. | +| `common.images.pullSecrets` | Return the proper Docker Image Registry Secret Names | `dict "images" (list .Values.path.to.the.image1, .Values.path.to.the.image2) "global" .Values.global` | + +### Ingress + +| Helper identifier | Description | Expected Input | +|--------------------------|----------------------------------------------------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| `common.ingress.backend` | Generate a proper Ingress backend entry depending on the API version | `dict "serviceName" "foo" "servicePort" "bar"`, see the [Ingress deprecation notice](https://kubernetes.io/blog/2019/07/18/api-deprecations-in-1-16/) for the syntax differences | + +### Labels + +| Helper identifier | Description | Expected Input | +|-----------------------------|------------------------------------------------------|-------------------| +| `common.labels.standard` | Return Kubernetes standard labels | `.` Chart context | +| `common.labels.matchLabels` | Return the proper Docker Image Registry Secret Names | `.` Chart context | + +### Names + +| Helper identifier | Description | Expected Inpput | +|-------------------------|------------------------------------------------------------|-------------------| +| `common.names.name` | Expand the name of the chart or use `.Values.nameOverride` | `.` Chart context | +| `common.names.fullname` | Create a default fully qualified app name. | `.` Chart context | +| `common.names.chart` | Chart name plus version | `.` Chart context | + +### Secrets + +| Helper identifier | Description | Expected Input | +|---------------------------|--------------------------------------------------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| `common.secrets.name` | Generate the name of the secret. | `dict "existingSecret" .Values.path.to.the.existingSecret "defaultNameSuffix" "mySuffix" "context" $` see [ExistingSecret](#existingsecret) for the structure. | +| `common.secrets.key` | Generate secret key. | `dict "existingSecret" .Values.path.to.the.existingSecret "key" "keyName"` see [ExistingSecret](#existingsecret) for the structure. | +| `common.passwords.manage` | Generate secret password or retrieve one if already created. | `dict "secret" "secret-name" "key" "keyName" "providedValues" (list "path.to.password1" "path.to.password2") "length" 10 "strong" false "chartName" "chartName" "context" $`, length, strong and chartNAme fields are optional. | +| `common.secrets.exists` | Returns whether a previous generated secret already exists. | `dict "secret" "secret-name" "context" $` | + +### Storage + +| Helper identifier | Description | Expected Input | +|-------------------------------|---------------------------------------|---------------------------------------------------------------------------------------------------------------------| +| `common.affinities.node.soft` | Return a soft nodeAffinity definition | `dict "persistence" .Values.path.to.the.persistence "global" $`, see [Persistence](#persistence) for the structure. | + +### TplValues + +| Helper identifier | Description | Expected Input | +|---------------------------|----------------------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------| +| `common.tplvalues.render` | Renders a value that contains template | `dict "value" .Values.path.to.the.Value "context" $`, value is the value should rendered as template, context frequently is the chart context `$` or `.` | + +### Utils + +| Helper identifier | Description | Expected Input | +|--------------------------------|------------------------------------------------------------------------------------------|------------------------------------------------------------------------| +| `common.utils.fieldToEnvVar` | Build environment variable name given a field. | `dict "field" "my-password"` | +| `common.utils.secret.getvalue` | Print instructions to get a secret value. | `dict "secret" "secret-name" "field" "secret-value-field" "context" $` | +| `common.utils.getValueFromKey` | Gets a value from `.Values` object given its key path | `dict "key" "path.to.key" "context" $` | +| `common.utils.getKeyFromList` | Returns first `.Values` key with a defined value or first of the list if all non-defined | `dict "keys" (list "path.to.key1" "path.to.key2") "context" $` | + +### Validations + +| Helper identifier | Description | Expected Input | +|--------------------------------------------------|-------------------------------------------------------------------------------------------------------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| `common.validations.values.single.empty` | Validate a value must not be empty. | `dict "valueKey" "path.to.value" "secret" "secret.name" "field" "my-password" "subchart" "subchart" "context" $` secret, field and subchart are optional. In case they are given, the helper will generate a how to get instruction. See [ValidateValue](#validatevalue) | +| `common.validations.values.multiple.empty` | Validate a multiple values must not be empty. It returns a shared error for all the values. | `dict "required" (list $validateValueConf00 $validateValueConf01) "context" $`. See [ValidateValue](#validatevalue) | +| `common.validations.values.mariadb.passwords` | This helper will ensure required password for MariaDB are not empty. It returns a shared error for all the values. | `dict "secret" "mariadb-secret" "subchart" "true" "context" $` subchart field is optional and could be true or false it depends on where you will use mariadb chart and the helper. | +| `common.validations.values.postgresql.passwords` | This helper will ensure required password for PostgreSQL are not empty. It returns a shared error for all the values. | `dict "secret" "postgresql-secret" "subchart" "true" "context" $` subchart field is optional and could be true or false it depends on where you will use postgresql chart and the helper. | +| `common.validations.values.redis.passwords` | This helper will ensure required password for RedisTM are not empty. It returns a shared error for all the values. | `dict "secret" "redis-secret" "subchart" "true" "context" $` subchart field is optional and could be true or false it depends on where you will use redis chart and the helper. | +| `common.validations.values.cassandra.passwords` | This helper will ensure required password for Cassandra are not empty. It returns a shared error for all the values. | `dict "secret" "cassandra-secret" "subchart" "true" "context" $` subchart field is optional and could be true or false it depends on where you will use cassandra chart and the helper. | +| `common.validations.values.mongodb.passwords` | This helper will ensure required password for MongoDB® are not empty. It returns a shared error for all the values. | `dict "secret" "mongodb-secret" "subchart" "true" "context" $` subchart field is optional and could be true or false it depends on where you will use mongodb chart and the helper. | + +### Warnings + +| Helper identifier | Description | Expected Input | +|------------------------------|----------------------------------|------------------------------------------------------------| +| `common.warnings.rollingTag` | Warning about using rolling tag. | `ImageRoot` see [ImageRoot](#imageroot) for the structure. | + +## Special input schemas + +### ImageRoot + +```yaml +registry: + type: string + description: Docker registry where the image is located + example: docker.io + +repository: + type: string + description: Repository and image name + example: bitnami/nginx + +tag: + type: string + description: image tag + example: 1.16.1-debian-10-r63 + +pullPolicy: + type: string + description: Specify a imagePullPolicy. Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' + +pullSecrets: + type: array + items: + type: string + description: Optionally specify an array of imagePullSecrets. + +debug: + type: boolean + description: Set to true if you would like to see extra information on logs + example: false + +## An instance would be: +# registry: docker.io +# repository: bitnami/nginx +# tag: 1.16.1-debian-10-r63 +# pullPolicy: IfNotPresent +# debug: false +``` + +### Persistence + +```yaml +enabled: + type: boolean + description: Whether enable persistence. + example: true + +storageClass: + type: string + description: Ghost data Persistent Volume Storage Class, If set to "-", storageClassName: "" which disables dynamic provisioning. + example: "-" + +accessMode: + type: string + description: Access mode for the Persistent Volume Storage. + example: ReadWriteOnce + +size: + type: string + description: Size the Persistent Volume Storage. + example: 8Gi + +path: + type: string + description: Path to be persisted. + example: /bitnami + +## An instance would be: +# enabled: true +# storageClass: "-" +# accessMode: ReadWriteOnce +# size: 8Gi +# path: /bitnami +``` + +### ExistingSecret + +```yaml +name: + type: string + description: Name of the existing secret. + example: mySecret +keyMapping: + description: Mapping between the expected key name and the name of the key in the existing secret. + type: object + +## An instance would be: +# name: mySecret +# keyMapping: +# password: myPasswordKey +``` + +#### Example of use + +When we store sensitive data for a deployment in a secret, some times we want to give to users the possibility of using theirs existing secrets. + +```yaml +# templates/secret.yaml +--- +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "common.names.fullname" . }} + labels: + app: {{ include "common.names.fullname" . }} +type: Opaque +data: + password: {{ .Values.password | b64enc | quote }} + +# templates/dpl.yaml +--- +... + env: + - name: PASSWORD + valueFrom: + secretKeyRef: + name: {{ include "common.secrets.name" (dict "existingSecret" .Values.existingSecret "context" $) }} + key: {{ include "common.secrets.key" (dict "existingSecret" .Values.existingSecret "key" "password") }} +... + +# values.yaml +--- +name: mySecret +keyMapping: + password: myPasswordKey +``` + +### ValidateValue + +#### NOTES.txt + +```console +{{- $validateValueConf00 := (dict "valueKey" "path.to.value00" "secret" "secretName" "field" "password-00") -}} +{{- $validateValueConf01 := (dict "valueKey" "path.to.value01" "secret" "secretName" "field" "password-01") -}} + +{{ include "common.validations.values.multiple.empty" (dict "required" (list $validateValueConf00 $validateValueConf01) "context" $) }} +``` + +If we force those values to be empty we will see some alerts + +```console +$ helm install test mychart --set path.to.value00="",path.to.value01="" + 'path.to.value00' must not be empty, please add '--set path.to.value00=$PASSWORD_00' to the command. To get the current value: + + export PASSWORD_00=$(kubectl get secret --namespace default secretName -o jsonpath="{.data.password-00}" | base64 --decode) + + 'path.to.value01' must not be empty, please add '--set path.to.value01=$PASSWORD_01' to the command. To get the current value: + + export PASSWORD_01=$(kubectl get secret --namespace default secretName -o jsonpath="{.data.password-01}" | base64 --decode) +``` + +## Upgrading + +### To 1.0.0 + +[On November 13, 2020, Helm v2 support was formally finished](https://github.com/helm/charts#status-of-the-project), this major version is the result of the required changes applied to the Helm Chart to be able to incorporate the different features added in Helm v3 and to be consistent with the Helm project itself regarding the Helm v2 EOL. + +**What changes were introduced in this major version?** + +- Previous versions of this Helm Chart use `apiVersion: v1` (installable by both Helm 2 and 3), this Helm Chart was updated to `apiVersion: v2` (installable by Helm 3 only). [Here](https://helm.sh/docs/topics/charts/#the-apiversion-field) you can find more information about the `apiVersion` field. +- Use `type: library`. [Here](https://v3.helm.sh/docs/faq/#library-chart-support) you can find more information. +- The different fields present in the *Chart.yaml* file has been ordered alphabetically in a homogeneous way for all the Bitnami Helm Charts + +**Considerations when upgrading to this version** + +- If you want to upgrade to this version from a previous one installed with Helm v3, you shouldn't face any issues +- If you want to upgrade to this version using Helm v2, this scenario is not supported as this version doesn't support Helm v2 anymore +- If you installed the previous version with Helm v2 and wants to upgrade to this version with Helm v3, please refer to the [official Helm documentation](https://helm.sh/docs/topics/v2_v3_migration/#migration-use-cases) about migrating from Helm v2 to v3 + +**Useful links** + +- https://docs.bitnami.com/tutorials/resolve-helm2-helm3-post-migration-issues/ +- https://helm.sh/docs/topics/v2_v3_migration/ +- https://helm.sh/blog/migrate-from-helm-v2-to-helm-v3/ diff --git a/gitea/charts/mariadb/charts/common/templates/_affinities.tpl b/gitea/charts/mariadb/charts/common/templates/_affinities.tpl new file mode 100644 index 0000000..493a6dc --- /dev/null +++ b/gitea/charts/mariadb/charts/common/templates/_affinities.tpl @@ -0,0 +1,94 @@ +{{/* vim: set filetype=mustache: */}} + +{{/* +Return a soft nodeAffinity definition +{{ include "common.affinities.nodes.soft" (dict "key" "FOO" "values" (list "BAR" "BAZ")) -}} +*/}} +{{- define "common.affinities.nodes.soft" -}} +preferredDuringSchedulingIgnoredDuringExecution: + - preference: + matchExpressions: + - key: {{ .key }} + operator: In + values: + {{- range .values }} + - {{ . }} + {{- end }} + weight: 1 +{{- end -}} + +{{/* +Return a hard nodeAffinity definition +{{ include "common.affinities.nodes.hard" (dict "key" "FOO" "values" (list "BAR" "BAZ")) -}} +*/}} +{{- define "common.affinities.nodes.hard" -}} +requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: {{ .key }} + operator: In + values: + {{- range .values }} + - {{ . }} + {{- end }} +{{- end -}} + +{{/* +Return a nodeAffinity definition +{{ include "common.affinities.nodes" (dict "type" "soft" "key" "FOO" "values" (list "BAR" "BAZ")) -}} +*/}} +{{- define "common.affinities.nodes" -}} + {{- if eq .type "soft" }} + {{- include "common.affinities.nodes.soft" . -}} + {{- else if eq .type "hard" }} + {{- include "common.affinities.nodes.hard" . -}} + {{- end -}} +{{- end -}} + +{{/* +Return a soft podAffinity/podAntiAffinity definition +{{ include "common.affinities.pods.soft" (dict "component" "FOO" "context" $) -}} +*/}} +{{- define "common.affinities.pods.soft" -}} +{{- $component := default "" .component -}} +preferredDuringSchedulingIgnoredDuringExecution: + - podAffinityTerm: + labelSelector: + matchLabels: {{- (include "common.labels.matchLabels" .context) | nindent 10 }} + {{- if not (empty $component) }} + {{ printf "app.kubernetes.io/component: %s" $component }} + {{- end }} + namespaces: + - {{ .context.Release.Namespace | quote }} + topologyKey: kubernetes.io/hostname + weight: 1 +{{- end -}} + +{{/* +Return a hard podAffinity/podAntiAffinity definition +{{ include "common.affinities.pods.hard" (dict "component" "FOO" "context" $) -}} +*/}} +{{- define "common.affinities.pods.hard" -}} +{{- $component := default "" .component -}} +requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchLabels: {{- (include "common.labels.matchLabels" .context) | nindent 8 }} + {{- if not (empty $component) }} + {{ printf "app.kubernetes.io/component: %s" $component }} + {{- end }} + namespaces: + - {{ .context.Release.Namespace | quote }} + topologyKey: kubernetes.io/hostname +{{- end -}} + +{{/* +Return a podAffinity/podAntiAffinity definition +{{ include "common.affinities.pods" (dict "type" "soft" "key" "FOO" "values" (list "BAR" "BAZ")) -}} +*/}} +{{- define "common.affinities.pods" -}} + {{- if eq .type "soft" }} + {{- include "common.affinities.pods.soft" . -}} + {{- else if eq .type "hard" }} + {{- include "common.affinities.pods.hard" . -}} + {{- end -}} +{{- end -}} diff --git a/gitea/charts/mariadb/charts/common/templates/_capabilities.tpl b/gitea/charts/mariadb/charts/common/templates/_capabilities.tpl new file mode 100644 index 0000000..4dde56a --- /dev/null +++ b/gitea/charts/mariadb/charts/common/templates/_capabilities.tpl @@ -0,0 +1,95 @@ +{{/* vim: set filetype=mustache: */}} + +{{/* +Return the target Kubernetes version +*/}} +{{- define "common.capabilities.kubeVersion" -}} +{{- if .Values.global }} + {{- if .Values.global.kubeVersion }} + {{- .Values.global.kubeVersion -}} + {{- else }} + {{- default .Capabilities.KubeVersion.Version .Values.kubeVersion -}} + {{- end -}} +{{- else }} +{{- default .Capabilities.KubeVersion.Version .Values.kubeVersion -}} +{{- end -}} +{{- end -}} + +{{/* +Return the appropriate apiVersion for deployment. +*/}} +{{- define "common.capabilities.deployment.apiVersion" -}} +{{- if semverCompare "<1.14-0" (include "common.capabilities.kubeVersion" .) -}} +{{- print "extensions/v1beta1" -}} +{{- else -}} +{{- print "apps/v1" -}} +{{- end -}} +{{- end -}} + +{{/* +Return the appropriate apiVersion for statefulset. +*/}} +{{- define "common.capabilities.statefulset.apiVersion" -}} +{{- if semverCompare "<1.14-0" (include "common.capabilities.kubeVersion" .) -}} +{{- print "apps/v1beta1" -}} +{{- else -}} +{{- print "apps/v1" -}} +{{- end -}} +{{- end -}} + +{{/* +Return the appropriate apiVersion for ingress. +*/}} +{{- define "common.capabilities.ingress.apiVersion" -}} +{{- if .Values.ingress -}} +{{- if .Values.ingress.apiVersion -}} +{{- .Values.ingress.apiVersion -}} +{{- else if semverCompare "<1.14-0" (include "common.capabilities.kubeVersion" .) -}} +{{- print "extensions/v1beta1" -}} +{{- else if semverCompare "<1.19-0" (include "common.capabilities.kubeVersion" .) -}} +{{- print "networking.k8s.io/v1beta1" -}} +{{- else -}} +{{- print "networking.k8s.io/v1" -}} +{{- end }} +{{- else if semverCompare "<1.14-0" (include "common.capabilities.kubeVersion" .) -}} +{{- print "extensions/v1beta1" -}} +{{- else if semverCompare "<1.19-0" (include "common.capabilities.kubeVersion" .) -}} +{{- print "networking.k8s.io/v1beta1" -}} +{{- else -}} +{{- print "networking.k8s.io/v1" -}} +{{- end -}} +{{- end -}} + +{{/* +Return the appropriate apiVersion for RBAC resources. +*/}} +{{- define "common.capabilities.rbac.apiVersion" -}} +{{- if semverCompare "<1.17-0" (include "common.capabilities.kubeVersion" .) -}} +{{- print "rbac.authorization.k8s.io/v1beta1" -}} +{{- else -}} +{{- print "rbac.authorization.k8s.io/v1" -}} +{{- end -}} +{{- end -}} + +{{/* +Return the appropriate apiVersion for CRDs. +*/}} +{{- define "common.capabilities.crd.apiVersion" -}} +{{- if semverCompare "<1.19-0" (include "common.capabilities.kubeVersion" .) -}} +{{- print "apiextensions.k8s.io/v1beta1" -}} +{{- else -}} +{{- print "apiextensions.k8s.io/v1" -}} +{{- end -}} +{{- end -}} + +{{/* +Returns true if the used Helm version is 3.3+. +A way to check the used Helm version was not introduced until version 3.3.0 with .Capabilities.HelmVersion, which contains an additional "{}}" structure. +This check is introduced as a regexMatch instead of {{ if .Capabilities.HelmVersion }} because checking for the key HelmVersion in <3.3 results in a "interface not found" error. +**To be removed when the catalog's minimun Helm version is 3.3** +*/}} +{{- define "common.capabilities.supportsHelmVersion" -}} +{{- if regexMatch "{(v[0-9])*[^}]*}}$" (.Capabilities | toString ) }} + {{- true -}} +{{- end -}} +{{- end -}} diff --git a/gitea/charts/mariadb/charts/common/templates/_errors.tpl b/gitea/charts/mariadb/charts/common/templates/_errors.tpl new file mode 100644 index 0000000..d6d3ec6 --- /dev/null +++ b/gitea/charts/mariadb/charts/common/templates/_errors.tpl @@ -0,0 +1,20 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Through error when upgrading using empty passwords values that must not be empty. + +Usage: +{{- $validationError00 := include "common.validations.values.single.empty" (dict "valueKey" "path.to.password00" "secret" "secretName" "field" "password-00") -}} +{{- $validationError01 := include "common.validations.values.single.empty" (dict "valueKey" "path.to.password01" "secret" "secretName" "field" "password-01") -}} +{{ include "common.errors.upgrade.passwords.empty" (dict "validationErrors" (list $validationError00 $validationError01) "context" $) }} + +Required password params: + - validationErrors - String - Required. List of validation strings to be return, if it is empty it won't throw error. + - context - Context - Required. Parent context. +*/}} +{{- define "common.errors.upgrade.passwords.empty" -}} + {{- $validationErrors := join "" .validationErrors -}} + {{- if and $validationErrors .context.Release.IsUpgrade -}} + {{- $errorString := "\nPASSWORDS ERROR: you must provide your current passwords when upgrade the release%s" -}} + {{- printf $errorString $validationErrors | fail -}} + {{- end -}} +{{- end -}} diff --git a/gitea/charts/mariadb/charts/common/templates/_images.tpl b/gitea/charts/mariadb/charts/common/templates/_images.tpl new file mode 100644 index 0000000..60f04fd --- /dev/null +++ b/gitea/charts/mariadb/charts/common/templates/_images.tpl @@ -0,0 +1,47 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Return the proper image name +{{ include "common.images.image" ( dict "imageRoot" .Values.path.to.the.image "global" $) }} +*/}} +{{- define "common.images.image" -}} +{{- $registryName := .imageRoot.registry -}} +{{- $repositoryName := .imageRoot.repository -}} +{{- $tag := .imageRoot.tag | toString -}} +{{- if .global }} + {{- if .global.imageRegistry }} + {{- $registryName = .global.imageRegistry -}} + {{- end -}} +{{- end -}} +{{- if $registryName }} +{{- printf "%s/%s:%s" $registryName $repositoryName $tag -}} +{{- else -}} +{{- printf "%s:%s" $repositoryName $tag -}} +{{- end -}} +{{- end -}} + +{{/* +Return the proper Docker Image Registry Secret Names +{{ include "common.images.pullSecrets" ( dict "images" (list .Values.path.to.the.image1, .Values.path.to.the.image2) "global" .Values.global) }} +*/}} +{{- define "common.images.pullSecrets" -}} + {{- $pullSecrets := list }} + + {{- if .global }} + {{- range .global.imagePullSecrets -}} + {{- $pullSecrets = append $pullSecrets . -}} + {{- end -}} + {{- end -}} + + {{- range .images -}} + {{- range .pullSecrets -}} + {{- $pullSecrets = append $pullSecrets . -}} + {{- end -}} + {{- end -}} + + {{- if (not (empty $pullSecrets)) }} +imagePullSecrets: + {{- range $pullSecrets }} + - name: {{ . }} + {{- end }} + {{- end }} +{{- end -}} diff --git a/gitea/charts/mariadb/charts/common/templates/_ingress.tpl b/gitea/charts/mariadb/charts/common/templates/_ingress.tpl new file mode 100644 index 0000000..622ef50 --- /dev/null +++ b/gitea/charts/mariadb/charts/common/templates/_ingress.tpl @@ -0,0 +1,42 @@ +{{/* vim: set filetype=mustache: */}} + +{{/* +Generate backend entry that is compatible with all Kubernetes API versions. + +Usage: +{{ include "common.ingress.backend" (dict "serviceName" "backendName" "servicePort" "backendPort" "context" $) }} + +Params: + - serviceName - String. Name of an existing service backend + - servicePort - String/Int. Port name (or number) of the service. It will be translated to different yaml depending if it is a string or an integer. + - context - Dict - Required. The context for the template evaluation. +*/}} +{{- define "common.ingress.backend" -}} +{{- $apiVersion := (include "common.capabilities.ingress.apiVersion" .context) -}} +{{- if or (eq $apiVersion "extensions/v1beta1") (eq $apiVersion "networking.k8s.io/v1beta1") -}} +serviceName: {{ .serviceName }} +servicePort: {{ .servicePort }} +{{- else -}} +service: + name: {{ .serviceName }} + port: + {{- if typeIs "string" .servicePort }} + name: {{ .servicePort }} + {{- else if typeIs "int" .servicePort }} + number: {{ .servicePort }} + {{- end }} +{{- end -}} +{{- end -}} + +{{/* +Print "true" if the API pathType field is supported +Usage: +{{ include "common.ingress.supportsPathType" . }} +*/}} +{{- define "common.ingress.supportsPathType" -}} +{{- if (semverCompare "<1.18-0" (include "common.capabilities.kubeVersion" .)) -}} +{{- print "false" -}} +{{- else -}} +{{- print "true" -}} +{{- end -}} +{{- end -}} diff --git a/gitea/charts/mariadb/charts/common/templates/_labels.tpl b/gitea/charts/mariadb/charts/common/templates/_labels.tpl new file mode 100644 index 0000000..252066c --- /dev/null +++ b/gitea/charts/mariadb/charts/common/templates/_labels.tpl @@ -0,0 +1,18 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Kubernetes standard labels +*/}} +{{- define "common.labels.standard" -}} +app.kubernetes.io/name: {{ include "common.names.name" . }} +helm.sh/chart: {{ include "common.names.chart" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end -}} + +{{/* +Labels to use on deploy.spec.selector.matchLabels and svc.spec.selector +*/}} +{{- define "common.labels.matchLabels" -}} +app.kubernetes.io/name: {{ include "common.names.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end -}} diff --git a/gitea/charts/mariadb/charts/common/templates/_names.tpl b/gitea/charts/mariadb/charts/common/templates/_names.tpl new file mode 100644 index 0000000..adf2a74 --- /dev/null +++ b/gitea/charts/mariadb/charts/common/templates/_names.tpl @@ -0,0 +1,32 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "common.names.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "common.names.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "common.names.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} diff --git a/gitea/charts/mariadb/charts/common/templates/_secrets.tpl b/gitea/charts/mariadb/charts/common/templates/_secrets.tpl new file mode 100644 index 0000000..60b84a7 --- /dev/null +++ b/gitea/charts/mariadb/charts/common/templates/_secrets.tpl @@ -0,0 +1,129 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Generate secret name. + +Usage: +{{ include "common.secrets.name" (dict "existingSecret" .Values.path.to.the.existingSecret "defaultNameSuffix" "mySuffix" "context" $) }} + +Params: + - existingSecret - ExistingSecret/String - Optional. The path to the existing secrets in the values.yaml given by the user + to be used instead of the default one. Allows for it to be of type String (just the secret name) for backwards compatibility. + +info: https://github.com/bitnami/charts/tree/master/bitnami/common#existingsecret + - defaultNameSuffix - String - Optional. It is used only if we have several secrets in the same deployment. + - context - Dict - Required. The context for the template evaluation. +*/}} +{{- define "common.secrets.name" -}} +{{- $name := (include "common.names.fullname" .context) -}} + +{{- if .defaultNameSuffix -}} +{{- $name = printf "%s-%s" $name .defaultNameSuffix | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{- with .existingSecret -}} +{{- if not (typeIs "string" .) -}} +{{- with .name -}} +{{- $name = . -}} +{{- end -}} +{{- else -}} +{{- $name = . -}} +{{- end -}} +{{- end -}} + +{{- printf "%s" $name -}} +{{- end -}} + +{{/* +Generate secret key. + +Usage: +{{ include "common.secrets.key" (dict "existingSecret" .Values.path.to.the.existingSecret "key" "keyName") }} + +Params: + - existingSecret - ExistingSecret/String - Optional. The path to the existing secrets in the values.yaml given by the user + to be used instead of the default one. Allows for it to be of type String (just the secret name) for backwards compatibility. + +info: https://github.com/bitnami/charts/tree/master/bitnami/common#existingsecret + - key - String - Required. Name of the key in the secret. +*/}} +{{- define "common.secrets.key" -}} +{{- $key := .key -}} + +{{- if .existingSecret -}} + {{- if not (typeIs "string" .existingSecret) -}} + {{- if .existingSecret.keyMapping -}} + {{- $key = index .existingSecret.keyMapping $.key -}} + {{- end -}} + {{- end }} +{{- end -}} + +{{- printf "%s" $key -}} +{{- end -}} + +{{/* +Generate secret password or retrieve one if already created. + +Usage: +{{ include "common.secrets.passwords.manage" (dict "secret" "secret-name" "key" "keyName" "providedValues" (list "path.to.password1" "path.to.password2") "length" 10 "strong" false "chartName" "chartName" "context" $) }} + +Params: + - secret - String - Required - Name of the 'Secret' resource where the password is stored. + - key - String - Required - Name of the key in the secret. + - providedValues - List - Required - The path to the validating value in the values.yaml, e.g: "mysql.password". Will pick first parameter with a defined value. + - length - int - Optional - Length of the generated random password. + - strong - Boolean - Optional - Whether to add symbols to the generated random password. + - chartName - String - Optional - Name of the chart used when said chart is deployed as a subchart. + - context - Context - Required - Parent context. +*/}} +{{- define "common.secrets.passwords.manage" -}} + +{{- $password := "" }} +{{- $subchart := "" }} +{{- $chartName := default "" .chartName }} +{{- $passwordLength := default 10 .length }} +{{- $providedPasswordKey := include "common.utils.getKeyFromList" (dict "keys" .providedValues "context" $.context) }} +{{- $providedPasswordValue := include "common.utils.getValueFromKey" (dict "key" $providedPasswordKey "context" $.context) }} +{{- $secret := (lookup "v1" "Secret" $.context.Release.Namespace .secret) }} +{{- if $secret }} + {{- if index $secret.data .key }} + {{- $password = index $secret.data .key }} + {{- end -}} +{{- else if $providedPasswordValue }} + {{- $password = $providedPasswordValue | toString | b64enc | quote }} +{{- else }} + + {{- if .context.Values.enabled }} + {{- $subchart = $chartName }} + {{- end -}} + + {{- $requiredPassword := dict "valueKey" $providedPasswordKey "secret" .secret "field" .key "subchart" $subchart "context" $.context -}} + {{- $requiredPasswordError := include "common.validations.values.single.empty" $requiredPassword -}} + {{- $passwordValidationErrors := list $requiredPasswordError -}} + {{- include "common.errors.upgrade.passwords.empty" (dict "validationErrors" $passwordValidationErrors "context" $.context) -}} + + {{- if .strong }} + {{- $subStr := list (lower (randAlpha 1)) (randNumeric 1) (upper (randAlpha 1)) | join "_" }} + {{- $password = randAscii $passwordLength }} + {{- $password = regexReplaceAllLiteral "\\W" $password "@" | substr 5 $passwordLength }} + {{- $password = printf "%s%s" $subStr $password | toString | shuffle | b64enc | quote }} + {{- else }} + {{- $password = randAlphaNum $passwordLength | b64enc | quote }} + {{- end }} +{{- end -}} +{{- printf "%s" $password -}} +{{- end -}} + +{{/* +Returns whether a previous generated secret already exists + +Usage: +{{ include "common.secrets.exists" (dict "secret" "secret-name" "context" $) }} + +Params: + - secret - String - Required - Name of the 'Secret' resource where the password is stored. + - context - Context - Required - Parent context. +*/}} +{{- define "common.secrets.exists" -}} +{{- $secret := (lookup "v1" "Secret" $.context.Release.Namespace .secret) }} +{{- if $secret }} + {{- true -}} +{{- end -}} +{{- end -}} diff --git a/gitea/charts/mariadb/charts/common/templates/_storage.tpl b/gitea/charts/mariadb/charts/common/templates/_storage.tpl new file mode 100644 index 0000000..60e2a84 --- /dev/null +++ b/gitea/charts/mariadb/charts/common/templates/_storage.tpl @@ -0,0 +1,23 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Return the proper Storage Class +{{ include "common.storage.class" ( dict "persistence" .Values.path.to.the.persistence "global" $) }} +*/}} +{{- define "common.storage.class" -}} + +{{- $storageClass := .persistence.storageClass -}} +{{- if .global -}} + {{- if .global.storageClass -}} + {{- $storageClass = .global.storageClass -}} + {{- end -}} +{{- end -}} + +{{- if $storageClass -}} + {{- if (eq "-" $storageClass) -}} + {{- printf "storageClassName: \"\"" -}} + {{- else }} + {{- printf "storageClassName: %s" $storageClass -}} + {{- end -}} +{{- end -}} + +{{- end -}} diff --git a/gitea/charts/mariadb/charts/common/templates/_tplvalues.tpl b/gitea/charts/mariadb/charts/common/templates/_tplvalues.tpl new file mode 100644 index 0000000..2db1668 --- /dev/null +++ b/gitea/charts/mariadb/charts/common/templates/_tplvalues.tpl @@ -0,0 +1,13 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Renders a value that contains template. +Usage: +{{ include "common.tplvalues.render" ( dict "value" .Values.path.to.the.Value "context" $) }} +*/}} +{{- define "common.tplvalues.render" -}} + {{- if typeIs "string" .value }} + {{- tpl .value .context }} + {{- else }} + {{- tpl (.value | toYaml) .context }} + {{- end }} +{{- end -}} diff --git a/gitea/charts/mariadb/charts/common/templates/_utils.tpl b/gitea/charts/mariadb/charts/common/templates/_utils.tpl new file mode 100644 index 0000000..ea083a2 --- /dev/null +++ b/gitea/charts/mariadb/charts/common/templates/_utils.tpl @@ -0,0 +1,62 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Print instructions to get a secret value. +Usage: +{{ include "common.utils.secret.getvalue" (dict "secret" "secret-name" "field" "secret-value-field" "context" $) }} +*/}} +{{- define "common.utils.secret.getvalue" -}} +{{- $varname := include "common.utils.fieldToEnvVar" . -}} +export {{ $varname }}=$(kubectl get secret --namespace {{ .context.Release.Namespace | quote }} {{ .secret }} -o jsonpath="{.data.{{ .field }}}" | base64 --decode) +{{- end -}} + +{{/* +Build env var name given a field +Usage: +{{ include "common.utils.fieldToEnvVar" dict "field" "my-password" }} +*/}} +{{- define "common.utils.fieldToEnvVar" -}} + {{- $fieldNameSplit := splitList "-" .field -}} + {{- $upperCaseFieldNameSplit := list -}} + + {{- range $fieldNameSplit -}} + {{- $upperCaseFieldNameSplit = append $upperCaseFieldNameSplit ( upper . ) -}} + {{- end -}} + + {{ join "_" $upperCaseFieldNameSplit }} +{{- end -}} + +{{/* +Gets a value from .Values given +Usage: +{{ include "common.utils.getValueFromKey" (dict "key" "path.to.key" "context" $) }} +*/}} +{{- define "common.utils.getValueFromKey" -}} +{{- $splitKey := splitList "." .key -}} +{{- $value := "" -}} +{{- $latestObj := $.context.Values -}} +{{- range $splitKey -}} + {{- if not $latestObj -}} + {{- printf "please review the entire path of '%s' exists in values" $.key | fail -}} + {{- end -}} + {{- $value = ( index $latestObj . ) -}} + {{- $latestObj = $value -}} +{{- end -}} +{{- printf "%v" (default "" $value) -}} +{{- end -}} + +{{/* +Returns first .Values key with a defined value or first of the list if all non-defined +Usage: +{{ include "common.utils.getKeyFromList" (dict "keys" (list "path.to.key1" "path.to.key2") "context" $) }} +*/}} +{{- define "common.utils.getKeyFromList" -}} +{{- $key := first .keys -}} +{{- $reverseKeys := reverse .keys }} +{{- range $reverseKeys }} + {{- $value := include "common.utils.getValueFromKey" (dict "key" . "context" $.context ) }} + {{- if $value -}} + {{- $key = . }} + {{- end -}} +{{- end -}} +{{- printf "%s" $key -}} +{{- end -}} diff --git a/gitea/charts/mariadb/charts/common/templates/_warnings.tpl b/gitea/charts/mariadb/charts/common/templates/_warnings.tpl new file mode 100644 index 0000000..ae10fa4 --- /dev/null +++ b/gitea/charts/mariadb/charts/common/templates/_warnings.tpl @@ -0,0 +1,14 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Warning about using rolling tag. +Usage: +{{ include "common.warnings.rollingTag" .Values.path.to.the.imageRoot }} +*/}} +{{- define "common.warnings.rollingTag" -}} + +{{- if and (contains "bitnami/" .repository) (not (.tag | toString | regexFind "-r\\d+$|sha256:")) }} +WARNING: Rolling tag detected ({{ .repository }}:{{ .tag }}), please note that it is strongly recommended to avoid using rolling tags in a production environment. ++info https://docs.bitnami.com/containers/how-to/understand-rolling-tags-containers/ +{{- end }} + +{{- end -}} diff --git a/gitea/charts/mariadb/charts/common/templates/validations/_cassandra.tpl b/gitea/charts/mariadb/charts/common/templates/validations/_cassandra.tpl new file mode 100644 index 0000000..8679ddf --- /dev/null +++ b/gitea/charts/mariadb/charts/common/templates/validations/_cassandra.tpl @@ -0,0 +1,72 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Validate Cassandra required passwords are not empty. + +Usage: +{{ include "common.validations.values.cassandra.passwords" (dict "secret" "secretName" "subchart" false "context" $) }} +Params: + - secret - String - Required. Name of the secret where Cassandra values are stored, e.g: "cassandra-passwords-secret" + - subchart - Boolean - Optional. Whether Cassandra is used as subchart or not. Default: false +*/}} +{{- define "common.validations.values.cassandra.passwords" -}} + {{- $existingSecret := include "common.cassandra.values.existingSecret" . -}} + {{- $enabled := include "common.cassandra.values.enabled" . -}} + {{- $dbUserPrefix := include "common.cassandra.values.key.dbUser" . -}} + {{- $valueKeyPassword := printf "%s.password" $dbUserPrefix -}} + + {{- if and (not $existingSecret) (eq $enabled "true") -}} + {{- $requiredPasswords := list -}} + + {{- $requiredPassword := dict "valueKey" $valueKeyPassword "secret" .secret "field" "cassandra-password" -}} + {{- $requiredPasswords = append $requiredPasswords $requiredPassword -}} + + {{- include "common.validations.values.multiple.empty" (dict "required" $requiredPasswords "context" .context) -}} + + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for existingSecret. + +Usage: +{{ include "common.cassandra.values.existingSecret" (dict "context" $) }} +Params: + - subchart - Boolean - Optional. Whether Cassandra is used as subchart or not. Default: false +*/}} +{{- define "common.cassandra.values.existingSecret" -}} + {{- if .subchart -}} + {{- .context.Values.cassandra.dbUser.existingSecret | quote -}} + {{- else -}} + {{- .context.Values.dbUser.existingSecret | quote -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for enabled cassandra. + +Usage: +{{ include "common.cassandra.values.enabled" (dict "context" $) }} +*/}} +{{- define "common.cassandra.values.enabled" -}} + {{- if .subchart -}} + {{- printf "%v" .context.Values.cassandra.enabled -}} + {{- else -}} + {{- printf "%v" (not .context.Values.enabled) -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for the key dbUser + +Usage: +{{ include "common.cassandra.values.key.dbUser" (dict "subchart" "true" "context" $) }} +Params: + - subchart - Boolean - Optional. Whether Cassandra is used as subchart or not. Default: false +*/}} +{{- define "common.cassandra.values.key.dbUser" -}} + {{- if .subchart -}} + cassandra.dbUser + {{- else -}} + dbUser + {{- end -}} +{{- end -}} diff --git a/gitea/charts/mariadb/charts/common/templates/validations/_mariadb.tpl b/gitea/charts/mariadb/charts/common/templates/validations/_mariadb.tpl new file mode 100644 index 0000000..bb5ed72 --- /dev/null +++ b/gitea/charts/mariadb/charts/common/templates/validations/_mariadb.tpl @@ -0,0 +1,103 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Validate MariaDB required passwords are not empty. + +Usage: +{{ include "common.validations.values.mariadb.passwords" (dict "secret" "secretName" "subchart" false "context" $) }} +Params: + - secret - String - Required. Name of the secret where MariaDB values are stored, e.g: "mysql-passwords-secret" + - subchart - Boolean - Optional. Whether MariaDB is used as subchart or not. Default: false +*/}} +{{- define "common.validations.values.mariadb.passwords" -}} + {{- $existingSecret := include "common.mariadb.values.auth.existingSecret" . -}} + {{- $enabled := include "common.mariadb.values.enabled" . -}} + {{- $architecture := include "common.mariadb.values.architecture" . -}} + {{- $authPrefix := include "common.mariadb.values.key.auth" . -}} + {{- $valueKeyRootPassword := printf "%s.rootPassword" $authPrefix -}} + {{- $valueKeyUsername := printf "%s.username" $authPrefix -}} + {{- $valueKeyPassword := printf "%s.password" $authPrefix -}} + {{- $valueKeyReplicationPassword := printf "%s.replicationPassword" $authPrefix -}} + + {{- if and (not $existingSecret) (eq $enabled "true") -}} + {{- $requiredPasswords := list -}} + + {{- $requiredRootPassword := dict "valueKey" $valueKeyRootPassword "secret" .secret "field" "mariadb-root-password" -}} + {{- $requiredPasswords = append $requiredPasswords $requiredRootPassword -}} + + {{- $valueUsername := include "common.utils.getValueFromKey" (dict "key" $valueKeyUsername "context" .context) }} + {{- if not (empty $valueUsername) -}} + {{- $requiredPassword := dict "valueKey" $valueKeyPassword "secret" .secret "field" "mariadb-password" -}} + {{- $requiredPasswords = append $requiredPasswords $requiredPassword -}} + {{- end -}} + + {{- if (eq $architecture "replication") -}} + {{- $requiredReplicationPassword := dict "valueKey" $valueKeyReplicationPassword "secret" .secret "field" "mariadb-replication-password" -}} + {{- $requiredPasswords = append $requiredPasswords $requiredReplicationPassword -}} + {{- end -}} + + {{- include "common.validations.values.multiple.empty" (dict "required" $requiredPasswords "context" .context) -}} + + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for existingSecret. + +Usage: +{{ include "common.mariadb.values.auth.existingSecret" (dict "context" $) }} +Params: + - subchart - Boolean - Optional. Whether MariaDB is used as subchart or not. Default: false +*/}} +{{- define "common.mariadb.values.auth.existingSecret" -}} + {{- if .subchart -}} + {{- .context.Values.mariadb.auth.existingSecret | quote -}} + {{- else -}} + {{- .context.Values.auth.existingSecret | quote -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for enabled mariadb. + +Usage: +{{ include "common.mariadb.values.enabled" (dict "context" $) }} +*/}} +{{- define "common.mariadb.values.enabled" -}} + {{- if .subchart -}} + {{- printf "%v" .context.Values.mariadb.enabled -}} + {{- else -}} + {{- printf "%v" (not .context.Values.enabled) -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for architecture + +Usage: +{{ include "common.mariadb.values.architecture" (dict "subchart" "true" "context" $) }} +Params: + - subchart - Boolean - Optional. Whether MariaDB is used as subchart or not. Default: false +*/}} +{{- define "common.mariadb.values.architecture" -}} + {{- if .subchart -}} + {{- .context.Values.mariadb.architecture -}} + {{- else -}} + {{- .context.Values.architecture -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for the key auth + +Usage: +{{ include "common.mariadb.values.key.auth" (dict "subchart" "true" "context" $) }} +Params: + - subchart - Boolean - Optional. Whether MariaDB is used as subchart or not. Default: false +*/}} +{{- define "common.mariadb.values.key.auth" -}} + {{- if .subchart -}} + mariadb.auth + {{- else -}} + auth + {{- end -}} +{{- end -}} diff --git a/gitea/charts/mariadb/charts/common/templates/validations/_mongodb.tpl b/gitea/charts/mariadb/charts/common/templates/validations/_mongodb.tpl new file mode 100644 index 0000000..7d5ecbc --- /dev/null +++ b/gitea/charts/mariadb/charts/common/templates/validations/_mongodb.tpl @@ -0,0 +1,108 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Validate MongoDB(R) required passwords are not empty. + +Usage: +{{ include "common.validations.values.mongodb.passwords" (dict "secret" "secretName" "subchart" false "context" $) }} +Params: + - secret - String - Required. Name of the secret where MongoDB(R) values are stored, e.g: "mongodb-passwords-secret" + - subchart - Boolean - Optional. Whether MongoDB(R) is used as subchart or not. Default: false +*/}} +{{- define "common.validations.values.mongodb.passwords" -}} + {{- $existingSecret := include "common.mongodb.values.auth.existingSecret" . -}} + {{- $enabled := include "common.mongodb.values.enabled" . -}} + {{- $authPrefix := include "common.mongodb.values.key.auth" . -}} + {{- $architecture := include "common.mongodb.values.architecture" . -}} + {{- $valueKeyRootPassword := printf "%s.rootPassword" $authPrefix -}} + {{- $valueKeyUsername := printf "%s.username" $authPrefix -}} + {{- $valueKeyDatabase := printf "%s.database" $authPrefix -}} + {{- $valueKeyPassword := printf "%s.password" $authPrefix -}} + {{- $valueKeyReplicaSetKey := printf "%s.replicaSetKey" $authPrefix -}} + {{- $valueKeyAuthEnabled := printf "%s.enabled" $authPrefix -}} + + {{- $authEnabled := include "common.utils.getValueFromKey" (dict "key" $valueKeyAuthEnabled "context" .context) -}} + + {{- if and (not $existingSecret) (eq $enabled "true") (eq $authEnabled "true") -}} + {{- $requiredPasswords := list -}} + + {{- $requiredRootPassword := dict "valueKey" $valueKeyRootPassword "secret" .secret "field" "mongodb-root-password" -}} + {{- $requiredPasswords = append $requiredPasswords $requiredRootPassword -}} + + {{- $valueUsername := include "common.utils.getValueFromKey" (dict "key" $valueKeyUsername "context" .context) }} + {{- $valueDatabase := include "common.utils.getValueFromKey" (dict "key" $valueKeyDatabase "context" .context) }} + {{- if and $valueUsername $valueDatabase -}} + {{- $requiredPassword := dict "valueKey" $valueKeyPassword "secret" .secret "field" "mongodb-password" -}} + {{- $requiredPasswords = append $requiredPasswords $requiredPassword -}} + {{- end -}} + + {{- if (eq $architecture "replicaset") -}} + {{- $requiredReplicaSetKey := dict "valueKey" $valueKeyReplicaSetKey "secret" .secret "field" "mongodb-replica-set-key" -}} + {{- $requiredPasswords = append $requiredPasswords $requiredReplicaSetKey -}} + {{- end -}} + + {{- include "common.validations.values.multiple.empty" (dict "required" $requiredPasswords "context" .context) -}} + + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for existingSecret. + +Usage: +{{ include "common.mongodb.values.auth.existingSecret" (dict "context" $) }} +Params: + - subchart - Boolean - Optional. Whether MongoDb is used as subchart or not. Default: false +*/}} +{{- define "common.mongodb.values.auth.existingSecret" -}} + {{- if .subchart -}} + {{- .context.Values.mongodb.auth.existingSecret | quote -}} + {{- else -}} + {{- .context.Values.auth.existingSecret | quote -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for enabled mongodb. + +Usage: +{{ include "common.mongodb.values.enabled" (dict "context" $) }} +*/}} +{{- define "common.mongodb.values.enabled" -}} + {{- if .subchart -}} + {{- printf "%v" .context.Values.mongodb.enabled -}} + {{- else -}} + {{- printf "%v" (not .context.Values.enabled) -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for the key auth + +Usage: +{{ include "common.mongodb.values.key.auth" (dict "subchart" "true" "context" $) }} +Params: + - subchart - Boolean - Optional. Whether MongoDB(R) is used as subchart or not. Default: false +*/}} +{{- define "common.mongodb.values.key.auth" -}} + {{- if .subchart -}} + mongodb.auth + {{- else -}} + auth + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for architecture + +Usage: +{{ include "common.mongodb.values.architecture" (dict "subchart" "true" "context" $) }} +Params: + - subchart - Boolean - Optional. Whether MariaDB is used as subchart or not. Default: false +*/}} +{{- define "common.mongodb.values.architecture" -}} + {{- if .subchart -}} + {{- .context.Values.mongodb.architecture -}} + {{- else -}} + {{- .context.Values.architecture -}} + {{- end -}} +{{- end -}} diff --git a/gitea/charts/mariadb/charts/common/templates/validations/_postgresql.tpl b/gitea/charts/mariadb/charts/common/templates/validations/_postgresql.tpl new file mode 100644 index 0000000..992bcd3 --- /dev/null +++ b/gitea/charts/mariadb/charts/common/templates/validations/_postgresql.tpl @@ -0,0 +1,131 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Validate PostgreSQL required passwords are not empty. + +Usage: +{{ include "common.validations.values.postgresql.passwords" (dict "secret" "secretName" "subchart" false "context" $) }} +Params: + - secret - String - Required. Name of the secret where postgresql values are stored, e.g: "postgresql-passwords-secret" + - subchart - Boolean - Optional. Whether postgresql is used as subchart or not. Default: false +*/}} +{{- define "common.validations.values.postgresql.passwords" -}} + {{- $existingSecret := include "common.postgresql.values.existingSecret" . -}} + {{- $enabled := include "common.postgresql.values.enabled" . -}} + {{- $valueKeyPostgresqlPassword := include "common.postgresql.values.key.postgressPassword" . -}} + {{- $valueKeyPostgresqlReplicationEnabled := include "common.postgresql.values.key.replicationPassword" . -}} + + {{- if and (not $existingSecret) (eq $enabled "true") -}} + {{- $requiredPasswords := list -}} + + {{- $requiredPostgresqlPassword := dict "valueKey" $valueKeyPostgresqlPassword "secret" .secret "field" "postgresql-password" -}} + {{- $requiredPasswords = append $requiredPasswords $requiredPostgresqlPassword -}} + + {{- $enabledReplication := include "common.postgresql.values.enabled.replication" . -}} + {{- if (eq $enabledReplication "true") -}} + {{- $requiredPostgresqlReplicationPassword := dict "valueKey" $valueKeyPostgresqlReplicationEnabled "secret" .secret "field" "postgresql-replication-password" -}} + {{- $requiredPasswords = append $requiredPasswords $requiredPostgresqlReplicationPassword -}} + {{- end -}} + + {{- include "common.validations.values.multiple.empty" (dict "required" $requiredPasswords "context" .context) -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to decide whether evaluate global values. + +Usage: +{{ include "common.postgresql.values.use.global" (dict "key" "key-of-global" "context" $) }} +Params: + - key - String - Required. Field to be evaluated within global, e.g: "existingSecret" +*/}} +{{- define "common.postgresql.values.use.global" -}} + {{- if .context.Values.global -}} + {{- if .context.Values.global.postgresql -}} + {{- index .context.Values.global.postgresql .key | quote -}} + {{- end -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for existingSecret. + +Usage: +{{ include "common.postgresql.values.existingSecret" (dict "context" $) }} +*/}} +{{- define "common.postgresql.values.existingSecret" -}} + {{- $globalValue := include "common.postgresql.values.use.global" (dict "key" "existingSecret" "context" .context) -}} + + {{- if .subchart -}} + {{- default (.context.Values.postgresql.existingSecret | quote) $globalValue -}} + {{- else -}} + {{- default (.context.Values.existingSecret | quote) $globalValue -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for enabled postgresql. + +Usage: +{{ include "common.postgresql.values.enabled" (dict "context" $) }} +*/}} +{{- define "common.postgresql.values.enabled" -}} + {{- if .subchart -}} + {{- printf "%v" .context.Values.postgresql.enabled -}} + {{- else -}} + {{- printf "%v" (not .context.Values.enabled) -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for the key postgressPassword. + +Usage: +{{ include "common.postgresql.values.key.postgressPassword" (dict "subchart" "true" "context" $) }} +Params: + - subchart - Boolean - Optional. Whether postgresql is used as subchart or not. Default: false +*/}} +{{- define "common.postgresql.values.key.postgressPassword" -}} + {{- $globalValue := include "common.postgresql.values.use.global" (dict "key" "postgresqlUsername" "context" .context) -}} + + {{- if not $globalValue -}} + {{- if .subchart -}} + postgresql.postgresqlPassword + {{- else -}} + postgresqlPassword + {{- end -}} + {{- else -}} + global.postgresql.postgresqlPassword + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for enabled.replication. + +Usage: +{{ include "common.postgresql.values.enabled.replication" (dict "subchart" "true" "context" $) }} +Params: + - subchart - Boolean - Optional. Whether postgresql is used as subchart or not. Default: false +*/}} +{{- define "common.postgresql.values.enabled.replication" -}} + {{- if .subchart -}} + {{- printf "%v" .context.Values.postgresql.replication.enabled -}} + {{- else -}} + {{- printf "%v" .context.Values.replication.enabled -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for the key replication.password. + +Usage: +{{ include "common.postgresql.values.key.replicationPassword" (dict "subchart" "true" "context" $) }} +Params: + - subchart - Boolean - Optional. Whether postgresql is used as subchart or not. Default: false +*/}} +{{- define "common.postgresql.values.key.replicationPassword" -}} + {{- if .subchart -}} + postgresql.replication.password + {{- else -}} + replication.password + {{- end -}} +{{- end -}} diff --git a/gitea/charts/mariadb/charts/common/templates/validations/_redis.tpl b/gitea/charts/mariadb/charts/common/templates/validations/_redis.tpl new file mode 100644 index 0000000..3e2a47c --- /dev/null +++ b/gitea/charts/mariadb/charts/common/templates/validations/_redis.tpl @@ -0,0 +1,72 @@ + +{{/* vim: set filetype=mustache: */}} +{{/* +Validate Redis(TM) required passwords are not empty. + +Usage: +{{ include "common.validations.values.redis.passwords" (dict "secret" "secretName" "subchart" false "context" $) }} +Params: + - secret - String - Required. Name of the secret where redis values are stored, e.g: "redis-passwords-secret" + - subchart - Boolean - Optional. Whether redis is used as subchart or not. Default: false +*/}} +{{- define "common.validations.values.redis.passwords" -}} + {{- $existingSecret := include "common.redis.values.existingSecret" . -}} + {{- $enabled := include "common.redis.values.enabled" . -}} + {{- $valueKeyPrefix := include "common.redis.values.keys.prefix" . -}} + {{- $valueKeyRedisPassword := printf "%s%s" $valueKeyPrefix "password" -}} + {{- $valueKeyRedisUsePassword := printf "%s%s" $valueKeyPrefix "usePassword" -}} + + {{- if and (not $existingSecret) (eq $enabled "true") -}} + {{- $requiredPasswords := list -}} + + {{- $usePassword := include "common.utils.getValueFromKey" (dict "key" $valueKeyRedisUsePassword "context" .context) -}} + {{- if eq $usePassword "true" -}} + {{- $requiredRedisPassword := dict "valueKey" $valueKeyRedisPassword "secret" .secret "field" "redis-password" -}} + {{- $requiredPasswords = append $requiredPasswords $requiredRedisPassword -}} + {{- end -}} + + {{- include "common.validations.values.multiple.empty" (dict "required" $requiredPasswords "context" .context) -}} + {{- end -}} +{{- end -}} + +{{/* +Redis Auxiliary function to get the right value for existingSecret. + +Usage: +{{ include "common.redis.values.existingSecret" (dict "context" $) }} +Params: + - subchart - Boolean - Optional. Whether Redis(TM) is used as subchart or not. Default: false +*/}} +{{- define "common.redis.values.existingSecret" -}} + {{- if .subchart -}} + {{- .context.Values.redis.existingSecret | quote -}} + {{- else -}} + {{- .context.Values.existingSecret | quote -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for enabled redis. + +Usage: +{{ include "common.redis.values.enabled" (dict "context" $) }} +*/}} +{{- define "common.redis.values.enabled" -}} + {{- if .subchart -}} + {{- printf "%v" .context.Values.redis.enabled -}} + {{- else -}} + {{- printf "%v" (not .context.Values.enabled) -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right prefix path for the values + +Usage: +{{ include "common.redis.values.key.prefix" (dict "subchart" "true" "context" $) }} +Params: + - subchart - Boolean - Optional. Whether redis is used as subchart or not. Default: false +*/}} +{{- define "common.redis.values.keys.prefix" -}} + {{- if .subchart -}}redis.{{- else -}}{{- end -}} +{{- end -}} diff --git a/gitea/charts/mariadb/charts/common/templates/validations/_validations.tpl b/gitea/charts/mariadb/charts/common/templates/validations/_validations.tpl new file mode 100644 index 0000000..9a814cf --- /dev/null +++ b/gitea/charts/mariadb/charts/common/templates/validations/_validations.tpl @@ -0,0 +1,46 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Validate values must not be empty. + +Usage: +{{- $validateValueConf00 := (dict "valueKey" "path.to.value" "secret" "secretName" "field" "password-00") -}} +{{- $validateValueConf01 := (dict "valueKey" "path.to.value" "secret" "secretName" "field" "password-01") -}} +{{ include "common.validations.values.empty" (dict "required" (list $validateValueConf00 $validateValueConf01) "context" $) }} + +Validate value params: + - valueKey - String - Required. The path to the validating value in the values.yaml, e.g: "mysql.password" + - secret - String - Optional. Name of the secret where the validating value is generated/stored, e.g: "mysql-passwords-secret" + - field - String - Optional. Name of the field in the secret data, e.g: "mysql-password" +*/}} +{{- define "common.validations.values.multiple.empty" -}} + {{- range .required -}} + {{- include "common.validations.values.single.empty" (dict "valueKey" .valueKey "secret" .secret "field" .field "context" $.context) -}} + {{- end -}} +{{- end -}} + +{{/* +Validate a value must not be empty. + +Usage: +{{ include "common.validations.value.empty" (dict "valueKey" "mariadb.password" "secret" "secretName" "field" "my-password" "subchart" "subchart" "context" $) }} + +Validate value params: + - valueKey - String - Required. The path to the validating value in the values.yaml, e.g: "mysql.password" + - secret - String - Optional. Name of the secret where the validating value is generated/stored, e.g: "mysql-passwords-secret" + - field - String - Optional. Name of the field in the secret data, e.g: "mysql-password" + - subchart - String - Optional - Name of the subchart that the validated password is part of. +*/}} +{{- define "common.validations.values.single.empty" -}} + {{- $value := include "common.utils.getValueFromKey" (dict "key" .valueKey "context" .context) }} + {{- $subchart := ternary "" (printf "%s." .subchart) (empty .subchart) }} + + {{- if not $value -}} + {{- $varname := "my-value" -}} + {{- $getCurrentValue := "" -}} + {{- if and .secret .field -}} + {{- $varname = include "common.utils.fieldToEnvVar" . -}} + {{- $getCurrentValue = printf " To get the current value:\n\n %s\n" (include "common.utils.secret.getvalue" .) -}} + {{- end -}} + {{- printf "\n '%s' must not be empty, please add '--set %s%s=$%s' to the command.%s" .valueKey $subchart .valueKey $varname $getCurrentValue -}} + {{- end -}} +{{- end -}} diff --git a/gitea/charts/mariadb/charts/common/values.yaml b/gitea/charts/mariadb/charts/common/values.yaml new file mode 100644 index 0000000..9ecdc93 --- /dev/null +++ b/gitea/charts/mariadb/charts/common/values.yaml @@ -0,0 +1,3 @@ +## bitnami/common +## It is required by CI/CD tools and processes. +exampleValue: common-chart diff --git a/gitea/charts/mariadb/ci/values-production-with-rbac-and-metrics.yaml b/gitea/charts/mariadb/ci/values-production-with-rbac-and-metrics.yaml new file mode 100644 index 0000000..2f1a8d9 --- /dev/null +++ b/gitea/charts/mariadb/ci/values-production-with-rbac-and-metrics.yaml @@ -0,0 +1,33 @@ +# Test values file for generating all of the yaml and check that +# the rendering is correct +architecture: replication +auth: + usePasswordFiles: true + +primary: + extraEnvVars: + - name: TEST + value: "3" + extraEnvVarsSecret: example-secret + extraEnvVarsCM: example-cm + podDisruptionBudget: + create: true + +secondary: + replicaCount: 2 + extraEnvVars: + - name: TEST + value: "2" + extraEnvVarsSecret: example-secret-2 + extraEnvVarsCM: example-cm-2 + podDisruptionBudget: + create: true + +serviceAccount: + create: true + name: mariadb-service-account +rbac: + create: true + +metrics: + enabled: true diff --git a/gitea/charts/mariadb/templates/NOTES.txt b/gitea/charts/mariadb/templates/NOTES.txt new file mode 100644 index 0000000..efb4193 --- /dev/null +++ b/gitea/charts/mariadb/templates/NOTES.txt @@ -0,0 +1,50 @@ + +Please be patient while the chart is being deployed + +Tip: + + Watch the deployment status using the command: kubectl get pods -w --namespace {{ .Release.Namespace }} -l release={{ .Release.Name }} + +Services: + + echo Primary: {{ include "mariadb.primary.fullname" . }}.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }}:{{ .Values.primary.service.port }} +{{- if eq .Values.architecture "replication" }} + echo Secondary: {{ include "mariadb.secondary.fullname" . }}.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }}:{{ .Values.secondary.service.port }} +{{- end }} + +Administrator credentials: + + Username: root + Password : $(kubectl get secret --namespace {{ .Release.Namespace }} {{ template "mariadb.secretName" . }} -o jsonpath="{.data.mariadb-root-password}" | base64 --decode) + +To connect to your database: + + 1. Run a pod that you can use as a client: + + kubectl run {{ include "common.names.fullname" . }}-client --rm --tty -i --restart='Never' --image {{ template "mariadb.image" . }} --namespace {{ .Release.Namespace }} --command -- bash + + 2. To connect to primary service (read/write): + + mysql -h {{ include "mariadb.primary.fullname" . }}.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }} -uroot -p {{ .Values.auth.database }} + +{{- if eq .Values.architecture "replication" }} + + 3. To connect to secondary service (read-only): + + mysql -h {{ include "mariadb.secondary.fullname" . }}.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }} -uroot -p {{ .Values.auth.database }} +{{- end }} + +To upgrade this helm chart: + + 1. Obtain the password as described on the 'Administrator credentials' section and set the 'auth.rootPassword' parameter as shown below: + + ROOT_PASSWORD=$(kubectl get secret --namespace {{ .Release.Namespace }} {{ template "mariadb.secretName" . }} -o jsonpath="{.data.mariadb-root-password}" | base64 --decode) + helm upgrade {{ .Release.Name }} bitnami/mariadb --set auth.rootPassword=$ROOT_PASSWORD + +{{- include "common.warnings.rollingTag" .Values.image }} +{{- include "common.warnings.rollingTag" .Values.metrics.image }} +{{- include "mariadb.validateValues" . }} +{{- if not .Values.auth.customPasswordFiles -}} + {{- $passwordValidationErrors := include "common.validations.values.mariadb.passwords" (dict "secret" (include "common.names.fullname" .) "context" $) -}} + {{- include "common.errors.upgrade.passwords.empty" (dict "validationErrors" (list $passwordValidationErrors) "context" $) -}} +{{- end }} diff --git a/gitea/charts/mariadb/templates/_helpers.tpl b/gitea/charts/mariadb/templates/_helpers.tpl new file mode 100644 index 0000000..4a8bf7f --- /dev/null +++ b/gitea/charts/mariadb/templates/_helpers.tpl @@ -0,0 +1,150 @@ +{{/* vim: set filetype=mustache: */}} + +{{- define "mariadb.primary.fullname" -}} +{{- if eq .Values.architecture "replication" }} +{{- printf "%s-%s" (include "common.names.fullname" .) "primary" | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- include "common.names.fullname" . -}} +{{- end -}} +{{- end -}} + +{{- define "mariadb.secondary.fullname" -}} +{{- printf "%s-%s" (include "common.names.fullname" .) "secondary" | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Return the proper MariaDB image name +*/}} +{{- define "mariadb.image" -}} +{{ include "common.images.image" (dict "imageRoot" .Values.image "global" .Values.global) }} +{{- end -}} + +{{/* +Return the proper metrics image name +*/}} +{{- define "mariadb.metrics.image" -}} +{{ include "common.images.image" (dict "imageRoot" .Values.metrics.image "global" .Values.global) }} +{{- end -}} + +{{/* +Return the proper image name (for the init container volume-permissions image) +*/}} +{{- define "mariadb.volumePermissions.image" -}} +{{ include "common.images.image" (dict "imageRoot" .Values.volumePermissions.image "global" .Values.global) }} +{{- end -}} + +{{/* +Return the proper Docker Image Registry Secret Names +*/}} +{{- define "mariadb.imagePullSecrets" -}} +{{ include "common.images.pullSecrets" (dict "images" (list .Values.image .Values.metrics.image .Values.volumePermissions.image) "global" .Values.global) }} +{{- end -}} + +{{ template "mariadb.initdbScriptsCM" . }} +{{/* +Get the initialization scripts ConfigMap name. +*/}} +{{- define "mariadb.initdbScriptsCM" -}} +{{- if .Values.initdbScriptsConfigMap -}} +{{- printf "%s" .Values.initdbScriptsConfigMap -}} +{{- else -}} +{{- printf "%s-init-scripts" (include "mariadb.primary.fullname" .) -}} +{{- end -}} +{{- end -}} + +{{/* +Create the name of the service account to use +*/}} +{{- define "mariadb.serviceAccountName" -}} +{{- if .Values.serviceAccount.create -}} + {{ default (include "common.names.fullname" .) .Values.serviceAccount.name }} +{{- else -}} + {{ default "default" .Values.serviceAccount.name }} +{{- end -}} +{{- end -}} + +{{/* +Return the configmap with the MariaDB Primary configuration +*/}} +{{- define "mariadb.primary.configmapName" -}} +{{- if .Values.primary.existingConfigmap -}} + {{- printf "%s" (tpl .Values.primary.existingConfigmap $) -}} +{{- else -}} + {{- printf "%s" (include "mariadb.primary.fullname" .) -}} +{{- end -}} +{{- end -}} + +{{/* +Return true if a configmap object should be created for MariaDB Secondary +*/}} +{{- define "mariadb.primary.createConfigmap" -}} +{{- if and .Values.primary.configuration (not .Values.primary.existingConfigmap) }} + {{- true -}} +{{- else -}} +{{- end -}} +{{- end -}} + +{{/* +Return the configmap with the MariaDB Primary configuration +*/}} +{{- define "mariadb.secondary.configmapName" -}} +{{- if .Values.secondary.existingConfigmap -}} + {{- printf "%s" (tpl .Values.secondary.existingConfigmap $) -}} +{{- else -}} + {{- printf "%s" (include "mariadb.secondary.fullname" .) -}} +{{- end -}} +{{- end -}} + +{{/* +Return true if a configmap object should be created for MariaDB Secondary +*/}} +{{- define "mariadb.secondary.createConfigmap" -}} +{{- if and (eq .Values.architecture "replication") .Values.secondary.configuration (not .Values.secondary.existingConfigmap) }} + {{- true -}} +{{- else -}} +{{- end -}} +{{- end -}} + +{{/* +Return the secret with MariaDB credentials +*/}} +{{- define "mariadb.secretName" -}} + {{- if .Values.auth.existingSecret -}} + {{- printf "%s" .Values.auth.existingSecret -}} + {{- else -}} + {{- printf "%s" (include "common.names.fullname" .) -}} + {{- end -}} +{{- end -}} + +{{/* +Return true if a secret object should be created for MariaDB +*/}} +{{- define "mariadb.createSecret" -}} +{{- if and (not .Values.auth.existingSecret) (not .Values.auth.customPasswordFiles) }} + {{- true -}} +{{- else -}} +{{- end -}} +{{- end -}} + +{{/* +Compile all warnings into a single message, and call fail. +*/}} +{{- define "mariadb.validateValues" -}} +{{- $messages := list -}} +{{- $messages := append $messages (include "mariadb.validateValues.architecture" .) -}} +{{- $messages := without $messages "" -}} +{{- $message := join "\n" $messages -}} + +{{- if $message -}} +{{- printf "\nVALUES VALIDATION:\n%s" $message | fail -}} +{{- end -}} +{{- end -}} + +{{/* Validate values of MariaDB - must provide a valid architecture */}} +{{- define "mariadb.validateValues.architecture" -}} +{{- if and (ne .Values.architecture "standalone") (ne .Values.architecture "replication") -}} +mariadb: architecture + Invalid architecture selected. Valid values are "standalone" and + "replication". Please set a valid architecture (--set architecture="xxxx") +{{- end -}} +{{- end -}} diff --git a/gitea/charts/mariadb/templates/extra-list.yaml b/gitea/charts/mariadb/templates/extra-list.yaml new file mode 100644 index 0000000..9ac65f9 --- /dev/null +++ b/gitea/charts/mariadb/templates/extra-list.yaml @@ -0,0 +1,4 @@ +{{- range .Values.extraDeploy }} +--- +{{ include "common.tplvalues.render" (dict "value" . "context" $) }} +{{- end }} diff --git a/gitea/charts/mariadb/templates/primary/configmap.yaml b/gitea/charts/mariadb/templates/primary/configmap.yaml new file mode 100644 index 0000000..8ee5f03 --- /dev/null +++ b/gitea/charts/mariadb/templates/primary/configmap.yaml @@ -0,0 +1,18 @@ +{{- if (include "mariadb.primary.createConfigmap" .) }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "mariadb.primary.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + app.kubernetes.io/component: primary + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +data: + my.cnf: |- +{{ .Values.primary.configuration | indent 4 }} +{{- end -}} diff --git a/gitea/charts/mariadb/templates/primary/initialization-configmap.yaml b/gitea/charts/mariadb/templates/primary/initialization-configmap.yaml new file mode 100644 index 0000000..826b597 --- /dev/null +++ b/gitea/charts/mariadb/templates/primary/initialization-configmap.yaml @@ -0,0 +1,11 @@ +{{- if and .Values.initdbScripts (not .Values.initdbScriptsConfigMap) }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ printf "%s-init-scripts" (include "mariadb.primary.fullname" .) }} + namespace: {{ .Release.Namespace }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + app.kubernetes.io/component: primary +data: +{{- include "common.tplvalues.render" (dict "value" .Values.initdbScripts "context" .) | nindent 2 }} +{{ end }} diff --git a/gitea/charts/mariadb/templates/primary/pdb.yaml b/gitea/charts/mariadb/templates/primary/pdb.yaml new file mode 100644 index 0000000..4ca1bf8 --- /dev/null +++ b/gitea/charts/mariadb/templates/primary/pdb.yaml @@ -0,0 +1,25 @@ +{{- if .Values.primary.pdb.enabled }} +apiVersion: policy/v1beta1 +kind: PodDisruptionBudget +metadata: + name: {{ include "mariadb.primary.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + app.kubernetes.io/component: primary + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + {{- if .Values.primary.pdb.minAvailable }} + minAvailable: {{ .Values.primary.pdb.minAvailable }} + {{- end }} + {{- if .Values.primary.pdb.maxUnavailable }} + maxUnavailable: {{ .Values.primary.pdb.maxUnavailable }} + {{- end }} + selector: + matchLabels: {{ include "common.labels.matchLabels" . | nindent 6 }} + app.kubernetes.io/component: primary +{{- end }} diff --git a/gitea/charts/mariadb/templates/primary/statefulset.yaml b/gitea/charts/mariadb/templates/primary/statefulset.yaml new file mode 100644 index 0000000..5bbbc4f --- /dev/null +++ b/gitea/charts/mariadb/templates/primary/statefulset.yaml @@ -0,0 +1,338 @@ +apiVersion: {{ include "common.capabilities.statefulset.apiVersion" . }} +kind: StatefulSet +metadata: + name: {{ include "mariadb.primary.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + app.kubernetes.io/component: primary + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + replicas: 1 + selector: + matchLabels: {{ include "common.labels.matchLabels" . | nindent 6 }} + app.kubernetes.io/component: primary + serviceName: {{ include "mariadb.primary.fullname" . }} + updateStrategy: + type: {{ .Values.primary.updateStrategy }} + {{- if (eq "Recreate" .Values.primary.updateStrategy) }} + rollingUpdate: null + {{- else if .Values.primary.rollingUpdatePartition }} + rollingUpdate: + partition: {{ .Values.primary.rollingUpdatePartition }} + {{- end }} + template: + metadata: + annotations: + {{- if (include "mariadb.primary.createConfigmap" .) }} + checksum/configuration: {{ include (print $.Template.BasePath "/primary/configmap.yaml") . | sha256sum }} + {{- end }} + {{- if .Values.primary.podAnnotations }} + {{- include "common.tplvalues.render" (dict "value" .Values.primary.podAnnotations "context" $) | nindent 8 }} + {{- end }} + labels: {{- include "common.labels.standard" . | nindent 8 }} + app.kubernetes.io/component: primary + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 8 }} + {{- end }} + spec: + {{- include "mariadb.imagePullSecrets" . | nindent 6 }} + {{- if .Values.primary.hostAliases }} + hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.primary.hostAliases "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.schedulerName }} + schedulerName: {{ .Values.schedulerName | quote }} + {{- end }} + serviceAccountName: {{ template "mariadb.serviceAccountName" . }} + {{- if .Values.primary.affinity }} + affinity: {{- include "common.tplvalues.render" (dict "value" .Values.primary.affinity "context" $) | nindent 8 }} + {{- else }} + affinity: + podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.primary.podAffinityPreset "component" "primary" "context" $) | nindent 10 }} + podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.primary.podAntiAffinityPreset "component" "primary" "context" $) | nindent 10 }} + nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.primary.nodeAffinityPreset.type "key" .Values.primary.nodeAffinityPreset.key "values" .Values.primary.nodeAffinityPreset.values) | nindent 10 }} + {{- end }} + {{- if .Values.primary.nodeSelector }} + nodeSelector: {{- include "common.tplvalues.render" (dict "value" .Values.primary.nodeSelector "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.primary.tolerations }} + tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.primary.tolerations "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.primary.priorityClassName }} + priorityClassName: {{ .Values.primary.priorityClassName | quote }} + {{- else if .Values.priorityClassName }} + priorityClassName: {{ .Values.priorityClassName | quote }} + {{- end }} + {{- if .Values.primary.podSecurityContext.enabled }} + securityContext: {{- omit .Values.primary.podSecurityContext "enabled" | toYaml | nindent 8 }} + {{- end }} + {{- if or .Values.primary.initContainers (and .Values.primary.podSecurityContext.enabled .Values.volumePermissions.enabled .Values.primary.persistence.enabled) }} + initContainers: + {{- if .Values.primary.initContainers }} + {{- include "common.tplvalues.render" (dict "value" .Values.primary.initContainers "context" $) | nindent 8 }} + {{- end }} + {{- if and .Values.primary.podSecurityContext.enabled .Values.volumePermissions.enabled .Values.primary.persistence.enabled }} + - name: volume-permissions + image: {{ include "mariadb.volumePermissions.image" . }} + imagePullPolicy: {{ .Values.volumePermissions.image.pullPolicy | quote }} + command: + - /bin/bash + - -ec + - | + chown -R {{ .Values.primary.containerSecurityContext.runAsUser }}:{{ .Values.primary.podSecurityContext.fsGroup }} /bitnami/mariadb + securityContext: + runAsUser: 0 + {{- if .Values.volumePermissions.resources }} + resources: {{- toYaml .Values.volumePermissions.resources | nindent 12 }} + {{- end }} + volumeMounts: + - name: data + mountPath: /bitnami/mariadb + {{- if .Values.primary.persistence.subPath }} + subPath: {{ .Values.primary.persistence.subPath }} + {{- end }} + {{- end }} + {{- end }} + containers: + - name: mariadb + image: {{ include "mariadb.image" . }} + imagePullPolicy: {{ .Values.image.pullPolicy | quote }} + {{- if .Values.primary.containerSecurityContext.enabled }} + securityContext: {{- omit .Values.primary.containerSecurityContext "enabled" | toYaml | nindent 12 }} + {{- end }} + {{- if .Values.primary.command }} + command: {{- include "common.tplvalues.render" (dict "value" .Values.primary.command "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.primary.args }} + args: {{- include "common.tplvalues.render" (dict "value" .Values.primary.args "context" $) | nindent 12 }} + {{- end }} + env: + - name: BITNAMI_DEBUG + value: {{ ternary "true" "false" .Values.image.debug | quote }} + {{- if .Values.auth.usePasswordFiles }} + - name: MARIADB_ROOT_PASSWORD_FILE + value: {{ default "/opt/bitnami/mariadb/secrets/mariadb-root-password" .Values.auth.customPasswordFiles.root }} + {{- else }} + - name: MARIADB_ROOT_PASSWORD + valueFrom: + secretKeyRef: + name: {{ template "mariadb.secretName" . }} + key: mariadb-root-password + {{- end }} + {{- if not (empty .Values.auth.username) }} + - name: MARIADB_USER + value: {{ .Values.auth.username | quote }} + {{- if .Values.auth.usePasswordFiles }} + - name: MARIADB_PASSWORD_FILE + value: {{ default "/opt/bitnami/mariadb/secrets/mariadb-password" .Values.auth.customPasswordFiles.user }} + {{- else }} + - name: MARIADB_PASSWORD + valueFrom: + secretKeyRef: + name: {{ template "mariadb.secretName" . }} + key: mariadb-password + {{- end }} + {{- end }} + - name: MARIADB_DATABASE + value: {{ .Values.auth.database | quote }} + {{- if eq .Values.architecture "replication" }} + - name: MARIADB_REPLICATION_MODE + value: "master" + - name: MARIADB_REPLICATION_USER + value: {{ .Values.auth.replicationUser | quote }} + {{- if .Values.auth.usePasswordFiles }} + - name: MARIADB_REPLICATION_PASSWORD_FILE + value: {{ default "/opt/bitnami/mariadb/secrets/mariadb-replication-password" .Values.auth.customPasswordFiles.replicator }} + {{- else }} + - name: MARIADB_REPLICATION_PASSWORD + valueFrom: + secretKeyRef: + name: {{ template "mariadb.secretName" . }} + key: mariadb-replication-password + {{- end }} + {{- end }} + {{- if .Values.primary.extraFlags }} + - name: MARIADB_EXTRA_FLAGS + value: "{{ .Values.primary.extraFlags }}" + {{- end }} + {{- if .Values.primary.extraEnvVars }} + {{- include "common.tplvalues.render" (dict "value" .Values.primary.extraEnvVars "context" $) | nindent 12 }} + {{- end }} + {{- if or .Values.primary.extraEnvVarsCM .Values.primary.extraEnvVarsSecret }} + envFrom: + {{- if .Values.primary.extraEnvVarsCM }} + - configMapRef: + name: {{ .Values.primary.extraEnvVarsCM }} + {{- end }} + {{- if .Values.primary.extraEnvVarsSecret }} + - secretRef: + name: {{ .Values.primary.extraEnvVarsSecret }} + {{- end }} + {{- end }} + ports: + - name: mysql + containerPort: 3306 + {{- if .Values.primary.livenessProbe.enabled }} + livenessProbe: {{- omit .Values.primary.livenessProbe "enabled" | toYaml | nindent 12 }} + exec: + command: + - /bin/bash + - -ec + - | + password_aux="${MARIADB_ROOT_PASSWORD:-}" + if [[ -f "${MARIADB_ROOT_PASSWORD_FILE:-}" ]]; then + password_aux=$(cat "$MARIADB_ROOT_PASSWORD_FILE") + fi + mysqladmin status -uroot -p"${password_aux}" + {{- else if .Values.primary.customLivenessProbe }} + livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.primary.customLivenessProbe "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.primary.readinessProbe.enabled }} + readinessProbe: {{- omit .Values.primary.readinessProbe "enabled" | toYaml | nindent 12 }} + exec: + command: + - /bin/bash + - -ec + - | + password_aux="${MARIADB_ROOT_PASSWORD:-}" + if [[ -f "${MARIADB_ROOT_PASSWORD_FILE:-}" ]]; then + password_aux=$(cat "$MARIADB_ROOT_PASSWORD_FILE") + fi + mysqladmin status -uroot -p"${password_aux}" + {{- else if .Values.primary.customReadinessProbe }} + readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.primary.customReadinessProbe "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.primary.resources }} + resources: {{ toYaml .Values.primary.resources | nindent 12 }} + {{- end }} + volumeMounts: + - name: data + mountPath: /bitnami/mariadb + {{- if .Values.primary.persistence.subPath }} + subPath: {{ .Values.primary.persistence.subPath }} + {{- end }} + {{- if or .Values.initdbScriptsConfigMap .Values.initdbScripts }} + - name: custom-init-scripts + mountPath: /docker-entrypoint-initdb.d + {{- end }} + {{- if or .Values.primary.configuration .Values.primary.existingConfigmap }} + - name: config + mountPath: /opt/bitnami/mariadb/conf/my.cnf + subPath: my.cnf + {{- end }} + {{- if and .Values.auth.usePasswordFiles (not .Values.auth.customPasswordFiles) }} + - name: mariadb-credentials + mountPath: /opt/bitnami/mariadb/secrets/ + {{- end }} + {{- if .Values.primary.extraVolumeMounts }} + {{- include "common.tplvalues.render" (dict "value" .Values.primary.extraVolumeMounts "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.metrics.enabled }} + - name: metrics + image: {{ include "mariadb.metrics.image" . }} + imagePullPolicy: {{ .Values.metrics.image.pullPolicy | quote }} + env: + {{- if .Values.auth.usePasswordFiles }} + - name: MARIADB_ROOT_PASSWORD_FILE + value: {{ default "/opt/bitnami/mysqld-exporter/secrets/mariadb-root-password" .Values.auth.customPasswordFiles.root }} + {{- else }} + - name: MARIADB_ROOT_PASSWORD + valueFrom: + secretKeyRef: + name: {{ template "mariadb.secretName" . }} + key: mariadb-root-password + {{- end }} + command: + - /bin/bash + - -ec + - | + password_aux="${MARIADB_ROOT_PASSWORD:-}" + if [[ -f "${MARIADB_ROOT_PASSWORD_FILE:-}" ]]; then + password_aux=$(cat "$MARIADB_ROOT_PASSWORD_FILE") + fi + DATA_SOURCE_NAME="root:${password_aux}@(localhost:3306)/" /bin/mysqld_exporter {{- range .Values.metrics.extraArgs.primary }} {{ . }} {{- end }} + ports: + - name: metrics + containerPort: 9104 + {{- if .Values.metrics.livenessProbe.enabled }} + livenessProbe: {{- omit .Values.metrics.livenessProbe "enabled" | toYaml | nindent 12 }} + httpGet: + path: /metrics + port: metrics + {{- end }} + {{- if .Values.metrics.readinessProbe.enabled }} + readinessProbe: {{- omit .Values.metrics.readinessProbe "enabled" | toYaml | nindent 12 }} + httpGet: + path: /metrics + port: metrics + {{- end }} + {{- if .Values.metrics.resources }} + resources: {{- toYaml .Values.metrics.resources | nindent 12 }} + {{- end }} + {{- if and .Values.auth.usePasswordFiles (not .Values.auth.customPasswordFiles) }} + volumeMounts: + - name: mariadb-credentials + mountPath: /opt/bitnami/mysqld-exporter/secrets/ + {{- end }} + {{- end }} + {{- if .Values.primary.sidecars }} + {{- include "common.tplvalues.render" (dict "value" .Values.primary.sidecars "context" $) | nindent 8 }} + {{- end }} + volumes: + {{- if or .Values.primary.configuration .Values.primary.existingConfigmap }} + - name: config + configMap: + name: {{ include "mariadb.primary.configmapName" . }} + {{- end }} + {{- if or .Values.initdbScriptsConfigMap .Values.initdbScripts }} + - name: custom-init-scripts + configMap: + name: {{ template "mariadb.initdbScriptsCM" . }} + {{- end }} + {{- if and .Values.auth.usePasswordFiles (not .Values.auth.customPasswordFiles) }} + - name: mariadb-credentials + secret: + secretName: {{ template "mariadb.secretName" . }} + items: + - key: mariadb-root-password + path: mariadb-root-password + - key: mariadb-password + path: mariadb-password + {{- if eq .Values.architecture "replication" }} + - key: mariadb-replication-password + path: mariadb-replication-password + {{- end }} + {{- end }} + {{- if .Values.primary.extraVolumes }} + {{- include "common.tplvalues.render" (dict "value" .Values.primary.extraVolumes "context" $) | nindent 8 }} + {{- end }} + {{- if and .Values.primary.persistence.enabled .Values.primary.persistence.existingClaim }} + - name: data + persistentVolumeClaim: + claimName: {{ tpl .Values.primary.persistence.existingClaim . }} + {{- else if not .Values.primary.persistence.enabled }} + - name: data + emptyDir: {} + {{- else if and .Values.primary.persistence.enabled (not .Values.primary.persistence.existingClaim) }} + volumeClaimTemplates: + - metadata: + name: data + labels: {{ include "common.labels.matchLabels" . | nindent 10 }} + app.kubernetes.io/component: primary + spec: + accessModes: + {{- range .Values.primary.persistence.accessModes }} + - {{ . | quote }} + {{- end }} + resources: + requests: + storage: {{ .Values.primary.persistence.size | quote }} + {{ include "common.storage.class" (dict "persistence" .Values.primary.persistence "global" .Values.global) }} + {{- if .Values.primary.persistence.selector }} + selector: {{- include "common.tplvalues.render" (dict "value" .Values.primary.persistence.selector "context" $) | nindent 10 }} + {{- end -}} + {{- end }} diff --git a/gitea/charts/mariadb/templates/primary/svc.yaml b/gitea/charts/mariadb/templates/primary/svc.yaml new file mode 100644 index 0000000..9b60dd6 --- /dev/null +++ b/gitea/charts/mariadb/templates/primary/svc.yaml @@ -0,0 +1,49 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ include "mariadb.primary.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + app.kubernetes.io/component: primary + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + annotations: + {{- if .Values.commonAnnotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.primary.service.annotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.primary.service.annotations "context" $ ) | nindent 4 }} + {{- end }} + {{- if and .Values.metrics.enabled .Values.metrics.annotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.metrics.annotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + type: {{ .Values.primary.service.type }} + {{- if and (eq .Values.primary.service.type "ClusterIP") .Values.primary.service.clusterIP }} + clusterIP: {{ .Values.primary.service.clusterIP }} + {{- end }} + {{- if and .Values.primary.service.loadBalancerIP (eq .Values.primary.service.type "LoadBalancer") }} + loadBalancerIP: {{ .Values.primary.service.loadBalancerIP }} + {{- end }} + {{- if and (eq .Values.primary.service.type "LoadBalancer") .Values.primary.service.loadBalancerSourceRanges }} + loadBalancerSourceRanges: {{- toYaml .Values.primary.service.loadBalancerSourceRanges | nindent 4 }} + {{- end }} + ports: + - name: mysql + port: {{ .Values.primary.service.port }} + protocol: TCP + targetPort: mysql + {{- if (and (or (eq .Values.primary.service.type "NodePort") (eq .Values.primary.service.type "LoadBalancer")) .Values.primary.service.nodePort) }} + nodePort: {{ .Values.primary.service.nodePort }} + {{- else if eq .Values.primary.service.type "ClusterIP" }} + nodePort: null + {{- end }} + {{- if .Values.metrics.enabled }} + - name: metrics + port: 9104 + protocol: TCP + targetPort: metrics + {{- end }} + selector: {{ include "common.labels.matchLabels" . | nindent 4 }} + app.kubernetes.io/component: primary diff --git a/gitea/charts/mariadb/templates/role.yaml b/gitea/charts/mariadb/templates/role.yaml new file mode 100644 index 0000000..4cbdd5c --- /dev/null +++ b/gitea/charts/mariadb/templates/role.yaml @@ -0,0 +1,21 @@ +{{- if and .Values.serviceAccount.create .Values.rbac.create }} +apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }} +kind: Role +metadata: + name: {{ include "common.names.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +rules: + - apiGroups: + - "" + resources: + - endpoints + verbs: + - get +{{- end }} diff --git a/gitea/charts/mariadb/templates/rolebinding.yaml b/gitea/charts/mariadb/templates/rolebinding.yaml new file mode 100644 index 0000000..3c55938 --- /dev/null +++ b/gitea/charts/mariadb/templates/rolebinding.yaml @@ -0,0 +1,21 @@ +{{- if and .Values.serviceAccount.create .Values.rbac.create }} +kind: RoleBinding +apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }} +metadata: + name: {{ include "common.names.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +subjects: + - kind: ServiceAccount + name: {{ include "mariadb.serviceAccountName" . }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: {{ include "common.names.fullname" . -}} +{{- end }} diff --git a/gitea/charts/mariadb/templates/secondary/configmap.yaml b/gitea/charts/mariadb/templates/secondary/configmap.yaml new file mode 100644 index 0000000..e672c05 --- /dev/null +++ b/gitea/charts/mariadb/templates/secondary/configmap.yaml @@ -0,0 +1,18 @@ +{{- if (include "mariadb.secondary.createConfigmap" .) }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "mariadb.secondary.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + app.kubernetes.io/component: secondary + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +data: + my.cnf: |- +{{ .Values.secondary.configuration | indent 4 }} +{{- end -}} diff --git a/gitea/charts/mariadb/templates/secondary/pdb.yaml b/gitea/charts/mariadb/templates/secondary/pdb.yaml new file mode 100644 index 0000000..f5c7e26 --- /dev/null +++ b/gitea/charts/mariadb/templates/secondary/pdb.yaml @@ -0,0 +1,25 @@ +{{- if and (eq .Values.architecture "replication") .Values.secondary.pdb.enabled }} +apiVersion: policy/v1beta1 +kind: PodDisruptionBudget +metadata: + name: {{ include "mariadb.secondary.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + app.kubernetes.io/component: secondary + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + {{- if .Values.secondary.pdb.minAvailable }} + minAvailable: {{ .Values.secondary.pdb.minAvailable }} + {{- end }} + {{- if .Values.secondary.pdb.maxUnavailable }} + maxUnavailable: {{ .Values.secondary.pdb.maxUnavailable }} + {{- end }} + selector: + matchLabels: {{ include "common.labels.matchLabels" . | nindent 6 }} + app.kubernetes.io/component: secondary +{{- end }} diff --git a/gitea/charts/mariadb/templates/secondary/statefulset.yaml b/gitea/charts/mariadb/templates/secondary/statefulset.yaml new file mode 100644 index 0000000..2fca880 --- /dev/null +++ b/gitea/charts/mariadb/templates/secondary/statefulset.yaml @@ -0,0 +1,311 @@ +{{- if eq .Values.architecture "replication" }} +apiVersion: {{ include "common.capabilities.statefulset.apiVersion" . }} +kind: StatefulSet +metadata: + name: {{ include "mariadb.secondary.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + app.kubernetes.io/component: secondary + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + replicas: {{ .Values.secondary.replicaCount }} + selector: + matchLabels: {{ include "common.labels.matchLabels" . | nindent 6 }} + app.kubernetes.io/component: secondary + serviceName: {{ include "mariadb.secondary.fullname" . }} + updateStrategy: + type: {{ .Values.secondary.updateStrategy }} + {{- if (eq "Recreate" .Values.secondary.updateStrategy) }} + rollingUpdate: null + {{- else if .Values.secondary.rollingUpdatePartition }} + rollingUpdate: + partition: {{ .Values.secondary.rollingUpdatePartition }} + {{- end }} + template: + metadata: + annotations: + {{- if (include "mariadb.secondary.createConfigmap" .) }} + checksum/configuration: {{ include (print $.Template.BasePath "/secondary/configmap.yaml") . | sha256sum }} + {{- end }} + {{- if .Values.secondary.podAnnotations }} + {{- include "common.tplvalues.render" (dict "value" .Values.secondary.podAnnotations "context" $) | nindent 8 }} + {{- end }} + labels: {{- include "common.labels.standard" . | nindent 8 }} + app.kubernetes.io/component: secondary + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 8 }} + {{- end }} + spec: + {{- include "mariadb.imagePullSecrets" . | nindent 6 }} + {{- if .Values.schedulerName }} + schedulerName: {{ .Values.schedulerName | quote }} + {{- end }} + serviceAccountName: {{ template "mariadb.serviceAccountName" . }} + {{- if .Values.secondary.hostAliases }} + hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.secondary.hostAliases "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.secondary.affinity }} + affinity: {{- include "common.tplvalues.render" (dict "value" .Values.secondary.affinity "context" $) | nindent 8 }} + {{- else }} + affinity: + podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.secondary.podAffinityPreset "component" "secondary" "context" $) | nindent 10 }} + podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.secondary.podAntiAffinityPreset "component" "secondary" "context" $) | nindent 10 }} + nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.secondary.nodeAffinityPreset.type "key" .Values.secondary.nodeAffinityPreset.key "values" .Values.secondary.nodeAffinityPreset.values) | nindent 10 }} + {{- end }} + {{- if .Values.secondary.nodeSelector }} + nodeSelector: {{- include "common.tplvalues.render" (dict "value" .Values.secondary.nodeSelector "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.secondary.tolerations }} + tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.secondary.tolerations "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.secondary.priorityClassName }} + priorityClassName: {{ .Values.secondary.priorityClassName | quote }} + {{- else if .Values.priorityClassName }} + priorityClassName: {{ .Values.priorityClassName | quote }} + {{- end }} + {{- if .Values.secondary.podSecurityContext.enabled }} + securityContext: {{- omit .Values.secondary.podSecurityContext "enabled" | toYaml | nindent 8 }} + {{- end }} + {{- if or .Values.secondary.initContainers (and .Values.secondary.podSecurityContext.enabled .Values.volumePermissions.enabled .Values.secondary.persistence.enabled) }} + initContainers: + {{- if .Values.secondary.initContainers }} + {{- include "common.tplvalues.render" (dict "value" .Values.secondary.initContainers "context" $) | nindent 8 }} + {{- end }} + {{- if and .Values.secondary.podSecurityContext.enabled .Values.volumePermissions.enabled .Values.secondary.persistence.enabled }} + - name: volume-permissions + image: {{ include "mariadb.volumePermissions.image" . }} + imagePullPolicy: {{ .Values.volumePermissions.image.pullPolicy | quote }} + command: + - /bin/bash + - -ec + - | + chown -R {{ .Values.secondary.containerSecurityContext.runAsUser }}:{{ .Values.secondary.podSecurityContext.fsGroup }} /bitnami/mariadb + securityContext: + runAsUser: 0 + {{- if .Values.volumePermissions.resources }} + resources: {{- toYaml .Values.volumePermissions.resources | nindent 12 }} + {{- end }} + volumeMounts: + - name: data + mountPath: /bitnami/mariadb + {{- if .Values.secondary.persistence.subPath }} + subPath: {{ .Values.secondary.persistence.subPath }} + {{- end }} + {{- end }} + {{- end }} + containers: + - name: mariadb + image: {{ include "mariadb.image" . }} + imagePullPolicy: {{ .Values.image.pullPolicy | quote }} + {{- if .Values.secondary.containerSecurityContext.enabled }} + securityContext: {{- omit .Values.secondary.containerSecurityContext "enabled" | toYaml | nindent 12 }} + {{- end }} + {{- if .Values.secondary.command }} + command: {{- include "common.tplvalues.render" (dict "value" .Values.secondary.command "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.secondary.args }} + args: {{- include "common.tplvalues.render" (dict "value" .Values.secondary.args "context" $) | nindent 12 }} + {{- end }} + env: + - name: BITNAMI_DEBUG + value: {{ ternary "true" "false" .Values.image.debug | quote }} + - name: MARIADB_REPLICATION_MODE + value: "slave" + - name: MARIADB_MASTER_HOST + value: {{ include "mariadb.primary.fullname" . }} + - name: MARIADB_MASTER_PORT_NUMBER + value: {{ .Values.primary.service.port | quote }} + - name: MARIADB_MASTER_ROOT_USER + value: "root" + {{- if .Values.auth.usePasswordFiles }} + - name: MARIADB_MASTER_ROOT_PASSWORD_FILE + value: {{ default "/opt/bitnami/mariadb/secrets/mariadb-root-password" .Values.auth.customPasswordFiles.root }} + {{- else }} + - name: MARIADB_MASTER_ROOT_PASSWORD + valueFrom: + secretKeyRef: + name: {{ template "mariadb.secretName" . }} + key: mariadb-root-password + {{- end }} + - name: MARIADB_REPLICATION_USER + value: {{ .Values.auth.replicationUser | quote }} + {{- if .Values.auth.usePasswordFiles }} + - name: MARIADB_REPLICATION_PASSWORD_FILE + value: {{ default "/opt/bitnami/mariadb/secrets/mariadb-replication-password" .Values.auth.customPasswordFiles.replicator }} + {{- else }} + - name: MARIADB_REPLICATION_PASSWORD + valueFrom: + secretKeyRef: + name: {{ template "mariadb.secretName" . }} + key: mariadb-replication-password + {{- end }} + {{- if .Values.secondary.extraFlags }} + - name: MARIADB_EXTRA_FLAGS + value: "{{ .Values.secondary.extraFlags }}" + {{- end }} + {{- if .Values.secondary.extraEnvVars }} + {{- include "common.tplvalues.render" (dict "value" .Values.secondary.extraEnvVars "context" $) | nindent 12 }} + {{- end }} + {{- if or .Values.secondary.extraEnvVarsCM .Values.secondary.extraEnvVarsSecret }} + envFrom: + {{- if .Values.secondary.extraEnvVarsCM }} + - configMapRef: + name: {{ .Values.secondary.extraEnvVarsCM }} + {{- end }} + {{- if .Values.secondary.extraEnvVarsSecret }} + - secretRef: + name: {{ .Values.secondary.extraEnvVarsSecret }} + {{- end }} + {{- end }} + ports: + - name: mysql + containerPort: 3306 + {{- if .Values.secondary.livenessProbe.enabled }} + livenessProbe: {{- omit .Values.secondary.livenessProbe "enabled" | toYaml | nindent 12 }} + exec: + command: + - /bin/bash + - -ec + - | + password_aux="${MARIADB_MASTER_ROOT_PASSWORD:-}" + if [[ -f "${MARIADB_MASTER_ROOT_PASSWORD_FILE:-}" ]]; then + password_aux=$(cat "$MARIADB_MASTER_ROOT_PASSWORD_FILE") + fi + mysqladmin status -uroot -p"${password_aux}" + {{- else if .Values.secondary.customLivenessProbe }} + livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.secondary.customLivenessProbe "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.secondary.readinessProbe.enabled }} + readinessProbe: {{- omit .Values.secondary.readinessProbe "enabled" | toYaml | nindent 12 }} + exec: + command: + - /bin/bash + - -ec + - | + password_aux="${MARIADB_MASTER_ROOT_PASSWORD:-}" + if [[ -f "${MARIADB_MASTER_ROOT_PASSWORD_FILE:-}" ]]; then + password_aux=$(cat "$MARIADB_MASTER_ROOT_PASSWORD_FILE") + fi + mysqladmin status -uroot -p"${password_aux}" + {{- else if .Values.secondary.customReadinessProbe }} + readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.secondary.customReadinessProbe "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.secondary.resources }} + resources: {{ toYaml .Values.secondary.resources | nindent 12 }} + {{- end }} + volumeMounts: + - name: data + mountPath: /bitnami/mariadb + {{- if .Values.secondary.persistence.subPath }} + subPath: {{ .Values.secondary.persistence.subPath }} + {{- end }} + {{- if or .Values.secondary.configuration .Values.secondary.existingConfigmap }} + - name: config + mountPath: /opt/bitnami/mariadb/conf/my.cnf + subPath: my.cnf + {{- end }} + {{- if and .Values.auth.usePasswordFiles (not .Values.auth.customPasswordFiles) }} + - name: mariadb-credentials + mountPath: /opt/bitnami/mariadb/secrets/ + {{- end }} + {{- if .Values.secondary.extraVolumeMounts }} + {{- include "common.tplvalues.render" (dict "value" .Values.secondary.extraVolumeMounts "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.metrics.enabled }} + - name: metrics + image: {{ include "mariadb.metrics.image" . }} + imagePullPolicy: {{ .Values.metrics.image.pullPolicy | quote }} + env: + {{- if .Values.auth.usePasswordFiles }} + - name: MARIADB_ROOT_PASSWORD_FILE + value: {{ default "/opt/bitnami/mysqld-exporter/secrets/mariadb-root-password" .Values.auth.customPasswordFiles.root }} + {{- else }} + - name: MARIADB_ROOT_PASSWORD + valueFrom: + secretKeyRef: + name: {{ template "mariadb.secretName" . }} + key: mariadb-root-password + {{- end }} + command: + - /bin/bash + - -ec + - | + password_aux="${MARIADB_ROOT_PASSWORD:-}" + if [[ -f "${MARIADB_ROOT_PASSWORD_FILE:-}" ]]; then + password_aux=$(cat "$MARIADB_ROOT_PASSWORD_FILE") + fi + DATA_SOURCE_NAME="root:${password_aux}@(localhost:3306)/" /bin/mysqld_exporter {{- range .Values.metrics.extraArgs.secondary }} {{ . }} {{- end }} + ports: + - name: metrics + containerPort: 9104 + {{- if .Values.metrics.livenessProbe.enabled }} + livenessProbe: {{- omit .Values.metrics.livenessProbe "enabled" | toYaml | nindent 12 }} + httpGet: + path: /metrics + port: metrics + {{- end }} + {{- if .Values.metrics.readinessProbe.enabled }} + readinessProbe: {{- omit .Values.metrics.readinessProbe "enabled" | toYaml | nindent 12 }} + httpGet: + path: /metrics + port: metrics + {{- end }} + {{- if .Values.metrics.resources }} + resources: {{- toYaml .Values.metrics.resources | nindent 12 }} + {{- end }} + {{- if and .Values.auth.usePasswordFiles (not .Values.auth.customPasswordFiles) }} + volumeMounts: + - name: mariadb-credentials + mountPath: /opt/bitnami/mysqld-exporter/secrets/ + {{- end }} + {{- end }} + {{- if .Values.secondary.sidecars }} + {{- include "common.tplvalues.render" (dict "value" .Values.secondary.sidecars "context" $) | nindent 8 }} + {{- end }} + volumes: + {{- if or .Values.secondary.configuration .Values.secondary.existingConfigmap }} + - name: config + configMap: + name: {{ include "mariadb.secondary.configmapName" . }} + {{- end }} + {{- if and .Values.auth.usePasswordFiles (not .Values.auth.customPasswordFiles) }} + - name: mariadb-credentials + secret: + secretName: {{ template "mariadb.secretName" . }} + items: + - key: mariadb-root-password + path: mariadb-root-password + - key: mariadb-replication-password + path: mariadb-replication-password + {{- end }} + {{- if .Values.secondary.extraVolumes }} + {{- include "common.tplvalues.render" (dict "value" .Values.secondary.extraVolumes "context" $) | nindent 8 }} + {{- end }} + {{- if not .Values.secondary.persistence.enabled }} + - name: data + emptyDir: {} + {{- else }} + volumeClaimTemplates: + - metadata: + name: data + labels: {{ include "common.labels.matchLabels" . | nindent 10 }} + app.kubernetes.io/component: secondary + spec: + accessModes: + {{- range .Values.secondary.persistence.accessModes }} + - {{ . | quote }} + {{- end }} + resources: + requests: + storage: {{ .Values.secondary.persistence.size | quote }} + {{ include "common.storage.class" (dict "persistence" .Values.secondary.persistence "global" .Values.global) }} + {{- if .Values.secondary.persistence.selector }} + selector: {{- include "common.tplvalues.render" (dict "value" .Values.secondary.persistence.selector "context" $) | nindent 10 }} + {{- end -}} + {{- end }} +{{- end }} diff --git a/gitea/charts/mariadb/templates/secondary/svc.yaml b/gitea/charts/mariadb/templates/secondary/svc.yaml new file mode 100644 index 0000000..a0da812 --- /dev/null +++ b/gitea/charts/mariadb/templates/secondary/svc.yaml @@ -0,0 +1,51 @@ +{{- if eq .Values.architecture "replication" }} +apiVersion: v1 +kind: Service +metadata: + name: {{ include "mariadb.secondary.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + app.kubernetes.io/component: secondary + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + annotations: + {{- if .Values.commonAnnotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.secondary.service.annotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.secondary.service.annotations "context" $ ) | nindent 4 }} + {{- end }} + {{- if and .Values.metrics.enabled .Values.metrics.annotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.metrics.annotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + type: {{ .Values.secondary.service.type }} + {{- if and (eq .Values.secondary.service.type "ClusterIP") .Values.secondary.service.clusterIP }} + clusterIP: {{ .Values.secondary.service.clusterIP }} + {{- end }} + {{- if and .Values.secondary.service.loadBalancerIP (eq .Values.secondary.service.type "LoadBalancer") }} + loadBalancerIP: {{ .Values.secondary.service.loadBalancerIP }} + {{- end }} + {{- if and (eq .Values.secondary.service.type "LoadBalancer") .Values.secondary.service.loadBalancerSourceRanges }} + loadBalancerSourceRanges: {{- toYaml .Values.secondary.service.loadBalancerSourceRanges | nindent 4 }} + {{- end }} + ports: + - name: mysql + port: {{ .Values.secondary.service.port }} + protocol: TCP + targetPort: mysql + {{- if (and (or (eq .Values.secondary.service.type "NodePort") (eq .Values.secondary.service.type "LoadBalancer")) .Values.secondary.service.nodePort) }} + nodePort: {{ .Values.secondary.service.nodePort }} + {{- else if eq .Values.secondary.service.type "ClusterIP" }} + nodePort: null + {{- end }} + {{- if .Values.metrics.enabled }} + - name: metrics + port: 9104 + protocol: TCP + targetPort: metrics + {{- end }} + selector: {{ include "common.labels.matchLabels" . | nindent 4 }} + app.kubernetes.io/component: secondary +{{- end }} diff --git a/gitea/charts/mariadb/templates/secrets.yaml b/gitea/charts/mariadb/templates/secrets.yaml new file mode 100644 index 0000000..1d08e2c --- /dev/null +++ b/gitea/charts/mariadb/templates/secrets.yaml @@ -0,0 +1,39 @@ +{{- if eq (include "mariadb.createSecret" .) "true" }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "common.names.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +type: Opaque +data: + {{- if not (empty .Values.auth.rootPassword) }} + mariadb-root-password: {{ .Values.auth.rootPassword | b64enc | quote }} + {{- else if (not .Values.auth.forcePassword) }} + mariadb-root-password: {{ randAlphaNum 10 | b64enc | quote }} + {{- else }} + mariadb-root-password: {{ required "A MariaDB Root Password is required!" .Values.auth.rootPassword }} + {{- end }} + {{- if and (not (empty .Values.auth.username)) (not (empty .Values.auth.password)) }} + mariadb-password: {{ .Values.auth.password | b64enc | quote }} + {{- else if (not .Values.auth.forcePassword) }} + mariadb-password: {{ randAlphaNum 10 | b64enc | quote }} + {{- else }} + mariadb-password: {{ required "A MariaDB Database Password is required!" .Values.auth.password }} + {{- end }} + {{- if eq .Values.architecture "replication" }} + {{- if not (empty .Values.auth.replicationPassword) }} + mariadb-replication-password: {{ .Values.auth.replicationPassword | b64enc | quote }} + {{- else if (not .Values.auth.forcePassword) }} + mariadb-replication-password: {{ randAlphaNum 10 | b64enc | quote }} + {{- else }} + mariadb-replication-password: {{ required "A MariaDB Replication Password is required!" .Values.auth.replicationPassword }} + {{- end }} + {{- end }} +{{- end }} diff --git a/gitea/charts/mariadb/templates/serviceaccount.yaml b/gitea/charts/mariadb/templates/serviceaccount.yaml new file mode 100644 index 0000000..ec83685 --- /dev/null +++ b/gitea/charts/mariadb/templates/serviceaccount.yaml @@ -0,0 +1,18 @@ +{{- if .Values.serviceAccount.create }} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "mariadb.serviceAccountName" . }} + namespace: {{ .Release.Namespace }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + annotations: + {{- if .Values.serviceAccount.annotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.serviceAccount.annotations "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +{{- end }} diff --git a/gitea/charts/mariadb/templates/servicemonitor.yaml b/gitea/charts/mariadb/templates/servicemonitor.yaml new file mode 100644 index 0000000..273e58e --- /dev/null +++ b/gitea/charts/mariadb/templates/servicemonitor.yaml @@ -0,0 +1,41 @@ +{{- if and .Values.metrics.enabled .Values.metrics.serviceMonitor.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ include "common.names.fullname" . }} + {{- if .Values.metrics.serviceMonitor.namespace }} + namespace: {{ .Values.metrics.serviceMonitor.namespace }} + {{- else }} + namespace: {{ .Release.Namespace }} + {{- end }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.metrics.serviceMonitor.additionalLabels }} + {{- include "common.tplvalues.render" (dict "value" .Values.metrics.serviceMonitor.additionalLabels "context" $) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + endpoints: + - port: metrics + {{- if .Values.metrics.serviceMonitor.interval }} + interval: {{ .Values.metrics.serviceMonitor.interval }} + {{- end }} + {{- if .Values.metrics.serviceMonitor.scrapeTimeout }} + scrapeTimeout: {{ .Values.metrics.serviceMonitor.scrapeTimeout }} + {{- end }} + {{- if .Values.metrics.serviceMonitor.honorLabels }} + honorLabels: {{ .Values.metrics.serviceMonitor.honorLabels }} + {{- end }} + {{- if .Values.metrics.serviceMonitor.relabellings }} + metricRelabelings: {{- toYaml .Values.metrics.serviceMonitor.relabellings | nindent 6 }} + {{- end }} + namespaceSelector: + matchNames: + - {{ .Release.Namespace }} + selector: + matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }} +{{- end }} diff --git a/gitea/charts/mariadb/values.schema.json b/gitea/charts/mariadb/values.schema.json new file mode 100644 index 0000000..500c4eb --- /dev/null +++ b/gitea/charts/mariadb/values.schema.json @@ -0,0 +1,176 @@ +{ + "$schema": "http://json-schema.org/schema#", + "type": "object", + "properties": { + "architecture": { + "type": "string", + "title": "MariaDB architecture", + "form": true, + "description": "Allowed values: `standalone` or `replication`" + }, + "auth": { + "type": "object", + "title": "Authentication configuration", + "form": true, + "properties": { + "rootPassword": { + "type": "string", + "title": "MariaDB root password", + "form": true, + "description": "Defaults to a random 10-character alphanumeric string if not set" + }, + "database": { + "type": "string", + "title": "MariaDB custom database", + "description": "Name of the custom database to be created during the 1st initialization of MariaDB", + "form": true + }, + "username": { + "type": "string", + "title": "MariaDB custom user", + "description": "Name of the custom user to be created during the 1st initialization of MariaDB. This user only has permissions on the MariaDB custom database", + "form": true + }, + "password": { + "type": "string", + "title": "Password for MariaDB custom user", + "description": "Defaults to a random 10-character alphanumeric string if not set", + "form": true, + "hidden": { + "value": false, + "path": "usePassword" + } + }, + "replicationUser": { + "type": "string", + "title": "MariaDB replication user", + "description": "Name of user used to manage replication.", + "form": true, + "hidden": { + "value": "standalone", + "path": "architecture" + } + }, + "replicationPassword": { + "type": "string", + "title": "Password for MariaDB replication user", + "description": "Defaults to a random 10-character alphanumeric string if not set", + "form": true, + "hidden": { + "value": "standalone", + "path": "architecture" + } + } + } + }, + "primary": { + "type": "object", + "title": "Primary replicas settings", + "form": true, + "properties": { + "persistence": { + "type": "object", + "title": "Persistence for primary replicas", + "form": true, + "properties": { + "enabled": { + "type": "boolean", + "form": true, + "title": "Enable persistence", + "description": "Enable persistence using Persistent Volume Claims" + }, + "size": { + "type": "string", + "title": "Persistent Volume Size", + "form": true, + "render": "slider", + "sliderMin": 1, + "sliderMax": 100, + "sliderUnit": "Gi", + "hidden": { + "value": false, + "path": "persistence/enabled" + } + } + } + } + } + }, + "secondary": { + "type": "object", + "title": "Secondary replicas settings", + "form": true, + "hidden": { + "value": false, + "path": "replication/enabled" + }, + "properties": { + "persistence": { + "type": "object", + "title": "Persistence for secondary replicas", + "form": true, + "properties": { + "enabled": { + "type": "boolean", + "form": true, + "title": "Enable persistence", + "description": "Enable persistence using Persistent Volume Claims" + }, + "size": { + "type": "string", + "title": "Persistent Volume Size", + "form": true, + "render": "slider", + "sliderMin": 1, + "sliderMax": 100, + "sliderUnit": "Gi", + "hidden": { + "value": false, + "path": "persistence/enabled" + } + } + } + } + } + }, + "volumePermissions": { + "type": "object", + "properties": { + "enabled": { + "type": "boolean", + "form": true, + "title": "Enable Init Containers", + "description": "Use an init container to set required folder permissions on the data volume before mounting it in the final destination" + } + } + }, + "metrics": { + "type": "object", + "form": true, + "title": "Prometheus metrics details", + "properties": { + "enabled": { + "type": "boolean", + "title": "Create Prometheus metrics exporter", + "description": "Create a side-car container to expose Prometheus metrics", + "form": true + }, + "serviceMonitor": { + "type": "object", + "properties": { + "enabled": { + "type": "boolean", + "title": "Create Prometheus Operator ServiceMonitor", + "description": "Create a ServiceMonitor to track metrics using Prometheus Operator", + "form": true, + "hidden": { + "value": false, + "path": "metrics/enabled" + } + } + } + } + } + } + } +} diff --git a/gitea/charts/mariadb/values.yaml b/gitea/charts/mariadb/values.yaml new file mode 100644 index 0000000..2a86800 --- /dev/null +++ b/gitea/charts/mariadb/values.yaml @@ -0,0 +1,870 @@ +## Global Docker image parameters +## Please, note that this will override the image parameters, including dependencies, configured to use the global value +## Current available global Docker image parameters: imageRegistry and imagePullSecrets +## +# global: +# imageRegistry: myRegistryName +# imagePullSecrets: +# - myRegistryKeySecretName +# storageClass: myStorageClass + +## Bitnami MariaDB image +## ref: https://hub.docker.com/r/bitnami/mariadb/tags/ +## +image: + registry: docker.io + repository: bitnami/mariadb + tag: 10.5.9-debian-10-r28 + ## Specify a imagePullPolicy + ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' + ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images + ## + pullPolicy: IfNotPresent + ## Optionally specify an array of imagePullSecrets (secrets must be manually created in the namespace) + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ + ## Example: + ## pullSecrets: + ## - myRegistryKeySecretName + ## + pullSecrets: [] + ## Set to true if you would like to see extra information on logs + ## It turns BASH and/or NAMI debugging in the image + ## + debug: false + +## String to partially override mariadb.fullname template (will maintain the release name) +## +# nameOverride: + +## String to fully override mariadb.fullname template +## +# fullnameOverride: + +## Cluster domain +## +clusterDomain: cluster.local + +## Common annotations to add to all MariaDB resources (sub-charts are not considered). Evaluated as a template +## +commonAnnotations: {} + +## Common labels to add to all MariaDB resources (sub-charts are not considered). Evaluated as a template +## +commonLabels: {} + +## Use an alternate scheduler, e.g. "stork". +## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ +## +# schedulerName: + +## MariaDB architecture. Allowed values: standalone or replication +## +architecture: standalone + +## MariaDB Authentication parameters +## +auth: + ## MariaDB root password + ## ref: https://github.com/bitnami/bitnami-docker-mariadb#setting-the-root-password-on-first-run + ## + rootPassword: "" + ## MariaDB custom user and database + ## ref: https://github.com/bitnami/bitnami-docker-mariadb/blob/master/README.md#creating-a-database-on-first-run + ## ref: https://github.com/bitnami/bitnami-docker-mariadb/blob/master/README.md#creating-a-database-user-on-first-run + ## + database: my_database + username: "" + password: "" + ## MariaDB replication user and password + ## ref: https://github.com/bitnami/bitnami-docker-mariadb#setting-up-a-replication-cluster + ## + replicationUser: replicator + replicationPassword: "" + ## Existing secret with MariaDB credentials + ## NOTE: When it's set the previous parameters are ignored. + ## + # existingSecret: name-of-existing-secret + ## Force users to specify required passwords + ## + forcePassword: false + ## Mount credentials as files instead of using an environment variable + ## + usePasswordFiles: false + ## Use custom secret files other than chart provided when usePasswordFiles is set to "true" + ## Example: + ## customPasswordFiles: + ## root: /vault/secrets/mariadb-root + ## user: /vault/secrets/mariadb-user + ## replicator: /vault/secrets/mariadb-replicator + ## + customPasswordFiles: {} + +## initdb scripts +## Specify dictionary of scripts to be run at first boot +## Example: +## initdbScripts: +## my_init_script.sh: | +## #!/bin/bash +## echo "Do something." +## +initdbScripts: {} + +## Existing ConfigMap with custom init scripts +## +# initdbScriptsConfigMap: + +## Mariadb Primary parameters +## +primary: + ## Command and args for running the container (set to default if not set). Use array form + ## + command: [] + args: [] + + ## Deployment pod host aliases + ## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/ + ## + hostAliases: [] + + ## Configure MariaDB Primary with a custom my.cnf file + ## ref: https://mysql.com/kb/en/mysql/configuring-mysql-with-mycnf/#example-of-configuration-file + ## + configuration: |- + [mysqld] + skip-name-resolve + explicit_defaults_for_timestamp + basedir=/opt/bitnami/mariadb + plugin_dir=/opt/bitnami/mariadb/plugin + port=3306 + socket=/opt/bitnami/mariadb/tmp/mysql.sock + tmpdir=/opt/bitnami/mariadb/tmp + max_allowed_packet=16M + bind-address=0.0.0.0 + pid-file=/opt/bitnami/mariadb/tmp/mysqld.pid + log-error=/opt/bitnami/mariadb/logs/mysqld.log + character-set-server=UTF8 + collation-server=utf8_general_ci + + [client] + port=3306 + socket=/opt/bitnami/mariadb/tmp/mysql.sock + default-character-set=UTF8 + plugin_dir=/opt/bitnami/mariadb/plugin + + [manager] + port=3306 + socket=/opt/bitnami/mariadb/tmp/mysql.sock + pid-file=/opt/bitnami/mariadb/tmp/mysqld.pid + + ## Name of existing ConfigMap with MariaDB Primary configuration. + ## NOTE: When it's set the 'configuration' parameter is ignored + ## + # existingConfiguration: + + ## updateStrategy for Mariadb Primary statefulset + ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies + ## + updateStrategy: RollingUpdate + + ## Partition update strategy for Mariadb Primary statefulset + ## https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#partitions + ## + # rollingUpdatePartition: + + ## Mariadb Primary pod annotations + ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ + ## + podAnnotations: {} + + ## Mariadb Primary pod affinity preset + ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity + ## Allowed values: soft, hard + ## + podAffinityPreset: "" + + ## Mariadb Primary pod anti-affinity preset + ## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity + ## Allowed values: soft, hard + ## + podAntiAffinityPreset: soft + + ## Mariadb Primary node affinity preset + ## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity + ## Allowed values: soft, hard + ## + nodeAffinityPreset: + ## Node affinity type + ## Allowed values: soft, hard + ## + type: "" + ## Node label key to match + ## E.g. + ## key: "kubernetes.io/e2e-az-name" + ## + key: "" + ## Node label values to match + ## E.g. + ## values: + ## - e2e-az1 + ## - e2e-az2 + ## + values: [] + + ## Affinity for MariaDB primary pods assignment + ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity + ## Note: podAffinityPreset, podAntiAffinityPreset, and nodeAffinityPreset will be ignored when it's set + ## + affinity: {} + + ## Node labels for MariaDB primary pods assignment + ## Ref: https://kubernetes.io/docs/user-guide/node-selection/ + ## + nodeSelector: {} + + ## Tolerations for MariaDB primary pods assignment + ## Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ + ## + tolerations: [] + + ## Priority class for MariaDB primary pods assignment + ## Ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/ + ## + priorityClassName: "" + + ## MariaDB primary Pod security context + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod + ## + podSecurityContext: + enabled: true + fsGroup: 1001 + + ## MariaDB primary container security context + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container + ## + containerSecurityContext: + enabled: true + runAsUser: 1001 + + ## MariaDB primary container's resource requests and limits + ## ref: http://kubernetes.io/docs/user-guide/compute-resources/ + ## + resources: + # We usually recommend not to specify default resources and to leave this as a conscious + # choice for the user. This also increases chances charts run on environments with little + # resources, such as Minikube. If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + limits: {} + # memory: 256Mi + # cpu: 100m + requests: {} + # memory: 256Mi + # cpu: 100m + + ## MariaDB primary container's liveness and readiness probes + ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes + ## + livenessProbe: + enabled: true + initialDelaySeconds: 120 + periodSeconds: 10 + timeoutSeconds: 1 + failureThreshold: 3 + successThreshold: 1 + readinessProbe: + enabled: true + initialDelaySeconds: 30 + periodSeconds: 10 + timeoutSeconds: 1 + failureThreshold: 3 + successThreshold: 1 + + ## MariaDB primary custom liveness probe + ## + customLivenessProbe: {} + + ## MariaDB primary custom rediness probe + ## + customReadinessProbe: {} + + ## MariaDB primary additional command line flags + ## Can be used to specify command line flags, for example: + ## E.g. + ## extraFlags: "--max-connect-errors=1000 --max_connections=155" + ## + extraFlags: "" + + ## An array to add extra environment variables on MariaDB primary containers + ## E.g. + ## extraEnvVars: + ## - name: TZ + ## value: "Europe/Paris" + ## + extraEnvVars: [] + + ## ConfigMap with extra env vars for MariaDB primary containers: + ## + extraEnvVarsCM: "" + + ## Secret with extra env vars for MariaDB primary containers: + ## + extraEnvVarsSecret: "" + + ## Enable persistence using Persistent Volume Claims + ## ref: http://kubernetes.io/docs/user-guide/persistent-volumes/ + ## + persistence: + ## If true, use a Persistent Volume Claim, If false, use emptyDir + ## + enabled: true + ## Name of existing PVC to hold MariaDB Primary data + ## NOTE: When it's set the rest of persistence parameters are ignored + ## + # existingClaim: + ## Subdirectory of the volume to mount + # subPath: + ## Persistent Volume Storage Class + ## If defined, storageClassName: + ## If set to "-", storageClassName: "", which disables dynamic provisioning + ## If undefined (the default) or set to null, no storageClassName spec is + ## set, choosing the default provisioner. (gp2 on AWS, standard on + ## GKE, AWS & OpenStack) + ## + # storageClass: "-" + ## Persistent Volume Claim annotations + ## + annotations: {} + ## Persistent Volume Access Mode + ## + accessModes: + - ReadWriteOnce + ## Persistent Volume size + ## + size: 8Gi + ## selector can be used to match an existing PersistentVolume + ## selector: + ## matchLabels: + ## app: my-app + ## + selector: {} + + ## Extra volumes to add to the MariaDB Primary pod(s) + ## + extraVolumes: [] + + ## Extra volume mounts to add to the MariaDB Primary container(s) + ## + extraVolumeMounts: [] + + ## Extra init containers to add to the MariaDB Primary pod(s) + ## + initContainers: [] + + ## Extra sidecar containers to add to the MariaDB Primary pod(s) + ## + sidecars: [] + + ## MariaDB Primary Service parameters + ## + service: + ## Service type + ## + type: ClusterIP + ## Service port + ## + port: 3306 + ## Specify the nodePort value for the LoadBalancer and NodePort service types. + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport + ## + nodePort: "" + ## Service clusterIP + ## + # clusterIP: None + clusterIP: "" + ## Set the LoadBalancer service type to internal only. + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer + ## + loadBalancerIP: "" + ## Load Balancer sources + ## https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service + ## E.g. + ## loadBalancerSourceRanges: + ## - 10.10.10.0/24 + ## + loadBalancerSourceRanges: [] + ## Provide any additional annotations which may be required + ## + annotations: {} + + ## MariaDB primary Pod Disruption Budget configuration + ## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/ + ## + pdb: + enabled: false + ## Min number of pods that must still be available after the eviction + ## + minAvailable: 1 + ## Max number of pods that can be unavailable after the eviction + ## + # maxUnavailable: 1 + +## Mariadb Secondary parameters +## +secondary: + ## Number of Mariadb Secondary replicas to deploy + ## + replicaCount: 1 + + ## Command and args for running the container (set to default if not set). Use array form + ## + command: [] + args: [] + + ## Deployment pod host aliases + ## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/ + ## + hostAliases: [] + + ## Configure MariaDB Secondary with a custom my.cnf file + ## ref: https://mysql.com/kb/en/mysql/configuring-mysql-with-mycnf/#example-of-configuration-file + ## + configuration: |- + [mysqld] + skip-name-resolve + explicit_defaults_for_timestamp + basedir=/opt/bitnami/mariadb + port=3306 + socket=/opt/bitnami/mariadb/tmp/mysql.sock + tmpdir=/opt/bitnami/mariadb/tmp + max_allowed_packet=16M + bind-address=0.0.0.0 + pid-file=/opt/bitnami/mariadb/tmp/mysqld.pid + log-error=/opt/bitnami/mariadb/logs/mysqld.log + character-set-server=UTF8 + collation-server=utf8_general_ci + + [client] + port=3306 + socket=/opt/bitnami/mariadb/tmp/mysql.sock + default-character-set=UTF8 + + [manager] + port=3306 + socket=/opt/bitnami/mariadb/tmp/mysql.sock + pid-file=/opt/bitnami/mariadb/tmp/mysqld.pid + + ## Name of existing ConfigMap with MariaDB Secondary configuration. + ## NOTE: When it's set the 'configuration' parameter is ignored + ## + # existingConfiguration: + + ## updateStrategy for Mariadb Secondary statefulset + ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies + ## + updateStrategy: RollingUpdate + + ## Partition update strategy for Mariadb Secondary statefulset + ## https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#partitions + ## + # rollingUpdatePartition: + + ## Mariadb Secondary pod annotations + ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ + ## + podAnnotations: {} + + ## Mariadb Secondary pod affinity preset + ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity + ## Allowed values: soft, hard + ## + podAffinityPreset: "" + + ## Mariadb Secondary pod anti-affinity preset + ## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity + ## Allowed values: soft, hard + ## + podAntiAffinityPreset: soft + + ## Mariadb Secondary node affinity preset + ## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity + ## Allowed values: soft, hard + ## + nodeAffinityPreset: + ## Node affinity type + ## Allowed values: soft, hard + ## + type: "" + ## Node label key to match + ## E.g. + ## key: "kubernetes.io/e2e-az-name" + ## + key: "" + ## Node label values to match + ## E.g. + ## values: + ## - e2e-az1 + ## - e2e-az2 + ## + values: [] + + ## Affinity for MariaDB secondary pods assignment + ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity + ## Note: podAffinityPreset, podAntiAffinityPreset, and nodeAffinityPreset will be ignored when it's set + ## + affinity: {} + + ## Node labels for MariaDB secondary pods assignment + ## Ref: https://kubernetes.io/docs/user-guide/node-selection/ + ## + nodeSelector: {} + + ## Tolerations for MariaDB secondary pods assignment + ## Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ + ## + tolerations: [] + + ## Priority class for MariaDB secondary pods assignment + ## Ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/ + ## + priorityClassName: "" + + ## MariaDB secondary Pod security context + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod + ## + podSecurityContext: + enabled: true + fsGroup: 1001 + + ## MariaDB secondary container security context + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container + ## + containerSecurityContext: + enabled: true + runAsUser: 1001 + + ## MariaDB secondary container's resource requests and limits + ## ref: http://kubernetes.io/docs/user-guide/compute-resources/ + ## + resources: + # We usually recommend not to specify default resources and to leave this as a conscious + # choice for the user. This also increases chances charts run on environments with little + # resources, such as Minikube. If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + limits: {} + # memory: 256Mi + # cpu: 100m + requests: {} + # memory: 256Mi + # cpu: 100m + + ## MariaDB secondary container's liveness and readiness probes + ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes + ## + livenessProbe: + enabled: true + initialDelaySeconds: 120 + periodSeconds: 10 + timeoutSeconds: 1 + failureThreshold: 3 + successThreshold: 1 + readinessProbe: + enabled: true + initialDelaySeconds: 30 + periodSeconds: 10 + timeoutSeconds: 1 + failureThreshold: 3 + successThreshold: 1 + + ## MariaDB secondary custom liveness probe + ## + customLivenessProbe: {} + + ## MariaDB secondary custom rediness probe + ## + customReadinessProbe: {} + + ## MariaDB secondary additional command line flags + ## Can be used to specify command line flags, for example: + ## E.g. + ## extraFlags: "--max-connect-errors=1000 --max_connections=155" + ## + extraFlags: "" + + ## An array to add extra environment variables on MariaDB secondary containers + ## E.g. + ## extraEnvVars: + ## - name: TZ + ## value: "Europe/Paris" + ## + extraEnvVars: [] + + ## ConfigMap with extra env vars for MariaDB secondary containers: + ## + extraEnvVarsCM: "" + + ## Secret with extra env vars for MariaDB secondary containers: + ## + extraEnvVarsSecret: "" + + ## Enable persistence using Persistent Volume Claims + ## ref: http://kubernetes.io/docs/user-guide/persistent-volumes/ + ## + persistence: + ## If true, use a Persistent Volume Claim, If false, use emptyDir + ## + enabled: true + ## Subdirectory of the volume to mount + # subPath: + ## Persistent Volume Storage Class + ## If defined, storageClassName: + ## If set to "-", storageClassName: "", which disables dynamic provisioning + ## If undefined (the default) or set to null, no storageClassName spec is + ## set, choosing the default provisioner. (gp2 on AWS, standard on + ## GKE, AWS & OpenStack) + ## + # storageClass: "-" + ## Persistent Volume Claim annotations + ## + annotations: {} + ## Persistent Volume Access Mode + ## + accessModes: + - ReadWriteOnce + ## Persistent Volume size + ## + size: 8Gi + ## selector can be used to match an existing PersistentVolume + ## selector: + ## matchLabels: + ## app: my-app + ## + selector: {} + + ## Extra volumes to add to the MariaDB Secondary pod(s) + ## + extraVolumes: [] + + ## Extra volume mounts to add to the MariaDB Secondary container(s) + ## + extraVolumeMounts: [] + + ## Extra init containers to add to the MariaDB Secondary pod(s) + ## + initContainers: [] + + ## Extra sidecar containers to add to the MariaDB Secondary pod(s) + ## + sidecars: [] + + ## MariaDB Secondary Service parameters + ## + service: + ## Service type + ## + type: ClusterIP + ## Service port + ## + port: 3306 + ## Specify the nodePort value for the LoadBalancer and NodePort service types. + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport + ## + nodePort: "" + ## Service clusterIP + ## + # clusterIP: None + clusterIP: "" + ## Set the LoadBalancer service type to internal only. + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer + ## + loadBalancerIP: "" + ## Load Balancer sources + ## https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service + ## E.g. + ## loadBalancerSourceRanges: + ## - 10.10.10.0/24 + ## + loadBalancerSourceRanges: [] + ## Provide any additional annotations which may be required + ## + annotations: {} + + ## MariaDB secondary Pod Disruption Budget configuration + ## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/ + ## + pdb: + enabled: false + ## Min number of pods that must still be available after the eviction + ## + minAvailable: 1 + ## Max number of pods that can be unavailable after the eviction + ## + # maxUnavailable: 1 + +## MariaDB pods ServiceAccount +## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ +## +serviceAccount: + ## Specifies whether a ServiceAccount should be created + ## + create: true + ## The name of the ServiceAccount to use. + ## If not set and create is true, a name is generated using the mariadb.fullname template + ## + # name: + ## Annotations to add to the service account (evaluated as a template) + ## + annotations: {} + +## Role Based Access +## ref: https://kubernetes.io/docs/admin/authorization/rbac/ +## +rbac: + ## Specifies whether RBAC rules should be created + ## + create: false + +## Init containers parameters: +## volumePermissions: Change the owner and group of the persistent volume mountpoint to runAsUser:fsGroup values from the securityContext section. +## +volumePermissions: + enabled: false + image: + registry: docker.io + repository: bitnami/bitnami-shell + tag: "10" + pullPolicy: Always + ## Optionally specify an array of imagePullSecrets. + ## Secrets must be manually created in the namespace. + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ + ## + # pullSecrets: + # - myRegistryKeySecretName + resources: {} + +## Mysqld Prometheus exporter parameters +## +metrics: + enabled: false + image: + registry: docker.io + repository: bitnami/mysqld-exporter + tag: 0.12.1-debian-10-r389 + pullPolicy: IfNotPresent + ## Optionally specify an array of imagePullSecrets. + ## Secrets must be manually created in the namespace. + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ + ## + # pullSecrets: + # - myRegistryKeySecretName + + annotations: + prometheus.io/scrape: "true" + prometheus.io/port: "9104" + + ## Extra args to be passed to mysqld_exporter + ## ref: https://github.com/prometheus/mysqld_exporter/ + ## E.g. + ## - --collect.auto_increment.columns + ## - --collect.binlog_size + ## - --collect.engine_innodb_status + ## - --collect.engine_tokudb_status + ## - --collect.global_status + ## - --collect.global_variables + ## - --collect.info_schema.clientstats + ## - --collect.info_schema.innodb_metrics + ## - --collect.info_schema.innodb_tablespaces + ## - --collect.info_schema.innodb_cmp + ## - --collect.info_schema.innodb_cmpmem + ## - --collect.info_schema.processlist + ## - --collect.info_schema.processlist.min_time + ## - --collect.info_schema.query_response_time + ## - --collect.info_schema.tables + ## - --collect.info_schema.tables.databases + ## - --collect.info_schema.tablestats + ## - --collect.info_schema.userstats + ## - --collect.perf_schema.eventsstatements + ## - --collect.perf_schema.eventsstatements.digest_text_limit + ## - --collect.perf_schema.eventsstatements.limit + ## - --collect.perf_schema.eventsstatements.timelimit + ## - --collect.perf_schema.eventswaits + ## - --collect.perf_schema.file_events + ## - --collect.perf_schema.file_instances + ## - --collect.perf_schema.indexiowaits + ## - --collect.perf_schema.tableiowaits + ## - --collect.perf_schema.tablelocks + ## - --collect.perf_schema.replication_group_member_stats + ## - --collect.slave_status + ## - --collect.slave_hosts + ## - --collect.heartbeat + ## - --collect.heartbeat.database + ## - --collect.heartbeat.table + ## + extraArgs: + primary: [] + secondary: [] + + ## Mysqld Prometheus exporter resource requests and limits + ## ref: http://kubernetes.io/docs/user-guide/compute-resources/ + ## + resources: + # We usually recommend not to specify default resources and to leave this as a conscious + # choice for the user. This also increases chances charts run on environments with little + # resources, such as Minikube. If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + limits: {} + # memory: 256Mi + # cpu: 100m + requests: {} + # memory: 256Mi + # cpu: 100m + + ## Mysqld Prometheus exporter liveness and readiness probes + ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes + ## + livenessProbe: + enabled: true + initialDelaySeconds: 120 + periodSeconds: 10 + timeoutSeconds: 1 + successThreshold: 1 + failureThreshold: 3 + readinessProbe: + enabled: true + initialDelaySeconds: 30 + periodSeconds: 10 + timeoutSeconds: 1 + successThreshold: 1 + failureThreshold: 3 + + ## Prometheus Service Monitor + ## ref: https://github.com/coreos/prometheus-operator + ## + serviceMonitor: + ## If the operator is installed in your cluster, set to true to create a Service Monitor Entry + ## + enabled: false + ## Specify the namespace in which the serviceMonitor resource will be created + ## + # namespace: "" + ## Specify the interval at which metrics should be scraped + ## + interval: 30s + ## Specify the timeout after which the scrape is ended + ## + # scrapeTimeout: 30s + ## Specify Metric Relabellings to add to the scrape endpoint + ## + # relabellings: + ## Specify honorLabels parameter to add the scrape endpoint + ## + honorLabels: false + ## Specify the release for ServiceMonitor. Sometimes it should be custom for prometheus operator to work + ## + # release: "" + ## Used to pass Labels that are used by the Prometheus installed in your cluster to select Service Monitors to work with + ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#prometheusspec + ## + additionalLabels: {} + +## Array with extra yaml to deploy with the chart. Evaluated as a template +## +extraDeploy: [] diff --git a/gitea/charts/memcached/.helmignore b/gitea/charts/memcached/.helmignore new file mode 100644 index 0000000..f0c1319 --- /dev/null +++ b/gitea/charts/memcached/.helmignore @@ -0,0 +1,21 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj diff --git a/gitea/charts/memcached/Chart.lock b/gitea/charts/memcached/Chart.lock new file mode 100644 index 0000000..6b70458 --- /dev/null +++ b/gitea/charts/memcached/Chart.lock @@ -0,0 +1,6 @@ +dependencies: +- name: common + repository: https://charts.bitnami.com/bitnami + version: 1.4.2 +digest: sha256:4e3ec38e0e27e9fc1defb2a13f67a0aa12374bf0b15f06a6c13b1b46df6bffeb +generated: "2021-03-25T20:52:23.855156849Z" diff --git a/gitea/charts/memcached/Chart.yaml b/gitea/charts/memcached/Chart.yaml new file mode 100644 index 0000000..f3833fc --- /dev/null +++ b/gitea/charts/memcached/Chart.yaml @@ -0,0 +1,24 @@ +annotations: + category: Infrastructure +apiVersion: v2 +appVersion: 1.6.9 +dependencies: +- name: common + repository: https://charts.bitnami.com/bitnami + tags: + - bitnami-common + version: 1.x.x +description: Chart for Memcached +home: https://github.com/bitnami/charts/tree/master/bitnami/memcached +icon: https://bitnami.com/assets/stacks/memcached/img/memcached-stack-220x234.png +keywords: +- memcached +- cache +maintainers: +- email: containers@bitnami.com + name: Bitnami +name: memcached +sources: +- https://github.com/bitnami/bitnami-docker-memcached +- http://memcached.org/ +version: 5.9.0 diff --git a/gitea/charts/memcached/README.md b/gitea/charts/memcached/README.md new file mode 100644 index 0000000..4730528 --- /dev/null +++ b/gitea/charts/memcached/README.md @@ -0,0 +1,224 @@ +# Memcached + +> [Memcached](https://memcached.org/) is an in-memory key-value store for small chunks of arbitrary data (strings, objects) from results of database calls, API calls, or page rendering. + +## TL;DR + +```console +$ helm repo add bitnami https://charts.bitnami.com/bitnami +$ helm install my-release bitnami/memcached +``` + +## Introduction + +This chart bootstraps a [Memcached](https://github.com/bitnami/bitnami-docker-memcached) deployment on a [Kubernetes](http://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager. + +Bitnami charts can be used with [Kubeapps](https://kubeapps.com/) for deployment and management of Helm Charts in clusters. This Helm chart has been tested on top of [Bitnami Kubernetes Production Runtime](https://kubeprod.io/) (BKPR). Deploy BKPR to get automated TLS certificates, logging and monitoring for your applications. + +## Prerequisites + +- Kubernetes 1.12+ +- Helm 3.1.0 + +## Installing the Chart + +To install the chart with the release name `my-release`: + +```console +$ helm repo add bitnami https://charts.bitnami.com/bitnami +$ helm install my-release bitnami/memcached +``` + +These commands deploy Memcached on the Kubernetes cluster in the default configuration. The [Parameters](#parameters) section lists the parameters that can be configured during installation. + +> **Tip**: List all releases using `helm list` + +## Uninstalling the Chart + +To uninstall/delete the `my-release` deployment: + +```console +$ helm delete my-release +``` + +The command removes all the Kubernetes components associated with the chart and deletes the release. + +## Parameters + +The following tables lists the configurable parameters of the Memcached chart and their default values per section/component: + +### Global parameters + +| Parameter | Description | Default | +|---------------------------|-------------------------------------------------|---------------------------------------------------------| +| `global.imageRegistry` | Global Docker image registry | `nil` | +| `global.imagePullSecrets` | Global Docker registry secret names as an array | `[]` (does not add image pull secrets to deployed pods) | + +### Common parameters + +| Parameter | Description | Default | +|---------------------|----------------------------------------------------------------------|--------------------------------| +| `nameOverride` | String to partially override common.names.fullname | `nil` | +| `fullnameOverride` | String to fully override common.names.fullname | `nil` | +| `commonLabels` | Labels to add to all deployed objects | `{}` | +| `commonAnnotations` | Annotations to add to all deployed objects | `{}` | +| `clusterDomain` | Default Kubernetes cluster domain | `cluster.local` | +| `extraDeploy` | Array of extra objects to deploy with the release | `[]` (evaluated as a template) | + +### Memcached parameters + +| Parameter | Description | Default | +|------------------------------------------|-------------------------------------------------------------------------------------------|--------------------------------------------------------------| +| `image.registry` | Memcached image registry | `docker.io` | +| `image.repository` | Memcached Image name | `bitnami/memcached` | +| `image.tag` | Memcached Image tag | `{TAG_NAME}` | +| `image.pullPolicy` | Memcached image pull policy | `IfNotPresent` | +| `image.pullSecrets` | Specify docker-registry secret names as an array | `[]` (does not add image pull secrets to deployed pods) | +| `architecture` | Memcached architecture. Allowed values: standalone or high-availability | `standalone` | +| `replicaCount` | Number of containers | `1` | +| `command` | Default container command (useful when using custom images) | `[]` | +| `arguments` | Default container args (useful when using custom images) | `["/run.sh"]` | +| `extraEnv` | Additional env vars to pass | `{}` | +| `hostAliases` | Add deployment host aliases | `[]` | +| `memcachedUsername` | Memcached admin user | `nil` | +| `memcachedPassword` | Memcached admin password | `nil` | +| `service.type` | Kubernetes service type for Memcached | `ClusterIP` | +| `service.port` | Memcached service port | `11211` | +| `service.clusterIP` | Specific cluster IP when service type is cluster IP. Use `None` for headless service | `nil` | +| `service.nodePort` | Kubernetes Service nodePort | `nil` | +| `service.loadBalancerIP` | `loadBalancerIP` if service type is `LoadBalancer` | `nil` | +| `service.annotations` | Additional annotations for Memcached service | `{}` | +| `resources.requests` | CPU/Memory resource requests | `{memory: "256Mi", cpu: "250m"}` | +| `resources.limits` | CPU/Memory resource limits | `{}` | +| `portName` | Name of the main port exposed by memcached | `memcache` | +| `persistence.enabled` | Enable persistence using PVC (Requires architecture: "high-availability") | `true` | +| `persistence.storageClass` | PVC Storage Class for Memcached volume | `nil` (uses alpha storage class annotation) | +| `persistence.accessMode` | PVC Access Mode for Memcached volume | `ReadWriteOnce` | +| `persistence.size` | PVC Storage Request for Memcached volume | `8Gi` | +| `securityContext.enabled` | Enable security context | `true` | +| `securityContext.fsGroup` | Group ID for the container | `1001` | +| `securityContext.runAsUser` | User ID for the container | `1001` | +| `securityContext.readOnlyRootFilesystem` | Enable read-only filesystem | `false` | +| `podAnnotations` | Pod annotations | `{}` | +| `podAffinityPreset` | Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | +| `podAntiAffinityPreset` | Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `soft` | +| `podLabels` | Add additional labels to the pod (evaluated as a template) | `nil` | +| `nodeAffinityPreset.type` | Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | +| `nodeAffinityPreset.key` | Node label key to match. Ignored if `affinity` is set. | `""` | +| `nodeAffinityPreset.values` | Node label values to match. Ignored if `affinity` is set. | `[]` | +| `affinity` | Affinity for pod assignment | `{}` (evaluated as a template) | +| `nodeSelector` | Node labels for pod assignment | `{}` (evaluated as a template) | +| `tolerations` | Tolerations for pod assignment | `[]` (evaluated as a template) | +| `priorityClassName` | Controller priorityClassName | `nil` | +| `serviceAccount.create` | Enable creation of ServiceAccount for memcached pods | `true` | +| `serviceAccount.name` | The name of the service account to use. If not set and `create` is `true`, a name is generated | Generated using the `memcached.serviceAccountName` template | +| `serviceAccount.automountServiceAccountToken` | Enable/disable auto mounting of the service account token | `true` | +| `metrics.enabled` | Start a side-car prometheus exporter | `false` | +| `metrics.image.registry` | Memcached exporter image registry | `docker.io` | +| `metrics.image.repository` | Memcached exporter image name | `bitnami/memcached-exporter` | +| `metrics.image.tag` | Memcached exporter image tag | `{TAG_NAME}` | +| `metrics.image.pullPolicy` | Image pull policy | `IfNotPresent` | +| `metrics.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` (does not add image pull secrets to deployed pods) | +| `metrics.podAnnotations` | Additional annotations for Metrics exporter | `{prometheus.io/scrape: "true", prometheus.io/port: "9150"}` | +| `metrics.resources` | Exporter resource requests/limit | `{}` | +| `metrics.portName` | Memcached exporter port name | `metrics` | +| `metrics.service.type` | Kubernetes service type for Prometheus metrics | `ClusterIP` | +| `metrics.service.port` | Prometheus metrics service port | `9150` | +| `metrics.service.annotations` | Prometheus exporter svc annotations | `{prometheus.io/scrape: "true", prometheus.io/port: "9150"}` | + +The above parameters map to the env variables defined in [bitnami/memcached](http://github.com/bitnami/bitnami-docker-memcached). For more information please refer to the [bitnami/memcached](http://github.com/bitnami/bitnami-docker-memcached) image documentation. + +Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example, + +```console +$ helm install my-release --set memcachedUsername=user,memcachedPassword=password bitnami/memcached +``` + +The above command sets the Memcached admin account username and password to `user` and `password` respectively. + +> NOTE: Once this chart is deployed, it is not possible to change the application's access credentials, such as usernames or passwords, using Helm. To change these application credentials after deployment, delete any persistent volumes (PVs) used by the chart and re-deploy it, or use the application's built-in administrative tools if available. + +Alternatively, a YAML file that specifies the values for the parameters can be provided while installing the chart. For example, + +```console +$ helm install my-release -f values.yaml bitnami/memcached +``` + +> **Tip**: You can use the default [values.yaml](values.yaml) + +## Configuration and installation details + +### [Rolling VS Immutable tags](https://docs.bitnami.com/containers/how-to/understand-rolling-tags-containers/) + +It is strongly recommended to use immutable tags in a production environment. This ensures your deployment does not change automatically if the same tag is updated with a different image. + +Bitnami will release a new chart updating its containers if a new version of the main container, significant changes, or critical vulnerabilities exist. + +## Persistence + +When using `architecture: "high-availability"` the [Bitnami Memcached](https://github.com/bitnami/bitnami-docker-memcached) image stores the cache-state at the `/cache-state` path of the container if enabled. + +Persistent Volume Claims are used to keep the data across deployments. This is known to work in GCE, AWS, and minikube. +See the [Parameters](#parameters) section to configure the PVC or to disable persistence. + +### Setting Pod's affinity + +This chart allows you to set your custom affinity using the `affinity` parameter. Find more information about Pod's affinity in the [kubernetes documentation](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity). + +As an alternative, you can use of the preset configurations for pod affinity, pod anti-affinity, and node affinity available at the [bitnami/common](https://github.com/bitnami/charts/tree/master/bitnami/common#affinities) chart. To do so, set the `podAffinityPreset`, `podAntiAffinityPreset`, or `nodeAffinityPreset` parameters. + +## Troubleshooting + +Find more information about how to deal with common errors related to Bitnami’s Helm charts in [this troubleshooting guide](https://docs.bitnami.com/general/how-to/troubleshoot-helm-chart-issues). + +## Notable changes + +### 4.0.0 + +Backwards compatibility is not guaranteed unless you modify the labels used on the chart's deployments. +Use the workaround below to upgrade from versions previous to 4.0.0. The following example assumes that the release name is memcached: + +```console +$ kubectl delete deployment memcached --cascade=false +$ helm upgrade memcached bitnami/memcached +``` + +### 3.0.0 + +This release uses the new bash based `bitnami/memcached` container which uses bash scripts for the start up logic of the container and is smaller in size. + +## Upgrading + +### To 5.3.0 + +This version introduces `bitnami/common`, a [library chart](https://helm.sh/docs/topics/library_charts/#helm) as a dependency. More documentation about this new utility could be found [here](https://github.com/bitnami/charts/tree/master/bitnami/common#bitnami-common-library-chart). Please, make sure that you have updated the chart dependencies before executing any upgrade. + +### To 5.0.0 + +[On November 13, 2020, Helm v2 support was formally finished](https://github.com/helm/charts#status-of-the-project), this major version is the result of the required changes applied to the Helm Chart to be able to incorporate the different features added in Helm v3 and to be consistent with the Helm project itself regarding the Helm v2 EOL. + +**What changes were introduced in this major version?** + +- Previous versions of this Helm Chart use `apiVersion: v1` (installable by both Helm 2 and 3), this Helm Chart was updated to `apiVersion: v2` (installable by Helm 3 only). [Here](https://helm.sh/docs/topics/charts/#the-apiversion-field) you can find more information about the `apiVersion` field. +- The different fields present in the *Chart.yaml* file has been ordered alphabetically in a homogeneous way for all the Bitnami Helm Charts + +**Considerations when upgrading to this version** + +- If you want to upgrade to this version from a previous one installed with Helm v3, you shouldn't face any issues +- If you want to upgrade to this version using Helm v2, this scenario is not supported as this version doesn't support Helm v2 anymore +- If you installed the previous version with Helm v2 and wants to upgrade to this version with Helm v3, please refer to the [official Helm documentation](https://helm.sh/docs/topics/v2_v3_migration/#migration-use-cases) about migrating from Helm v2 to v3 + +**Useful links** + +- https://docs.bitnami.com/tutorials/resolve-helm2-helm3-post-migration-issues/ +- https://helm.sh/docs/topics/v2_v3_migration/ +- https://helm.sh/blog/migrate-from-helm-v2-to-helm-v3/ + +### To 1.0.0 + +Backwards compatibility is not guaranteed unless you modify the labels used on the chart's deployments. +Use the workaround below to upgrade from versions previous to 1.0.0. The following example assumes that the release name is memcached: + +```console +$ kubectl patch deployment memcached --type=json -p='[{"op": "remove", "path": "/spec/selector/matchLabels/chart"}]' +``` diff --git a/gitea/charts/memcached/charts/common/.helmignore b/gitea/charts/memcached/charts/common/.helmignore new file mode 100644 index 0000000..50af031 --- /dev/null +++ b/gitea/charts/memcached/charts/common/.helmignore @@ -0,0 +1,22 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/gitea/charts/memcached/charts/common/Chart.yaml b/gitea/charts/memcached/charts/common/Chart.yaml new file mode 100644 index 0000000..bcc3808 --- /dev/null +++ b/gitea/charts/memcached/charts/common/Chart.yaml @@ -0,0 +1,23 @@ +annotations: + category: Infrastructure +apiVersion: v2 +appVersion: 1.4.2 +description: A Library Helm Chart for grouping common logic between bitnami charts. + This chart is not deployable by itself. +home: https://github.com/bitnami/charts/tree/master/bitnami/common +icon: https://bitnami.com/downloads/logos/bitnami-mark.png +keywords: +- common +- helper +- template +- function +- bitnami +maintainers: +- email: containers@bitnami.com + name: Bitnami +name: common +sources: +- https://github.com/bitnami/charts +- http://www.bitnami.com/ +type: library +version: 1.4.2 diff --git a/gitea/charts/memcached/charts/common/README.md b/gitea/charts/memcached/charts/common/README.md new file mode 100644 index 0000000..7287cbb --- /dev/null +++ b/gitea/charts/memcached/charts/common/README.md @@ -0,0 +1,322 @@ +# Bitnami Common Library Chart + +A [Helm Library Chart](https://helm.sh/docs/topics/library_charts/#helm) for grouping common logic between bitnami charts. + +## TL;DR + +```yaml +dependencies: + - name: common + version: 0.x.x + repository: https://charts.bitnami.com/bitnami +``` + +```bash +$ helm dependency update +``` + +```yaml +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.names.fullname" . }} +data: + myvalue: "Hello World" +``` + +## Introduction + +This chart provides a common template helpers which can be used to develop new charts using [Helm](https://helm.sh) package manager. + +Bitnami charts can be used with [Kubeapps](https://kubeapps.com/) for deployment and management of Helm Charts in clusters. This Helm chart has been tested on top of [Bitnami Kubernetes Production Runtime](https://kubeprod.io/) (BKPR). Deploy BKPR to get automated TLS certificates, logging and monitoring for your applications. + +## Prerequisites + +- Kubernetes 1.12+ +- Helm 3.1.0 + +## Parameters + +The following table lists the helpers available in the library which are scoped in different sections. + +### Affinities + +| Helper identifier | Description | Expected Input | +|-------------------------------|------------------------------------------------------|------------------------------------------------| +| `common.affinities.node.soft` | Return a soft nodeAffinity definition | `dict "key" "FOO" "values" (list "BAR" "BAZ")` | +| `common.affinities.node.hard` | Return a hard nodeAffinity definition | `dict "key" "FOO" "values" (list "BAR" "BAZ")` | +| `common.affinities.pod.soft` | Return a soft podAffinity/podAntiAffinity definition | `dict "component" "FOO" "context" $` | +| `common.affinities.pod.hard` | Return a hard podAffinity/podAntiAffinity definition | `dict "component" "FOO" "context" $` | + +### Capabilities + +| Helper identifier | Description | Expected Input | +|----------------------------------------------|------------------------------------------------------------------------------------------------|-------------------| +| `common.capabilities.kubeVersion` | Return the target Kubernetes version (using client default if .Values.kubeVersion is not set). | `.` Chart context | +| `common.capabilities.deployment.apiVersion` | Return the appropriate apiVersion for deployment. | `.` Chart context | +| `common.capabilities.statefulset.apiVersion` | Return the appropriate apiVersion for statefulset. | `.` Chart context | +| `common.capabilities.ingress.apiVersion` | Return the appropriate apiVersion for ingress. | `.` Chart context | +| `common.capabilities.rbac.apiVersion` | Return the appropriate apiVersion for RBAC resources. | `.` Chart context | +| `common.capabilities.crd.apiVersion` | Return the appropriate apiVersion for CRDs. | `.` Chart context | +| `common.capabilities.supportsHelmVersion` | Returns true if the used Helm version is 3.3+ | `.` Chart context | + +### Errors + +| Helper identifier | Description | Expected Input | +|-----------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-------------------------------------------------------------------------------------| +| `common.errors.upgrade.passwords.empty` | It will ensure required passwords are given when we are upgrading a chart. If `validationErrors` is not empty it will throw an error and will stop the upgrade action. | `dict "validationErrors" (list $validationError00 $validationError01) "context" $` | + +### Images + +| Helper identifier | Description | Expected Input | +|-----------------------------|------------------------------------------------------|---------------------------------------------------------------------------------------------------------| +| `common.images.image` | Return the proper and full image name | `dict "imageRoot" .Values.path.to.the.image "global" $`, see [ImageRoot](#imageroot) for the structure. | +| `common.images.pullSecrets` | Return the proper Docker Image Registry Secret Names | `dict "images" (list .Values.path.to.the.image1, .Values.path.to.the.image2) "global" .Values.global` | + +### Ingress + +| Helper identifier | Description | Expected Input | +|--------------------------|----------------------------------------------------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| `common.ingress.backend` | Generate a proper Ingress backend entry depending on the API version | `dict "serviceName" "foo" "servicePort" "bar"`, see the [Ingress deprecation notice](https://kubernetes.io/blog/2019/07/18/api-deprecations-in-1-16/) for the syntax differences | + +### Labels + +| Helper identifier | Description | Expected Input | +|-----------------------------|------------------------------------------------------|-------------------| +| `common.labels.standard` | Return Kubernetes standard labels | `.` Chart context | +| `common.labels.matchLabels` | Return the proper Docker Image Registry Secret Names | `.` Chart context | + +### Names + +| Helper identifier | Description | Expected Inpput | +|-------------------------|------------------------------------------------------------|-------------------| +| `common.names.name` | Expand the name of the chart or use `.Values.nameOverride` | `.` Chart context | +| `common.names.fullname` | Create a default fully qualified app name. | `.` Chart context | +| `common.names.chart` | Chart name plus version | `.` Chart context | + +### Secrets + +| Helper identifier | Description | Expected Input | +|---------------------------|--------------------------------------------------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| `common.secrets.name` | Generate the name of the secret. | `dict "existingSecret" .Values.path.to.the.existingSecret "defaultNameSuffix" "mySuffix" "context" $` see [ExistingSecret](#existingsecret) for the structure. | +| `common.secrets.key` | Generate secret key. | `dict "existingSecret" .Values.path.to.the.existingSecret "key" "keyName"` see [ExistingSecret](#existingsecret) for the structure. | +| `common.passwords.manage` | Generate secret password or retrieve one if already created. | `dict "secret" "secret-name" "key" "keyName" "providedValues" (list "path.to.password1" "path.to.password2") "length" 10 "strong" false "chartName" "chartName" "context" $`, length, strong and chartNAme fields are optional. | +| `common.secrets.exists` | Returns whether a previous generated secret already exists. | `dict "secret" "secret-name" "context" $` | + +### Storage + +| Helper identifier | Description | Expected Input | +|-------------------------------|---------------------------------------|---------------------------------------------------------------------------------------------------------------------| +| `common.affinities.node.soft` | Return a soft nodeAffinity definition | `dict "persistence" .Values.path.to.the.persistence "global" $`, see [Persistence](#persistence) for the structure. | + +### TplValues + +| Helper identifier | Description | Expected Input | +|---------------------------|----------------------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------| +| `common.tplvalues.render` | Renders a value that contains template | `dict "value" .Values.path.to.the.Value "context" $`, value is the value should rendered as template, context frequently is the chart context `$` or `.` | + +### Utils + +| Helper identifier | Description | Expected Input | +|--------------------------------|------------------------------------------------------------------------------------------|------------------------------------------------------------------------| +| `common.utils.fieldToEnvVar` | Build environment variable name given a field. | `dict "field" "my-password"` | +| `common.utils.secret.getvalue` | Print instructions to get a secret value. | `dict "secret" "secret-name" "field" "secret-value-field" "context" $` | +| `common.utils.getValueFromKey` | Gets a value from `.Values` object given its key path | `dict "key" "path.to.key" "context" $` | +| `common.utils.getKeyFromList` | Returns first `.Values` key with a defined value or first of the list if all non-defined | `dict "keys" (list "path.to.key1" "path.to.key2") "context" $` | + +### Validations + +| Helper identifier | Description | Expected Input | +|--------------------------------------------------|-------------------------------------------------------------------------------------------------------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| `common.validations.values.single.empty` | Validate a value must not be empty. | `dict "valueKey" "path.to.value" "secret" "secret.name" "field" "my-password" "subchart" "subchart" "context" $` secret, field and subchart are optional. In case they are given, the helper will generate a how to get instruction. See [ValidateValue](#validatevalue) | +| `common.validations.values.multiple.empty` | Validate a multiple values must not be empty. It returns a shared error for all the values. | `dict "required" (list $validateValueConf00 $validateValueConf01) "context" $`. See [ValidateValue](#validatevalue) | +| `common.validations.values.mariadb.passwords` | This helper will ensure required password for MariaDB are not empty. It returns a shared error for all the values. | `dict "secret" "mariadb-secret" "subchart" "true" "context" $` subchart field is optional and could be true or false it depends on where you will use mariadb chart and the helper. | +| `common.validations.values.postgresql.passwords` | This helper will ensure required password for PostgreSQL are not empty. It returns a shared error for all the values. | `dict "secret" "postgresql-secret" "subchart" "true" "context" $` subchart field is optional and could be true or false it depends on where you will use postgresql chart and the helper. | +| `common.validations.values.redis.passwords` | This helper will ensure required password for RedisTM are not empty. It returns a shared error for all the values. | `dict "secret" "redis-secret" "subchart" "true" "context" $` subchart field is optional and could be true or false it depends on where you will use redis chart and the helper. | +| `common.validations.values.cassandra.passwords` | This helper will ensure required password for Cassandra are not empty. It returns a shared error for all the values. | `dict "secret" "cassandra-secret" "subchart" "true" "context" $` subchart field is optional and could be true or false it depends on where you will use cassandra chart and the helper. | +| `common.validations.values.mongodb.passwords` | This helper will ensure required password for MongoDB® are not empty. It returns a shared error for all the values. | `dict "secret" "mongodb-secret" "subchart" "true" "context" $` subchart field is optional and could be true or false it depends on where you will use mongodb chart and the helper. | + +### Warnings + +| Helper identifier | Description | Expected Input | +|------------------------------|----------------------------------|------------------------------------------------------------| +| `common.warnings.rollingTag` | Warning about using rolling tag. | `ImageRoot` see [ImageRoot](#imageroot) for the structure. | + +## Special input schemas + +### ImageRoot + +```yaml +registry: + type: string + description: Docker registry where the image is located + example: docker.io + +repository: + type: string + description: Repository and image name + example: bitnami/nginx + +tag: + type: string + description: image tag + example: 1.16.1-debian-10-r63 + +pullPolicy: + type: string + description: Specify a imagePullPolicy. Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' + +pullSecrets: + type: array + items: + type: string + description: Optionally specify an array of imagePullSecrets. + +debug: + type: boolean + description: Set to true if you would like to see extra information on logs + example: false + +## An instance would be: +# registry: docker.io +# repository: bitnami/nginx +# tag: 1.16.1-debian-10-r63 +# pullPolicy: IfNotPresent +# debug: false +``` + +### Persistence + +```yaml +enabled: + type: boolean + description: Whether enable persistence. + example: true + +storageClass: + type: string + description: Ghost data Persistent Volume Storage Class, If set to "-", storageClassName: "" which disables dynamic provisioning. + example: "-" + +accessMode: + type: string + description: Access mode for the Persistent Volume Storage. + example: ReadWriteOnce + +size: + type: string + description: Size the Persistent Volume Storage. + example: 8Gi + +path: + type: string + description: Path to be persisted. + example: /bitnami + +## An instance would be: +# enabled: true +# storageClass: "-" +# accessMode: ReadWriteOnce +# size: 8Gi +# path: /bitnami +``` + +### ExistingSecret + +```yaml +name: + type: string + description: Name of the existing secret. + example: mySecret +keyMapping: + description: Mapping between the expected key name and the name of the key in the existing secret. + type: object + +## An instance would be: +# name: mySecret +# keyMapping: +# password: myPasswordKey +``` + +#### Example of use + +When we store sensitive data for a deployment in a secret, some times we want to give to users the possibility of using theirs existing secrets. + +```yaml +# templates/secret.yaml +--- +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "common.names.fullname" . }} + labels: + app: {{ include "common.names.fullname" . }} +type: Opaque +data: + password: {{ .Values.password | b64enc | quote }} + +# templates/dpl.yaml +--- +... + env: + - name: PASSWORD + valueFrom: + secretKeyRef: + name: {{ include "common.secrets.name" (dict "existingSecret" .Values.existingSecret "context" $) }} + key: {{ include "common.secrets.key" (dict "existingSecret" .Values.existingSecret "key" "password") }} +... + +# values.yaml +--- +name: mySecret +keyMapping: + password: myPasswordKey +``` + +### ValidateValue + +#### NOTES.txt + +```console +{{- $validateValueConf00 := (dict "valueKey" "path.to.value00" "secret" "secretName" "field" "password-00") -}} +{{- $validateValueConf01 := (dict "valueKey" "path.to.value01" "secret" "secretName" "field" "password-01") -}} + +{{ include "common.validations.values.multiple.empty" (dict "required" (list $validateValueConf00 $validateValueConf01) "context" $) }} +``` + +If we force those values to be empty we will see some alerts + +```console +$ helm install test mychart --set path.to.value00="",path.to.value01="" + 'path.to.value00' must not be empty, please add '--set path.to.value00=$PASSWORD_00' to the command. To get the current value: + + export PASSWORD_00=$(kubectl get secret --namespace default secretName -o jsonpath="{.data.password-00}" | base64 --decode) + + 'path.to.value01' must not be empty, please add '--set path.to.value01=$PASSWORD_01' to the command. To get the current value: + + export PASSWORD_01=$(kubectl get secret --namespace default secretName -o jsonpath="{.data.password-01}" | base64 --decode) +``` + +## Upgrading + +### To 1.0.0 + +[On November 13, 2020, Helm v2 support was formally finished](https://github.com/helm/charts#status-of-the-project), this major version is the result of the required changes applied to the Helm Chart to be able to incorporate the different features added in Helm v3 and to be consistent with the Helm project itself regarding the Helm v2 EOL. + +**What changes were introduced in this major version?** + +- Previous versions of this Helm Chart use `apiVersion: v1` (installable by both Helm 2 and 3), this Helm Chart was updated to `apiVersion: v2` (installable by Helm 3 only). [Here](https://helm.sh/docs/topics/charts/#the-apiversion-field) you can find more information about the `apiVersion` field. +- Use `type: library`. [Here](https://v3.helm.sh/docs/faq/#library-chart-support) you can find more information. +- The different fields present in the *Chart.yaml* file has been ordered alphabetically in a homogeneous way for all the Bitnami Helm Charts + +**Considerations when upgrading to this version** + +- If you want to upgrade to this version from a previous one installed with Helm v3, you shouldn't face any issues +- If you want to upgrade to this version using Helm v2, this scenario is not supported as this version doesn't support Helm v2 anymore +- If you installed the previous version with Helm v2 and wants to upgrade to this version with Helm v3, please refer to the [official Helm documentation](https://helm.sh/docs/topics/v2_v3_migration/#migration-use-cases) about migrating from Helm v2 to v3 + +**Useful links** + +- https://docs.bitnami.com/tutorials/resolve-helm2-helm3-post-migration-issues/ +- https://helm.sh/docs/topics/v2_v3_migration/ +- https://helm.sh/blog/migrate-from-helm-v2-to-helm-v3/ diff --git a/gitea/charts/memcached/charts/common/templates/_affinities.tpl b/gitea/charts/memcached/charts/common/templates/_affinities.tpl new file mode 100644 index 0000000..493a6dc --- /dev/null +++ b/gitea/charts/memcached/charts/common/templates/_affinities.tpl @@ -0,0 +1,94 @@ +{{/* vim: set filetype=mustache: */}} + +{{/* +Return a soft nodeAffinity definition +{{ include "common.affinities.nodes.soft" (dict "key" "FOO" "values" (list "BAR" "BAZ")) -}} +*/}} +{{- define "common.affinities.nodes.soft" -}} +preferredDuringSchedulingIgnoredDuringExecution: + - preference: + matchExpressions: + - key: {{ .key }} + operator: In + values: + {{- range .values }} + - {{ . }} + {{- end }} + weight: 1 +{{- end -}} + +{{/* +Return a hard nodeAffinity definition +{{ include "common.affinities.nodes.hard" (dict "key" "FOO" "values" (list "BAR" "BAZ")) -}} +*/}} +{{- define "common.affinities.nodes.hard" -}} +requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: {{ .key }} + operator: In + values: + {{- range .values }} + - {{ . }} + {{- end }} +{{- end -}} + +{{/* +Return a nodeAffinity definition +{{ include "common.affinities.nodes" (dict "type" "soft" "key" "FOO" "values" (list "BAR" "BAZ")) -}} +*/}} +{{- define "common.affinities.nodes" -}} + {{- if eq .type "soft" }} + {{- include "common.affinities.nodes.soft" . -}} + {{- else if eq .type "hard" }} + {{- include "common.affinities.nodes.hard" . -}} + {{- end -}} +{{- end -}} + +{{/* +Return a soft podAffinity/podAntiAffinity definition +{{ include "common.affinities.pods.soft" (dict "component" "FOO" "context" $) -}} +*/}} +{{- define "common.affinities.pods.soft" -}} +{{- $component := default "" .component -}} +preferredDuringSchedulingIgnoredDuringExecution: + - podAffinityTerm: + labelSelector: + matchLabels: {{- (include "common.labels.matchLabels" .context) | nindent 10 }} + {{- if not (empty $component) }} + {{ printf "app.kubernetes.io/component: %s" $component }} + {{- end }} + namespaces: + - {{ .context.Release.Namespace | quote }} + topologyKey: kubernetes.io/hostname + weight: 1 +{{- end -}} + +{{/* +Return a hard podAffinity/podAntiAffinity definition +{{ include "common.affinities.pods.hard" (dict "component" "FOO" "context" $) -}} +*/}} +{{- define "common.affinities.pods.hard" -}} +{{- $component := default "" .component -}} +requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchLabels: {{- (include "common.labels.matchLabels" .context) | nindent 8 }} + {{- if not (empty $component) }} + {{ printf "app.kubernetes.io/component: %s" $component }} + {{- end }} + namespaces: + - {{ .context.Release.Namespace | quote }} + topologyKey: kubernetes.io/hostname +{{- end -}} + +{{/* +Return a podAffinity/podAntiAffinity definition +{{ include "common.affinities.pods" (dict "type" "soft" "key" "FOO" "values" (list "BAR" "BAZ")) -}} +*/}} +{{- define "common.affinities.pods" -}} + {{- if eq .type "soft" }} + {{- include "common.affinities.pods.soft" . -}} + {{- else if eq .type "hard" }} + {{- include "common.affinities.pods.hard" . -}} + {{- end -}} +{{- end -}} diff --git a/gitea/charts/memcached/charts/common/templates/_capabilities.tpl b/gitea/charts/memcached/charts/common/templates/_capabilities.tpl new file mode 100644 index 0000000..4dde56a --- /dev/null +++ b/gitea/charts/memcached/charts/common/templates/_capabilities.tpl @@ -0,0 +1,95 @@ +{{/* vim: set filetype=mustache: */}} + +{{/* +Return the target Kubernetes version +*/}} +{{- define "common.capabilities.kubeVersion" -}} +{{- if .Values.global }} + {{- if .Values.global.kubeVersion }} + {{- .Values.global.kubeVersion -}} + {{- else }} + {{- default .Capabilities.KubeVersion.Version .Values.kubeVersion -}} + {{- end -}} +{{- else }} +{{- default .Capabilities.KubeVersion.Version .Values.kubeVersion -}} +{{- end -}} +{{- end -}} + +{{/* +Return the appropriate apiVersion for deployment. +*/}} +{{- define "common.capabilities.deployment.apiVersion" -}} +{{- if semverCompare "<1.14-0" (include "common.capabilities.kubeVersion" .) -}} +{{- print "extensions/v1beta1" -}} +{{- else -}} +{{- print "apps/v1" -}} +{{- end -}} +{{- end -}} + +{{/* +Return the appropriate apiVersion for statefulset. +*/}} +{{- define "common.capabilities.statefulset.apiVersion" -}} +{{- if semverCompare "<1.14-0" (include "common.capabilities.kubeVersion" .) -}} +{{- print "apps/v1beta1" -}} +{{- else -}} +{{- print "apps/v1" -}} +{{- end -}} +{{- end -}} + +{{/* +Return the appropriate apiVersion for ingress. +*/}} +{{- define "common.capabilities.ingress.apiVersion" -}} +{{- if .Values.ingress -}} +{{- if .Values.ingress.apiVersion -}} +{{- .Values.ingress.apiVersion -}} +{{- else if semverCompare "<1.14-0" (include "common.capabilities.kubeVersion" .) -}} +{{- print "extensions/v1beta1" -}} +{{- else if semverCompare "<1.19-0" (include "common.capabilities.kubeVersion" .) -}} +{{- print "networking.k8s.io/v1beta1" -}} +{{- else -}} +{{- print "networking.k8s.io/v1" -}} +{{- end }} +{{- else if semverCompare "<1.14-0" (include "common.capabilities.kubeVersion" .) -}} +{{- print "extensions/v1beta1" -}} +{{- else if semverCompare "<1.19-0" (include "common.capabilities.kubeVersion" .) -}} +{{- print "networking.k8s.io/v1beta1" -}} +{{- else -}} +{{- print "networking.k8s.io/v1" -}} +{{- end -}} +{{- end -}} + +{{/* +Return the appropriate apiVersion for RBAC resources. +*/}} +{{- define "common.capabilities.rbac.apiVersion" -}} +{{- if semverCompare "<1.17-0" (include "common.capabilities.kubeVersion" .) -}} +{{- print "rbac.authorization.k8s.io/v1beta1" -}} +{{- else -}} +{{- print "rbac.authorization.k8s.io/v1" -}} +{{- end -}} +{{- end -}} + +{{/* +Return the appropriate apiVersion for CRDs. +*/}} +{{- define "common.capabilities.crd.apiVersion" -}} +{{- if semverCompare "<1.19-0" (include "common.capabilities.kubeVersion" .) -}} +{{- print "apiextensions.k8s.io/v1beta1" -}} +{{- else -}} +{{- print "apiextensions.k8s.io/v1" -}} +{{- end -}} +{{- end -}} + +{{/* +Returns true if the used Helm version is 3.3+. +A way to check the used Helm version was not introduced until version 3.3.0 with .Capabilities.HelmVersion, which contains an additional "{}}" structure. +This check is introduced as a regexMatch instead of {{ if .Capabilities.HelmVersion }} because checking for the key HelmVersion in <3.3 results in a "interface not found" error. +**To be removed when the catalog's minimun Helm version is 3.3** +*/}} +{{- define "common.capabilities.supportsHelmVersion" -}} +{{- if regexMatch "{(v[0-9])*[^}]*}}$" (.Capabilities | toString ) }} + {{- true -}} +{{- end -}} +{{- end -}} diff --git a/gitea/charts/memcached/charts/common/templates/_errors.tpl b/gitea/charts/memcached/charts/common/templates/_errors.tpl new file mode 100644 index 0000000..a79cc2e --- /dev/null +++ b/gitea/charts/memcached/charts/common/templates/_errors.tpl @@ -0,0 +1,23 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Through error when upgrading using empty passwords values that must not be empty. + +Usage: +{{- $validationError00 := include "common.validations.values.single.empty" (dict "valueKey" "path.to.password00" "secret" "secretName" "field" "password-00") -}} +{{- $validationError01 := include "common.validations.values.single.empty" (dict "valueKey" "path.to.password01" "secret" "secretName" "field" "password-01") -}} +{{ include "common.errors.upgrade.passwords.empty" (dict "validationErrors" (list $validationError00 $validationError01) "context" $) }} + +Required password params: + - validationErrors - String - Required. List of validation strings to be return, if it is empty it won't throw error. + - context - Context - Required. Parent context. +*/}} +{{- define "common.errors.upgrade.passwords.empty" -}} + {{- $validationErrors := join "" .validationErrors -}} + {{- if and $validationErrors .context.Release.IsUpgrade -}} + {{- $errorString := "\nPASSWORDS ERROR: You must provide your current passwords when upgrading the release." -}} + {{- $errorString = print $errorString "\n Note that even after reinstallation, old credentials may be needed as they may be kept in persistent volume claims." -}} + {{- $errorString = print $errorString "\n Further information can be obtained at https://docs.bitnami.com/general/how-to/troubleshoot-helm-chart-issues/#credential-errors-while-upgrading-chart-releases" -}} + {{- $errorString = print $errorString "\n%s" -}} + {{- printf $errorString $validationErrors | fail -}} + {{- end -}} +{{- end -}} diff --git a/gitea/charts/memcached/charts/common/templates/_images.tpl b/gitea/charts/memcached/charts/common/templates/_images.tpl new file mode 100644 index 0000000..60f04fd --- /dev/null +++ b/gitea/charts/memcached/charts/common/templates/_images.tpl @@ -0,0 +1,47 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Return the proper image name +{{ include "common.images.image" ( dict "imageRoot" .Values.path.to.the.image "global" $) }} +*/}} +{{- define "common.images.image" -}} +{{- $registryName := .imageRoot.registry -}} +{{- $repositoryName := .imageRoot.repository -}} +{{- $tag := .imageRoot.tag | toString -}} +{{- if .global }} + {{- if .global.imageRegistry }} + {{- $registryName = .global.imageRegistry -}} + {{- end -}} +{{- end -}} +{{- if $registryName }} +{{- printf "%s/%s:%s" $registryName $repositoryName $tag -}} +{{- else -}} +{{- printf "%s:%s" $repositoryName $tag -}} +{{- end -}} +{{- end -}} + +{{/* +Return the proper Docker Image Registry Secret Names +{{ include "common.images.pullSecrets" ( dict "images" (list .Values.path.to.the.image1, .Values.path.to.the.image2) "global" .Values.global) }} +*/}} +{{- define "common.images.pullSecrets" -}} + {{- $pullSecrets := list }} + + {{- if .global }} + {{- range .global.imagePullSecrets -}} + {{- $pullSecrets = append $pullSecrets . -}} + {{- end -}} + {{- end -}} + + {{- range .images -}} + {{- range .pullSecrets -}} + {{- $pullSecrets = append $pullSecrets . -}} + {{- end -}} + {{- end -}} + + {{- if (not (empty $pullSecrets)) }} +imagePullSecrets: + {{- range $pullSecrets }} + - name: {{ . }} + {{- end }} + {{- end }} +{{- end -}} diff --git a/gitea/charts/memcached/charts/common/templates/_ingress.tpl b/gitea/charts/memcached/charts/common/templates/_ingress.tpl new file mode 100644 index 0000000..622ef50 --- /dev/null +++ b/gitea/charts/memcached/charts/common/templates/_ingress.tpl @@ -0,0 +1,42 @@ +{{/* vim: set filetype=mustache: */}} + +{{/* +Generate backend entry that is compatible with all Kubernetes API versions. + +Usage: +{{ include "common.ingress.backend" (dict "serviceName" "backendName" "servicePort" "backendPort" "context" $) }} + +Params: + - serviceName - String. Name of an existing service backend + - servicePort - String/Int. Port name (or number) of the service. It will be translated to different yaml depending if it is a string or an integer. + - context - Dict - Required. The context for the template evaluation. +*/}} +{{- define "common.ingress.backend" -}} +{{- $apiVersion := (include "common.capabilities.ingress.apiVersion" .context) -}} +{{- if or (eq $apiVersion "extensions/v1beta1") (eq $apiVersion "networking.k8s.io/v1beta1") -}} +serviceName: {{ .serviceName }} +servicePort: {{ .servicePort }} +{{- else -}} +service: + name: {{ .serviceName }} + port: + {{- if typeIs "string" .servicePort }} + name: {{ .servicePort }} + {{- else if typeIs "int" .servicePort }} + number: {{ .servicePort }} + {{- end }} +{{- end -}} +{{- end -}} + +{{/* +Print "true" if the API pathType field is supported +Usage: +{{ include "common.ingress.supportsPathType" . }} +*/}} +{{- define "common.ingress.supportsPathType" -}} +{{- if (semverCompare "<1.18-0" (include "common.capabilities.kubeVersion" .)) -}} +{{- print "false" -}} +{{- else -}} +{{- print "true" -}} +{{- end -}} +{{- end -}} diff --git a/gitea/charts/memcached/charts/common/templates/_labels.tpl b/gitea/charts/memcached/charts/common/templates/_labels.tpl new file mode 100644 index 0000000..252066c --- /dev/null +++ b/gitea/charts/memcached/charts/common/templates/_labels.tpl @@ -0,0 +1,18 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Kubernetes standard labels +*/}} +{{- define "common.labels.standard" -}} +app.kubernetes.io/name: {{ include "common.names.name" . }} +helm.sh/chart: {{ include "common.names.chart" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end -}} + +{{/* +Labels to use on deploy.spec.selector.matchLabels and svc.spec.selector +*/}} +{{- define "common.labels.matchLabels" -}} +app.kubernetes.io/name: {{ include "common.names.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end -}} diff --git a/gitea/charts/memcached/charts/common/templates/_names.tpl b/gitea/charts/memcached/charts/common/templates/_names.tpl new file mode 100644 index 0000000..adf2a74 --- /dev/null +++ b/gitea/charts/memcached/charts/common/templates/_names.tpl @@ -0,0 +1,32 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "common.names.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "common.names.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "common.names.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} diff --git a/gitea/charts/memcached/charts/common/templates/_secrets.tpl b/gitea/charts/memcached/charts/common/templates/_secrets.tpl new file mode 100644 index 0000000..60b84a7 --- /dev/null +++ b/gitea/charts/memcached/charts/common/templates/_secrets.tpl @@ -0,0 +1,129 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Generate secret name. + +Usage: +{{ include "common.secrets.name" (dict "existingSecret" .Values.path.to.the.existingSecret "defaultNameSuffix" "mySuffix" "context" $) }} + +Params: + - existingSecret - ExistingSecret/String - Optional. The path to the existing secrets in the values.yaml given by the user + to be used instead of the default one. Allows for it to be of type String (just the secret name) for backwards compatibility. + +info: https://github.com/bitnami/charts/tree/master/bitnami/common#existingsecret + - defaultNameSuffix - String - Optional. It is used only if we have several secrets in the same deployment. + - context - Dict - Required. The context for the template evaluation. +*/}} +{{- define "common.secrets.name" -}} +{{- $name := (include "common.names.fullname" .context) -}} + +{{- if .defaultNameSuffix -}} +{{- $name = printf "%s-%s" $name .defaultNameSuffix | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{- with .existingSecret -}} +{{- if not (typeIs "string" .) -}} +{{- with .name -}} +{{- $name = . -}} +{{- end -}} +{{- else -}} +{{- $name = . -}} +{{- end -}} +{{- end -}} + +{{- printf "%s" $name -}} +{{- end -}} + +{{/* +Generate secret key. + +Usage: +{{ include "common.secrets.key" (dict "existingSecret" .Values.path.to.the.existingSecret "key" "keyName") }} + +Params: + - existingSecret - ExistingSecret/String - Optional. The path to the existing secrets in the values.yaml given by the user + to be used instead of the default one. Allows for it to be of type String (just the secret name) for backwards compatibility. + +info: https://github.com/bitnami/charts/tree/master/bitnami/common#existingsecret + - key - String - Required. Name of the key in the secret. +*/}} +{{- define "common.secrets.key" -}} +{{- $key := .key -}} + +{{- if .existingSecret -}} + {{- if not (typeIs "string" .existingSecret) -}} + {{- if .existingSecret.keyMapping -}} + {{- $key = index .existingSecret.keyMapping $.key -}} + {{- end -}} + {{- end }} +{{- end -}} + +{{- printf "%s" $key -}} +{{- end -}} + +{{/* +Generate secret password or retrieve one if already created. + +Usage: +{{ include "common.secrets.passwords.manage" (dict "secret" "secret-name" "key" "keyName" "providedValues" (list "path.to.password1" "path.to.password2") "length" 10 "strong" false "chartName" "chartName" "context" $) }} + +Params: + - secret - String - Required - Name of the 'Secret' resource where the password is stored. + - key - String - Required - Name of the key in the secret. + - providedValues - List - Required - The path to the validating value in the values.yaml, e.g: "mysql.password". Will pick first parameter with a defined value. + - length - int - Optional - Length of the generated random password. + - strong - Boolean - Optional - Whether to add symbols to the generated random password. + - chartName - String - Optional - Name of the chart used when said chart is deployed as a subchart. + - context - Context - Required - Parent context. +*/}} +{{- define "common.secrets.passwords.manage" -}} + +{{- $password := "" }} +{{- $subchart := "" }} +{{- $chartName := default "" .chartName }} +{{- $passwordLength := default 10 .length }} +{{- $providedPasswordKey := include "common.utils.getKeyFromList" (dict "keys" .providedValues "context" $.context) }} +{{- $providedPasswordValue := include "common.utils.getValueFromKey" (dict "key" $providedPasswordKey "context" $.context) }} +{{- $secret := (lookup "v1" "Secret" $.context.Release.Namespace .secret) }} +{{- if $secret }} + {{- if index $secret.data .key }} + {{- $password = index $secret.data .key }} + {{- end -}} +{{- else if $providedPasswordValue }} + {{- $password = $providedPasswordValue | toString | b64enc | quote }} +{{- else }} + + {{- if .context.Values.enabled }} + {{- $subchart = $chartName }} + {{- end -}} + + {{- $requiredPassword := dict "valueKey" $providedPasswordKey "secret" .secret "field" .key "subchart" $subchart "context" $.context -}} + {{- $requiredPasswordError := include "common.validations.values.single.empty" $requiredPassword -}} + {{- $passwordValidationErrors := list $requiredPasswordError -}} + {{- include "common.errors.upgrade.passwords.empty" (dict "validationErrors" $passwordValidationErrors "context" $.context) -}} + + {{- if .strong }} + {{- $subStr := list (lower (randAlpha 1)) (randNumeric 1) (upper (randAlpha 1)) | join "_" }} + {{- $password = randAscii $passwordLength }} + {{- $password = regexReplaceAllLiteral "\\W" $password "@" | substr 5 $passwordLength }} + {{- $password = printf "%s%s" $subStr $password | toString | shuffle | b64enc | quote }} + {{- else }} + {{- $password = randAlphaNum $passwordLength | b64enc | quote }} + {{- end }} +{{- end -}} +{{- printf "%s" $password -}} +{{- end -}} + +{{/* +Returns whether a previous generated secret already exists + +Usage: +{{ include "common.secrets.exists" (dict "secret" "secret-name" "context" $) }} + +Params: + - secret - String - Required - Name of the 'Secret' resource where the password is stored. + - context - Context - Required - Parent context. +*/}} +{{- define "common.secrets.exists" -}} +{{- $secret := (lookup "v1" "Secret" $.context.Release.Namespace .secret) }} +{{- if $secret }} + {{- true -}} +{{- end -}} +{{- end -}} diff --git a/gitea/charts/memcached/charts/common/templates/_storage.tpl b/gitea/charts/memcached/charts/common/templates/_storage.tpl new file mode 100644 index 0000000..60e2a84 --- /dev/null +++ b/gitea/charts/memcached/charts/common/templates/_storage.tpl @@ -0,0 +1,23 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Return the proper Storage Class +{{ include "common.storage.class" ( dict "persistence" .Values.path.to.the.persistence "global" $) }} +*/}} +{{- define "common.storage.class" -}} + +{{- $storageClass := .persistence.storageClass -}} +{{- if .global -}} + {{- if .global.storageClass -}} + {{- $storageClass = .global.storageClass -}} + {{- end -}} +{{- end -}} + +{{- if $storageClass -}} + {{- if (eq "-" $storageClass) -}} + {{- printf "storageClassName: \"\"" -}} + {{- else }} + {{- printf "storageClassName: %s" $storageClass -}} + {{- end -}} +{{- end -}} + +{{- end -}} diff --git a/gitea/charts/memcached/charts/common/templates/_tplvalues.tpl b/gitea/charts/memcached/charts/common/templates/_tplvalues.tpl new file mode 100644 index 0000000..2db1668 --- /dev/null +++ b/gitea/charts/memcached/charts/common/templates/_tplvalues.tpl @@ -0,0 +1,13 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Renders a value that contains template. +Usage: +{{ include "common.tplvalues.render" ( dict "value" .Values.path.to.the.Value "context" $) }} +*/}} +{{- define "common.tplvalues.render" -}} + {{- if typeIs "string" .value }} + {{- tpl .value .context }} + {{- else }} + {{- tpl (.value | toYaml) .context }} + {{- end }} +{{- end -}} diff --git a/gitea/charts/memcached/charts/common/templates/_utils.tpl b/gitea/charts/memcached/charts/common/templates/_utils.tpl new file mode 100644 index 0000000..ea083a2 --- /dev/null +++ b/gitea/charts/memcached/charts/common/templates/_utils.tpl @@ -0,0 +1,62 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Print instructions to get a secret value. +Usage: +{{ include "common.utils.secret.getvalue" (dict "secret" "secret-name" "field" "secret-value-field" "context" $) }} +*/}} +{{- define "common.utils.secret.getvalue" -}} +{{- $varname := include "common.utils.fieldToEnvVar" . -}} +export {{ $varname }}=$(kubectl get secret --namespace {{ .context.Release.Namespace | quote }} {{ .secret }} -o jsonpath="{.data.{{ .field }}}" | base64 --decode) +{{- end -}} + +{{/* +Build env var name given a field +Usage: +{{ include "common.utils.fieldToEnvVar" dict "field" "my-password" }} +*/}} +{{- define "common.utils.fieldToEnvVar" -}} + {{- $fieldNameSplit := splitList "-" .field -}} + {{- $upperCaseFieldNameSplit := list -}} + + {{- range $fieldNameSplit -}} + {{- $upperCaseFieldNameSplit = append $upperCaseFieldNameSplit ( upper . ) -}} + {{- end -}} + + {{ join "_" $upperCaseFieldNameSplit }} +{{- end -}} + +{{/* +Gets a value from .Values given +Usage: +{{ include "common.utils.getValueFromKey" (dict "key" "path.to.key" "context" $) }} +*/}} +{{- define "common.utils.getValueFromKey" -}} +{{- $splitKey := splitList "." .key -}} +{{- $value := "" -}} +{{- $latestObj := $.context.Values -}} +{{- range $splitKey -}} + {{- if not $latestObj -}} + {{- printf "please review the entire path of '%s' exists in values" $.key | fail -}} + {{- end -}} + {{- $value = ( index $latestObj . ) -}} + {{- $latestObj = $value -}} +{{- end -}} +{{- printf "%v" (default "" $value) -}} +{{- end -}} + +{{/* +Returns first .Values key with a defined value or first of the list if all non-defined +Usage: +{{ include "common.utils.getKeyFromList" (dict "keys" (list "path.to.key1" "path.to.key2") "context" $) }} +*/}} +{{- define "common.utils.getKeyFromList" -}} +{{- $key := first .keys -}} +{{- $reverseKeys := reverse .keys }} +{{- range $reverseKeys }} + {{- $value := include "common.utils.getValueFromKey" (dict "key" . "context" $.context ) }} + {{- if $value -}} + {{- $key = . }} + {{- end -}} +{{- end -}} +{{- printf "%s" $key -}} +{{- end -}} diff --git a/gitea/charts/memcached/charts/common/templates/_warnings.tpl b/gitea/charts/memcached/charts/common/templates/_warnings.tpl new file mode 100644 index 0000000..ae10fa4 --- /dev/null +++ b/gitea/charts/memcached/charts/common/templates/_warnings.tpl @@ -0,0 +1,14 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Warning about using rolling tag. +Usage: +{{ include "common.warnings.rollingTag" .Values.path.to.the.imageRoot }} +*/}} +{{- define "common.warnings.rollingTag" -}} + +{{- if and (contains "bitnami/" .repository) (not (.tag | toString | regexFind "-r\\d+$|sha256:")) }} +WARNING: Rolling tag detected ({{ .repository }}:{{ .tag }}), please note that it is strongly recommended to avoid using rolling tags in a production environment. ++info https://docs.bitnami.com/containers/how-to/understand-rolling-tags-containers/ +{{- end }} + +{{- end -}} diff --git a/gitea/charts/memcached/charts/common/templates/validations/_cassandra.tpl b/gitea/charts/memcached/charts/common/templates/validations/_cassandra.tpl new file mode 100644 index 0000000..8679ddf --- /dev/null +++ b/gitea/charts/memcached/charts/common/templates/validations/_cassandra.tpl @@ -0,0 +1,72 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Validate Cassandra required passwords are not empty. + +Usage: +{{ include "common.validations.values.cassandra.passwords" (dict "secret" "secretName" "subchart" false "context" $) }} +Params: + - secret - String - Required. Name of the secret where Cassandra values are stored, e.g: "cassandra-passwords-secret" + - subchart - Boolean - Optional. Whether Cassandra is used as subchart or not. Default: false +*/}} +{{- define "common.validations.values.cassandra.passwords" -}} + {{- $existingSecret := include "common.cassandra.values.existingSecret" . -}} + {{- $enabled := include "common.cassandra.values.enabled" . -}} + {{- $dbUserPrefix := include "common.cassandra.values.key.dbUser" . -}} + {{- $valueKeyPassword := printf "%s.password" $dbUserPrefix -}} + + {{- if and (not $existingSecret) (eq $enabled "true") -}} + {{- $requiredPasswords := list -}} + + {{- $requiredPassword := dict "valueKey" $valueKeyPassword "secret" .secret "field" "cassandra-password" -}} + {{- $requiredPasswords = append $requiredPasswords $requiredPassword -}} + + {{- include "common.validations.values.multiple.empty" (dict "required" $requiredPasswords "context" .context) -}} + + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for existingSecret. + +Usage: +{{ include "common.cassandra.values.existingSecret" (dict "context" $) }} +Params: + - subchart - Boolean - Optional. Whether Cassandra is used as subchart or not. Default: false +*/}} +{{- define "common.cassandra.values.existingSecret" -}} + {{- if .subchart -}} + {{- .context.Values.cassandra.dbUser.existingSecret | quote -}} + {{- else -}} + {{- .context.Values.dbUser.existingSecret | quote -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for enabled cassandra. + +Usage: +{{ include "common.cassandra.values.enabled" (dict "context" $) }} +*/}} +{{- define "common.cassandra.values.enabled" -}} + {{- if .subchart -}} + {{- printf "%v" .context.Values.cassandra.enabled -}} + {{- else -}} + {{- printf "%v" (not .context.Values.enabled) -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for the key dbUser + +Usage: +{{ include "common.cassandra.values.key.dbUser" (dict "subchart" "true" "context" $) }} +Params: + - subchart - Boolean - Optional. Whether Cassandra is used as subchart or not. Default: false +*/}} +{{- define "common.cassandra.values.key.dbUser" -}} + {{- if .subchart -}} + cassandra.dbUser + {{- else -}} + dbUser + {{- end -}} +{{- end -}} diff --git a/gitea/charts/memcached/charts/common/templates/validations/_mariadb.tpl b/gitea/charts/memcached/charts/common/templates/validations/_mariadb.tpl new file mode 100644 index 0000000..bb5ed72 --- /dev/null +++ b/gitea/charts/memcached/charts/common/templates/validations/_mariadb.tpl @@ -0,0 +1,103 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Validate MariaDB required passwords are not empty. + +Usage: +{{ include "common.validations.values.mariadb.passwords" (dict "secret" "secretName" "subchart" false "context" $) }} +Params: + - secret - String - Required. Name of the secret where MariaDB values are stored, e.g: "mysql-passwords-secret" + - subchart - Boolean - Optional. Whether MariaDB is used as subchart or not. Default: false +*/}} +{{- define "common.validations.values.mariadb.passwords" -}} + {{- $existingSecret := include "common.mariadb.values.auth.existingSecret" . -}} + {{- $enabled := include "common.mariadb.values.enabled" . -}} + {{- $architecture := include "common.mariadb.values.architecture" . -}} + {{- $authPrefix := include "common.mariadb.values.key.auth" . -}} + {{- $valueKeyRootPassword := printf "%s.rootPassword" $authPrefix -}} + {{- $valueKeyUsername := printf "%s.username" $authPrefix -}} + {{- $valueKeyPassword := printf "%s.password" $authPrefix -}} + {{- $valueKeyReplicationPassword := printf "%s.replicationPassword" $authPrefix -}} + + {{- if and (not $existingSecret) (eq $enabled "true") -}} + {{- $requiredPasswords := list -}} + + {{- $requiredRootPassword := dict "valueKey" $valueKeyRootPassword "secret" .secret "field" "mariadb-root-password" -}} + {{- $requiredPasswords = append $requiredPasswords $requiredRootPassword -}} + + {{- $valueUsername := include "common.utils.getValueFromKey" (dict "key" $valueKeyUsername "context" .context) }} + {{- if not (empty $valueUsername) -}} + {{- $requiredPassword := dict "valueKey" $valueKeyPassword "secret" .secret "field" "mariadb-password" -}} + {{- $requiredPasswords = append $requiredPasswords $requiredPassword -}} + {{- end -}} + + {{- if (eq $architecture "replication") -}} + {{- $requiredReplicationPassword := dict "valueKey" $valueKeyReplicationPassword "secret" .secret "field" "mariadb-replication-password" -}} + {{- $requiredPasswords = append $requiredPasswords $requiredReplicationPassword -}} + {{- end -}} + + {{- include "common.validations.values.multiple.empty" (dict "required" $requiredPasswords "context" .context) -}} + + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for existingSecret. + +Usage: +{{ include "common.mariadb.values.auth.existingSecret" (dict "context" $) }} +Params: + - subchart - Boolean - Optional. Whether MariaDB is used as subchart or not. Default: false +*/}} +{{- define "common.mariadb.values.auth.existingSecret" -}} + {{- if .subchart -}} + {{- .context.Values.mariadb.auth.existingSecret | quote -}} + {{- else -}} + {{- .context.Values.auth.existingSecret | quote -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for enabled mariadb. + +Usage: +{{ include "common.mariadb.values.enabled" (dict "context" $) }} +*/}} +{{- define "common.mariadb.values.enabled" -}} + {{- if .subchart -}} + {{- printf "%v" .context.Values.mariadb.enabled -}} + {{- else -}} + {{- printf "%v" (not .context.Values.enabled) -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for architecture + +Usage: +{{ include "common.mariadb.values.architecture" (dict "subchart" "true" "context" $) }} +Params: + - subchart - Boolean - Optional. Whether MariaDB is used as subchart or not. Default: false +*/}} +{{- define "common.mariadb.values.architecture" -}} + {{- if .subchart -}} + {{- .context.Values.mariadb.architecture -}} + {{- else -}} + {{- .context.Values.architecture -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for the key auth + +Usage: +{{ include "common.mariadb.values.key.auth" (dict "subchart" "true" "context" $) }} +Params: + - subchart - Boolean - Optional. Whether MariaDB is used as subchart or not. Default: false +*/}} +{{- define "common.mariadb.values.key.auth" -}} + {{- if .subchart -}} + mariadb.auth + {{- else -}} + auth + {{- end -}} +{{- end -}} diff --git a/gitea/charts/memcached/charts/common/templates/validations/_mongodb.tpl b/gitea/charts/memcached/charts/common/templates/validations/_mongodb.tpl new file mode 100644 index 0000000..7d5ecbc --- /dev/null +++ b/gitea/charts/memcached/charts/common/templates/validations/_mongodb.tpl @@ -0,0 +1,108 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Validate MongoDB(R) required passwords are not empty. + +Usage: +{{ include "common.validations.values.mongodb.passwords" (dict "secret" "secretName" "subchart" false "context" $) }} +Params: + - secret - String - Required. Name of the secret where MongoDB(R) values are stored, e.g: "mongodb-passwords-secret" + - subchart - Boolean - Optional. Whether MongoDB(R) is used as subchart or not. Default: false +*/}} +{{- define "common.validations.values.mongodb.passwords" -}} + {{- $existingSecret := include "common.mongodb.values.auth.existingSecret" . -}} + {{- $enabled := include "common.mongodb.values.enabled" . -}} + {{- $authPrefix := include "common.mongodb.values.key.auth" . -}} + {{- $architecture := include "common.mongodb.values.architecture" . -}} + {{- $valueKeyRootPassword := printf "%s.rootPassword" $authPrefix -}} + {{- $valueKeyUsername := printf "%s.username" $authPrefix -}} + {{- $valueKeyDatabase := printf "%s.database" $authPrefix -}} + {{- $valueKeyPassword := printf "%s.password" $authPrefix -}} + {{- $valueKeyReplicaSetKey := printf "%s.replicaSetKey" $authPrefix -}} + {{- $valueKeyAuthEnabled := printf "%s.enabled" $authPrefix -}} + + {{- $authEnabled := include "common.utils.getValueFromKey" (dict "key" $valueKeyAuthEnabled "context" .context) -}} + + {{- if and (not $existingSecret) (eq $enabled "true") (eq $authEnabled "true") -}} + {{- $requiredPasswords := list -}} + + {{- $requiredRootPassword := dict "valueKey" $valueKeyRootPassword "secret" .secret "field" "mongodb-root-password" -}} + {{- $requiredPasswords = append $requiredPasswords $requiredRootPassword -}} + + {{- $valueUsername := include "common.utils.getValueFromKey" (dict "key" $valueKeyUsername "context" .context) }} + {{- $valueDatabase := include "common.utils.getValueFromKey" (dict "key" $valueKeyDatabase "context" .context) }} + {{- if and $valueUsername $valueDatabase -}} + {{- $requiredPassword := dict "valueKey" $valueKeyPassword "secret" .secret "field" "mongodb-password" -}} + {{- $requiredPasswords = append $requiredPasswords $requiredPassword -}} + {{- end -}} + + {{- if (eq $architecture "replicaset") -}} + {{- $requiredReplicaSetKey := dict "valueKey" $valueKeyReplicaSetKey "secret" .secret "field" "mongodb-replica-set-key" -}} + {{- $requiredPasswords = append $requiredPasswords $requiredReplicaSetKey -}} + {{- end -}} + + {{- include "common.validations.values.multiple.empty" (dict "required" $requiredPasswords "context" .context) -}} + + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for existingSecret. + +Usage: +{{ include "common.mongodb.values.auth.existingSecret" (dict "context" $) }} +Params: + - subchart - Boolean - Optional. Whether MongoDb is used as subchart or not. Default: false +*/}} +{{- define "common.mongodb.values.auth.existingSecret" -}} + {{- if .subchart -}} + {{- .context.Values.mongodb.auth.existingSecret | quote -}} + {{- else -}} + {{- .context.Values.auth.existingSecret | quote -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for enabled mongodb. + +Usage: +{{ include "common.mongodb.values.enabled" (dict "context" $) }} +*/}} +{{- define "common.mongodb.values.enabled" -}} + {{- if .subchart -}} + {{- printf "%v" .context.Values.mongodb.enabled -}} + {{- else -}} + {{- printf "%v" (not .context.Values.enabled) -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for the key auth + +Usage: +{{ include "common.mongodb.values.key.auth" (dict "subchart" "true" "context" $) }} +Params: + - subchart - Boolean - Optional. Whether MongoDB(R) is used as subchart or not. Default: false +*/}} +{{- define "common.mongodb.values.key.auth" -}} + {{- if .subchart -}} + mongodb.auth + {{- else -}} + auth + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for architecture + +Usage: +{{ include "common.mongodb.values.architecture" (dict "subchart" "true" "context" $) }} +Params: + - subchart - Boolean - Optional. Whether MariaDB is used as subchart or not. Default: false +*/}} +{{- define "common.mongodb.values.architecture" -}} + {{- if .subchart -}} + {{- .context.Values.mongodb.architecture -}} + {{- else -}} + {{- .context.Values.architecture -}} + {{- end -}} +{{- end -}} diff --git a/gitea/charts/memcached/charts/common/templates/validations/_postgresql.tpl b/gitea/charts/memcached/charts/common/templates/validations/_postgresql.tpl new file mode 100644 index 0000000..992bcd3 --- /dev/null +++ b/gitea/charts/memcached/charts/common/templates/validations/_postgresql.tpl @@ -0,0 +1,131 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Validate PostgreSQL required passwords are not empty. + +Usage: +{{ include "common.validations.values.postgresql.passwords" (dict "secret" "secretName" "subchart" false "context" $) }} +Params: + - secret - String - Required. Name of the secret where postgresql values are stored, e.g: "postgresql-passwords-secret" + - subchart - Boolean - Optional. Whether postgresql is used as subchart or not. Default: false +*/}} +{{- define "common.validations.values.postgresql.passwords" -}} + {{- $existingSecret := include "common.postgresql.values.existingSecret" . -}} + {{- $enabled := include "common.postgresql.values.enabled" . -}} + {{- $valueKeyPostgresqlPassword := include "common.postgresql.values.key.postgressPassword" . -}} + {{- $valueKeyPostgresqlReplicationEnabled := include "common.postgresql.values.key.replicationPassword" . -}} + + {{- if and (not $existingSecret) (eq $enabled "true") -}} + {{- $requiredPasswords := list -}} + + {{- $requiredPostgresqlPassword := dict "valueKey" $valueKeyPostgresqlPassword "secret" .secret "field" "postgresql-password" -}} + {{- $requiredPasswords = append $requiredPasswords $requiredPostgresqlPassword -}} + + {{- $enabledReplication := include "common.postgresql.values.enabled.replication" . -}} + {{- if (eq $enabledReplication "true") -}} + {{- $requiredPostgresqlReplicationPassword := dict "valueKey" $valueKeyPostgresqlReplicationEnabled "secret" .secret "field" "postgresql-replication-password" -}} + {{- $requiredPasswords = append $requiredPasswords $requiredPostgresqlReplicationPassword -}} + {{- end -}} + + {{- include "common.validations.values.multiple.empty" (dict "required" $requiredPasswords "context" .context) -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to decide whether evaluate global values. + +Usage: +{{ include "common.postgresql.values.use.global" (dict "key" "key-of-global" "context" $) }} +Params: + - key - String - Required. Field to be evaluated within global, e.g: "existingSecret" +*/}} +{{- define "common.postgresql.values.use.global" -}} + {{- if .context.Values.global -}} + {{- if .context.Values.global.postgresql -}} + {{- index .context.Values.global.postgresql .key | quote -}} + {{- end -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for existingSecret. + +Usage: +{{ include "common.postgresql.values.existingSecret" (dict "context" $) }} +*/}} +{{- define "common.postgresql.values.existingSecret" -}} + {{- $globalValue := include "common.postgresql.values.use.global" (dict "key" "existingSecret" "context" .context) -}} + + {{- if .subchart -}} + {{- default (.context.Values.postgresql.existingSecret | quote) $globalValue -}} + {{- else -}} + {{- default (.context.Values.existingSecret | quote) $globalValue -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for enabled postgresql. + +Usage: +{{ include "common.postgresql.values.enabled" (dict "context" $) }} +*/}} +{{- define "common.postgresql.values.enabled" -}} + {{- if .subchart -}} + {{- printf "%v" .context.Values.postgresql.enabled -}} + {{- else -}} + {{- printf "%v" (not .context.Values.enabled) -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for the key postgressPassword. + +Usage: +{{ include "common.postgresql.values.key.postgressPassword" (dict "subchart" "true" "context" $) }} +Params: + - subchart - Boolean - Optional. Whether postgresql is used as subchart or not. Default: false +*/}} +{{- define "common.postgresql.values.key.postgressPassword" -}} + {{- $globalValue := include "common.postgresql.values.use.global" (dict "key" "postgresqlUsername" "context" .context) -}} + + {{- if not $globalValue -}} + {{- if .subchart -}} + postgresql.postgresqlPassword + {{- else -}} + postgresqlPassword + {{- end -}} + {{- else -}} + global.postgresql.postgresqlPassword + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for enabled.replication. + +Usage: +{{ include "common.postgresql.values.enabled.replication" (dict "subchart" "true" "context" $) }} +Params: + - subchart - Boolean - Optional. Whether postgresql is used as subchart or not. Default: false +*/}} +{{- define "common.postgresql.values.enabled.replication" -}} + {{- if .subchart -}} + {{- printf "%v" .context.Values.postgresql.replication.enabled -}} + {{- else -}} + {{- printf "%v" .context.Values.replication.enabled -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for the key replication.password. + +Usage: +{{ include "common.postgresql.values.key.replicationPassword" (dict "subchart" "true" "context" $) }} +Params: + - subchart - Boolean - Optional. Whether postgresql is used as subchart or not. Default: false +*/}} +{{- define "common.postgresql.values.key.replicationPassword" -}} + {{- if .subchart -}} + postgresql.replication.password + {{- else -}} + replication.password + {{- end -}} +{{- end -}} diff --git a/gitea/charts/memcached/charts/common/templates/validations/_redis.tpl b/gitea/charts/memcached/charts/common/templates/validations/_redis.tpl new file mode 100644 index 0000000..3e2a47c --- /dev/null +++ b/gitea/charts/memcached/charts/common/templates/validations/_redis.tpl @@ -0,0 +1,72 @@ + +{{/* vim: set filetype=mustache: */}} +{{/* +Validate Redis(TM) required passwords are not empty. + +Usage: +{{ include "common.validations.values.redis.passwords" (dict "secret" "secretName" "subchart" false "context" $) }} +Params: + - secret - String - Required. Name of the secret where redis values are stored, e.g: "redis-passwords-secret" + - subchart - Boolean - Optional. Whether redis is used as subchart or not. Default: false +*/}} +{{- define "common.validations.values.redis.passwords" -}} + {{- $existingSecret := include "common.redis.values.existingSecret" . -}} + {{- $enabled := include "common.redis.values.enabled" . -}} + {{- $valueKeyPrefix := include "common.redis.values.keys.prefix" . -}} + {{- $valueKeyRedisPassword := printf "%s%s" $valueKeyPrefix "password" -}} + {{- $valueKeyRedisUsePassword := printf "%s%s" $valueKeyPrefix "usePassword" -}} + + {{- if and (not $existingSecret) (eq $enabled "true") -}} + {{- $requiredPasswords := list -}} + + {{- $usePassword := include "common.utils.getValueFromKey" (dict "key" $valueKeyRedisUsePassword "context" .context) -}} + {{- if eq $usePassword "true" -}} + {{- $requiredRedisPassword := dict "valueKey" $valueKeyRedisPassword "secret" .secret "field" "redis-password" -}} + {{- $requiredPasswords = append $requiredPasswords $requiredRedisPassword -}} + {{- end -}} + + {{- include "common.validations.values.multiple.empty" (dict "required" $requiredPasswords "context" .context) -}} + {{- end -}} +{{- end -}} + +{{/* +Redis Auxiliary function to get the right value for existingSecret. + +Usage: +{{ include "common.redis.values.existingSecret" (dict "context" $) }} +Params: + - subchart - Boolean - Optional. Whether Redis(TM) is used as subchart or not. Default: false +*/}} +{{- define "common.redis.values.existingSecret" -}} + {{- if .subchart -}} + {{- .context.Values.redis.existingSecret | quote -}} + {{- else -}} + {{- .context.Values.existingSecret | quote -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for enabled redis. + +Usage: +{{ include "common.redis.values.enabled" (dict "context" $) }} +*/}} +{{- define "common.redis.values.enabled" -}} + {{- if .subchart -}} + {{- printf "%v" .context.Values.redis.enabled -}} + {{- else -}} + {{- printf "%v" (not .context.Values.enabled) -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right prefix path for the values + +Usage: +{{ include "common.redis.values.key.prefix" (dict "subchart" "true" "context" $) }} +Params: + - subchart - Boolean - Optional. Whether redis is used as subchart or not. Default: false +*/}} +{{- define "common.redis.values.keys.prefix" -}} + {{- if .subchart -}}redis.{{- else -}}{{- end -}} +{{- end -}} diff --git a/gitea/charts/memcached/charts/common/templates/validations/_validations.tpl b/gitea/charts/memcached/charts/common/templates/validations/_validations.tpl new file mode 100644 index 0000000..9a814cf --- /dev/null +++ b/gitea/charts/memcached/charts/common/templates/validations/_validations.tpl @@ -0,0 +1,46 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Validate values must not be empty. + +Usage: +{{- $validateValueConf00 := (dict "valueKey" "path.to.value" "secret" "secretName" "field" "password-00") -}} +{{- $validateValueConf01 := (dict "valueKey" "path.to.value" "secret" "secretName" "field" "password-01") -}} +{{ include "common.validations.values.empty" (dict "required" (list $validateValueConf00 $validateValueConf01) "context" $) }} + +Validate value params: + - valueKey - String - Required. The path to the validating value in the values.yaml, e.g: "mysql.password" + - secret - String - Optional. Name of the secret where the validating value is generated/stored, e.g: "mysql-passwords-secret" + - field - String - Optional. Name of the field in the secret data, e.g: "mysql-password" +*/}} +{{- define "common.validations.values.multiple.empty" -}} + {{- range .required -}} + {{- include "common.validations.values.single.empty" (dict "valueKey" .valueKey "secret" .secret "field" .field "context" $.context) -}} + {{- end -}} +{{- end -}} + +{{/* +Validate a value must not be empty. + +Usage: +{{ include "common.validations.value.empty" (dict "valueKey" "mariadb.password" "secret" "secretName" "field" "my-password" "subchart" "subchart" "context" $) }} + +Validate value params: + - valueKey - String - Required. The path to the validating value in the values.yaml, e.g: "mysql.password" + - secret - String - Optional. Name of the secret where the validating value is generated/stored, e.g: "mysql-passwords-secret" + - field - String - Optional. Name of the field in the secret data, e.g: "mysql-password" + - subchart - String - Optional - Name of the subchart that the validated password is part of. +*/}} +{{- define "common.validations.values.single.empty" -}} + {{- $value := include "common.utils.getValueFromKey" (dict "key" .valueKey "context" .context) }} + {{- $subchart := ternary "" (printf "%s." .subchart) (empty .subchart) }} + + {{- if not $value -}} + {{- $varname := "my-value" -}} + {{- $getCurrentValue := "" -}} + {{- if and .secret .field -}} + {{- $varname = include "common.utils.fieldToEnvVar" . -}} + {{- $getCurrentValue = printf " To get the current value:\n\n %s\n" (include "common.utils.secret.getvalue" .) -}} + {{- end -}} + {{- printf "\n '%s' must not be empty, please add '--set %s%s=$%s' to the command.%s" .valueKey $subchart .valueKey $varname $getCurrentValue -}} + {{- end -}} +{{- end -}} diff --git a/gitea/charts/memcached/charts/common/values.yaml b/gitea/charts/memcached/charts/common/values.yaml new file mode 100644 index 0000000..9ecdc93 --- /dev/null +++ b/gitea/charts/memcached/charts/common/values.yaml @@ -0,0 +1,3 @@ +## bitnami/common +## It is required by CI/CD tools and processes. +exampleValue: common-chart diff --git a/gitea/charts/memcached/ci/values-production.yaml b/gitea/charts/memcached/ci/values-production.yaml new file mode 100644 index 0000000..01c4457 --- /dev/null +++ b/gitea/charts/memcached/ci/values-production.yaml @@ -0,0 +1,5 @@ +# Test values file for generating all of the yaml and check that +# the rendering is correct + +metrics: + enabled: true diff --git a/gitea/charts/memcached/templates/NOTES.txt b/gitea/charts/memcached/templates/NOTES.txt new file mode 100644 index 0000000..0f52289 --- /dev/null +++ b/gitea/charts/memcached/templates/NOTES.txt @@ -0,0 +1,28 @@ + +** Please be patient while the chart is being deployed ** + +{{- if eq .Values.architecture "standalone" }} +Memcached can be accessed on port 11211 on the following DNS name from within your cluster: {{ template "common.names.fullname" . }}.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }} +{{- else if eq .Values.architecture "high-availability" }} +Memcached endpoints are exposed on the headless service named: {{ template "common.names.fullname" . }}. +Please see https://github.com/memcached/memcached/wiki/ConfiguringClient to understand the Memcached model and need for client-based consistent hashing. +You might also want to consider more advanced routing/replication approaches with mcrouter: https://github.com/facebook/mcrouter/wiki/Replicated-pools-setup +{{- end }} + +{{- if and (contains "bitnami/" .Values.image.repository) (not (.Values.image.tag | toString | regexFind "-r\\d+$|sha256:")) }} + +WARNING: Rolling tag detected ({{ .Values.image.repository }}:{{ .Values.image.tag }}), please note that it is strongly recommended to avoid using rolling tags in a production environment. ++info https://docs.bitnami.com/containers/how-to/understand-rolling-tags-containers/ + +{{- end }} +{{- if .Values.metrics.enabled }} + +To access the Memcached Prometheus metrics from outside the cluster execute the following commands: + + kubectl port-forward --namespace {{ .Release.Namespace }} svc/{{ template "common.names.fullname" . }}-metrics {{ .Values.metrics.service.port }}:{{ .Values.metrics.service.port }} & + curl http://127.0.0.1:{{ .Values.metrics.service.port }}/metrics + +{{- end }} + +{{- include "memcached.validateValues" . }} +{{- include "memcached.checkRollingTags" . }} diff --git a/gitea/charts/memcached/templates/_helpers.tpl b/gitea/charts/memcached/templates/_helpers.tpl new file mode 100644 index 0000000..8e8e758 --- /dev/null +++ b/gitea/charts/memcached/templates/_helpers.tpl @@ -0,0 +1,95 @@ +{{/* vim: set filetype=mustache: */}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "memcached.fullname" -}} +{{- include "common.names.fullname" . -}} +{{- end -}} + +{{/* +Return the proper Memcached image name +*/}} +{{- define "memcached.image" -}} +{{ include "common.images.image" (dict "imageRoot" .Values.image "global" .Values.global) }} +{{- end -}} + +{{/* +Return the proper image name (for the metrics image) +*/}} +{{- define "memcached.metrics.image" -}} +{{ include "common.images.image" (dict "imageRoot" .Values.metrics.image "global" .Values.global) }} +{{- end -}} + +{{/* +Return the proper Docker Image Registry Secret Names +*/}} +{{- define "memcached.imagePullSecrets" -}} +{{- include "common.images.pullSecrets" (dict "images" (list .Values.image .Values.metrics.image) "global" .Values.global) -}} +{{- end -}} + +{{/* +Check if there are rolling tags in the images +*/}} +{{- define "memcached.checkRollingTags" -}} +{{- include "common.warnings.rollingTag" .Values.image }} +{{- include "common.warnings.rollingTag" .Values.metrics.image }} +{{- end -}} + +{{/* +Compile all warnings into a single message, and call fail. +*/}} +{{- define "memcached.validateValues" -}} +{{- $messages := list -}} +{{- $messages := append $messages (include "memcached.validateValues.architecture" .) -}} +{{- $messages := append $messages (include "memcached.validateValues.replicaCount" .) -}} +{{- $messages := append $messages (include "memcached.validateValues.readOnlyRootFilesystem" .) -}} +{{- $messages := without $messages "" -}} +{{- $message := join "\n" $messages -}} + +{{- if $message -}} +{{- printf "\nVALUES VALIDATION:\n%s" $message | fail -}} +{{- end -}} +{{- end -}} + +{{/* Validate values of Memcached - must provide a valid architecture */}} +{{- define "memcached.validateValues.architecture" -}} +{{- if and (ne .Values.architecture "standalone") (ne .Values.architecture "high-availability") -}} +memcached: architecture + Invalid architecture selected. Valid values are "standalone" and + "high-availability". Please set a valid architecture (--set architecture="xxxx") +{{- end -}} +{{- end -}} + +{{/* Validate values of Memcached - number of replicas */}} +{{- define "memcached.validateValues.replicaCount" -}} +{{- $replicaCount := int .Values.replicaCount }} +{{- if and (eq .Values.architecture "standalone") (gt $replicaCount 1) -}} +memcached: replicaCount + The standalone architecture doesn't allow to run more than 1 replica. + Please set a valid number of replicas (--set memcached.replicaCount=1) or + use the "high-availability" architecture (--set architecture="high-availability") +{{- end -}} +{{- end -}} + +{{/* Validate values of Memcached - securityContext.readOnlyRootFilesystem */}} +{{- define "memcached.validateValues.readOnlyRootFilesystem" -}} +{{- if and .Values.securityContext.enabled .Values.securityContext.readOnlyRootFilesystem (not (empty .Values.memcachedPassword)) -}} +memcached: securityContext.readOnlyRootFilesystem + Enabling authentication is not compatible with using a read-only filesystem. + Please disable it (--set securityContext.readOnlyRootFilesystem=false) +{{- end -}} +{{- end -}} + +{{/* + Create the name of the service account to use + */}} +{{- define "memcached.serviceAccountName" -}} +{{- if .Values.serviceAccount.create -}} + {{ default (include "memcached.fullname" .) .Values.serviceAccount.name }} +{{- else -}} + {{ default "default" .Values.serviceAccount.name }} +{{- end -}} +{{- end -}} diff --git a/gitea/charts/memcached/templates/deployment.yaml b/gitea/charts/memcached/templates/deployment.yaml new file mode 100644 index 0000000..79a7291 --- /dev/null +++ b/gitea/charts/memcached/templates/deployment.yaml @@ -0,0 +1,139 @@ +{{- if eq .Values.architecture "standalone" }} +apiVersion: {{ include "common.capabilities.deployment.apiVersion" . }} +kind: Deployment +metadata: + name: {{ template "common.names.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + selector: + matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }} + replicas: {{ .Values.replicaCount }} + template: + metadata: + labels: {{- include "common.labels.standard" . | nindent 8 }} + {{- if .Values.podLabels }} + {{- include "common.tplvalues.render" (dict "value" .Values.podLabels "context" $) | nindent 8 }} + {{- end }} + {{- if or .Values.podAnnotations (and .Values.metrics.enabled .Values.metrics.podAnnotations) }} + annotations: + {{- if .Values.podAnnotations }} + {{- include "common.tplvalues.render" (dict "value" .Values.podAnnotations "context" $) | nindent 8 }} + {{- end }} + {{- if and .Values.metrics.enabled .Values.metrics.podAnnotations }} + {{- include "common.tplvalues.render" (dict "value" .Values.metrics.podAnnotations "context" $) | nindent 8 }} + {{- end }} + {{- end }} + spec: + {{- include "memcached.imagePullSecrets" . | nindent 6 }} + {{- if .Values.hostAliases }} + hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.hostAliases "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.affinity }} + affinity: {{- include "common.tplvalues.render" ( dict "value" .Values.affinity "context" $) | nindent 8 }} + {{- else }} + affinity: + podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.podAffinityPreset "context" $) | nindent 10 }} + podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.podAntiAffinityPreset "context" $) | nindent 10 }} + nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.nodeAffinityPreset.type "key" .Values.nodeAffinityPreset.key "values" .Values.nodeAffinityPreset.values) | nindent 10 }} + {{- end }} + {{- if .Values.nodeSelector }} + nodeSelector: {{- include "common.tplvalues.render" ( dict "value" .Values.nodeSelector "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.tolerations }} + tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.tolerations "context" .) | nindent 8 }} + {{- end }} + {{- if .Values.priorityClassName }} + priorityClassName: {{ .Values.priorityClassName | quote }} + {{- end }} + {{- if .Values.securityContext.enabled }} + securityContext: + fsGroup: {{ .Values.securityContext.fsGroup }} + runAsUser: {{ .Values.securityContext.runAsUser }} + {{- end }} + serviceAccountName: {{ template "memcached.serviceAccountName" . }} + containers: + - name: memcached + image: {{ template "memcached.image" . }} + imagePullPolicy: {{ .Values.image.pullPolicy | quote }} + {{- if .Values.command }} + command: {{- include "common.tplvalues.render" (dict "value" .Values.command "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.arguments }} + args: {{- include "common.tplvalues.render" (dict "value" .Values.arguments "context" $) | nindent 12 }} + {{- end }} + env: + - name: BITNAMI_DEBUG + value: {{ ternary "true" "false" .Values.image.debug | quote }} + {{- if .Values.memcachedUsername }} + - name: MEMCACHED_USERNAME + value: {{ .Values.memcachedUsername | quote }} + {{- end }} + {{- if .Values.memcachedPassword }} + - name: MEMCACHED_PASSWORD + valueFrom: + secretKeyRef: + name: {{ template "common.names.fullname" . }} + key: memcached-password + {{- end }} + {{- if .Values.extraEnv }} + {{- toYaml .Values.extraEnv | nindent 12 }} + {{- end }} + ports: + - name: {{ .Values.portName }} + containerPort: 11211 + livenessProbe: + tcpSocket: + port: memcache + initialDelaySeconds: 30 + timeoutSeconds: 5 + failureThreshold: 6 + readinessProbe: + tcpSocket: + port: memcache + initialDelaySeconds: 5 + timeoutSeconds: 3 + periodSeconds: 5 + {{- if .Values.resources }} + resources: {{- toYaml .Values.resources | nindent 12 }} + {{- end }} + volumeMounts: + - name: tmp + mountPath: /tmp + {{- if .Values.securityContext.enabled }} + securityContext: + readOnlyRootFilesystem: {{ .Values.securityContext.readOnlyRootFilesystem }} + {{- end }} + {{- if .Values.metrics.enabled }} + - name: metrics + image: {{ template "memcached.metrics.image" . }} + imagePullPolicy: {{ .Values.metrics.image.pullPolicy | quote }} + ports: + - name: {{ .Values.metrics.portName }} + containerPort: 9150 + livenessProbe: + httpGet: + path: /metrics + port: metrics + initialDelaySeconds: 15 + timeoutSeconds: 5 + readinessProbe: + httpGet: + path: /metrics + port: metrics + initialDelaySeconds: 5 + timeoutSeconds: 1 + {{- if .Values.metrics.resources }} + resources: {{- toYaml .Values.metrics.resources | nindent 12 }} + {{- end }} + {{- end }} + volumes: + - name: tmp + emptyDir: {} +{{- end }} diff --git a/gitea/charts/memcached/templates/extra-list.yaml b/gitea/charts/memcached/templates/extra-list.yaml new file mode 100644 index 0000000..9ac65f9 --- /dev/null +++ b/gitea/charts/memcached/templates/extra-list.yaml @@ -0,0 +1,4 @@ +{{- range .Values.extraDeploy }} +--- +{{ include "common.tplvalues.render" (dict "value" . "context" $) }} +{{- end }} diff --git a/gitea/charts/memcached/templates/secrets.yaml b/gitea/charts/memcached/templates/secrets.yaml new file mode 100644 index 0000000..e398b39 --- /dev/null +++ b/gitea/charts/memcached/templates/secrets.yaml @@ -0,0 +1,17 @@ +{{- if .Values.memcachedPassword }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ template "common.names.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +type: Opaque +data: + memcached-password: {{ .Values.memcachedPassword | b64enc | quote }} +{{- end }} diff --git a/gitea/charts/memcached/templates/service.yaml b/gitea/charts/memcached/templates/service.yaml new file mode 100644 index 0000000..4c2cfef --- /dev/null +++ b/gitea/charts/memcached/templates/service.yaml @@ -0,0 +1,34 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ template "common.names.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + annotations: + {{- if .Values.commonAnnotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.service.annotations }} + {{- include "common.tplvalues.render" (dict "value" .Values.service.annotations "context" $) | nindent 4 }} + {{- end }} +spec: + type: {{ .Values.service.type }} + {{- if and (eq .Values.architecture "high-availability") (eq .Values.service.type "ClusterIP") }} + clusterIP: None + {{- end }} + {{- if and (not (empty .Values.service.loadBalancerIP)) (eq .Values.service.type "LoadBalancer") }} + loadBalancerIP: {{ .Values.service.loadBalancerIP }} + {{- end }} + ports: + - name: memcache + port: {{ .Values.service.port }} + targetPort: memcache + {{- if and (or (eq .Values.service.type "NodePort") (eq .Values.service.type "LoadBalancer")) (not (empty .Values.service.nodePort)) }} + nodePort: {{ .Values.service.nodePort }} + {{- else if eq .Values.service.type "ClusterIP" }} + nodePort: null + {{- end }} + selector: {{- include "common.labels.matchLabels" . | nindent 4 }} diff --git a/gitea/charts/memcached/templates/serviceaccount.yaml b/gitea/charts/memcached/templates/serviceaccount.yaml new file mode 100644 index 0000000..f326fcd --- /dev/null +++ b/gitea/charts/memcached/templates/serviceaccount.yaml @@ -0,0 +1,15 @@ +{{- if .Values.serviceAccount.create }} +apiVersion: v1 +kind: ServiceAccount +automountServiceAccountToken: {{ .Values.serviceAccount.automountServiceAccountToken }} +metadata: + name: {{ template "memcached.serviceAccountName" . }} + namespace: {{ .Release.Namespace }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +{{- end }} diff --git a/gitea/charts/memcached/templates/servicemonitor.yaml b/gitea/charts/memcached/templates/servicemonitor.yaml new file mode 100644 index 0000000..057a896 --- /dev/null +++ b/gitea/charts/memcached/templates/servicemonitor.yaml @@ -0,0 +1,37 @@ +{{- if and .Values.metrics.enabled .Values.metrics.serviceMonitor.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ template "common.names.fullname" . }} + {{- if .Values.metrics.serviceMonitor.namespace }} + namespace: {{ .Values.metrics.serviceMonitor.namespace }} + {{- else }} + namespace: {{ .Release.Namespace }} + {{- end }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- range $key, $value := .Values.metrics.serviceMonitor.selector }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + annotations: + {{- end }} +spec: + selector: + matchLabels: {{ include "common.labels.matchLabels" . | nindent 6 }} + app.kubernetes.io/component: metrics + endpoints: + - port: metrics + path: /metrics + {{- if .Values.metrics.serviceMonitor.interval }} + interval: {{ .Values.metrics.serviceMonitor.interval }} + {{- end }} + {{- if .Values.metrics.serviceMonitor.scrapeTimeout }} + scrapeTimeout: {{ .Values.metrics.serviceMonitor.scrapeTimeout }} + {{- end }} + namespaceSelector: + matchNames: + - {{ .Release.Namespace }} +{{- end }} diff --git a/gitea/charts/memcached/templates/statefulset.yaml b/gitea/charts/memcached/templates/statefulset.yaml new file mode 100644 index 0000000..7acab7f --- /dev/null +++ b/gitea/charts/memcached/templates/statefulset.yaml @@ -0,0 +1,172 @@ +{{- if eq .Values.architecture "high-availability" }} +apiVersion: {{ include "common.capabilities.statefulset.apiVersion" . }} +kind: StatefulSet +metadata: + name: {{ template "common.names.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + selector: + matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }} + replicas: {{ .Values.replicaCount }} + serviceName: {{ template "common.names.fullname" . }} + template: + metadata: + labels: {{- include "common.labels.standard" . | nindent 8 }} + {{- if .Values.podLabels }} + {{- include "common.tplvalues.render" (dict "value" .Values.podLabels "context" $) | nindent 8 }} + {{- end }} + {{- if or .Values.podAnnotations (and .Values.metrics.enabled .Values.metrics.podAnnotations) }} + annotations: + {{- if .Values.podAnnotations }} + {{- include "common.tplvalues.render" (dict "value" .Values.podAnnotations "context" $) | nindent 8 }} + {{- end }} + {{- if and .Values.metrics.enabled .Values.metrics.podAnnotations }} + {{- include "common.tplvalues.render" (dict "value" .Values.metrics.podAnnotations "context" $) | nindent 8 }} + {{- end }} + {{- end }} + spec: + {{- include "memcached.imagePullSecrets" . | nindent 6 }} + {{- if .Values.hostAliases }} + hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.hostAliases "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.affinity }} + affinity: {{- include "common.tplvalues.render" ( dict "value" .Values.affinity "context" $) | nindent 8 }} + {{- else }} + affinity: + podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.podAffinityPreset "context" $) | nindent 10 }} + podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.podAntiAffinityPreset "context" $) | nindent 10 }} + nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.nodeAffinityPreset.type "key" .Values.nodeAffinityPreset.key "values" .Values.nodeAffinityPreset.values) | nindent 10 }} + {{- end }} + {{- if .Values.nodeSelector }} + nodeSelector: {{- include "common.tplvalues.render" ( dict "value" .Values.nodeSelector "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.tolerations }} + tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.tolerations "context" .) | nindent 8 }} + {{- end }} + {{- if .Values.priorityClassName }} + priorityClassName: {{ .Values.priorityClassName | quote }} + {{- end }} + {{- if .Values.securityContext.enabled }} + securityContext: + fsGroup: {{ .Values.securityContext.fsGroup }} + runAsUser: {{ .Values.securityContext.runAsUser }} + {{- end }} + containers: + - name: memcached + {{- if .Values.persistence.enabled }} + lifecycle: + preStop: + exec: + command: ["/bin/sh", "-c", "/usr/bin/pkill -10 memcached ; sleep 60s"] + {{- end }} + image: {{ template "memcached.image" . }} + imagePullPolicy: {{ .Values.image.pullPolicy | quote }} + {{- if .Values.command }} + command: {{- include "common.tplvalues.render" (dict "value" .Values.command "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.arguments }} + args: {{- include "common.tplvalues.render" (dict "value" .Values.arguments "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.persistence.enabled }} + - -e/cache-state/memory_file + {{- end }} + {{- if or .Values.extraEnv .Values.memcachedUsername .Values.memcachedPassword }} + env: + {{- if .Values.memcachedUsername }} + - name: MEMCACHED_USERNAME + value: {{ .Values.memcachedUsername | quote }} + {{- end }} + {{- if .Values.memcachedPassword }} + - name: MEMCACHED_PASSWORD + valueFrom: + secretKeyRef: + name: {{ template "common.names.fullname" . }} + key: memcached-password + {{- end }} + {{- if .Values.extraEnv }} + {{- toYaml .Values.extraEnv | nindent 12 }} + {{- end }} + {{- end }} + ports: + - name: {{ .Values.portName }} + containerPort: 11211 + livenessProbe: + tcpSocket: + port: memcache + initialDelaySeconds: 30 + timeoutSeconds: 5 + failureThreshold: 6 + readinessProbe: + tcpSocket: + port: memcache + initialDelaySeconds: 5 + timeoutSeconds: 3 + periodSeconds: 5 + {{- if .Values.resources }} + resources: {{- toYaml .Values.resources | nindent 12 }} + {{- end }} + {{- if .Values.securityContext.enabled }} + securityContext: + readOnlyRootFilesystem: {{ .Values.securityContext.readOnlyRootFilesystem }} + {{- end }} + volumeMounts: + {{- if .Values.persistence.enabled }} + - name: data + mountPath: /cache-state + {{- end }} + - name: tmp + mountPath: /tmp + {{- if .Values.metrics.enabled }} + - name: metrics + image: {{ template "memcached.metrics.image" . }} + imagePullPolicy: {{ .Values.metrics.image.pullPolicy | quote }} + ports: + - name: {{ .Values.metrics.portName }} + containerPort: 9150 + livenessProbe: + httpGet: + path: /metrics + port: metrics + initialDelaySeconds: 15 + timeoutSeconds: 5 + readinessProbe: + httpGet: + path: /metrics + port: metrics + initialDelaySeconds: 5 + timeoutSeconds: 1 + {{- if .Values.metrics.resources }} + resources: {{- toYaml .Values.metrics.resources | nindent 12 }} + {{- end }} + {{- end }} + volumes: + - name: tmp + emptyDir: {} +{{- if .Values.persistence.enabled }} + volumeClaimTemplates: + - metadata: + name: data + {{- with .Values.persistence.annotations }} + annotations: + {{- range $key, $value := . }} + {{ $key }}: {{ $value }} + {{- end }} + {{- end }} + spec: + accessModes: + {{- range .Values.persistence.accessModes }} + - {{ . | quote }} + {{- end }} + resources: + requests: + storage: {{ .Values.persistence.size | quote }} + {{- include "common.storage.class" (dict "persistence" .Values.persistence "global" .Values.global) | nindent 8 }} +{{- end }} +{{- end }} diff --git a/gitea/charts/memcached/templates/svc-metrics.yaml b/gitea/charts/memcached/templates/svc-metrics.yaml new file mode 100644 index 0000000..f3d2b87 --- /dev/null +++ b/gitea/charts/memcached/templates/svc-metrics.yaml @@ -0,0 +1,26 @@ +{{- if .Values.metrics.enabled }} +apiVersion: v1 +kind: Service +metadata: + name: {{ template "common.names.fullname" . }}-metrics + namespace: {{ .Release.Namespace }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + app.kubernetes.io/component: metrics + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + annotations: + {{- if .Values.commonAnnotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.metrics.service.annotations }} + {{- include "common.tplvalues.render" (dict "value" .Values.metrics.service.annotations "context" $) | nindent 4 }} + {{- end }} +spec: + type: {{ .Values.metrics.service.type }} + ports: + - name: metrics + port: {{ .Values.metrics.service.port }} + targetPort: metrics + selector: {{- include "common.labels.matchLabels" . | nindent 4 }} +{{- end }} diff --git a/gitea/charts/memcached/values.yaml b/gitea/charts/memcached/values.yaml new file mode 100644 index 0000000..38827c9 --- /dev/null +++ b/gitea/charts/memcached/values.yaml @@ -0,0 +1,326 @@ +## Global Docker image parameters +## Please, note that this will override the image parameters, including dependencies, configured to use the global value +## Current available global Docker image parameters: imageRegistry and imagePullSecrets +## +# global: +# imageRegistry: myRegistryName +# imagePullSecrets: +# - myRegistryKeySecretName +# storageClass: myStorageClass + +## Bitnami Memcached image version +## ref: https://hub.docker.com/r/bitnami/memcached/tags/ +## +image: + registry: docker.io + repository: bitnami/memcached + tag: 1.6.9-debian-10-r114 + ## Specify a imagePullPolicy + ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' + ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images + ## + pullPolicy: IfNotPresent + ## Optionally specify an array of imagePullSecrets. + ## Secrets must be manually created in the namespace. + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ + ## + # pullSecrets: + # - myRegistryKeySecretName + + ## Set to true if you would like to see extra information on logs + ## + debug: false + +## String to partially override common.names.fullname template (will maintain the release name) +## +# nameOverride: + +## String to fully override common.names.fullname template +## +# fullnameOverride: + +## Add labels to all the deployed resources +## +commonLabels: {} + +## Add annotations to all the deployed resources +## +commonAnnotations: {} + +## Kubernetes Cluster Domain +## +clusterDomain: cluster.local + +## Extra objects to deploy (value evaluated as a template) +## +extraDeploy: [] + +## Memcached architecture. Allowed values: standalone or high-availability +## +architecture: standalone + +## Deployment pod host aliases +## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/ +## +hostAliases: [] + +## Memcached admin user +## ref: https://github.com/bitnami/bitnami-docker-memcached#creating-the-memcached-admin-user +## +# memcachedUsername: + +## Memcached admin password +## ref: https://github.com/bitnami/bitnami-docker-memcached#creating-the-memcached-admin-user +## +# memcachedPassword: + +## Number of containers to run +## +replicaCount: 1 + +## Command and args for running the container (set to default if not set). Use array form +## +command: [] +arguments: + - /run.sh + # - -m + # - -I + # - -vv + +## Extra environment vars to pass. +## ref: https://github.com/bitnami/bitnami-docker-memcached#configuration +## +extraEnv: [] + +## Service parameters +## +## +service: + ## Service type + ## + type: ClusterIP + ## Memcached port + ## + port: 11211 + ## Specify the nodePort value for the LoadBalancer and NodePort service types. + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport + ## + nodePort: "" + ## Set the LoadBalancer service type to internal only. + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer + ## + # loadBalancerIP: + ## Annotations for the Memcached service + ## + annotations: {} + +## Memcached containers' resource requests and limits +## ref: http://kubernetes.io/docs/user-guide/compute-resources/ +## +resources: + # We usually recommend not to specify default resources and to leave this as a conscious + # choice for the user. This also increases chances charts run on environments with little + # resources, such as Minikube. If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + limits: {} + # cpu: 100m + # memory: 128Mi + requests: + memory: 256Mi + cpu: 250m + +## If you want to override the port name (can be usefull when using a service mesh) +## ref for istio: https://istio.io/latest/docs/ops/configuration/traffic-management/protocol-selection/ +## +portName: memcache + +## Pod Security Context +## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ +## +securityContext: + enabled: true + fsGroup: 1001 + runAsUser: 1001 + readOnlyRootFilesystem: false + +## Pod extra labels +## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ +## +podLabels: {} + +## Pod annotations +## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ +## +podAnnotations: {} + +## Pod affinity preset +## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity +## Allowed values: soft, hard +## +podAffinityPreset: "" + +## Pod anti-affinity preset +## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity +## Allowed values: soft, hard +## +podAntiAffinityPreset: soft + +## Node affinity preset +## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity +## Allowed values: soft, hard +## +nodeAffinityPreset: + ## Node affinity type + ## Allowed values: soft, hard + ## + type: "" + ## Node label key to match + ## E.g. + ## key: "kubernetes.io/e2e-az-name" + ## + key: "" + ## Node label values to match + ## E.g. + ## values: + ## - e2e-az1 + ## - e2e-az2 + ## + values: [] + +## Affinity for pod assignment. Evaluated as a template. +## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity +## Note: podAffinityPreset, podAntiAffinityPreset, and nodeAffinityPreset will be ignored when it's set +## +affinity: {} + +## Node labels for pod assignment. Evaluated as a template. +## ref: https://kubernetes.io/docs/user-guide/node-selection/ +## +nodeSelector: {} + +## Tolerations for pod assignment. Evaluated as a template. +## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ +## +tolerations: [] + +## Pod priority +## ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/ +## +# priorityClassName: "" + +## memcached pods ServiceAccount +## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ +## +serviceAccount: + ## Specifies whether a ServiceAccount should be created + ## + create: true + ## The name of the ServiceAccount to use. + ## If not set and create is true, a name is generated using the memcached.serviceAccountName template + ## + # name: + ## Enable/disable auto mounting of the service account token + ## + automountServiceAccountToken: true + +## Persistence - used for dumping and restoring states between recreations +## Ref: https://github.com/memcached/memcached/wiki/WarmRestart +## +persistence: + enabled: false + ## Persistent Volume Storage Class + ## If defined, storageClassName: + ## If set to "-", storageClassName: "", which disables dynamic provisioning + ## If undefined (the default) or set to null, no storageClassName spec is + ## set, choosing the default provisioner. (gp2 on AWS, standard on + ## GKE, AWS & OpenStack) + ## + # storageClass: "-" + ## Persistent Volume Claim annotations + ## + annotations: {} + ## Persistent Volume Access Mode + ## + accessModes: + - ReadWriteOnce + ## Persistent Volume size + ## + size: 8Gi + +## Prometheus Exporter / Metrics +## +metrics: + enabled: false + ## Bitnami Memcached Prometheus Exporter image + ## ref: https://hub.docker.com/r/bitnami/memcached-exporter/tags/ + ## + image: + registry: docker.io + repository: bitnami/memcached-exporter + tag: 0.8.0-debian-10-r105 + pullPolicy: IfNotPresent + ## Optionally specify an array of imagePullSecrets. + ## Secrets must be manually created in the namespace. + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ + ## + # pullSecrets: + # - myRegistryKeySecretName + ## Metrics exporter pod Annotation and Labels + ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ + ## + podAnnotations: + prometheus.io/scrape: "true" + prometheus.io/port: "9150" + ## If you want to override the port name (can be usefull when using a service mesh) + ## ref for istio: https://istio.io/latest/docs/ops/configuration/traffic-management/protocol-selection/ + ## + portName: metrics + ## Memcached Prometheus exporter resource requests and limits + ## ref: http://kubernetes.io/docs/user-guide/compute-resources/ + ## + resources: + # We usually recommend not to specify default resources and to leave this as a conscious + # choice for the user. This also increases chances charts run on environments with little + # resources, such as Minikube. If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + limits: {} + # cpu: 100m + # memory: 128Mi + requests: {} + # cpu: 100m + # memory: 128Mi + service: + ## Service type + ## + type: ClusterIP + ## Memcached Prometheus exporter port + ## + port: 9150 + ## Annotations for the Prometheus metrics service + ## + annotations: + prometheus.io/scrape: "true" + prometheus.io/port: "{{ .Values.metrics.service.port }}" + ## Prometheus Operator ServiceMonitor configuration + ## + serviceMonitor: + enabled: false + ## Namespace in which Prometheus is running + ## + # namespace: monitoring + + ## Interval at which metrics should be scraped. + ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint + ## + # interval: 10s + + ## Timeout after which the scrape is ended + ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint + ## + # scrapeTimeout: 10s + + ## ServiceMonitor selector labels + ## ref: https://github.com/bitnami/charts/tree/master/bitnami/prometheus-operator#prometheus-configuration + ## + # selector: + # prometheus: my-prometheus diff --git a/gitea/charts/mysql/.helmignore b/gitea/charts/mysql/.helmignore new file mode 100644 index 0000000..f0c1319 --- /dev/null +++ b/gitea/charts/mysql/.helmignore @@ -0,0 +1,21 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj diff --git a/gitea/charts/mysql/Chart.yaml b/gitea/charts/mysql/Chart.yaml new file mode 100644 index 0000000..0d8ebc7 --- /dev/null +++ b/gitea/charts/mysql/Chart.yaml @@ -0,0 +1,21 @@ +annotations: + category: Database +apiVersion: v1 +appVersion: 8.0.21 +description: Chart to create a Highly available MySQL cluster +home: https://github.com/bitnami/charts/tree/master/bitnami/mysql +icon: https://bitnami.com/assets/stacks/mysql/img/mysql-stack-220x234.png +keywords: +- mysql +- database +- sql +- cluster +- high availablity +maintainers: +- email: containers@bitnami.com + name: Bitnami +name: mysql +sources: +- https://github.com/bitnami/bitnami-docker-mysql +- https://mysql.com +version: 6.14.10 diff --git a/gitea/charts/mysql/README.md b/gitea/charts/mysql/README.md new file mode 100644 index 0000000..b01a63e --- /dev/null +++ b/gitea/charts/mysql/README.md @@ -0,0 +1,272 @@ +# MySQL + +[MySQL](https://mysql.com) is a fast, reliable, scalable, and easy to use open-source relational database system. MySQL Server is intended for mission-critical, heavy-load production systems as well as for embedding into mass-deployed software. + +## TL;DR + +```bash +$ helm repo add bitnami https://charts.bitnami.com/bitnami +$ helm install my-release bitnami/mysql +``` + +## Introduction + +This chart bootstraps a [MySQL](https://github.com/bitnami/bitnami-docker-mysql) replication cluster deployment on a [Kubernetes](http://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager. + +Bitnami charts can be used with [Kubeapps](https://kubeapps.com/) for deployment and management of Helm Charts in clusters. This Helm chart has been tested on top of [Bitnami Kubernetes Production Runtime](https://kubeprod.io/) (BKPR). Deploy BKPR to get automated TLS certificates, logging and monitoring for your applications. + +## Prerequisites + +- Kubernetes 1.12+ +- Helm 2.12+ or Helm 3.0-beta3+ +- PV provisioner support in the underlying infrastructure + +## Installing the Chart + +To install the chart with the release name `my-release`: + +```bash +$ helm repo add bitnami https://charts.bitnami.com/bitnami +$ helm install my-release bitnami/mysql +``` + +These commands deploy MySQL on the Kubernetes cluster in the default configuration. The [Parameters](#parameters) section lists the parameters that can be configured during installation. + +> **Tip**: List all releases using `helm list` + +## Uninstalling the Chart + +To uninstall/delete the `my-release` deployment: + +```bash +$ helm delete my-release +``` + +The command removes all the Kubernetes components associated with the chart and deletes the release. + +## Parameters + +The following tables lists the configurable parameters of the MySQL chart and their default values. + +| Parameter | Description | Default | | +|---------------------------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-------------------------------------------------------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| `global.imageRegistry` | Global Docker image registry | `nil` | | +| `global.imagePullSecrets` | Global Docker registry secret names as an array | `[]` (does not add image pull secrets to deployed pods) | | +| `global.storageClass` | Global storage class for dynamic provisioning | `nil` | | +| `image.registry` | MySQL image registry | `docker.io` | | +| `image.repository` | MySQL Image name | `bitnami/mysql` | | +| `image.tag` | MySQL Image tag | `{TAG_NAME}` | | +| `image.pullPolicy` | MySQL image pull policy | `IfNotPresent` | | +| `image.pullSecrets` | Specify docker-registry secret names as an array | `[]` (does not add image pull secrets to deployed pods) | | +| `image.debug` | Specify if debug logs should be enabled | `false` | | +| `nameOverride` | String to partially override mysql.fullname template with a string (will prepend the release name) | `nil` | | +| `fullnameOverride` | String to fully override mysql.fullname template with a string | `nil` | | +| `clusterDomain` | Kubernetes DNS Domain name to use | `cluster.local` | | +| `volumePermissions.enabled` | Enable init container that changes volume permissions in the data directory (for cases where the default k8s `runAsUser` and `fsUser` values do not work) | `false` | | +| `volumePermissions.image.registry` | Init container volume-permissions image registry | `docker.io` | | +| `volumePermissions.image.repository` | Init container volume-permissions image name | `bitnami/minideb` | | +| `volumePermissions.image.tag` | Init container volume-permissions image tag | `buster` | | +| `volumePermissions.image.pullPolicy` | Init container volume-permissions image pull policy | `Always` | | +| `volumePermissions.resources` | Init container resource requests/limit | `nil` | | +| `existingSecret` | Specify the name of an existing secret for password details (`root.password`, `db.password`, `replication.password` will be ignored and picked up from this secret). The secret has to contain the keys `mysql-root-password`, `mysql-replication-password` and `mysql-password`. | `nil` | | +| `root.password` | Password for the `root` user | _random 10 character alphanumeric string_ | | +| `root.forcePassword` | Force users to specify a password. That is required for 'helm upgrade' to work properly | `false` | | +| `root.injectSecretsAsVolume` | Mount admin user password as a file instead of using an environment variable | `false` | | +| `db.user` | Username of new user to create (should be different from replication.user) | `nil` | | +| `db.password` | Password for the new user | _random 10 character alphanumeric string if `db.user` is defined_ | | +| `db.name` | Name for new database to create | `my_database` | | +| `db.forcePassword` | Force users to specify a password. That is required for 'helm upgrade' to work properly | `false` | | +| `db.injectSecretsAsVolume` | Mount user password as a file instead of using an environment variable | `false` | | +| `replication.enabled` | MySQL replication enabled | `true` | | +| `replication.user` | MySQL replication user (should be different from db.user) | `replicator` | | +| `replication.password` | MySQL replication user password | _random 10 character alphanumeric string_ | | +| `replication.forcePassword` | Force users to specify a password. That is required for 'helm upgrade' to work properly | `false` | | +| `replication.injectSecretsAsVolume` | Mount user password as a file instead of using an environment variable | `false` | | +| `initdbScripts` | Dictionary of initdb scripts | `nil` | | +| `initdbScriptsConfigMap` | ConfigMap with the initdb scripts (Note: Overrides `initdbScripts`) | `nil` | | +| `serviceAccount.create` | Specifies whether a ServiceAccount should be created | `true` | | +| `serviceAccount.name` | If serviceAccount.create is enabled, what should the serviceAccount name be - otherwise defaults to the fullname | `nil` | | +| `master.config` | Config file for the MySQL Master server | `_default values in the values.yaml file_` | | +| `master.updateStrategy.type` | Master statefulset update strategy policy | `RollingUpdate` | | +| `master.podAnnotations` | Pod annotations for master nodes | `{}` | | +| `master.affinity` | Map of node/pod affinities for master nodes | `{}` (The value is evaluated as a template) | | +| `master.nodeSelector` | Node labels for pod assignment on master nodes | `{}` (The value is evaluated as a template) | | +| `master.tolerations` | Tolerations for pod assignment on master nodes | `[]` (The value is evaluated as a template) | | +| `master.securityContext.enabled` | Enable security context for master nodes | `true` | | +| `master.securityContext.fsGroup` | Group ID for the master nodes' containers | `1001` | | +| `master.securityContext.runAsUser` | User ID for the master nodes' containers | `1001` | | +| `master.containerSecurityContext` | Container security context for master nodes' containers | `{}` | | +| `master.resources` | CPU/Memory resource requests/limits for master nodes' containers | `{}` | | +| `master.livenessProbe.enabled` | Turn on and off liveness probe (master nodes) | `true` | | +| `master.livenessProbe.initialDelaySeconds` | Delay before liveness probe is initiated (master nodes) | `120` | | +| `master.livenessProbe.periodSeconds` | How often to perform the probe (master nodes) | `10` | | +| `master.livenessProbe.timeoutSeconds` | When the probe times out (master nodes) | `1` | | +| `master.livenessProbe.successThreshold` | Minimum consecutive successes for the probe (master nodes) | `1` | | +| `master.livenessProbe.failureThreshold` | Minimum consecutive failures for the probe (master nodes) | `3` | | +| `master.readinessProbe.enabled` | Turn on and off readiness probe (master nodes) | `true` | | +| `master.readinessProbe.initialDelaySeconds` | Delay before readiness probe is initiated (master nodes) | `30` | | +| `master.readinessProbe.periodSeconds` | How often to perform the probe (master nodes) | `10` | | +| `master.readinessProbe.timeoutSeconds` | When the probe times out (master nodes) | `1` | | +| `master.readinessProbe.successThreshold` | Minimum consecutive successes for the probe (master nodes) | `1` | | +| `master.readinessProbe.failureThreshold` | Minimum consecutive failures for the probe (master nodes) | `3` | | +| `master.extraEnvVars` | Array containing extra env vars to configure MySQL master replicas | `nil` | | +| `master.extraEnvVarsCM` | Configmap containing extra env vars to configure MySQL master replicas | `nil` | | +| `master.extraEnvVarsSecret` | Secret containing extra env vars to configure MySQL master replicas | `nil` | | +| `master.persistence.enabled` | Enable persistence using a `PersistentVolumeClaim` (master nodes) | `true` | | +| `master.persistence.mountPath` | Configure `PersistentVolumeClaim` mount path (master nodes) | `/bitnami/mysql` | | +| `master.persistence.annotations` | Persistent Volume Claim annotations (master nodes) | `{}` | | +| `master.persistence.storageClass` | Persistent Volume Storage Class (master nodes) | `` | | +| `master.persistence.accessModes` | Persistent Volume Access Modes (master nodes) | `[ReadWriteOnce]` | | +| `master.persistence.size` | Persistent Volume Size (master nodes) | `8Gi` | | +| `master.persistence.existingClaim` | Provide an existing `PersistentVolumeClaim` (master nodes) | `nil` | | +| `slave.replicas` | Desired number of slave replicas | `1` | | +| `slave.updateStrategy.type` | Slave statefulset update strategy policy | `RollingUpdate` | | +| `slave.podAnnotations` | Pod annotations for slave nodes | `{}` | | +| `slave.affinity` | Map of node/pod affinities for slave nodes | `{}` (The value is evaluated as a template) | | +| `slave.nodeSelector` | Node labels for pod assignment on slave nodes | `{}` (The value is evaluated as a template) | | +| `slave.tolerations` | Tolerations for pod assignment on slave nodes | `[]` (The value is evaluated as a template) | | +| `slave.extraEnvVars` | Array containing extra env vars to configure MySQL slave replicas | `nil` | | +| `slave.extraEnvVarsCM` | ConfigMap containing extra env vars to configure MySQL slave replicas | `nil` | | +| `slave.extraEnvVarsSecret` | Secret containing extra env vars to configure MySQL slave replicas | `nil` | | +| `slave.securityContext.enabled` | Enable security context for slave nodes | `true` | | +| `slave.securityContext.fsGroup` | Group ID for the slave nodes' containers | `1001` | | +| `slave.securityContext.runAsUser` | User ID for the slave nodes' containers | `1001` | | +| `slave.containerSecurityContext` | Container security context for slave nodes' containers | `{}` | | +| `slave.resources` | CPU/Memory resource requests/limits for slave nodes' containers | `{}` | | +| `slave.livenessProbe.enabled` | Turn on and off liveness probe (slave nodes) | `true` | | +| `slave.livenessProbe.initialDelaySeconds` | Delay before liveness probe is initiated (slave nodes) | `120` | | +| `slave.livenessProbe.periodSeconds` | How often to perform the probe (slave nodes) | `10` | | +| `slave.livenessProbe.timeoutSeconds` | When the probe times out (slave nodes) | `1` | | +| `slave.livenessProbe.successThreshold` | Minimum consecutive successes for the probe (slave nodes) | `1` | | +| `slave.livenessProbe.failureThreshold` | Minimum consecutive failures for the probe (slave nodes) | `3` | | +| `slave.readinessProbe.enabled` | Turn on and off readiness probe (slave nodes) | `true` | | +| `slave.readinessProbe.initialDelaySeconds` | Delay before readiness probe is initiated (slave nodes) | `30` | | +| `slave.readinessProbe.periodSeconds` | How often to perform the probe (slave nodes) | `10` | | +| `slave.readinessProbe.timeoutSeconds` | When the probe times out (slave nodes) | `1` | | +| `slave.readinessProbe.successThreshold` | Minimum consecutive successes for the probe (slave nodes) | `1` | | +| `slave.readinessProbe.failureThreshold` | Minimum consecutive failures for the probe (slave nodes) | `3` | | +| `slave.persistence.enabled` | Enable persistence using a `PersistentVolumeClaim` (slave nodes) | `true` | | +| `slave.persistence.mountPath` | Configure `PersistentVolumeClaim` mount path (slave nodes) | `/bitnami/mysql` | | +| `slave.persistence.annotations` | Persistent Volume Claim annotations (slave nodes) | `{}` | | +| `slave.persistence.storageClass` | Persistent Volume Storage Class (slave nodes) | `` | | +| `slave.persistence.accessModes` | Persistent Volume Access Modes (slave nodes) | `[ReadWriteOnce]` | | +| `slave.persistence.size` | Persistent Volume Size (slave nodes) | `8Gi` | | +| `slave.persistence.existingClaim` | Provide an existing `PersistentVolumeClaim` (slave nodes) | `nil` | | +| `service.type` | Kubernetes service type | `ClusterIP` | | +| `service.port` | MySQL service port | `3306` | | +| `service.nodePort.master` | Port to bind to for NodePort service type (master service) | `nil` | | +| `service.nodePort.slave` | Port to bind to for NodePort service type (slave service) | `nil` | | +| `service.loadBalancerIP.master` | Static IP Address to use for master LoadBalancer service type | `nil` | | +| `service.loadBalancerIP.slave` | Static IP Address to use for slaves LoadBalancer service type | `nil` | | +| `service.annotations` | Kubernetes service annotations | `{}` | | +| `metrics.enabled` | Start a side-car prometheus exporter | `false` | | +| `metrics.image` | Exporter image name | `bitnami/mysqld-exporter` | | +| `metrics.imageTag` | Exporter image tag | `{TAG_NAME}` | | +| `metrics.imagePullPolicy` | Exporter image pull policy | `IfNotPresent` | | +| `metrics.resources` | Exporter resource requests/limit | `nil` | | +| `metrics.service.type` | Kubernetes service type for MySQL Prometheus Exporter | `ClusterIP` | | +| `metrics.service.port` | MySQL Prometheus Exporter service port | `9104` | | +| `metrics.service.annotations` | Prometheus exporter svc annotations | `{prometheus.io/scrape: "true", prometheus.io/port: "9104"}` | | +| `metrics.serviceMonitor.enabled` | if `true`, creates a Prometheus Operator ServiceMonitor (also requires `metrics.enabled` to be `true`) | `false` | | +| `metrics.serviceMonitor.namespace` | Optional namespace which Prometheus is running in | `nil` | | +| `metrics.serviceMonitor.interval` | How frequently to scrape metrics (use by default, falling back to Prometheus' default) | `nil` | | +| `metrics.serviceMonitor.selector` | Default to kube-prometheus install (CoreOS recommended), but should be set according to Prometheus install | `nil` | The above parameters map to the env variables defined in [bitnami/mysql](http://github.com/bitnami/bitnami-docker-mysql). For more information please refer to the [bitnami/mysql](http://github.com/bitnami/bitnami-docker-mysql) image documentation. | + +Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example, + +```bash +$ helm install my-release \ + --set root.password=secretpassword,user.database=app_database \ + bitnami/mysql +``` + +The above command sets the MySQL `root` account password to `secretpassword`. Additionally it creates a database named `app_database`. + +Alternatively, a YAML file that specifies the values for the parameters can be provided while installing the chart. For example, + +```bash +$ helm install my-release -f values.yaml bitnami/mysql +``` + +> **Tip**: You can use the default [values.yaml](values.yaml) + +## Configuration and installation details + +### [Rolling VS Immutable tags](https://docs.bitnami.com/containers/how-to/understand-rolling-tags-containers/) + +It is strongly recommended to use immutable tags in a production environment. This ensures your deployment does not change automatically if the same tag is updated with a different image. + +Bitnami will release a new chart updating its containers if a new version of the main container, significant changes, or critical vulnerabilities exist. + +### Production configuration + +This chart includes a `values-production.yaml` file where you can find some parameters oriented to production configuration in comparison to the regular `values.yaml`. You can use this file instead of the default one. + +- Force users to specify a password: +```diff +- root.forcePassword: false ++ root.forcePassword: true + +- db.forcePassword: false ++ db.forcePassword: true + +- replication.forcePassword: false ++ replication.forcePassword: true +``` + +- Desired number of slave replicas: +```diff +- slave.replicas: 1 ++ slave.replicas: 2 +``` + +- Start a side-car prometheus exporter: +```diff +- metrics.enabled: false ++ metrics.enabled: true +``` + +### Change MySQL version + +To modify the MySQL version used in this chart you can specify a [valid image tag](https://hub.docker.com/r/bitnami/mysql/tags/) using the `image.tag` parameter. For example, `image.tag=X.Y.Z`. This approach is also applicable to other images like exporters. + +### Initialize a fresh instance + +The [Bitnami MySQL](https://github.com/bitnami/bitnami-docker-mysql) image allows you to use your custom scripts to initialize a fresh instance. In order to execute the scripts, they must be located inside the chart folder `files/docker-entrypoint-initdb.d` so they can be consumed as a ConfigMap. + +The allowed extensions are `.sh`, `.sql` and `.sql.gz`. + +## Persistence + +The [Bitnami MySQL](https://github.com/bitnami/bitnami-docker-mysql) image stores the MySQL data and configurations at the `/bitnami/mysql` path of the container. + +The chart mounts a [Persistent Volume](https://kubernetes.io/docs/user-guide/persistent-volumes/) volume at this location. The volume is created using dynamic volume provisioning by default. An existing PersistentVolumeClaim can be defined. + +### Adjust permissions of persistent volume mountpoint + +As the image run as non-root by default, it is necessary to adjust the ownership of the persistent volume so that the container can write data into it. + +By default, the chart is configured to use Kubernetes Security Context to automatically change the ownership of the volume. However, this feature does not work in all Kubernetes distributions. +As an alternative, this chart supports using an initContainer to change the ownership of the volume before mounting it in the final destination. + +You can enable this initContainer by setting `volumePermissions.enabled` to `true`. + +## Upgrading + +It's necessary to set the `root.password` parameter when upgrading for readiness/liveness probes to work properly. When you install this chart for the first time, some notes will be displayed providing the credentials you must use under the 'Administrator credentials' section. Please note down the password and run the command below to upgrade your chart: + +```bash +$ helm upgrade my-release bitnami/mysql --set root.password=[ROOT_PASSWORD] +``` + +| Note: you need to substitue the placeholder _[ROOT_PASSWORD]_ with the value obtained in the installation notes. + +### To 3.0.0 + +Backwards compatibility is not guaranteed unless you modify the labels used on the chart's deployments. +Use the workaround below to upgrade from versions previous to 3.0.0. The following example assumes that the release name is mysql: + +```console +$ kubectl delete statefulset mysql-master --cascade=false +$ kubectl delete statefulset mysql-slave --cascade=false +``` diff --git a/gitea/charts/mysql/ci/values-production.yaml b/gitea/charts/mysql/ci/values-production.yaml new file mode 100644 index 0000000..072fd06 --- /dev/null +++ b/gitea/charts/mysql/ci/values-production.yaml @@ -0,0 +1,29 @@ +# Test values file for generating all of the yaml and check that +# the rendering is correct + +volumePermissions: + enabled: true + +master: + extraEnvVars: + - name: TEST + value: "3" + + extraEnvVarsSecret: example-secret + extraEnvVarsCM: example-cm + +slave: + extraEnvVars: + - name: TEST + value: "2" + + extraEnvVarsSecret: example-secret-2 + extraEnvVarsCM: example-cm-2 + replicas: 2 + +metrics: + enabled: true + ## Kubeval doesn't recognise ServiceMonitor as a valid K8s object + # serviceMonitor: + # enabled: true + diff --git a/gitea/charts/mysql/files/docker-entrypoint-initdb.d/README.md b/gitea/charts/mysql/files/docker-entrypoint-initdb.d/README.md new file mode 100644 index 0000000..c7257d7 --- /dev/null +++ b/gitea/charts/mysql/files/docker-entrypoint-initdb.d/README.md @@ -0,0 +1,3 @@ +You can copy here your custom .sh, .sql or .sql.gz file so they are executed during the first boot of the image. + +More info in the [bitnami-docker-mysql](https://github.com/bitnami/bitnami-docker-mysql#initializing-a-new-instance) repository. \ No newline at end of file diff --git a/gitea/charts/mysql/templates/NOTES.txt b/gitea/charts/mysql/templates/NOTES.txt new file mode 100644 index 0000000..a45652d --- /dev/null +++ b/gitea/charts/mysql/templates/NOTES.txt @@ -0,0 +1,62 @@ + +Please be patient while the chart is being deployed + +Tip: + + Watch the deployment status using the command: kubectl get pods -w --namespace {{ .Release.Namespace }} + +Services: + + echo Master: {{ template "mysql.fullname" . }}.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }}:{{ .Values.service.port }} +{{- if .Values.replication.enabled }} + echo Slave: {{ template "mysql.slave.fullname" . }}.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }}:{{ .Values.service.port }} +{{- end }} + +Administrator credentials: + + echo Username: root + echo Password : $(kubectl get secret --namespace {{ .Release.Namespace }} {{ template "mysql.fullname" . }} -o jsonpath="{.data.mysql-root-password}" | base64 --decode) + +To connect to your database: + + 1. Run a pod that you can use as a client: + + kubectl run {{ template "mysql.fullname" . }}-client --rm --tty -i --restart='Never' --image {{ template "mysql.image" . }} --namespace {{ .Release.Namespace }} --command -- bash + + 2. To connect to master service (read/write): + + mysql -h {{ template "mysql.fullname" . }}.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }} -uroot -p {{ .Values.db.name }} + +{{- if .Values.replication.enabled }} + + 3. To connect to slave service (read-only): + + mysql -h {{ template "mysql.slave.fullname" . }}.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }} -uroot -p {{ .Values.db.name }} + +{{- end }} +{{- if .Values.metrics.enabled }} + +To access the MySQL Prometheus metrics from outside the cluster execute the following commands: + + kubectl port-forward --namespace {{ .Release.Namespace }} svc/{{ template "mysql.fullname" . }} {{ .Values.metrics.service.port }}:{{ .Values.metrics.service.port }} & + curl 127.0.0.1:{{ .Values.metrics.service.port }}/metrics + +{{- end }} + +To upgrade this helm chart: + + 1. Obtain the password as described on the 'Administrator credentials' section and set the 'root.password' parameter as shown below: + + ROOT_PASSWORD=$(kubectl get secret --namespace {{ .Release.Namespace }} {{ template "mysql.fullname" . }} -o jsonpath="{.data.mysql-root-password}" | base64 --decode) + helm upgrade {{ .Release.Name }} bitnami/mysql --set root.password=$ROOT_PASSWORD + +{{- if and (contains "bitnami/" .Values.image.repository) (not (.Values.image.tag | toString | regexFind "-r\\d+$|sha256:")) }} + +WARNING: Rolling tag detected ({{ .Values.image.repository }}:{{ .Values.image.tag }}), please note that it is strongly recommended to avoid using rolling tags in a production environment. ++info https://docs.bitnami.com/containers/how-to/understand-rolling-tags-containers/ + +{{- end }} + + +{{ include "mysql.validateValues" . }} +{{ include "mysql.checkRollingTags" . }} diff --git a/gitea/charts/mysql/templates/_helpers.tpl b/gitea/charts/mysql/templates/_helpers.tpl new file mode 100644 index 0000000..bc5933f --- /dev/null +++ b/gitea/charts/mysql/templates/_helpers.tpl @@ -0,0 +1,331 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "mysql.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +*/}} +{{- define "mysql.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{- define "mysql.master.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- printf "%s-%s" .Values.fullnameOverride "master" | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- printf "%s-%s" .Release.Name "master" | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s-%s" .Release.Name $name "master" | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{- define "mysql.slave.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- printf "%s-%s" .Values.fullnameOverride "slave" | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- printf "%s-%s" .Release.Name "slave" | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s-%s" .Release.Name $name "slave" | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{- define "mysql.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "mysql.labels" -}} +app: {{ include "mysql.name" . }} +chart: {{ include "mysql.chart" . }} +release: {{ .Release.Name }} +heritage: {{ .Release.Service }} +{{- end -}} + +{{/* +Labels to use on deploy.spec.selector.matchLabels and svc.spec.selector +*/}} +{{- define "mysql.matchLabels" -}} +app: {{ include "mysql.name" . }} +release: {{ .Release.Name }} +{{- end -}} + +{{/* +Return the proper MySQL image name +*/}} +{{- define "mysql.image" -}} +{{- $registryName := .Values.image.registry -}} +{{- $repositoryName := .Values.image.repository -}} +{{- $tag := .Values.image.tag | toString -}} +{{/* +Helm 2.11 supports the assignment of a value to a variable defined in a different scope, +but Helm 2.9 and 2.10 doesn't support it, so we need to implement this if-else logic. +Also, we can't use a single if because lazy evaluation is not an option +*/}} +{{- if .Values.global }} + {{- if .Values.global.imageRegistry }} + {{- printf "%s/%s:%s" .Values.global.imageRegistry $repositoryName $tag -}} + {{- else -}} + {{- printf "%s/%s:%s" $registryName $repositoryName $tag -}} + {{- end -}} +{{- else -}} + {{- printf "%s/%s:%s" $registryName $repositoryName $tag -}} +{{- end -}} +{{- end -}} + +{{ template "mysql.initdbScriptsCM" . }} +{{/* +Get the initialization scripts ConfigMap name. +*/}} +{{- define "mysql.initdbScriptsCM" -}} +{{- if .Values.initdbScriptsConfigMap -}} +{{- printf "%s" .Values.initdbScriptsConfigMap -}} +{{- else -}} +{{- printf "%s-init-scripts" (include "mysql.master.fullname" .) -}} +{{- end -}} +{{- end -}} + +{{/* +Return the proper MySQL metrics exporter image name +*/}} +{{- define "mysql.metrics.image" -}} +{{- $registryName := .Values.metrics.image.registry -}} +{{- $repositoryName := .Values.metrics.image.repository -}} +{{- $tag := .Values.metrics.image.tag | toString -}} +{{/* +Helm 2.11 supports the assignment of a value to a variable defined in a different scope, +but Helm 2.9 and 2.10 doesn't support it, so we need to implement this if-else logic. +Also, we can't use a single if because lazy evaluation is not an option +*/}} +{{- if .Values.global }} + {{- if .Values.global.imageRegistry }} + {{- printf "%s/%s:%s" .Values.global.imageRegistry $repositoryName $tag -}} + {{- else -}} + {{- printf "%s/%s:%s" $registryName $repositoryName $tag -}} + {{- end -}} +{{- else -}} + {{- printf "%s/%s:%s" $registryName $repositoryName $tag -}} +{{- end -}} +{{- end -}} + +{{/* +Return the proper Docker Image Registry Secret Names +*/}} +{{- define "mysql.imagePullSecrets" -}} +{{/* +Helm 2.11 supports the assignment of a value to a variable defined in a different scope, +but Helm 2.9 and 2.10 does not support it, so we need to implement this if-else logic. +Also, we can not use a single if because lazy evaluation is not an option +*/}} +{{- if .Values.global }} +{{- if .Values.global.imagePullSecrets }} +imagePullSecrets: +{{- range .Values.global.imagePullSecrets }} + - name: {{ . }} +{{- end }} +{{- else if or .Values.image.pullSecrets .Values.metrics.image.pullSecrets .Values.volumePermissions.image.pullSecrets }} +imagePullSecrets: +{{- range .Values.image.pullSecrets }} + - name: {{ . }} +{{- end }} +{{- range .Values.metrics.image.pullSecrets }} + - name: {{ . }} +{{- end }} +{{- range .Values.volumePermissions.image.pullSecrets }} + - name: {{ . }} +{{- end }} +{{- end -}} +{{- else if or .Values.image.pullSecrets .Values.metrics.image.pullSecrets .Values.volumePermissions.image.pullSecrets }} +imagePullSecrets: +{{- range .Values.image.pullSecrets }} + - name: {{ . }} +{{- end }} +{{- range .Values.metrics.image.pullSecrets }} + - name: {{ . }} +{{- end }} +{{- range .Values.volumePermissions.image.pullSecrets }} + - name: {{ . }} +{{- end }} +{{- end -}} +{{- end -}} + +{{/* +Return the proper image name (for the init container volume-permissions image) +*/}} +{{- define "mysql.volumePermissions.image" -}} +{{- $registryName := .Values.volumePermissions.image.registry -}} +{{- $repositoryName := .Values.volumePermissions.image.repository -}} +{{- $tag := .Values.volumePermissions.image.tag | toString -}} +{{/* +Helm 2.11 supports the assignment of a value to a variable defined in a different scope, +but Helm 2.9 and 2.10 doesn't support it, so we need to implement this if-else logic. +Also, we can't use a single if because lazy evaluation is not an option +*/}} +{{- if .Values.global }} + {{- if .Values.global.imageRegistry }} + {{- printf "%s/%s:%s" .Values.global.imageRegistry $repositoryName $tag -}} + {{- else -}} + {{- printf "%s/%s:%s" $registryName $repositoryName $tag -}} + {{- end -}} +{{- else -}} + {{- printf "%s/%s:%s" $registryName $repositoryName $tag -}} +{{- end -}} +{{- end -}} + +{{/* +Return the proper Storage Class for the master +*/}} +{{- define "mysql.master.storageClass" -}} +{{/* +Helm 2.11 supports the assignment of a value to a variable defined in a different scope, +but Helm 2.9 and 2.10 does not support it, so we need to implement this if-else logic. +*/}} +{{- if .Values.global -}} + {{- if .Values.global.storageClass -}} + {{- if (eq "-" .Values.global.storageClass) -}} + {{- printf "storageClassName: \"\"" -}} + {{- else }} + {{- printf "storageClassName: %s" .Values.global.storageClass -}} + {{- end -}} + {{- else -}} + {{- if .Values.master.persistence.storageClass -}} + {{- if (eq "-" .Values.master.persistence.storageClass) -}} + {{- printf "storageClassName: \"\"" -}} + {{- else }} + {{- printf "storageClassName: %s" .Values.master.persistence.storageClass -}} + {{- end -}} + {{- end -}} + {{- end -}} +{{- else -}} + {{- if .Values.master.persistence.storageClass -}} + {{- if (eq "-" .Values.master.persistence.storageClass) -}} + {{- printf "storageClassName: \"\"" -}} + {{- else }} + {{- printf "storageClassName: %s" .Values.master.persistence.storageClass -}} + {{- end -}} + {{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Return the proper Storage Class for the slave +*/}} +{{- define "mysql.slave.storageClass" -}} +{{/* +Helm 2.11 supports the assignment of a value to a variable defined in a different scope, +but Helm 2.9 and 2.10 does not support it, so we need to implement this if-else logic. +*/}} +{{- if .Values.global -}} + {{- if .Values.global.storageClass -}} + {{- if (eq "-" .Values.global.storageClass) -}} + {{- printf "storageClassName: \"\"" -}} + {{- else }} + {{- printf "storageClassName: %s" .Values.global.storageClass -}} + {{- end -}} + {{- else -}} + {{- if .Values.slave.persistence.storageClass -}} + {{- if (eq "-" .Values.slave.persistence.storageClass) -}} + {{- printf "storageClassName: \"\"" -}} + {{- else }} + {{- printf "storageClassName: %s" .Values.slave.persistence.storageClass -}} + {{- end -}} + {{- end -}} + {{- end -}} +{{- else -}} + {{- if .Values.slave.persistence.storageClass -}} + {{- if (eq "-" .Values.slave.persistence.storageClass) -}} + {{- printf "storageClassName: \"\"" -}} + {{- else }} + {{- printf "storageClassName: %s" .Values.slave.persistence.storageClass -}} + {{- end -}} + {{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Renders a value that contains template. +Usage: +{{ include "mysql.tplValue" ( dict "value" .Values.path.to.the.Value "context" $) }} +*/}} +{{- define "mysql.tplValue" -}} + {{- if typeIs "string" .value }} + {{- tpl .value .context }} + {{- else }} + {{- tpl (.value | toYaml) .context }} + {{- end }} +{{- end -}} + +{{/* +Compile all warnings into a single message, and call fail. +*/}} +{{- define "mysql.validateValues" -}} +{{- $messages := list -}} +{{- $messages := append $messages (include "mysql.validateValues.loadBalancerIPareNotEquals" .) -}} +{{- $messages := without $messages "" -}} +{{- $message := join "\n" $messages -}} + +{{- if $message -}} +{{- printf "\nVALUES VALIDATION:\n%s" $message | fail -}} +{{- end -}} +{{- end -}} + +{{/* Validate values of MySql - must provide different IPs */}} +{{- define "mysql.validateValues.loadBalancerIPareNotEquals" -}} +{{- if not (empty .Values.service.loadBalancerIP) -}} +{{- if eq (.Values.service.loadBalancerIP.master | quote) (.Values.service.loadBalancerIP.slave | quote) }} +mysql: service.loadBalancerIP + loadBalancerIP.master is equal to loadBalancerIP.slave which is not possible. + Please set a different ip for master and slave services. +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* Check if there are rolling tags in the images */}} +{{- define "mysql.checkRollingTags" -}} +{{- if and (contains "bitnami/" .Values.image.repository) (not (.Values.image.tag | toString | regexFind "-r\\d+$|sha256:")) }} +WARNING: Rolling tag detected ({{ .Values.image.repository }}:{{ .Values.image.tag }}), please note that it is strongly recommended to avoid using rolling tags in a production environment. ++info https://docs.bitnami.com/containers/how-to/understand-rolling-tags-containers/ +{{- end -}} +{{- end -}} + + +{{/* + Returns the proper service account name depending if an explicit service account name is set + in the values file. If the name is not set it will default to either mysql.fullname if serviceAccount.create + is true or default otherwise. +*/}} +{{- define "mysql.serviceAccountName" -}} + {{- if .Values.serviceAccount.create -}} + {{ default (include "mysql.fullname" .) .Values.serviceAccount.name }} + {{- else -}} + {{ default "default" .Values.serviceAccount.name }} + {{- end -}} +{{- end -}} + +{{/* +Returns chart secret name. If existingSecret is not set it will default to mysql.fullname +*/}} +{{- define "mysql.secretName" -}} +{{ default (include "mysql.fullname" .) .Values.existingSecret }} +{{- end -}} diff --git a/gitea/charts/mysql/templates/initialization-configmap.yaml b/gitea/charts/mysql/templates/initialization-configmap.yaml new file mode 100644 index 0000000..6bf5689 --- /dev/null +++ b/gitea/charts/mysql/templates/initialization-configmap.yaml @@ -0,0 +1,22 @@ +{{- if and (or (.Files.Glob "files/docker-entrypoint-initdb.d/*.{sh,sql,sql.gz}") .Values.initdbScripts) (not .Values.initdbScriptsConfigMap) }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ template "mysql.master.fullname" . }}-init-scripts + labels: {{- include "mysql.labels" . | nindent 4 }} + component: master +{{- if and (.Files.Glob "files/docker-entrypoint-initdb.d/*.sql.gz") (not .Values.initdbScriptsConfigMap) }} +binaryData: +{{- $root := . }} +{{- range $path, $bytes := .Files.Glob "files/docker-entrypoint-initdb.d/*.sql.gz" }} + {{ base $path }}: {{ $root.Files.Get $path | b64enc | quote }} +{{- end }} +{{- end }} +data: +{{- if and (.Files.Glob "files/docker-entrypoint-initdb.d/*.{sh,sql}") (not .Values.initdbScriptsConfigMap) }} +{{ (.Files.Glob "files/docker-entrypoint-initdb.d/*.{sh,sql}").AsConfig | indent 2 }} +{{- end }} +{{- with .Values.initdbScripts }} +{{ toYaml . | indent 2 }} +{{- end }} +{{- end }} diff --git a/gitea/charts/mysql/templates/master-configmap.yaml b/gitea/charts/mysql/templates/master-configmap.yaml new file mode 100644 index 0000000..fdbbfe6 --- /dev/null +++ b/gitea/charts/mysql/templates/master-configmap.yaml @@ -0,0 +1,11 @@ +{{- if .Values.master.config }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ template "mysql.master.fullname" . }} + labels: {{- include "mysql.labels" . | nindent 4 }} + component: master +data: + my.cnf: |- +{{ .Values.master.config | indent 4 }} +{{- end -}} diff --git a/gitea/charts/mysql/templates/master-statefulset.yaml b/gitea/charts/mysql/templates/master-statefulset.yaml new file mode 100644 index 0000000..96d9b62 --- /dev/null +++ b/gitea/charts/mysql/templates/master-statefulset.yaml @@ -0,0 +1,287 @@ +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: {{ template "mysql.master.fullname" . }} + labels: {{- include "mysql.labels" . | nindent 4 }} + component: master +spec: + selector: + matchLabels: {{- include "mysql.matchLabels" . | nindent 6 }} + component: master + serviceName: {{ template "mysql.master.fullname" . }} + replicas: 1 + updateStrategy: + type: {{ .Values.master.updateStrategy.type }} + {{- if (eq "Recreate" .Values.master.updateStrategy.type) }} + rollingUpdate: null + {{- end }} + template: + metadata: + labels: {{- include "mysql.labels" . | nindent 8 }} + component: master + {{- if .Values.master.podAnnotations }} + annotations: {{ include "mysql.tplValue" ( dict "value" .Values.master.podAnnotations "context" $) | nindent 8 }} + {{- end }} + spec: +{{- include "mysql.imagePullSecrets" . | indent 6 }} + {{- if .Values.master.affinity }} + affinity: {{- include "mysql.tplValue" (dict "value" .Values.master.affinity "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.master.nodeSelector }} + nodeSelector: {{- include "mysql.tplValue" (dict "value" .Values.master.nodeSelector "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.master.tolerations }} + tolerations: {{- include "mysql.tplValue" (dict "value" .Values.master.tolerations "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.master.securityContext.enabled }} + securityContext: + fsGroup: {{ .Values.master.securityContext.fsGroup }} + runAsUser: {{ .Values.master.securityContext.runAsUser }} + {{- end }} + serviceAccountName: {{ template "mysql.serviceAccountName" . }} + {{- if and .Values.volumePermissions.enabled .Values.master.persistence.enabled }} + initContainers: + - name: volume-permissions + image: {{ template "mysql.volumePermissions.image" . }} + imagePullPolicy: {{ .Values.volumePermissions.image.pullPolicy | quote }} + command: + - /bin/bash + - -ec + - | + chown -R {{ .Values.master.securityContext.runAsUser }}:{{ .Values.master.securityContext.fsGroup }} {{ .Values.master.persistence.mountPath }} + securityContext: + runAsUser: 0 + {{- if .Values.volumePermissions.resources }} + resources: {{- toYaml .Values.volumePermissions.resources | nindent 12 }} + {{- end }} + volumeMounts: + - name: data + mountPath: {{ .Values.master.persistence.mountPath }} + {{- end }} + containers: + - name: mysql + image: {{ template "mysql.image" . }} + imagePullPolicy: {{ .Values.image.pullPolicy | quote }} + {{- if .Values.master.containerSecurityContext }} + securityContext: {{- toYaml .Values.master.containerSecurityContext | nindent 12 }} + {{- end }} + env: + - name: BITNAMI_DEBUG + value: {{ ternary "true" "false" .Values.image.debug | quote }} + {{- if .Values.root.injectSecretsAsVolume }} + - name: MYSQL_ROOT_PASSWORD_FILE + value: "/opt/bitnami/mysql/secrets/mysql-root-password" + {{- else }} + - name: MYSQL_ROOT_PASSWORD + valueFrom: + secretKeyRef: + name: {{ template "mysql.secretName" . }} + key: mysql-root-password + {{- end }} + {{- if .Values.db.user }} + - name: MYSQL_USER + value: {{ .Values.db.user | quote }} + {{- if .Values.db.injectSecretsAsVolume }} + - name: MYSQL_PASSWORD_FILE + value: "/opt/bitnami/mysql/secrets/mysql-password" + {{- else }} + - name: MYSQL_PASSWORD + valueFrom: + secretKeyRef: + name: {{ template "mysql.secretName" . }} + key: mysql-password + {{- end }} + {{- end }} + - name: MYSQL_DATABASE + value: {{ .Values.db.name | quote }} + {{- if .Values.replication.enabled }} + - name: MYSQL_REPLICATION_MODE + value: "master" + - name: MYSQL_REPLICATION_USER + value: {{ .Values.replication.user | quote }} + {{- if .Values.replication.injectSecretsAsVolume }} + - name: MYSQL_REPLICATION_PASSWORD_FILE + value: "/opt/bitnami/mysql/secrets/mysql-replication-password" + {{- else }} + - name: MYSQL_REPLICATION_PASSWORD + valueFrom: + secretKeyRef: + name: {{ template "mysql.secretName" . }} + key: mysql-replication-password + {{- end }} + {{- end }} + {{- if .Values.master.extraEnvVars }} + {{- include "mysql.tplValue" (dict "value" .Values.master.extraEnvVars "context" $) | nindent 12 }} + {{- end }} + {{- if or .Values.master.extraEnvVarsCM .Values.master.extraEnvVarsSecret }} + envFrom: + {{- if .Values.master.extraEnvVarsCM }} + - configMapRef: + name: {{ .Values.master.extraEnvVarsCM }} + {{- end }} + {{- if .Values.master.extraEnvVarsSecret }} + - secretRef: + name: {{ .Values.master.extraEnvVarsSecret }} + {{- end }} + {{- end }} + ports: + - name: mysql + containerPort: 3306 + {{- if .Values.master.livenessProbe.enabled }} + livenessProbe: + exec: + command: + - sh + - -c + - | + password_aux="${MYSQL_ROOT_PASSWORD:-}" + if [ -f "${MYSQL_ROOT_PASSWORD_FILE:-}" ]; then + password_aux=$(cat $MYSQL_ROOT_PASSWORD_FILE) + fi + mysqladmin status -uroot -p$password_aux + initialDelaySeconds: {{ .Values.master.livenessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.master.livenessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.master.livenessProbe.timeoutSeconds }} + successThreshold: {{ .Values.master.livenessProbe.successThreshold }} + failureThreshold: {{ .Values.master.livenessProbe.failureThreshold }} + {{- end }} + {{- if .Values.master.readinessProbe.enabled }} + readinessProbe: + exec: + command: + - sh + - -c + - | + password_aux="${MYSQL_ROOT_PASSWORD:-}" + if [ -f "${MYSQL_ROOT_PASSWORD_FILE:-}" ]; then + password_aux=$(cat $MYSQL_ROOT_PASSWORD_FILE) + fi + mysqladmin status -uroot -p$password_aux + initialDelaySeconds: {{ .Values.master.readinessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.master.readinessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.master.readinessProbe.timeoutSeconds }} + successThreshold: {{ .Values.master.readinessProbe.successThreshold }} + failureThreshold: {{ .Values.master.readinessProbe.failureThreshold }} + {{- end }} + {{- if .Values.master.resources }} + resources: {{- toYaml .Values.master.resources | nindent 12 }} + {{- end }} + volumeMounts: + - name: data + mountPath: {{ .Values.master.persistence.mountPath }} + {{- if or (.Files.Glob "files/docker-entrypoint-initdb.d/*.{sh,sql,sql.gz}") .Values.initdbScriptsConfigMap .Values.initdbScripts }} + - name: custom-init-scripts + mountPath: /docker-entrypoint-initdb.d + {{- end }} + {{- if .Values.master.config }} + - name: config + mountPath: /opt/bitnami/mysql/conf/my.cnf + subPath: my.cnf + {{- end }} + {{- if or .Values.root.injectSecretsAsVolume .Values.db.injectSecretsAsVolume .Values.replication.injectSecretsAsVolume }} + - name: mysql-credentials + mountPath: /opt/bitnami/mysql/secrets/ + {{- end }} + {{- if .Values.metrics.enabled }} + - name: metrics + image: {{ template "mysql.metrics.image" . }} + imagePullPolicy: {{ .Values.metrics.image.pullPolicy | quote }} + env: + {{- if .Values.root.injectSecretsAsVolume }} + - name: MYSQL_ROOT_PASSWORD_FILE + value: "/opt/bitnami/mysqld-exporter/secrets/mysql-root-password" + {{- else }} + - name: MYSQL_ROOT_PASSWORD + valueFrom: + secretKeyRef: + name: {{ template "mysql.secretName" . }} + key: mysql-root-password + {{- end }} + command: + - /bin/sh + - -c + - | + password_aux="${MYSQL_ROOT_PASSWORD:-}" + if [ -f "${MYSQL_ROOT_PASSWORD_FILE:-}" ]; then + password_aux=$(cat $MYSQL_ROOT_PASSWORD_FILE) + fi + DATA_SOURCE_NAME="root:${password_aux}@(localhost:3306)/" /bin/mysqld_exporter + ports: + - name: metrics + containerPort: 9104 + livenessProbe: + httpGet: + path: /metrics + port: metrics + initialDelaySeconds: 15 + timeoutSeconds: 5 + readinessProbe: + httpGet: + path: /metrics + port: metrics + initialDelaySeconds: 5 + timeoutSeconds: 1 + {{- if .Values.metrics.resources }} + resources: {{- toYaml .Values.metrics.resources | nindent 12 }} + {{- end }} + {{- if or .Values.root.injectSecretsAsVolume }} + volumeMounts: + - name: mysql-credentials + mountPath: /opt/bitnami/mysqld-exporter/secrets/ + {{- end }} + {{- end }} + volumes: + {{- if .Values.master.config }} + - name: config + configMap: + name: {{ template "mysql.master.fullname" . }} + {{- end }} + {{- if or (.Files.Glob "files/docker-entrypoint-initdb.d/*.{sh,sql,sql.gz}") .Values.initdbScriptsConfigMap .Values.initdbScripts }} + - name: custom-init-scripts + configMap: + name: {{ template "mysql.initdbScriptsCM" . }} + {{- end }} + {{- if or .Values.root.injectSecretsAsVolume .Values.db.injectSecretsAsVolume .Values.replication.injectSecretsAsVolume }} + - name: mysql-credentials + secret: + secretName: {{ template "mysql.fullname" . }} + items: + {{- if .Values.db.injectSecretsAsVolume }} + - key: mysql-password + path: mysql-password + {{- end }} + {{- if .Values.root.injectSecretsAsVolume }} + - key: mysql-root-password + path: mysql-root-password + {{- end }} + {{- if .Values.replication.injectSecretsAsVolume }} + - key: mysql-replication-password + path: mysql-replication-password + {{- end }} + {{- end }} +{{- if not .Values.master.persistence.enabled }} + - name: "data" + emptyDir: {} +{{- else if and .Values.master.persistence.enabled .Values.master.persistence.existingClaim }} + - name: "data" + persistentVolumeClaim: + claimName: {{ .Values.master.persistence.existingClaim }} +{{- else if and .Values.master.persistence.enabled (not .Values.master.persistence.existingClaim) }} + volumeClaimTemplates: + - metadata: + name: data + labels: + app: {{ template "mysql.name" . }} + component: master + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} + spec: + accessModes: + {{- range .Values.master.persistence.accessModes }} + - {{ . | quote }} + {{- end }} + resources: + requests: + storage: {{ .Values.master.persistence.size | quote }} + {{ include "mysql.master.storageClass" . }} +{{- end }} diff --git a/gitea/charts/mysql/templates/master-svc.yaml b/gitea/charts/mysql/templates/master-svc.yaml new file mode 100644 index 0000000..24142c3 --- /dev/null +++ b/gitea/charts/mysql/templates/master-svc.yaml @@ -0,0 +1,38 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ template "mysql.fullname" . }} + labels: {{- include "mysql.labels" . | nindent 4 }} + component: master + {{- if or .Values.service.annotations .Values.metrics.service.annotations }} + annotations: + {{- if .Values.service.annotations }} + {{- include "mysql.tplValue" ( dict "value" .Values.service.annotations "context" $) | nindent 4 }} + {{- end }} + {{- if .Values.metrics.service.annotations }} + {{- include "mysql.tplValue" ( dict "value" .Values.metrics.service.annotations "context" $) | nindent 4 }} + {{- end }} + {{- end }} +spec: + type: {{ .Values.service.type }} + {{- if and (eq .Values.service.type "LoadBalancer") (not (empty .Values.service.loadBalancerIP)) }} + {{- if not (empty .Values.service.loadBalancerIP.master) }} + loadBalancerIP: {{ .Values.service.loadBalancerIP.master }} + {{- end }} + {{- end }} + ports: + - name: mysql + port: {{ .Values.service.port }} + targetPort: mysql + {{- if and (or (eq .Values.service.type "NodePort") (eq .Values.service.type "LoadBalancer")) (not (empty .Values.service.nodePort)) }} + nodePort: {{ .Values.service.nodePort.master }} + {{- else if eq .Values.service.type "ClusterIP" }} + nodePort: null + {{- end }} + {{- if .Values.metrics.enabled }} + - name: metrics + port: {{ .Values.metrics.service.port }} + targetPort: metrics + {{- end }} + selector: {{- include "mysql.matchLabels" . | nindent 4 }} + component: master diff --git a/gitea/charts/mysql/templates/secrets.yaml b/gitea/charts/mysql/templates/secrets.yaml new file mode 100644 index 0000000..888cd5e --- /dev/null +++ b/gitea/charts/mysql/templates/secrets.yaml @@ -0,0 +1,34 @@ +{{- if (not .Values.existingSecret) -}} +apiVersion: v1 +kind: Secret +metadata: + name: {{ template "mysql.fullname" . }} + labels: {{- include "mysql.labels" . | nindent 4 }} +type: Opaque +data: + {{- if .Values.root.password }} + mysql-root-password: {{ .Values.root.password | b64enc | quote }} + {{- else if (not .Values.root.forcePassword) }} + mysql-root-password: {{ randAlphaNum 10 | b64enc | quote }} + {{ else }} + mysql-root-password: {{ required "A MySQL Root Password is required!" .Values.root.password }} + {{- end }} + {{- if .Values.db.user }} + {{- if .Values.db.password }} + mysql-password: {{ .Values.db.password | b64enc | quote }} + {{- else if (not .Values.db.forcePassword) }} + mysql-password: {{ randAlphaNum 10 | b64enc | quote }} + {{- else }} + mysql-password: {{ required "A MySQL Database Password is required!" .Values.db.password }} + {{- end }} + {{- end }} + {{- if .Values.replication.enabled }} + {{- if .Values.replication.password }} + mysql-replication-password: {{ .Values.replication.password | b64enc | quote }} + {{- else if (not .Values.replication.forcePassword) }} + mysql-replication-password: {{ randAlphaNum 10 | b64enc | quote }} + {{- else }} + mysql-replication-password: {{ required "A MySQL Replication Password is required!" .Values.replication.password }} + {{- end }} + {{- end }} +{{- end }} diff --git a/gitea/charts/mysql/templates/serviceaccount.yaml b/gitea/charts/mysql/templates/serviceaccount.yaml new file mode 100644 index 0000000..ebde86c --- /dev/null +++ b/gitea/charts/mysql/templates/serviceaccount.yaml @@ -0,0 +1,13 @@ +{{- if .Values.serviceAccount.create }} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ template "mysql.serviceAccountName" . }} + labels: + app: {{ template "mysql.name" . }} + chart: {{ template "mysql.chart" . }} + release: "{{ .Release.Name }}" + heritage: "{{ .Release.Service }}" +secrets: + - name: {{ template "mysql.secretName" . }} + {{- end }} diff --git a/gitea/charts/mysql/templates/servicemonitor.yaml b/gitea/charts/mysql/templates/servicemonitor.yaml new file mode 100644 index 0000000..6dad49f --- /dev/null +++ b/gitea/charts/mysql/templates/servicemonitor.yaml @@ -0,0 +1,28 @@ +{{- if and .Values.metrics.enabled .Values.metrics.serviceMonitor.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ template "mysql.fullname" . }} + {{- if .Values.metrics.serviceMonitor.namespace }} + namespace: {{ .Values.metrics.serviceMonitor.namespace }} + {{- end }} + labels: {{- include "mysql.labels" . | nindent 4 }} + {{- range $key, $value := .Values.metrics.serviceMonitor.selector }} + {{ $key }}: {{ $value | quote }} + {{- end }} +spec: + selector: + matchLabels: {{- include "mysql.matchLabels" . | nindent 6 }} + component: master + endpoints: + - port: metrics + {{- if .Values.metrics.serviceMonitor.interval }} + interval: {{ .Values.metrics.serviceMonitor.interval }} + {{- end }} + {{- if .Values.metrics.serviceMonitor.scrapeTimeout }} + scrapeTimeout: {{ .Values.metrics.serviceMonitor.scrapeTimeout }} + {{- end }} + namespaceSelector: + matchNames: + - {{ .Release.Namespace }} +{{- end }} diff --git a/gitea/charts/mysql/templates/slave-configmap.yaml b/gitea/charts/mysql/templates/slave-configmap.yaml new file mode 100644 index 0000000..fbaeb78 --- /dev/null +++ b/gitea/charts/mysql/templates/slave-configmap.yaml @@ -0,0 +1,11 @@ +{{- if and .Values.replication.enabled .Values.slave.config }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ template "mysql.slave.fullname" . }} + labels: {{- include "mysql.labels" . | nindent 4 }} + component: slave +data: + my.cnf: |- +{{ .Values.slave.config | indent 4 }} +{{- end }} diff --git a/gitea/charts/mysql/templates/slave-statefulset.yaml b/gitea/charts/mysql/templates/slave-statefulset.yaml new file mode 100644 index 0000000..d18d1de --- /dev/null +++ b/gitea/charts/mysql/templates/slave-statefulset.yaml @@ -0,0 +1,264 @@ +{{- if .Values.replication.enabled }} +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: {{ template "mysql.slave.fullname" . }} + labels: {{- include "mysql.labels" . | nindent 4 }} + component: slave +spec: + selector: + matchLabels: {{- include "mysql.matchLabels" . | nindent 6 }} + component: slave + serviceName: "{{ template "mysql.slave.fullname" . }}" + replicas: {{ .Values.slave.replicas }} + updateStrategy: + type: {{ .Values.slave.updateStrategy.type }} + {{- if (eq "Recreate" .Values.slave.updateStrategy.type) }} + rollingUpdate: null + {{- end }} + template: + metadata: + labels: {{- include "mysql.labels" . | nindent 8 }} + component: slave + {{- if .Values.slave.podAnnotations }} + annotations: {{ include "mysql.tplValue" ( dict "value" .Values.slave.podAnnotations "context" $) | nindent 8 }} + {{- end }} + spec: +{{- include "mysql.imagePullSecrets" . | indent 6 }} + {{- if .Values.slave.affinity }} + affinity: {{- include "mysql.tplValue" (dict "value" .Values.slave.affinity "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.slave.nodeSelector }} + nodeSelector: {{- include "mysql.tplValue" (dict "value" .Values.slave.nodeSelector "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.slave.tolerations }} + tolerations: {{- include "mysql.tplValue" (dict "value" .Values.slave.tolerations "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.slave.securityContext.enabled }} + securityContext: + fsGroup: {{ .Values.slave.securityContext.fsGroup }} + runAsUser: {{ .Values.slave.securityContext.runAsUser }} + {{- end }} + serviceAccountName: {{ template "mysql.serviceAccountName" . }} + {{- if and .Values.volumePermissions.enabled .Values.slave.persistence.enabled }} + initContainers: + - name: volume-permissions + image: {{ template "mysql.volumePermissions.image" . }} + imagePullPolicy: {{ .Values.volumePermissions.image.pullPolicy | quote }} + {{- if .Values.slave.containerSecurityContext }} + securityContext: {{- toYaml .Values.slave.containerSecurityContext | nindent 12 }} + {{- end }} + command: + - /bin/bash + - -ec + - | + chown -R {{ .Values.slave.securityContext.runAsUser }}:{{ .Values.slave.securityContext.fsGroup }} {{ .Values.slave.persistence.mountPath }} + securityContext: + runAsUser: 0 + {{- if .Values.volumePermissions.resources }} + resources: {{- toYaml .Values.volumePermissions.resources | nindent 12 }} + {{- end }} + volumeMounts: + - name: data + mountPath: {{ .Values.slave.persistence.mountPath }} + {{- end }} + containers: + - name: mysql + image: {{ template "mysql.image" . }} + imagePullPolicy: {{ .Values.image.pullPolicy | quote }} + env: + - name: BITNAMI_DEBUG + value: {{ ternary "true" "false" .Values.image.debug | quote }} + - name: MYSQL_REPLICATION_MODE + value: "slave" + - name: MYSQL_MASTER_HOST + value: {{ template "mysql.fullname" . }} + - name: MYSQL_MASTER_PORT_NUMBER + value: "3306" + - name: MYSQL_MASTER_ROOT_USER + value: "root" + {{- if .Values.root.injectSecretsAsVolume }} + - name: MYSQL_MASTER_ROOT_PASSWORD_FILE + value: "/opt/bitnami/mysql/secrets/mysql-root-password" + {{- else }} + - name: MYSQL_MASTER_ROOT_PASSWORD + valueFrom: + secretKeyRef: + name: {{ template "mysql.secretName" . }} + key: mysql-root-password + {{- end }} + - name: MYSQL_REPLICATION_USER + value: "{{ .Values.replication.user }}" + {{- if .Values.replication.injectSecretsAsVolume }} + - name: MYSQL_REPLICATION_PASSWORD_FILE + value: "/opt/bitnami/mysql/secrets/mysql-replication-password" + {{- else }} + - name: MYSQL_REPLICATION_PASSWORD + valueFrom: + secretKeyRef: + name: {{ template "mysql.secretName" . }} + key: mysql-replication-password + {{- end }} + {{- if .Values.slave.extraEnvVars }} + {{- include "mysql.tplValue" (dict "value" .Values.slave.extraEnvVars "context" $) | nindent 12 }} + {{- end }} + {{- if or .Values.slave.extraEnvVarsCM .Values.slave.extraEnvVarsSecret }} + envFrom: + {{- if .Values.slave.extraEnvVarsCM }} + - configMapRef: + name: {{ .Values.slave.extraEnvVarsCM }} + {{- end }} + {{- if .Values.slave.extraEnvVarsSecret }} + - secretRef: + name: {{ .Values.slave.extraEnvVarsSecret }} + {{- end }} + {{- end }} + ports: + - name: mysql + containerPort: 3306 + {{- if .Values.slave.livenessProbe.enabled }} + livenessProbe: + exec: + command: + - sh + - -c + - | + password_aux="${MYSQL_MASTER_ROOT_PASSWORD:-}" + if [ -f "${MYSQL_MASTER_ROOT_PASSWORD_FILE:-}" ]; then + password_aux=$(cat $MYSQL_MASTER_ROOT_PASSWORD_FILE) + fi + mysqladmin status -uroot -p$password_aux + initialDelaySeconds: {{ .Values.slave.livenessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.slave.livenessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.slave.livenessProbe.timeoutSeconds }} + successThreshold: {{ .Values.slave.livenessProbe.successThreshold }} + failureThreshold: {{ .Values.slave.livenessProbe.failureThreshold }} + {{- end }} + {{- if .Values.slave.readinessProbe.enabled }} + readinessProbe: + exec: + command: + - sh + - -c + - | + password_aux="${MYSQL_MASTER_ROOT_PASSWORD:-}" + if [ -f "${MYSQL_MASTER_ROOT_PASSWORD_FILE:-}" ]; then + password_aux=$(cat $MYSQL_MASTER_ROOT_PASSWORD_FILE) + fi + mysqladmin status -uroot -p$password_aux + initialDelaySeconds: {{ .Values.slave.readinessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.slave.readinessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.slave.readinessProbe.timeoutSeconds }} + successThreshold: {{ .Values.slave.readinessProbe.successThreshold }} + failureThreshold: {{ .Values.slave.readinessProbe.failureThreshold }} + {{- end }} + {{- if .Values.master.resources }} + resources: {{- toYaml .Values.slave.resources | nindent 12 }} + {{- end }} + volumeMounts: + - name: data + mountPath: {{ .Values.slave.persistence.mountPath }} + {{- if .Values.slave.config }} + - name: config + mountPath: /opt/bitnami/mysql/conf/my.cnf + subPath: my.cnf + {{- end }} + {{- if or .Values.root.injectSecretsAsVolume .Values.replication.injectSecretsAsVolume }} + - name: mysql-credentials + mountPath: /opt/bitnami/mysql/secrets/ + {{- end }} + {{- if .Values.metrics.enabled }} + - name: metrics + image: {{ template "mysql.metrics.image" . }} + imagePullPolicy: {{ .Values.metrics.image.pullPolicy | quote }} + env: + {{- if .Values.root.injectSecretsAsVolume }} + - name: MYSQL_MASTER_ROOT_PASSWORD_FILE + value: "/opt/bitnami/mysqld-exporter/secrets/mysql-root-password" + {{- else }} + - name: MYSQL_MASTER_ROOT_PASSWORD + valueFrom: + secretKeyRef: + name: {{ template "mysql.secretName" . }} + key: mysql-root-password + {{- end }} + command: + - /bin/sh + - -c + - | + password_aux="${MYSQL_MASTER_ROOT_PASSWORD:-}" + if [ -f "${MYSQL_MASTER_ROOT_PASSWORD_FILE:-}" ]; then + password_aux=$(cat $MYSQL_MASTER_ROOT_PASSWORD_FILE) + fi + DATA_SOURCE_NAME="root:${password_aux}@(localhost:3306)/" /bin/mysqld_exporter + ports: + - name: metrics + containerPort: 9104 + livenessProbe: + httpGet: + path: /metrics + port: metrics + initialDelaySeconds: 15 + timeoutSeconds: 5 + readinessProbe: + httpGet: + path: /metrics + port: metrics + initialDelaySeconds: 5 + timeoutSeconds: 1 + {{- if .Values.metrics.resources }} + resources: {{- toYaml .Values.metrics.resources | nindent 12 }} + {{- end }} + {{- if or .Values.root.injectSecretsAsVolume }} + volumeMounts: + - name: mysql-credentials + mountPath: /opt/bitnami/mysqld-exporter/secrets/ + {{- end }} + {{- end }} + volumes: + {{- if .Values.slave.config }} + - name: config + configMap: + name: {{ template "mysql.slave.fullname" . }} + {{- end }} + {{- if or .Values.root.injectSecretsAsVolume .Values.replication.injectSecretsAsVolume }} + - name: mysql-credentials + secret: + secretName: {{ template "mysql.fullname" . }} + items: + {{- if .Values.root.injectSecretsAsVolume }} + - key: mysql-root-password + path: mysql-root-password + {{- end }} + {{- if .Values.replication.injectSecretsAsVolume }} + - key: mysql-replication-password + path: mysql-replication-password + {{- end }} + {{- end }} +{{- if not .Values.slave.persistence.enabled }} + - name: "data" + emptyDir: {} +{{- else if and .Values.slave.persistence.enabled .Values.slave.persistence.existingClaim }} + - name: "data" + persistentVolumeClaim: + claimName: {{ .Values.slave.persistence.existingClaim }} +{{- else if and .Values.slave.persistence.enabled (not .Values.slave.persistence.existingClaim) }} + volumeClaimTemplates: + - metadata: + name: data + labels: + app: {{ template "mysql.name" . }} + component: slave + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} + spec: + accessModes: + {{- range .Values.slave.persistence.accessModes }} + - {{ . | quote }} + {{- end }} + resources: + requests: + storage: {{ .Values.slave.persistence.size | quote }} + {{ include "mysql.slave.storageClass" . }} +{{- end }} +{{- end }} diff --git a/gitea/charts/mysql/templates/slave-svc.yaml b/gitea/charts/mysql/templates/slave-svc.yaml new file mode 100644 index 0000000..450b00b --- /dev/null +++ b/gitea/charts/mysql/templates/slave-svc.yaml @@ -0,0 +1,40 @@ +{{- if .Values.replication.enabled }} +apiVersion: v1 +kind: Service +metadata: + name: {{ template "mysql.slave.fullname" . }} + labels: {{- include "mysql.labels" . | nindent 4 }} + component: slave + {{- if or .Values.service.annotations .Values.metrics.service.annotations }} + annotations: + {{- if .Values.service.annotations }} + {{- include "mysql.tplValue" ( dict "value" .Values.service.annotations "context" $) | nindent 4 }} + {{- end }} + {{- if .Values.metrics.service.annotations }} + {{- include "mysql.tplValue" ( dict "value" .Values.metrics.service.annotations "context" $) | nindent 4 }} + {{- end }} + {{- end }} +spec: + type: {{ .Values.service.type }} + {{- if and (eq .Values.service.type "LoadBalancer") (not (empty .Values.service.loadBalancerIP)) }} + {{- if not (empty .Values.service.loadBalancerIP.slave) }} + loadBalancerIP: {{ .Values.service.loadBalancerIP.slave }} + {{- end }} + {{- end }} + ports: + - name: mysql + port: {{ .Values.service.port }} + targetPort: mysql + {{- if and (or (eq .Values.service.type "NodePort") (eq .Values.service.type "LoadBalancer")) (not (empty .Values.service.nodePort)) }} + nodePort: {{ .Values.service.nodePort.slave }} + {{- else if eq .Values.service.type "ClusterIP" }} + nodePort: null + {{- end }} + {{- if .Values.metrics.enabled }} + - name: metrics + port: {{ .Values.metrics.service.port }} + targetPort: metrics + {{- end }} + selector: {{- include "mysql.matchLabels" . | nindent 4 }} + component: slave +{{- end }} diff --git a/gitea/charts/mysql/values-production.yaml b/gitea/charts/mysql/values-production.yaml new file mode 100644 index 0000000..dfa85df --- /dev/null +++ b/gitea/charts/mysql/values-production.yaml @@ -0,0 +1,581 @@ +## Global Docker image parameters +## Please, note that this will override the image parameters, including dependencies, configured to use the global value +## Current available global Docker image parameters: imageRegistry and imagePullSecrets +## +# global: +# imageRegistry: myRegistryName +# imagePullSecrets: +# - myRegistryKeySecretName +# storageClass: myStorageClass + +## Bitnami MySQL image +## ref: https://hub.docker.com/r/bitnami/mysql/tags/ +## +image: + registry: docker.io + repository: bitnami/mysql + tag: 8.0.21-debian-10-r46 + ## Specify a imagePullPolicy + ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' + ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images + ## + pullPolicy: IfNotPresent + ## Optionally specify an array of imagePullSecrets. + ## Secrets must be manually created in the namespace. + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ + ## + # pullSecrets: + # - myRegistryKeySecretName + +## String to partially override mysql.fullname template (will maintain the release name) +## +# nameOverride: + +## String to fully override mysql.fullname template +## +# fullnameOverride: + +## Cluster domain +## +clusterDomain: cluster.local + +## Init containers parameters: +## volumePermissions: Change the owner and group of the persistent volume mountpoint to runAsUser:fsGroup values from the securityContext section. +## +volumePermissions: + enabled: false + image: + registry: docker.io + repository: bitnami/minideb + tag: buster + pullPolicy: Always + ## Optionally specify an array of imagePullSecrets. + ## Secrets must be manually created in the namespace. + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ + ## + # pullSecrets: + # - myRegistryKeySecretName + ## Init container' resource requests and limits + ## ref: http://kubernetes.io/docs/user-guide/compute-resources/ + ## + resources: + # We usually recommend not to specify default resources and to leave this as a conscious + # choice for the user. This also increases chances charts run on environments with little + # resources, such as Minikube. If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + limits: {} + # cpu: 100m + # memory: 128Mi + requests: {} + # cpu: 100m + # memory: 128Mi + +## Use existing secret (ignores root, db and replication passwords) +## +# existingSecret: + +## Admin (root) credentials +## +root: + ## MySQL admin password + ## ref: https://github.com/bitnami/bitnami-docker-mysql#setting-the-root-password-on-first-run + ## + password: + ## Option to force users to specify a password. That is required for 'helm upgrade' to work properly. + ## If it is not force, a random password will be generated. + ## + forcePassword: true + ## Mount admin password as a file instead of using an environment variable + ## + injectSecretsAsVolume: true + +## Custom user/db credentials +## +db: + ## MySQL username and password + ## ref: https://github.com/bitnami/bitnami-docker-mysql#creating-a-database-user-on-first-run + ## Note that this user should be different from the MySQL replication user (replication.user) + ## + user: + password: + ## Database to create + ## ref: https://github.com/bitnami/bitnami-docker-mysql#creating-a-database-on-first-run + ## + name: my_database + ## Option to force users to specify a password. That is required for 'helm upgrade' to work properly. + ## If it is not force, a random password will be generated. + ## + forcePassword: true + ## Mount replication user password as a file instead of using an environment variable + ## + injectSecretsAsVolume: true + +## Replication configuration +## +replication: + ## Enable replication. This enables the creation of replicas of MySQL. If false, only a + ## master deployment would be created + ## + enabled: true + ## + ## MySQL replication user + ## ref: https://github.com/bitnami/bitnami-docker-mysql#setting-up-a-replication-cluster + ## Note that this user should be different from the MySQL user (db.user) + ## + user: replicator + ## MySQL replication user password + ## ref: https://github.com/bitnami/bitnami-docker-mysql#setting-up-a-replication-cluster + ## + password: + ## Option to force users to specify a password. That is required for 'helm upgrade' to work properly. + ## If it is not force, a random password will be generated. + ## + forcePassword: true + ## Mount replication user password as a file instead of using an environment variable + ## + injectSecretsAsVolume: true + +## initdb scripts +## Specify dictionary of scripts to be run at first boot +## Alternatively, you can put your scripts under the files/docker-entrypoint-initdb.d directory +## +# initdbScripts: +# my_init_script.sh: | +# #!/bin/sh +# echo "Do something." +# +## ConfigMap with scripts to be run at first boot +## Note: This will override initdbScripts +# initdbScriptsConfigMap: + +serviceAccount: + create: true + ## Specify the name of the service account created/used + # name: + +## Master nodes parameters +## +master: + ## Configure MySQL with a custom my.cnf file + ## ref: https://mysql.com/kb/en/mysql/configuring-mysql-with-mycnf/#example-of-configuration-file + ## + config: |- + [mysqld] + default_authentication_plugin=mysql_native_password + skip-name-resolve + explicit_defaults_for_timestamp + basedir=/opt/bitnami/mysql + plugin_dir=/opt/bitnami/mysql/plugin + port=3306 + socket=/opt/bitnami/mysql/tmp/mysql.sock + datadir=/bitnami/mysql/data + tmpdir=/opt/bitnami/mysql/tmp + max_allowed_packet=16M + bind-address=0.0.0.0 + pid-file=/opt/bitnami/mysql/tmp/mysqld.pid + log-error=/opt/bitnami/mysql/logs/mysqld.log + character-set-server=UTF8 + collation-server=utf8_general_ci + + [client] + port=3306 + socket=/opt/bitnami/mysql/tmp/mysql.sock + default-character-set=UTF8 + plugin_dir=/opt/bitnami/mysql/plugin + + [manager] + port=3306 + socket=/opt/bitnami/mysql/tmp/mysql.sock + pid-file=/opt/bitnami/mysql/tmp/mysqld.pid + + ## updateStrategy for master nodes + ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies + ## + updateStrategy: + type: RollingUpdate + + ## Pod annotations + ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ + ## + podAnnotations: {} + + ## Affinity for pod assignment + ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity + ## + affinity: {} + + ## Node labels for pod assignment. Evaluated as a template. + ## Ref: https://kubernetes.io/docs/user-guide/node-selection/ + ## + nodeSelector: {} + + ## An array to add extra environment variables + ## For example: + ## extraEnvVars: + ## - name: TZ + ## value: "Europe/Paris" + ## + extraEnvVars: + + ## ConfigMap with extra env vars: + ## + extraEnvVarsCM: + + ## Secret with extra env vars: + ## + extraEnvVarsSecret: + + ## Tolerations for pod assignment + ## Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ + ## + tolerations: [] + + ## MySQL master pods' Security Context + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ + ## + securityContext: + enabled: true + fsGroup: 1001 + runAsUser: 1001 + + ## MySQL master containers' Security Context + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container + ## Example: + ## containerSecurityContext: + ## capabilities: + ## drop: ["NET_RAW"] + ## readOnlyRootFilesystem: true + ## + containerSecurityContext: {} + + ## MySQL master containers' resource requests and limits + ## ref: http://kubernetes.io/docs/user-guide/compute-resources/ + ## + resources: + # We usually recommend not to specify default resources and to leave this as a conscious + # choice for the user. This also increases chances charts run on environments with little + # resources, such as Minikube. If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + limits: {} + # cpu: 250m + # memory: 256Mi + requests: {} + # cpu: 250m + # memory: 256Mi + + ## MySQL master containers' liveness and readiness probes + ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes + ## + livenessProbe: + enabled: true + ## Initializing the database could take some time + ## + initialDelaySeconds: 120 + periodSeconds: 10 + timeoutSeconds: 1 + successThreshold: 1 + failureThreshold: 3 + readinessProbe: + enabled: true + ## Initializing the database could take some time + ## + initialDelaySeconds: 30 + periodSeconds: 10 + timeoutSeconds: 1 + successThreshold: 1 + failureThreshold: 3 + + ## Enable persistence using PVCs on master nodes + ## ref: http://kubernetes.io/docs/user-guide/persistent-volumes/ + ## + persistence: + ## If true, use a Persistent Volume Claim, If false, use emptyDir + ## + enabled: true + mountPath: /bitnami/mysql + ## Persistent Volume Storage Class + ## If defined, storageClassName: + ## If set to "-", storageClassName: "", which disables dynamic provisioning + ## If undefined (the default) or set to null, no storageClassName spec is + ## set, choosing the default provisioner. (gp2 on AWS, standard on + ## GKE, AWS & OpenStack) + ## + # storageClass: "-" + ## PVC annotations + ## + annotations: {} + ## Persistent Volume Access Mode + ## + accessModes: + - ReadWriteOnce + ## Persistent Volume size + ## + size: 8Gi + ## Use an existing PVC + ## + # existingClaim: + +## Slave nodes parameters +## +slave: + ## Number of slave replicas + ## + replicas: 2 + + ## Configure MySQL slave with a custom my.cnf file + ## ref: https://mysql.com/kb/en/mysql/configuring-mysql-with-mycnf/#example-of-configuration-file + ## + config: |- + [mysqld] + default_authentication_plugin=mysql_native_password + skip-name-resolve + explicit_defaults_for_timestamp + basedir=/opt/bitnami/mysql + port=3306 + socket=/opt/bitnami/mysql/tmp/mysql.sock + datadir=/bitnami/mysql/data + tmpdir=/opt/bitnami/mysql/tmp + max_allowed_packet=16M + bind-address=0.0.0.0 + pid-file=/opt/bitnami/mysql/tmp/mysqld.pid + log-error=/opt/bitnami/mysql/logs/mysqld.log + character-set-server=UTF8 + collation-server=utf8_general_ci + + [client] + port=3306 + socket=/opt/bitnami/mysql/tmp/mysql.sock + default-character-set=UTF8 + + [manager] + port=3306 + socket=/opt/bitnami/mysql/tmp/mysql.sock + pid-file=/opt/bitnami/mysql/tmp/mysqld.pid + + ## updateStrategy for slave nodes + ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies + ## + updateStrategy: + type: RollingUpdate + + ## Pod annotations + ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ + ## + podAnnotations: {} + + ## Affinity for pod assignment + ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity + ## + affinity: {} + + ## Node labels for pod assignment. Evaluated as a template. + ## Ref: https://kubernetes.io/docs/user-guide/node-selection/ + ## + nodeSelector: {} + + ## An array to add extra environment variables + ## For example: + ## extraEnvVars: + ## - name: TZ + ## value: "Europe/Paris" + ## + extraEnvVars: + + ## ConfigMap with extra env vars: + ## + extraEnvVarsCM: + + ## Secret with extra env vars: + ## + extraEnvVarsSecret: + + ## Tolerations for pod assignment + ## Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ + ## + tolerations: [] + + ## MySQL slave pods' Security Context + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ + ## + securityContext: + enabled: true + fsGroup: 1001 + runAsUser: 1001 + + ## MySQL slave containers' Security Context + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container + ## Example: + ## containerSecurityContext: + ## capabilities: + ## drop: ["NET_RAW"] + ## readOnlyRootFilesystem: true + ## + containerSecurityContext: {} + + ## MySQL slave containers' resource requests and limits + ## ref: http://kubernetes.io/docs/user-guide/compute-resources/ + ## + resources: + # We usually recommend not to specify default resources and to leave this as a conscious + # choice for the user. This also increases chances charts run on environments with little + # resources, such as Minikube. If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + limits: {} + # cpu: 250m + # memory: 256Mi + requests: {} + # cpu: 250m + # memory: 256Mi + + ## MySQL slave containers' liveness and readiness probes + ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes + ## + livenessProbe: + enabled: true + ## Initializing the database could take some time + ## + initialDelaySeconds: 120 + periodSeconds: 10 + timeoutSeconds: 1 + successThreshold: 1 + failureThreshold: 3 + readinessProbe: + enabled: true + ## Initializing the database could take some time + ## + initialDelaySeconds: 30 + periodSeconds: 10 + timeoutSeconds: 1 + successThreshold: 1 + failureThreshold: 3 + + ## Enable persistence using PVCs on slave nodes + ## ref: http://kubernetes.io/docs/user-guide/persistent-volumes/ + ## + persistence: + ## If true, use a Persistent Volume Claim, If false, use emptyDir + ## + enabled: true + mountPath: /bitnami/mysql + ## Persistent Volume Storage Class + ## If defined, storageClassName: + ## If set to "-", storageClassName: "", which disables dynamic provisioning + ## If undefined (the default) or set to null, no storageClassName spec is + ## set, choosing the default provisioner. (gp2 on AWS, standard on + ## GKE, AWS & OpenStack) + ## + # storageClass: "-" + ## PVC annotations + ## + annotations: {} + ## Persistent Volume Access Mode + ## + accessModes: + - ReadWriteOnce + ## Persistent Volume size + ## + size: 8Gi + ## Use an existing PVC + ## + # existingClaim: + +## MySQL Service properties +## +service: + ## MySQL Service type + ## + type: ClusterIP + + ## MySQL Service port + ## + port: 3306 + + ## Specify the nodePort value for the LoadBalancer and NodePort service types. + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport + ## + nodePort: + master: + slave: + + ## Provide any additional annotations which may be required. This can be used to + ## set the LoadBalancer service type to internal only. + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer + ## + annotations: {} + + ## loadBalancerIP for the PrestaShop Service (optional, cloud specific) + ## ref: http://kubernetes.io/docs/user-guide/services/#type-loadbalancer + ## + ## loadBalancerIP for the MySQL Service (optional, cloud specific) + ## ref: http://kubernetes.io/docs/user-guide/services/#type-loadbalancer + ## + # loadBalancerIP: + # master: + # slave: + +## MySQL prometheus metrics parameters +## ref: https://docs.influxdata.com/influxdb/v1.7/administration/server_monitoring/#influxdb-metrics-http-endpoint +## +metrics: + enabled: true + ## Bitnami MySQL Prometheus exporter image + ## ref: https://hub.docker.com/r/bitnami/mysqld-exporter/tags/ + ## + image: + registry: docker.io + repository: bitnami/mysqld-exporter + tag: 0.12.1-debian-10-r216 + pullPolicy: IfNotPresent + ## Optionally specify an array of imagePullSecrets. + ## Secrets must be manually created in the namespace. + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ + ## + # pullSecrets: + # - myRegistryKeySecretName + ## MySQL Prometheus exporter containers' resource requests and limits + ## ref: http://kubernetes.io/docs/user-guide/compute-resources/ + ## + resources: + # We usually recommend not to specify default resources and to leave this as a conscious + # choice for the user. This also increases chances charts run on environments with little + # resources, such as Minikube. If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + limits: {} + # cpu: 0.5 + # memory: 256Mi + requests: {} + # cpu: 0.5 + # memory: 256Mi + + ## MySQL Prometheus exporter service parameters + ## + service: + type: ClusterIP + port: 9104 + annotations: + prometheus.io/scrape: "true" + prometheus.io/port: "{{ .Values.metrics.service.port }}" + + ## Prometheus Operator ServiceMonitor configuration + ## + serviceMonitor: + enabled: false + ## Namespace in which Prometheus is running + ## + # namespace: monitoring + + ## Interval at which metrics should be scraped. + ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint + ## + # interval: 10s + + ## Timeout after which the scrape is ended + ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint + ## + # scrapeTimeout: 10s + + ## ServiceMonitor selector labels + ## ref: https://github.com/bitnami/charts/tree/master/bitnami/prometheus-operator#prometheus-configuration + ## + # selector: + # prometheus: my-prometheus diff --git a/gitea/charts/mysql/values.yaml b/gitea/charts/mysql/values.yaml new file mode 100644 index 0000000..f524729 --- /dev/null +++ b/gitea/charts/mysql/values.yaml @@ -0,0 +1,580 @@ +## Global Docker image parameters +## Please, note that this will override the image parameters, including dependencies, configured to use the global value +## Current available global Docker image parameters: imageRegistry and imagePullSecrets +## +# global: +# imageRegistry: myRegistryName +# imagePullSecrets: +# - myRegistryKeySecretName +# storageClass: myStorageClass + +## Bitnami MySQL image +## ref: https://hub.docker.com/r/bitnami/mysql/tags/ +## +image: + registry: docker.io + repository: bitnami/mysql + tag: 8.0.21-debian-10-r46 + ## Specify a imagePullPolicy + ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' + ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images + ## + pullPolicy: IfNotPresent + ## Optionally specify an array of imagePullSecrets. + ## Secrets must be manually created in the namespace. + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ + ## + # pullSecrets: + # - myRegistryKeySecretName + ## Set to true if you would like to see extra information on logs + ## It turns BASH debugging in minideb-extras-base + ## + debug: false + +## String to partially override mysql.fullname template (will maintain the release name) +## +# nameOverride: + +## String to fully override mysql.fullname template +## +# fullnameOverride: + +## Cluster domain +## +clusterDomain: cluster.local + +## Init containers parameters: +## volumePermissions: Change the owner and group of the persistent volume mountpoint to runAsUser:fsGroup values from the securityContext section. +## +volumePermissions: + enabled: false + image: + registry: docker.io + repository: bitnami/minideb + tag: buster + pullPolicy: Always + ## Optionally specify an array of imagePullSecrets. + ## Secrets must be manually created in the namespace. + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ + ## + # pullSecrets: + # - myRegistryKeySecretName + ## Init container' resource requests and limits + ## ref: http://kubernetes.io/docs/user-guide/compute-resources/ + ## + resources: + # We usually recommend not to specify default resources and to leave this as a conscious + # choice for the user. This also increases chances charts run on environments with little + # resources, such as Minikube. If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + limits: {} + # cpu: 100m + # memory: 128Mi + requests: {} + # cpu: 100m + # memory: 128Mi + +## Use existing secret (ignores root, db and replication passwords) +## +# existingSecret: + +## Admin (root) credentials +## +root: + ## MySQL admin password + ## ref: https://github.com/bitnami/bitnami-docker-mysql#setting-the-root-password-on-first-run + ## + password: + ## Option to force users to specify a password. That is required for 'helm upgrade' to work properly. + ## If it is not force, a random password will be generated. + ## + forcePassword: false + ## Mount admin password as a file instead of using an environment variable + ## + injectSecretsAsVolume: false + +## Custom user/db credentials +## +db: + ## MySQL username and password + ## ref: https://github.com/bitnami/bitnami-docker-mysql#creating-a-database-user-on-first-run + ## Note that this user should be different from the MySQL replication user (replication.user) + ## + user: + password: + ## Database to create + ## ref: https://github.com/bitnami/bitnami-docker-mysql#creating-a-database-on-first-run + ## + name: my_database + ## Option to force users to specify a password. That is required for 'helm upgrade' to work properly. + ## If it is not force, a random password will be generated. + ## + forcePassword: false + ## Mount replication user password as a file instead of using an environment variable + ## + injectSecretsAsVolume: false + +## Replication configuration +## +replication: + ## Enable replication. This enables the creation of replicas of MySQL. If false, only a + ## master deployment would be created + ## + enabled: true + ## + ## MySQL replication user + ## ref: https://github.com/bitnami/bitnami-docker-mysql#setting-up-a-replication-cluster + ## Note that this user should be different from the MySQL user (db.user) + ## + user: replicator + ## MySQL replication user password + ## ref: https://github.com/bitnami/bitnami-docker-mysql#setting-up-a-replication-cluster + ## + password: + ## Option to force users to specify a password. That is required for 'helm upgrade' to work properly. + ## If it is not force, a random password will be generated. + ## + forcePassword: false + ## Mount replication user password as a file instead of using an environment variable + ## + injectSecretsAsVolume: false + +## initdb scripts +## Specify dictionary of scripts to be run at first boot +## Alternatively, you can put your scripts under the files/docker-entrypoint-initdb.d directory +## +# initdbScripts: +# my_init_script.sh: | +# #!/bin/sh +# echo "Do something." +# +## ConfigMap with scripts to be run at first boot +## Note: This will override initdbScripts +# initdbScriptsConfigMap: + +serviceAccount: + create: true + ## Specify the name of the service account created/used + # name: + +## Master nodes parameters +## +master: + ## Configure MySQL with a custom my.cnf file + ## ref: https://mysql.com/kb/en/mysql/configuring-mysql-with-mycnf/#example-of-configuration-file + ## + config: |- + [mysqld] + default_authentication_plugin=mysql_native_password + skip-name-resolve + explicit_defaults_for_timestamp + basedir=/opt/bitnami/mysql + plugin_dir=/opt/bitnami/mysql/plugin + port=3306 + socket=/opt/bitnami/mysql/tmp/mysql.sock + datadir=/bitnami/mysql/data + tmpdir=/opt/bitnami/mysql/tmp + max_allowed_packet=16M + bind-address=0.0.0.0 + pid-file=/opt/bitnami/mysql/tmp/mysqld.pid + log-error=/opt/bitnami/mysql/logs/mysqld.log + character-set-server=UTF8 + collation-server=utf8_general_ci + + [client] + port=3306 + socket=/opt/bitnami/mysql/tmp/mysql.sock + default-character-set=UTF8 + plugin_dir=/opt/bitnami/mysql/plugin + + [manager] + port=3306 + socket=/opt/bitnami/mysql/tmp/mysql.sock + pid-file=/opt/bitnami/mysql/tmp/mysqld.pid + + ## updateStrategy for master nodes + ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies + ## + updateStrategy: + type: RollingUpdate + + ## Pod annotations + ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ + ## + podAnnotations: {} + + ## Affinity for pod assignment + ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity + ## + affinity: {} + + ## An array to add extra environment variables + ## For example: + ## extraEnvVars: + ## - name: TZ + ## value: "Europe/Paris" + ## + extraEnvVars: + + ## ConfigMap with extra env vars: + ## + extraEnvVarsCM: + + ## Secret with extra env vars: + ## + extraEnvVarsSecret: + + ## Node labels for pod assignment. Evaluated as a template. + ## Ref: https://kubernetes.io/docs/user-guide/node-selection/ + ## + nodeSelector: {} + + ## Tolerations for pod assignment + ## Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ + ## + tolerations: [] + + ## MySQL master pods' Security Context + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod + ## + securityContext: + enabled: true + fsGroup: 1001 + runAsUser: 1001 + + ## MySQL master containers' Security Context + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container + ## Example: + ## containerSecurityContext: + ## capabilities: + ## drop: ["NET_RAW"] + ## readOnlyRootFilesystem: true + ## + containerSecurityContext: {} + + ## MySQL master containers' resource requests and limits + ## ref: http://kubernetes.io/docs/user-guide/compute-resources/ + ## + resources: + # We usually recommend not to specify default resources and to leave this as a conscious + # choice for the user. This also increases chances charts run on environments with little + # resources, such as Minikube. If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + limits: {} + # cpu: 250m + # memory: 256Mi + requests: {} + # cpu: 250m + # memory: 256Mi + + ## MySQL master containers' liveness and readiness probes + ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes + ## + livenessProbe: + enabled: true + ## Initializing the database could take some time + ## + initialDelaySeconds: 120 + periodSeconds: 10 + timeoutSeconds: 1 + successThreshold: 1 + failureThreshold: 3 + readinessProbe: + enabled: true + ## Initializing the database could take some time + ## + initialDelaySeconds: 30 + periodSeconds: 10 + timeoutSeconds: 1 + successThreshold: 1 + failureThreshold: 3 + + ## Enable persistence using PVCs on master nodes + ## ref: http://kubernetes.io/docs/user-guide/persistent-volumes/ + ## + persistence: + ## If true, use a Persistent Volume Claim, If false, use emptyDir + ## + enabled: true + mountPath: /bitnami/mysql + ## Persistent Volume Storage Class + ## If defined, storageClassName: + ## If set to "-", storageClassName: "", which disables dynamic provisioning + ## If undefined (the default) or set to null, no storageClassName spec is + ## set, choosing the default provisioner. (gp2 on AWS, standard on + ## GKE, AWS & OpenStack) + ## + # storageClass: "-" + ## PVC annotations + ## + annotations: {} + ## Persistent Volume Access Mode + ## + accessModes: + - ReadWriteOnce + ## Persistent Volume size + ## + size: 8Gi + ## Use an existing PVC + ## + # existingClaim: + +## Slave nodes parameters +## +slave: + ## Number of slave replicas + ## + replicas: 1 + + ## Configure MySQL slave with a custom my.cnf file + ## ref: https://mysql.com/kb/en/mysql/configuring-mysql-with-mycnf/#example-of-configuration-file + ## + config: |- + [mysqld] + default_authentication_plugin=mysql_native_password + skip-name-resolve + explicit_defaults_for_timestamp + basedir=/opt/bitnami/mysql + port=3306 + socket=/opt/bitnami/mysql/tmp/mysql.sock + datadir=/bitnami/mysql/data + tmpdir=/opt/bitnami/mysql/tmp + max_allowed_packet=16M + bind-address=0.0.0.0 + pid-file=/opt/bitnami/mysql/tmp/mysqld.pid + log-error=/opt/bitnami/mysql/logs/mysqld.log + character-set-server=UTF8 + collation-server=utf8_general_ci + + [client] + port=3306 + socket=/opt/bitnami/mysql/tmp/mysql.sock + default-character-set=UTF8 + + [manager] + port=3306 + socket=/opt/bitnami/mysql/tmp/mysql.sock + pid-file=/opt/bitnami/mysql/tmp/mysqld.pid + + ## updateStrategy for slave nodes + ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies + ## + updateStrategy: + type: RollingUpdate + + ## Pod annotations + ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ + ## + podAnnotations: {} + + ## Affinity for pod assignment + ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity + ## + affinity: {} + + ## An array to add extra environment variables + ## For example: + ## extraEnvVars: + ## - name: TZ + ## value: "Europe/Paris" + ## + extraEnvVars: + + ## ConfigMap with extra env vars: + ## + extraEnvVarsCM: + + ## Secret with extra env vars: + ## + extraEnvVarsSecret: + + ## Node labels for pod assignment. Evaluated as a template. + ## Ref: https://kubernetes.io/docs/user-guide/node-selection/ + ## + nodeSelector: {} + + ## Tolerations for pod assignment + ## Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ + ## + tolerations: [] + + ## MySQL slave pods' Security Context + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ + ## + securityContext: + enabled: true + fsGroup: 1001 + runAsUser: 1001 + + ## MySQL slave containers' Security Context + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container + ## Example: + ## containerSecurityContext: + ## capabilities: + ## drop: ["NET_RAW"] + ## readOnlyRootFilesystem: true + ## + containerSecurityContext: {} + + ## MySQL slave containers' resource requests and limits + ## ref: http://kubernetes.io/docs/user-guide/compute-resources/ + ## + resources: + # We usually recommend not to specify default resources and to leave this as a conscious + # choice for the user. This also increases chances charts run on environments with little + # resources, such as Minikube. If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + limits: {} + # cpu: 250m + # memory: 256Mi + requests: {} + # cpu: 250m + # memory: 256Mi + + ## MySQL slave containers' liveness and readiness probes + ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes + ## + livenessProbe: + enabled: true + ## Initializing the database could take some time + ## + initialDelaySeconds: 120 + periodSeconds: 10 + timeoutSeconds: 1 + successThreshold: 1 + failureThreshold: 3 + readinessProbe: + enabled: true + ## Initializing the database could take some time + ## + initialDelaySeconds: 30 + periodSeconds: 10 + timeoutSeconds: 1 + successThreshold: 1 + failureThreshold: 3 + + ## Enable persistence using PVCs on slave nodes + ## ref: http://kubernetes.io/docs/user-guide/persistent-volumes/ + ## + persistence: + ## If true, use a Persistent Volume Claim, If false, use emptyDir + ## + enabled: true + mountPath: /bitnami/mysql + ## Persistent Volume Storage Class + ## If defined, storageClassName: + ## If set to "-", storageClassName: "", which disables dynamic provisioning + ## If undefined (the default) or set to null, no storageClassName spec is + ## set, choosing the default provisioner. (gp2 on AWS, standard on + ## GKE, AWS & OpenStack) + ## + # storageClass: "-" + ## PVC annotations + ## + annotations: {} + ## Persistent Volume Access Mode + ## + accessModes: + - ReadWriteOnce + ## Persistent Volume size + ## + size: 8Gi + ## Use an existing PVC + ## + # existingClaim: + +## MySQL Service properties +## +service: + ## MySQL Service type + ## + type: ClusterIP + + ## MySQL Service port + ## + port: 3306 + + ## Specify the nodePort value for the LoadBalancer and NodePort service types. + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport + ## + nodePort: + master: + slave: + + ## Provide any additional annotations which may be required. This can be used to + ## set the LoadBalancer service type to internal only. + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer + ## + annotations: {} + ## loadBalancerIP for the MySQL Service (optional, cloud specific) + ## ref: http://kubernetes.io/docs/user-guide/services/#type-loadbalancer + ## + # loadBalancerIP: + # master: + # slave: +## MySQL prometheus metrics parameters +## ref: https://docs.influxdata.com/influxdb/v1.7/administration/server_monitoring/#influxdb-metrics-http-endpoint +## +metrics: + enabled: false + ## Bitnami MySQL Prometheus exporter image + ## ref: https://hub.docker.com/r/bitnami/mysqld-exporter/tags/ + ## + image: + registry: docker.io + repository: bitnami/mysqld-exporter + tag: 0.12.1-debian-10-r216 + pullPolicy: IfNotPresent + ## Optionally specify an array of imagePullSecrets. + ## Secrets must be manually created in the namespace. + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ + ## + # pullSecrets: + # - myRegistryKeySecretName + ## MySQL Prometheus exporter containers' resource requests and limits + ## ref: http://kubernetes.io/docs/user-guide/compute-resources/ + ## + resources: + # We usually recommend not to specify default resources and to leave this as a conscious + # choice for the user. This also increases chances charts run on environments with little + # resources, such as Minikube. If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + limits: {} + # cpu: 0.5 + # memory: 256Mi + requests: {} + # cpu: 0.5 + # memory: 256Mi + + ## MySQL Prometheus exporter service parameters + ## + service: + type: ClusterIP + port: 9104 + annotations: + prometheus.io/scrape: "true" + prometheus.io/port: "{{ .Values.metrics.service.port }}" + + ## Prometheus Operator ServiceMonitor configuration + ## + serviceMonitor: + enabled: false + ## Namespace in which Prometheus is running + ## + # namespace: monitoring + + ## Interval at which metrics should be scraped. + ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint + ## + # interval: 10s + + ## Timeout after which the scrape is ended + ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint + ## + # scrapeTimeout: 10s + + ## ServiceMonitor selector labels + ## ref: https://github.com/bitnami/charts/tree/master/bitnami/prometheus-operator#prometheus-configuration + ## + # selector: + # prometheus: my-prometheus diff --git a/gitea/charts/postgresql/.helmignore b/gitea/charts/postgresql/.helmignore new file mode 100644 index 0000000..f0c1319 --- /dev/null +++ b/gitea/charts/postgresql/.helmignore @@ -0,0 +1,21 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj diff --git a/gitea/charts/postgresql/Chart.lock b/gitea/charts/postgresql/Chart.lock new file mode 100644 index 0000000..3687f52 --- /dev/null +++ b/gitea/charts/postgresql/Chart.lock @@ -0,0 +1,6 @@ +dependencies: +- name: common + repository: https://charts.bitnami.com/bitnami + version: 1.4.2 +digest: sha256:dce0349883107e3ff103f4f17d3af4ad1ea3c7993551b1c28865867d3e53d37c +generated: "2021-03-30T09:13:28.360322819Z" diff --git a/gitea/charts/postgresql/Chart.yaml b/gitea/charts/postgresql/Chart.yaml new file mode 100644 index 0000000..36a1cee --- /dev/null +++ b/gitea/charts/postgresql/Chart.yaml @@ -0,0 +1,29 @@ +annotations: + category: Database +apiVersion: v2 +appVersion: 11.11.0 +dependencies: +- name: common + repository: https://charts.bitnami.com/bitnami + version: 1.x.x +description: Chart for PostgreSQL, an object-relational database management system + (ORDBMS) with an emphasis on extensibility and on standards-compliance. +home: https://github.com/bitnami/charts/tree/master/bitnami/postgresql +icon: https://bitnami.com/assets/stacks/postgresql/img/postgresql-stack-220x234.png +keywords: +- postgresql +- postgres +- database +- sql +- replication +- cluster +maintainers: +- email: containers@bitnami.com + name: Bitnami +- email: cedric@desaintmartin.fr + name: desaintmartin +name: postgresql +sources: +- https://github.com/bitnami/bitnami-docker-postgresql +- https://www.postgresql.org/ +version: 10.3.17 diff --git a/gitea/charts/postgresql/README.md b/gitea/charts/postgresql/README.md new file mode 100644 index 0000000..63d3605 --- /dev/null +++ b/gitea/charts/postgresql/README.md @@ -0,0 +1,770 @@ +# PostgreSQL + +[PostgreSQL](https://www.postgresql.org/) is an object-relational database management system (ORDBMS) with an emphasis on extensibility and on standards-compliance. + +For HA, please see [this repo](https://github.com/bitnami/charts/tree/master/bitnami/postgresql-ha) + +## TL;DR + +```console +$ helm repo add bitnami https://charts.bitnami.com/bitnami +$ helm install my-release bitnami/postgresql +``` + +## Introduction + +This chart bootstraps a [PostgreSQL](https://github.com/bitnami/bitnami-docker-postgresql) deployment on a [Kubernetes](http://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager. + +Bitnami charts can be used with [Kubeapps](https://kubeapps.com/) for deployment and management of Helm Charts in clusters. This chart has been tested to work with NGINX Ingress, cert-manager, fluentd and Prometheus on top of the [BKPR](https://kubeprod.io/). + +## Prerequisites + +- Kubernetes 1.12+ +- Helm 3.1.0 +- PV provisioner support in the underlying infrastructure + +## Installing the Chart +To install the chart with the release name `my-release`: + +```console +$ helm install my-release bitnami/postgresql +``` + +The command deploys PostgreSQL on the Kubernetes cluster in the default configuration. The [Parameters](#parameters) section lists the parameters that can be configured during installation. + +> **Tip**: List all releases using `helm list` + +## Uninstalling the Chart + +To uninstall/delete the `my-release` deployment: + +```console +$ helm delete my-release +``` + +The command removes all the Kubernetes components but PVC's associated with the chart and deletes the release. + +To delete the PVC's associated with `my-release`: + +```console +$ kubectl delete pvc -l release=my-release +``` + +> **Note**: Deleting the PVC's will delete postgresql data as well. Please be cautious before doing it. + +## Parameters + +The following tables lists the configurable parameters of the PostgreSQL chart and their default values. + +| Parameter | Description | Default | +|-----------------------------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|---------------------------------------------------------------| +| `global.imageRegistry` | Global Docker Image registry | `nil` | +| `global.postgresql.postgresqlDatabase` | PostgreSQL database (overrides `postgresqlDatabase`) | `nil` | +| `global.postgresql.postgresqlUsername` | PostgreSQL username (overrides `postgresqlUsername`) | `nil` | +| `global.postgresql.existingSecret` | Name of existing secret to use for PostgreSQL passwords (overrides `existingSecret`) | `nil` | +| `global.postgresql.postgresqlPassword` | PostgreSQL admin password (overrides `postgresqlPassword`) | `nil` | +| `global.postgresql.servicePort` | PostgreSQL port (overrides `service.port`) | `nil` | +| `global.postgresql.replicationPassword` | Replication user password (overrides `replication.password`) | `nil` | +| `global.imagePullSecrets` | Global Docker registry secret names as an array | `[]` (does not add image pull secrets to deployed pods) | +| `global.storageClass` | Global storage class for dynamic provisioning | `nil` | +| `image.registry` | PostgreSQL Image registry | `docker.io` | +| `image.repository` | PostgreSQL Image name | `bitnami/postgresql` | +| `image.tag` | PostgreSQL Image tag | `{TAG_NAME}` | +| `image.pullPolicy` | PostgreSQL Image pull policy | `IfNotPresent` | +| `image.pullSecrets` | Specify Image pull secrets | `nil` (does not add image pull secrets to deployed pods) | +| `image.debug` | Specify if debug values should be set | `false` | +| `nameOverride` | String to partially override common.names.fullname template with a string (will prepend the release name) | `nil` | +| `fullnameOverride` | String to fully override common.names.fullname template with a string | `nil` | +| `volumePermissions.enabled` | Enable init container that changes volume permissions in the data directory (for cases where the default k8s `runAsUser` and `fsUser` values do not work) | `false` | +| `volumePermissions.image.registry` | Init container volume-permissions image registry | `docker.io` | +| `volumePermissions.image.repository` | Init container volume-permissions image name | `bitnami/bitnami-shell` | +| `volumePermissions.image.tag` | Init container volume-permissions image tag | `"10"` | +| `volumePermissions.image.pullPolicy` | Init container volume-permissions image pull policy | `Always` | +| `volumePermissions.securityContext.*` | Other container security context to be included as-is in the container spec | `{}` | +| `volumePermissions.securityContext.runAsUser` | User ID for the init container (when facing issues in OpenShift or uid unknown, try value "auto") | `0` | +| `usePasswordFile` | Have the secrets mounted as a file instead of env vars | `false` | +| `ldap.enabled` | Enable LDAP support | `false` | +| `ldap.existingSecret` | Name of existing secret to use for LDAP passwords | `nil` | +| `ldap.url` | LDAP URL beginning in the form `ldap[s]://host[:port]/basedn[?[attribute][?[scope][?[filter]]]]` | `nil` | +| `ldap.server` | IP address or name of the LDAP server. | `nil` | +| `ldap.port` | Port number on the LDAP server to connect to | `nil` | +| `ldap.scheme` | Set to `ldaps` to use LDAPS. | `nil` | +| `ldap.tls` | Set to `1` to use TLS encryption | `nil` | +| `ldap.prefix` | String to prepend to the user name when forming the DN to bind | `nil` | +| `ldap.suffix` | String to append to the user name when forming the DN to bind | `nil` | +| `ldap.search_attr` | Attribute to match against the user name in the search | `nil` | +| `ldap.search_filter` | The search filter to use when doing search+bind authentication | `nil` | +| `ldap.baseDN` | Root DN to begin the search for the user in | `nil` | +| `ldap.bindDN` | DN of user to bind to LDAP | `nil` | +| `ldap.bind_password` | Password for the user to bind to LDAP | `nil` | +| `replication.enabled` | Enable replication | `false` | +| `replication.user` | Replication user | `repl_user` | +| `replication.password` | Replication user password | `repl_password` | +| `replication.readReplicas` | Number of read replicas replicas | `1` | +| `replication.synchronousCommit` | Set synchronous commit mode. Allowed values: `on`, `remote_apply`, `remote_write`, `local` and `off` | `off` | +| `replication.numSynchronousReplicas` | Number of replicas that will have synchronous replication. Note: Cannot be greater than `replication.readReplicas`. | `0` | +| `replication.applicationName` | Cluster application name. Useful for advanced replication settings | `my_application` | +| `existingSecret` | Name of existing secret to use for PostgreSQL passwords. The secret has to contain the keys `postgresql-password` which is the password for `postgresqlUsername` when it is different of `postgres`, `postgresql-postgres-password` which will override `postgresqlPassword`, `postgresql-replication-password` which will override `replication.password` and `postgresql-ldap-password` which will be used to authenticate on LDAP. The value is evaluated as a template. | `nil` | +| `postgresqlPostgresPassword` | PostgreSQL admin password (used when `postgresqlUsername` is not `postgres`, in which case`postgres` is the admin username). | _random 10 character alphanumeric string_ | +| `postgresqlUsername` | PostgreSQL user (creates a non-admin user when `postgresqlUsername` is not `postgres`) | `postgres` | +| `postgresqlPassword` | PostgreSQL user password | _random 10 character alphanumeric string_ | +| `postgresqlDatabase` | PostgreSQL database | `nil` | +| `postgresqlDataDir` | PostgreSQL data dir folder | `/bitnami/postgresql` (same value as persistence.mountPath) | +| `extraEnv` | Any extra environment variables you would like to pass on to the pod. The value is evaluated as a template. | `[]` | +| `extraEnvVarsCM` | Name of a Config Map containing extra environment variables you would like to pass on to the pod. The value is evaluated as a template. | `nil` | +| `postgresqlInitdbArgs` | PostgreSQL initdb extra arguments | `nil` | +| `postgresqlInitdbWalDir` | PostgreSQL location for transaction log | `nil` | +| `postgresqlConfiguration` | Runtime Config Parameters | `nil` | +| `postgresqlExtendedConf` | Extended Runtime Config Parameters (appended to main or default configuration) | `nil` | +| `pgHbaConfiguration` | Content of pg_hba.conf | `nil (do not create pg_hba.conf)` | +| `postgresqlSharedPreloadLibraries` | Shared preload libraries (comma-separated list) | `pgaudit` | +| `postgresqlMaxConnections` | Maximum total connections | `nil` | +| `postgresqlPostgresConnectionLimit` | Maximum total connections for the postgres user | `nil` | +| `postgresqlDbUserConnectionLimit` | Maximum total connections for the non-admin user | `nil` | +| `postgresqlTcpKeepalivesInterval` | TCP keepalives interval | `nil` | +| `postgresqlTcpKeepalivesIdle` | TCP keepalives idle | `nil` | +| `postgresqlTcpKeepalivesCount` | TCP keepalives count | `nil` | +| `postgresqlStatementTimeout` | Statement timeout | `nil` | +| `postgresqlPghbaRemoveFilters` | Comma-separated list of patterns to remove from the pg_hba.conf file | `nil` | +| `customStartupProbe` | Override default startup probe | `nil` | +| `customLivenessProbe` | Override default liveness probe | `nil` | +| `customReadinessProbe` | Override default readiness probe | `nil` | +| `audit.logHostname` | Add client hostnames to the log file | `false` | +| `audit.logConnections` | Add client log-in operations to the log file | `false` | +| `audit.logDisconnections` | Add client log-outs operations to the log file | `false` | +| `audit.pgAuditLog` | Add operations to log using the pgAudit extension | `nil` | +| `audit.clientMinMessages` | Message log level to share with the user | `nil` | +| `audit.logLinePrefix` | Template string for the log line prefix | `nil` | +| `audit.logTimezone` | Timezone for the log timestamps | `nil` | +| `configurationConfigMap` | ConfigMap with the PostgreSQL configuration files (Note: Overrides `postgresqlConfiguration` and `pgHbaConfiguration`). The value is evaluated as a template. | `nil` | +| `extendedConfConfigMap` | ConfigMap with the extended PostgreSQL configuration files. The value is evaluated as a template. | `nil` | +| `initdbScripts` | Dictionary of initdb scripts | `nil` | +| `initdbUser` | PostgreSQL user to execute the .sql and sql.gz scripts | `nil` | +| `initdbPassword` | Password for the user specified in `initdbUser` | `nil` | +| `initdbScriptsConfigMap` | ConfigMap with the initdb scripts (Note: Overrides `initdbScripts`). The value is evaluated as a template. | `nil` | +| `initdbScriptsSecret` | Secret with initdb scripts that contain sensitive information (Note: can be used with `initdbScriptsConfigMap` or `initdbScripts`). The value is evaluated as a template. | `nil` | +| `service.type` | Kubernetes Service type | `ClusterIP` | +| `service.port` | PostgreSQL port | `5432` | +| `service.nodePort` | Kubernetes Service nodePort | `nil` | +| `service.annotations` | Annotations for PostgreSQL service | `{}` (evaluated as a template) | +| `service.loadBalancerIP` | loadBalancerIP if service type is `LoadBalancer` | `nil` | +| `service.loadBalancerSourceRanges` | Address that are allowed when svc is LoadBalancer | `[]` (evaluated as a template) | +| `schedulerName` | Name of the k8s scheduler (other than default) | `nil` | +| `shmVolume.enabled` | Enable emptyDir volume for /dev/shm for primary and read replica(s) Pod(s) | `true` | +| `shmVolume.chmod.enabled` | Run at init chmod 777 of the /dev/shm (ignored if `volumePermissions.enabled` is `false`) | `true` | +| `persistence.enabled` | Enable persistence using PVC | `true` | +| `persistence.existingClaim` | Provide an existing `PersistentVolumeClaim`, the value is evaluated as a template. | `nil` | +| `persistence.mountPath` | Path to mount the volume at | `/bitnami/postgresql` | +| `persistence.subPath` | Subdirectory of the volume to mount at | `""` | +| `persistence.storageClass` | PVC Storage Class for PostgreSQL volume | `nil` | +| `persistence.accessModes` | PVC Access Mode for PostgreSQL volume | `[ReadWriteOnce]` | +| `persistence.size` | PVC Storage Request for PostgreSQL volume | `8Gi` | +| `persistence.annotations` | Annotations for the PVC | `{}` | +| `persistence.selector` | Selector to match an existing Persistent Volume (this value is evaluated as a template) | `{}` | +| `commonAnnotations` | Annotations to be added to all deployed resources (rendered as a template) | `{}` | +| `primary.podAffinityPreset` | PostgreSQL primary pod affinity preset. Ignored if `primary.affinity` is set. Allowed values: `soft` or `hard` | `""` | +| `primary.podAntiAffinityPreset` | PostgreSQL primary pod anti-affinity preset. Ignored if `primary.affinity` is set. Allowed values: `soft` or `hard` | `soft` | +| `primary.nodeAffinityPreset.type` | PostgreSQL primary node affinity preset type. Ignored if `primary.affinity` is set. Allowed values: `soft` or `hard` | `""` | +| `primary.nodeAffinityPreset.key` | PostgreSQL primary node label key to match Ignored if `primary.affinity` is set. | `""` | +| `primary.nodeAffinityPreset.values` | PostgreSQL primary node label values to match. Ignored if `primary.affinity` is set. | `[]` | +| `primary.affinity` | Affinity for PostgreSQL primary pods assignment | `{}` (evaluated as a template) | +| `primary.nodeSelector` | Node labels for PostgreSQL primary pods assignment | `{}` (evaluated as a template) | +| `primary.tolerations` | Tolerations for PostgreSQL primary pods assignment | `[]` (evaluated as a template) | +| `primary.anotations` | Map of annotations to add to the statefulset (postgresql primary) | `{}` | +| `primary.labels` | Map of labels to add to the statefulset (postgresql primary) | `{}` | +| `primary.podAnnotations` | Map of annotations to add to the pods (postgresql primary) | `{}` | +| `primary.podLabels` | Map of labels to add to the pods (postgresql primary) | `{}` | +| `primary.priorityClassName` | Priority Class to use for each pod (postgresql primary) | `nil` | +| `primary.extraInitContainers` | Additional init containers to add to the pods (postgresql primary) | `[]` | +| `primary.extraVolumeMounts` | Additional volume mounts to add to the pods (postgresql primary) | `[]` | +| `primary.extraVolumes` | Additional volumes to add to the pods (postgresql primary) | `[]` | +| `primary.sidecars` | Add additional containers to the pod | `[]` | +| `primary.service.type` | Allows using a different service type for primary | `nil` | +| `primary.service.nodePort` | Allows using a different nodePort for primary | `nil` | +| `primary.service.clusterIP` | Allows using a different clusterIP for primary | `nil` | +| `primaryAsStandBy.enabled` | Whether to enable current cluster's primary as standby server of another cluster or not. | `false` | +| `primaryAsStandBy.primaryHost` | The Host of replication primary in the other cluster. | `nil` | +| `primaryAsStandBy.primaryPort ` | The Port of replication primary in the other cluster. | `nil` | +| `readReplicas.podAffinityPreset` | PostgreSQL read only pod affinity preset. Ignored if `primary.affinity` is set. Allowed values: `soft` or `hard` | `""` | +| `readReplicas.podAntiAffinityPreset` | PostgreSQL read only pod anti-affinity preset. Ignored if `primary.affinity` is set. Allowed values: `soft` or `hard` | `soft` | +| `readReplicas.nodeAffinityPreset.type` | PostgreSQL read only node affinity preset type. Ignored if `primary.affinity` is set. Allowed values: `soft` or `hard` | `""` | +| `readReplicas.nodeAffinityPreset.key` | PostgreSQL read only node label key to match Ignored if `primary.affinity` is set. | `""` | +| `readReplicas.nodeAffinityPreset.values` | PostgreSQL read only node label values to match. Ignored if `primary.affinity` is set. | `[]` | +| `readReplicas.affinity` | Affinity for PostgreSQL read only pods assignment | `{}` (evaluated as a template) | +| `readReplicas.nodeSelector` | Node labels for PostgreSQL read only pods assignment | `{}` (evaluated as a template) | +| `readReplicas.anotations` | Map of annotations to add to the statefulsets (postgresql readReplicas) | `{}` | +| `readReplicas.resources` | CPU/Memory resource requests/limits override for readReplicass. Will fallback to `values.resources` if not defined. | `{}` | +| `readReplicas.labels` | Map of labels to add to the statefulsets (postgresql readReplicas) | `{}` | +| `readReplicas.podAnnotations` | Map of annotations to add to the pods (postgresql readReplicas) | `{}` | +| `readReplicas.podLabels` | Map of labels to add to the pods (postgresql readReplicas) | `{}` | +| `readReplicas.priorityClassName` | Priority Class to use for each pod (postgresql readReplicas) | `nil` | +| `readReplicas.extraInitContainers` | Additional init containers to add to the pods (postgresql readReplicas) | `[]` | +| `readReplicas.extraVolumeMounts` | Additional volume mounts to add to the pods (postgresql readReplicas) | `[]` | +| `readReplicas.extraVolumes` | Additional volumes to add to the pods (postgresql readReplicas) | `[]` | +| `readReplicas.sidecars` | Add additional containers to the pod | `[]` | +| `readReplicas.service.type` | Allows using a different service type for readReplicas | `nil` | +| `readReplicas.service.nodePort` | Allows using a different nodePort for readReplicas | `nil` | +| `readReplicas.service.clusterIP` | Allows using a different clusterIP for readReplicas | `nil` | +| `readReplicas.persistence.enabled` | Whether to enable readReplicas replicas persistence | `true` | +| `terminationGracePeriodSeconds` | Seconds the pod needs to terminate gracefully | `nil` | +| `resources` | CPU/Memory resource requests/limits | Memory: `256Mi`, CPU: `250m` | +| `securityContext.*` | Other pod security context to be included as-is in the pod spec | `{}` | +| `securityContext.enabled` | Enable security context | `true` | +| `securityContext.fsGroup` | Group ID for the pod | `1001` | +| `containerSecurityContext.*` | Other container security context to be included as-is in the container spec | `{}` | +| `containerSecurityContext.enabled` | Enable container security context | `true` | +| `containerSecurityContext.runAsUser` | User ID for the container | `1001` | +| `serviceAccount.enabled` | Enable service account (Note: Service Account will only be automatically created if `serviceAccount.name` is not set) | `false` | +| `serviceAccount.name` | Name of existing service account | `nil` | +| `networkPolicy.enabled` | Enable NetworkPolicy | `false` | +| `networkPolicy.allowExternal` | Don't require client label for connections | `true` | +| `networkPolicy.explicitNamespacesSelector` | A Kubernetes LabelSelector to explicitly select namespaces from which ingress traffic could be allowed | `{}` | +| `startupProbe.enabled` | Enable startupProbe | `false` | +| `startupProbe.initialDelaySeconds` | Delay before liveness probe is initiated | 30 | +| `startupProbe.periodSeconds` | How often to perform the probe | 15 | +| `startupProbe.timeoutSeconds` | When the probe times | 5 | +| `startupProbe.failureThreshold` | Minimum consecutive failures for the probe to be considered failed after having succeeded. | 10 | +| `startupProbe.successThreshold` | Minimum consecutive successes for the probe to be considered successful after having failed. | 1 | +| `livenessProbe.enabled` | Enable livenessProbe | `true` | +| `livenessProbe.initialDelaySeconds` | Delay before liveness probe is initiated | 30 | +| `livenessProbe.periodSeconds` | How often to perform the probe | 10 | +| `livenessProbe.timeoutSeconds` | When the probe times out | 5 | +| `livenessProbe.failureThreshold` | Minimum consecutive failures for the probe to be considered failed after having succeeded. | 6 | +| `livenessProbe.successThreshold` | Minimum consecutive successes for the probe to be considered successful after having failed | 1 | +| `readinessProbe.enabled` | Enable readinessProbe | `true` | +| `readinessProbe.initialDelaySeconds` | Delay before readiness probe is initiated | 5 | +| `readinessProbe.periodSeconds` | How often to perform the probe | 10 | +| `readinessProbe.timeoutSeconds` | When the probe times out | 5 | +| `readinessProbe.failureThreshold` | Minimum consecutive failures for the probe to be considered failed after having succeeded. | 6 | +| `readinessProbe.successThreshold` | Minimum consecutive successes for the probe to be considered successful after having failed | 1 | +| `tls.enabled` | Enable TLS traffic support | `false` | +| `tls.preferServerCiphers` | Whether to use the server's TLS cipher preferences rather than the client's | `true` | +| `tls.certificatesSecret` | Name of an existing secret that contains the certificates | `nil` | +| `tls.certFilename` | Certificate filename | `""` | +| `tls.certKeyFilename` | Certificate key filename | `""` | +| `tls.certCAFilename` | CA Certificate filename. If provided, PostgreSQL will authenticate TLS/SSL clients by requesting them a certificate. | `nil` | +| `tls.crlFilename` | File containing a Certificate Revocation List | `nil` | +| `metrics.enabled` | Start a prometheus exporter | `false` | +| `metrics.service.type` | Kubernetes Service type | `ClusterIP` | +| `service.clusterIP` | Static clusterIP or None for headless services | `nil` | +| `metrics.service.annotations` | Additional annotations for metrics exporter pod | `{ prometheus.io/scrape: "true", prometheus.io/port: "9187"}` | +| `metrics.service.loadBalancerIP` | loadBalancerIP if redis metrics service type is `LoadBalancer` | `nil` | +| `metrics.serviceMonitor.enabled` | Set this to `true` to create ServiceMonitor for Prometheus operator | `false` | +| `metrics.serviceMonitor.additionalLabels` | Additional labels that can be used so ServiceMonitor will be discovered by Prometheus | `{}` | +| `metrics.serviceMonitor.namespace` | Optional namespace in which to create ServiceMonitor | `nil` | +| `metrics.serviceMonitor.interval` | Scrape interval. If not set, the Prometheus default scrape interval is used | `nil` | +| `metrics.serviceMonitor.scrapeTimeout` | Scrape timeout. If not set, the Prometheus default scrape timeout is used | `nil` | +| `metrics.prometheusRule.enabled` | Set this to true to create prometheusRules for Prometheus operator | `false` | +| `metrics.prometheusRule.additionalLabels` | Additional labels that can be used so prometheusRules will be discovered by Prometheus | `{}` | +| `metrics.prometheusRule.namespace` | namespace where prometheusRules resource should be created | the same namespace as postgresql | +| `metrics.prometheusRule.rules` | [rules](https://prometheus.io/docs/prometheus/latest/configuration/alerting_rules/) to be created, check values for an example. | `[]` | +| `metrics.image.registry` | PostgreSQL Exporter Image registry | `docker.io` | +| `metrics.image.repository` | PostgreSQL Exporter Image name | `bitnami/postgres-exporter` | +| `metrics.image.tag` | PostgreSQL Exporter Image tag | `{TAG_NAME}` | +| `metrics.image.pullPolicy` | PostgreSQL Exporter Image pull policy | `IfNotPresent` | +| `metrics.image.pullSecrets` | Specify Image pull secrets | `nil` (does not add image pull secrets to deployed pods) | +| `metrics.customMetrics` | Additional custom metrics | `nil` | +| `metrics.extraEnvVars` | Extra environment variables to add to exporter | `{}` (evaluated as a template) | +| `metrics.securityContext.*` | Other container security context to be included as-is in the container spec | `{}` | +| `metrics.securityContext.enabled` | Enable security context for metrics | `false` | +| `metrics.securityContext.runAsUser` | User ID for the container for metrics | `1001` | +| `metrics.livenessProbe.initialDelaySeconds` | Delay before liveness probe is initiated | 30 | +| `metrics.livenessProbe.periodSeconds` | How often to perform the probe | 10 | +| `metrics.livenessProbe.timeoutSeconds` | When the probe times out | 5 | +| `metrics.livenessProbe.failureThreshold` | Minimum consecutive failures for the probe to be considered failed after having succeeded. | 6 | +| `metrics.livenessProbe.successThreshold` | Minimum consecutive successes for the probe to be considered successful after having failed | 1 | +| `metrics.readinessProbe.enabled` | would you like a readinessProbe to be enabled | `true` | +| `metrics.readinessProbe.initialDelaySeconds` | Delay before liveness probe is initiated | 5 | +| `metrics.readinessProbe.periodSeconds` | How often to perform the probe | 10 | +| `metrics.readinessProbe.timeoutSeconds` | When the probe times out | 5 | +| `metrics.readinessProbe.failureThreshold` | Minimum consecutive failures for the probe to be considered failed after having succeeded. | 6 | +| `metrics.readinessProbe.successThreshold` | Minimum consecutive successes for the probe to be considered successful after having failed | 1 | +| `updateStrategy` | Update strategy policy | `{type: "RollingUpdate"}` | +| `psp.create` | Create Pod Security Policy | `false` | +| `rbac.create` | Create Role and RoleBinding (required for PSP to work) | `false` | +| `extraDeploy` | Array of extra objects to deploy with the release (evaluated as a template). | `nil` | + +Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example, + +```console +$ helm install my-release \ + --set postgresqlPassword=secretpassword,postgresqlDatabase=my-database \ + bitnami/postgresql +``` + +The above command sets the PostgreSQL `postgres` account password to `secretpassword`. Additionally it creates a database named `my-database`. + +> NOTE: Once this chart is deployed, it is not possible to change the application's access credentials, such as usernames or passwords, using Helm. To change these application credentials after deployment, delete any persistent volumes (PVs) used by the chart and re-deploy it, or use the application's built-in administrative tools if available. + +Alternatively, a YAML file that specifies the values for the parameters can be provided while installing the chart. For example, + +```console +$ helm install my-release -f values.yaml bitnami/postgresql +``` + +> **Tip**: You can use the default [values.yaml](values.yaml) + +## Configuration and installation details + +### [Rolling VS Immutable tags](https://docs.bitnami.com/containers/how-to/understand-rolling-tags-containers/) + +It is strongly recommended to use immutable tags in a production environment. This ensures your deployment does not change automatically if the same tag is updated with a different image. + +Bitnami will release a new chart updating its containers if a new version of the main container, significant changes, or critical vulnerabilities exist. + +### Customizing primary and read replica services in a replicated configuration + +At the top level, there is a service object which defines the services for both primary and readReplicas. For deeper customization, there are service objects for both the primary and read types individually. This allows you to override the values in the top level service object so that the primary and read can be of different service types and with different clusterIPs / nodePorts. Also in the case you want the primary and read to be of type nodePort, you will need to set the nodePorts to different values to prevent a collision. The values that are deeper in the primary.service or readReplicas.service objects will take precedence over the top level service object. + +### Change PostgreSQL version + +To modify the PostgreSQL version used in this chart you can specify a [valid image tag](https://hub.docker.com/r/bitnami/postgresql/tags/) using the `image.tag` parameter. For example, `image.tag=X.Y.Z`. This approach is also applicable to other images like exporters. + +### postgresql.conf / pg_hba.conf files as configMap + +This helm chart also supports to customize the whole configuration file. + +Add your custom file to "files/postgresql.conf" in your working directory. This file will be mounted as configMap to the containers and it will be used for configuring the PostgreSQL server. + +Alternatively, you can add additional PostgreSQL configuration parameters using the `postgresqlExtendedConf` parameter as a dict, using camelCase, e.g. {"sharedBuffers": "500MB"}. Alternatively, to replace the entire default configuration use `postgresqlConfiguration`. + +In addition to these options, you can also set an external ConfigMap with all the configuration files. This is done by setting the `configurationConfigMap` parameter. Note that this will override the two previous options. + +### Allow settings to be loaded from files other than the default `postgresql.conf` + +If you don't want to provide the whole PostgreSQL configuration file and only specify certain parameters, you can add your extended `.conf` files to "files/conf.d/" in your working directory. +Those files will be mounted as configMap to the containers adding/overwriting the default configuration using the `include_dir` directive that allows settings to be loaded from files other than the default `postgresql.conf`. + +Alternatively, you can also set an external ConfigMap with all the extra configuration files. This is done by setting the `extendedConfConfigMap` parameter. Note that this will override the previous option. + +### Initialize a fresh instance + +The [Bitnami PostgreSQL](https://github.com/bitnami/bitnami-docker-postgresql) image allows you to use your custom scripts to initialize a fresh instance. In order to execute the scripts, they must be located inside the chart folder `files/docker-entrypoint-initdb.d` so they can be consumed as a ConfigMap. + +Alternatively, you can specify custom scripts using the `initdbScripts` parameter as dict. + +In addition to these options, you can also set an external ConfigMap with all the initialization scripts. This is done by setting the `initdbScriptsConfigMap` parameter. Note that this will override the two previous options. If your initialization scripts contain sensitive information such as credentials or passwords, you can use the `initdbScriptsSecret` parameter. + +The allowed extensions are `.sh`, `.sql` and `.sql.gz`. + +### Securing traffic using TLS + +TLS support can be enabled in the chart by specifying the `tls.` parameters while creating a release. The following parameters should be configured to properly enable the TLS support in the chart: + +- `tls.enabled`: Enable TLS support. Defaults to `false` +- `tls.certificatesSecret`: Name of an existing secret that contains the certificates. No defaults. +- `tls.certFilename`: Certificate filename. No defaults. +- `tls.certKeyFilename`: Certificate key filename. No defaults. + +For example: + +* First, create the secret with the cetificates files: + + ```console + kubectl create secret generic certificates-tls-secret --from-file=./cert.crt --from-file=./cert.key --from-file=./ca.crt + ``` + +* Then, use the following parameters: + + ```console + volumePermissions.enabled=true + tls.enabled=true + tls.certificatesSecret="certificates-tls-secret" + tls.certFilename="cert.crt" + tls.certKeyFilename="cert.key" + ``` + + > Note TLS and VolumePermissions: PostgreSQL requires certain permissions on sensitive files (such as certificate keys) to start up. Due to an on-going [issue](https://github.com/kubernetes/kubernetes/issues/57923) regarding kubernetes permissions and the use of `containerSecurityContext.runAsUser`, you must enable `volumePermissions` to ensure everything works as expected. + +### Sidecars + +If you need additional containers to run within the same pod as PostgreSQL (e.g. an additional metrics or logging exporter), you can do so via the `sidecars` config parameter. Simply define your container according to the Kubernetes container spec. + +```yaml +# For the PostgreSQL primary +primary: + sidecars: + - name: your-image-name + image: your-image + imagePullPolicy: Always + ports: + - name: portname + containerPort: 1234 +# For the PostgreSQL replicas +readReplicas: + sidecars: + - name: your-image-name + image: your-image + imagePullPolicy: Always + ports: + - name: portname + containerPort: 1234 +``` + +### Metrics + +The chart optionally can start a metrics exporter for [prometheus](https://prometheus.io). The metrics endpoint (port 9187) is not exposed and it is expected that the metrics are collected from inside the k8s cluster using something similar as the described in the [example Prometheus scrape configuration](https://github.com/prometheus/prometheus/blob/master/documentation/examples/prometheus-kubernetes.yml). + +The exporter allows to create custom metrics from additional SQL queries. See the Chart's `values.yaml` for an example and consult the [exporters documentation](https://github.com/wrouesnel/postgres_exporter#adding-new-metrics-via-a-config-file) for more details. + +### Use of global variables + +In more complex scenarios, we may have the following tree of dependencies + +``` + +--------------+ + | | + +------------+ Chart 1 +-----------+ + | | | | + | --------+------+ | + | | | + | | | + | | | + | | | + v v v ++-------+------+ +--------+------+ +--------+------+ +| | | | | | +| PostgreSQL | | Sub-chart 1 | | Sub-chart 2 | +| | | | | | ++--------------+ +---------------+ +---------------+ +``` + +The three charts below depend on the parent chart Chart 1. However, subcharts 1 and 2 may need to connect to PostgreSQL as well. In order to do so, subcharts 1 and 2 need to know the PostgreSQL credentials, so one option for deploying could be deploy Chart 1 with the following parameters: + +``` +postgresql.postgresqlPassword=testtest +subchart1.postgresql.postgresqlPassword=testtest +subchart2.postgresql.postgresqlPassword=testtest +postgresql.postgresqlDatabase=db1 +subchart1.postgresql.postgresqlDatabase=db1 +subchart2.postgresql.postgresqlDatabase=db1 +``` + +If the number of dependent sub-charts increases, installing the chart with parameters can become increasingly difficult. An alternative would be to set the credentials using global variables as follows: + +``` +global.postgresql.postgresqlPassword=testtest +global.postgresql.postgresqlDatabase=db1 +``` + +This way, the credentials will be available in all of the subcharts. + +## Persistence + +The [Bitnami PostgreSQL](https://github.com/bitnami/bitnami-docker-postgresql) image stores the PostgreSQL data and configurations at the `/bitnami/postgresql` path of the container. + +Persistent Volume Claims are used to keep the data across deployments. This is known to work in GCE, AWS, and minikube. +See the [Parameters](#parameters) section to configure the PVC or to disable persistence. + +If you already have data in it, you will fail to sync to standby nodes for all commits, details can refer to [code](https://github.com/bitnami/bitnami-docker-postgresql/blob/8725fe1d7d30ebe8d9a16e9175d05f7ad9260c93/9.6/debian-9/rootfs/libpostgresql.sh#L518-L556). If you need to use those data, please covert them to sql and import after `helm install` finished. + +## NetworkPolicy + +To enable network policy for PostgreSQL, install [a networking plugin that implements the Kubernetes NetworkPolicy spec](https://kubernetes.io/docs/tasks/administer-cluster/declare-network-policy#before-you-begin), and set `networkPolicy.enabled` to `true`. + +For Kubernetes v1.5 & v1.6, you must also turn on NetworkPolicy by setting the DefaultDeny namespace annotation. Note: this will enforce policy for _all_ pods in the namespace: + +```console +$ kubectl annotate namespace default "net.beta.kubernetes.io/network-policy={\"ingress\":{\"isolation\":\"DefaultDeny\"}}" +``` + +With NetworkPolicy enabled, traffic will be limited to just port 5432. + +For more precise policy, set `networkPolicy.allowExternal=false`. This will only allow pods with the generated client label to connect to PostgreSQL. +This label will be displayed in the output of a successful install. + +## Differences between Bitnami PostgreSQL image and [Docker Official](https://hub.docker.com/_/postgres) image + +- The Docker Official PostgreSQL image does not support replication. If you pass any replication environment variable, this would be ignored. The only environment variables supported by the Docker Official image are POSTGRES_USER, POSTGRES_DB, POSTGRES_PASSWORD, POSTGRES_INITDB_ARGS, POSTGRES_INITDB_WALDIR and PGDATA. All the remaining environment variables are specific to the Bitnami PostgreSQL image. +- The Bitnami PostgreSQL image is non-root by default. This requires that you run the pod with `securityContext` and updates the permissions of the volume with an `initContainer`. A key benefit of this configuration is that the pod follows security best practices and is prepared to run on Kubernetes distributions with hard security constraints like OpenShift. +- For OpenShift, one may either define the runAsUser and fsGroup accordingly, or try this more dynamic option: volumePermissions.securityContext.runAsUser="auto",securityContext.enabled=false,containerSecurityContext.enabled=false,shmVolume.chmod.enabled=false + +### Deploy chart using Docker Official PostgreSQL Image + +From chart version 4.0.0, it is possible to use this chart with the Docker Official PostgreSQL image. +Besides specifying the new Docker repository and tag, it is important to modify the PostgreSQL data directory and volume mount point. Basically, the PostgreSQL data dir cannot be the mount point directly, it has to be a subdirectory. + +``` +image.repository=postgres +image.tag=10.6 +postgresqlDataDir=/data/pgdata +persistence.mountPath=/data/ +``` + +### Setting Pod's affinity + +This chart allows you to set your custom affinity using the `XXX.affinity` paremeter(s). Find more infomation about Pod's affinity in the [kubernetes documentation](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity). + +As an alternative, you can use of the preset configurations for pod affinity, pod anti-affinity, and node affinity available at the [bitnami/common](https://github.com/bitnami/charts/tree/master/bitnami/common#affinities) chart. To do so, set the `XXX.podAffinityPreset`, `XXX.podAntiAffinityPreset`, or `XXX.nodeAffinityPreset` parameters. + +## Troubleshooting + +Find more information about how to deal with common errors related to Bitnami’s Helm charts in [this troubleshooting guide](https://docs.bitnami.com/general/how-to/troubleshoot-helm-chart-issues). + +## Upgrading + +It's necessary to specify the existing passwords while performing an upgrade to ensure the secrets are not updated with invalid randomly generated passwords. Remember to specify the existing values of the `postgresqlPassword` and `replication.password` parameters when upgrading the chart: + +```bash +$ helm upgrade my-release bitnami/postgresql \ + --set postgresqlPassword=[POSTGRESQL_PASSWORD] \ + --set replication.password=[REPLICATION_PASSWORD] +``` + +> Note: you need to substitute the placeholders _[POSTGRESQL_PASSWORD]_, and _[REPLICATION_PASSWORD]_ with the values obtained from instructions in the installation notes. + +### To 10.0.0 + +[On November 13, 2020, Helm v2 support was formally finished](https://github.com/helm/charts#status-of-the-project), this major version is the result of the required changes applied to the Helm Chart to be able to incorporate the different features added in Helm v3 and to be consistent with the Helm project itself regarding the Helm v2 EOL. + +**What changes were introduced in this major version?** + +- Previous versions of this Helm Chart use `apiVersion: v1` (installable by both Helm 2 and 3), this Helm Chart was updated to `apiVersion: v2` (installable by Helm 3 only). [Here](https://helm.sh/docs/topics/charts/#the-apiversion-field) you can find more information about the `apiVersion` field. +- Move dependency information from the *requirements.yaml* to the *Chart.yaml* +- After running `helm dependency update`, a *Chart.lock* file is generated containing the same structure used in the previous *requirements.lock* +- The different fields present in the *Chart.yaml* file has been ordered alphabetically in a homogeneous way for all the Bitnami Helm Chart. + +**Considerations when upgrading to this version** + +- If you want to upgrade to this version using Helm v2, this scenario is not supported as this version doesn't support Helm v2 anymore +- If you installed the previous version with Helm v2 and wants to upgrade to this version with Helm v3, please refer to the [official Helm documentation](https://helm.sh/docs/topics/v2_v3_migration/#migration-use-cases) about migrating from Helm v2 to v3 + +**Useful links** + +- https://docs.bitnami.com/tutorials/resolve-helm2-helm3-post-migration-issues/ +- https://helm.sh/docs/topics/v2_v3_migration/ +- https://helm.sh/blog/migrate-from-helm-v2-to-helm-v3/ + +#### Breaking changes + +- The term `master` has been replaced with `primary` and `slave` with `readReplicas` throughout the chart. Role names have changed from `master` and `slave` to `primary` and `read`. + +To upgrade to `10.0.0`, it should be done reusing the PVCs used to hold the PostgreSQL data on your previous release. To do so, follow the instructions below (the following example assumes that the release name is `postgresql`): + +> NOTE: Please, create a backup of your database before running any of those actions. + +Obtain the credentials and the names of the PVCs used to hold the PostgreSQL data on your current release: + +```console +$ export POSTGRESQL_PASSWORD=$(kubectl get secret --namespace default postgresql -o jsonpath="{.data.postgresql-password}" | base64 --decode) +$ export POSTGRESQL_PVC=$(kubectl get pvc -l app.kubernetes.io/instance=postgresql,role=master -o jsonpath="{.items[0].metadata.name}") +``` + +Delete the PostgreSQL statefulset. Notice the option `--cascade=false`: + +```console +$ kubectl delete statefulsets.apps postgresql-postgresql --cascade=false +``` + +Now the upgrade works: + +```console +$ helm upgrade postgresql bitnami/postgresql --set postgresqlPassword=$POSTGRESQL_PASSWORD --set persistence.existingClaim=$POSTGRESQL_PVC +``` + +You will have to delete the existing PostgreSQL pod and the new statefulset is going to create a new one + +```console +$ kubectl delete pod postgresql-postgresql-0 +``` + +Finally, you should see the lines below in PostgreSQL container logs: + +```console +$ kubectl logs $(kubectl get pods -l app.kubernetes.io/instance=postgresql,app.kubernetes.io/name=postgresql,role=primary -o jsonpath="{.items[0].metadata.name}") +... +postgresql 08:05:12.59 INFO ==> Deploying PostgreSQL with persisted data... +... +``` + +### To 9.0.0 + +In this version the chart was adapted to follow the Helm label best practices, see [PR 3021](https://github.com/bitnami/charts/pull/3021). That means the backward compatibility is not guarantee when upgrading the chart to this major version. + +As a workaround, you can delete the existing statefulset (using the `--cascade=false` flag pods are not deleted) before upgrade the chart. For example, this can be a valid workflow: + +- Deploy an old version (8.X.X) + +```console +$ helm install postgresql bitnami/postgresql --version 8.10.14 +``` + +- Old version is up and running + +```console +$ helm ls +NAME NAMESPACE REVISION UPDATED STATUS CHART APP VERSION +postgresql default 1 2020-08-04 13:39:54.783480286 +0000 UTC deployed postgresql-8.10.14 11.8.0 + +$ kubectl get pods +NAME READY STATUS RESTARTS AGE +postgresql-postgresql-0 1/1 Running 0 76s +``` + +- The upgrade to the latest one (9.X.X) is going to fail + +```console +$ helm upgrade postgresql bitnami/postgresql +Error: UPGRADE FAILED: cannot patch "postgresql-postgresql" with kind StatefulSet: StatefulSet.apps "postgresql-postgresql" is invalid: spec: Forbidden: updates to statefulset spec for fields other than 'replicas', 'template', and 'updateStrategy' are forbidden +``` + +- Delete the statefulset + +```console +$ kubectl delete statefulsets.apps --cascade=false postgresql-postgresql +statefulset.apps "postgresql-postgresql" deleted +``` + +- Now the upgrade works + +```console +$ helm upgrade postgresql bitnami/postgresql +$ helm ls +NAME NAMESPACE REVISION UPDATED STATUS CHART APP VERSION +postgresql default 3 2020-08-04 13:42:08.020385884 +0000 UTC deployed postgresql-9.1.2 11.8.0 +``` + +- We can kill the existing pod and the new statefulset is going to create a new one: + +```console +$ kubectl delete pod postgresql-postgresql-0 +pod "postgresql-postgresql-0" deleted + +$ kubectl get pods +NAME READY STATUS RESTARTS AGE +postgresql-postgresql-0 1/1 Running 0 19s +``` + +Please, note that without the `--cascade=false` both objects (statefulset and pod) are going to be removed and both objects will be deployed again with the `helm upgrade` command + +### To 8.0.0 + +Prefixes the port names with their protocols to comply with Istio conventions. + +If you depend on the port names in your setup, make sure to update them to reflect this change. + +### To 7.1.0 + +Adds support for LDAP configuration. + +### To 7.0.0 + +Helm performs a lookup for the object based on its group (apps), version (v1), and kind (Deployment). Also known as its GroupVersionKind, or GVK. Changing the GVK is considered a compatibility breaker from Kubernetes' point of view, so you cannot "upgrade" those objects to the new GVK in-place. Earlier versions of Helm 3 did not perform the lookup correctly which has since been fixed to match the spec. + +In https://github.com/helm/charts/pull/17281 the `apiVersion` of the statefulset resources was updated to `apps/v1` in tune with the api's deprecated, resulting in compatibility breakage. + +This major version bump signifies this change. + +### To 6.5.7 + +In this version, the chart will use PostgreSQL with the Postgis extension included. The version used with Postgresql version 10, 11 and 12 is Postgis 2.5. It has been compiled with the following dependencies: + +- protobuf +- protobuf-c +- json-c +- geos +- proj + +### To 5.0.0 + +In this version, the **chart is using PostgreSQL 11 instead of PostgreSQL 10**. You can find the main difference and notable changes in the following links: [https://www.postgresql.org/about/news/1894/](https://www.postgresql.org/about/news/1894/) and [https://www.postgresql.org/about/featurematrix/](https://www.postgresql.org/about/featurematrix/). + +For major releases of PostgreSQL, the internal data storage format is subject to change, thus complicating upgrades, you can see some errors like the following one in the logs: + +```console +Welcome to the Bitnami postgresql container +Subscribe to project updates by watching https://github.com/bitnami/bitnami-docker-postgresql +Submit issues and feature requests at https://github.com/bitnami/bitnami-docker-postgresql/issues +Send us your feedback at containers@bitnami.com + +INFO ==> ** Starting PostgreSQL setup ** +NFO ==> Validating settings in POSTGRESQL_* env vars.. +INFO ==> Initializing PostgreSQL database... +INFO ==> postgresql.conf file not detected. Generating it... +INFO ==> pg_hba.conf file not detected. Generating it... +INFO ==> Deploying PostgreSQL with persisted data... +INFO ==> Configuring replication parameters +INFO ==> Loading custom scripts... +INFO ==> Enabling remote connections +INFO ==> Stopping PostgreSQL... +INFO ==> ** PostgreSQL setup finished! ** + +INFO ==> ** Starting PostgreSQL ** + [1] FATAL: database files are incompatible with server + [1] DETAIL: The data directory was initialized by PostgreSQL version 10, which is not compatible with this version 11.3. +``` + +In this case, you should migrate the data from the old chart to the new one following an approach similar to that described in [this section](https://www.postgresql.org/docs/current/upgrading.html#UPGRADING-VIA-PGDUMPALL) from the official documentation. Basically, create a database dump in the old chart, move and restore it in the new one. + +### To 4.0.0 + +This chart will use by default the Bitnami PostgreSQL container starting from version `10.7.0-r68`. This version moves the initialization logic from node.js to bash. This new version of the chart requires setting the `POSTGRES_PASSWORD` in the slaves as well, in order to properly configure the `pg_hba.conf` file. Users from previous versions of the chart are advised to upgrade immediately. + +IMPORTANT: If you do not want to upgrade the chart version then make sure you use the `10.7.0-r68` version of the container. Otherwise, you will get this error + +``` +The POSTGRESQL_PASSWORD environment variable is empty or not set. Set the environment variable ALLOW_EMPTY_PASSWORD=yes to allow the container to be started with blank passwords. This is recommended only for development +``` + +### To 3.0.0 + +This releases make it possible to specify different nodeSelector, affinity and tolerations for master and slave pods. +It also fixes an issue with `postgresql.master.fullname` helper template not obeying fullnameOverride. + +#### Breaking changes + +- `affinty` has been renamed to `master.affinity` and `slave.affinity`. +- `tolerations` has been renamed to `master.tolerations` and `slave.tolerations`. +- `nodeSelector` has been renamed to `master.nodeSelector` and `slave.nodeSelector`. + +### To 2.0.0 + +In order to upgrade from the `0.X.X` branch to `1.X.X`, you should follow the below steps: + +- Obtain the service name (`SERVICE_NAME`) and password (`OLD_PASSWORD`) of the existing postgresql chart. You can find the instructions to obtain the password in the NOTES.txt, the service name can be obtained by running + +```console +$ kubectl get svc +``` + +- Install (not upgrade) the new version + +```console +$ helm repo update +$ helm install my-release bitnami/postgresql +``` + +- Connect to the new pod (you can obtain the name by running `kubectl get pods`): + +```console +$ kubectl exec -it NAME bash +``` + +- Once logged in, create a dump file from the previous database using `pg_dump`, for that we should connect to the previous postgresql chart: + +```console +$ pg_dump -h SERVICE_NAME -U postgres DATABASE_NAME > /tmp/backup.sql +``` + +After run above command you should be prompted for a password, this password is the previous chart password (`OLD_PASSWORD`). +This operation could take some time depending on the database size. + +- Once you have the backup file, you can restore it with a command like the one below: + +```console +$ psql -U postgres DATABASE_NAME < /tmp/backup.sql +``` + +In this case, you are accessing to the local postgresql, so the password should be the new one (you can find it in NOTES.txt). + +If you want to restore the database and the database schema does not exist, it is necessary to first follow the steps described below. + +```console +$ psql -U postgres +postgres=# drop database DATABASE_NAME; +postgres=# create database DATABASE_NAME; +postgres=# create user USER_NAME; +postgres=# alter role USER_NAME with password 'BITNAMI_USER_PASSWORD'; +postgres=# grant all privileges on database DATABASE_NAME to USER_NAME; +postgres=# alter database DATABASE_NAME owner to USER_NAME; +``` diff --git a/gitea/charts/postgresql/charts/common/.helmignore b/gitea/charts/postgresql/charts/common/.helmignore new file mode 100644 index 0000000..50af031 --- /dev/null +++ b/gitea/charts/postgresql/charts/common/.helmignore @@ -0,0 +1,22 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/gitea/charts/postgresql/charts/common/Chart.yaml b/gitea/charts/postgresql/charts/common/Chart.yaml new file mode 100644 index 0000000..bcc3808 --- /dev/null +++ b/gitea/charts/postgresql/charts/common/Chart.yaml @@ -0,0 +1,23 @@ +annotations: + category: Infrastructure +apiVersion: v2 +appVersion: 1.4.2 +description: A Library Helm Chart for grouping common logic between bitnami charts. + This chart is not deployable by itself. +home: https://github.com/bitnami/charts/tree/master/bitnami/common +icon: https://bitnami.com/downloads/logos/bitnami-mark.png +keywords: +- common +- helper +- template +- function +- bitnami +maintainers: +- email: containers@bitnami.com + name: Bitnami +name: common +sources: +- https://github.com/bitnami/charts +- http://www.bitnami.com/ +type: library +version: 1.4.2 diff --git a/gitea/charts/postgresql/charts/common/README.md b/gitea/charts/postgresql/charts/common/README.md new file mode 100644 index 0000000..7287cbb --- /dev/null +++ b/gitea/charts/postgresql/charts/common/README.md @@ -0,0 +1,322 @@ +# Bitnami Common Library Chart + +A [Helm Library Chart](https://helm.sh/docs/topics/library_charts/#helm) for grouping common logic between bitnami charts. + +## TL;DR + +```yaml +dependencies: + - name: common + version: 0.x.x + repository: https://charts.bitnami.com/bitnami +``` + +```bash +$ helm dependency update +``` + +```yaml +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.names.fullname" . }} +data: + myvalue: "Hello World" +``` + +## Introduction + +This chart provides a common template helpers which can be used to develop new charts using [Helm](https://helm.sh) package manager. + +Bitnami charts can be used with [Kubeapps](https://kubeapps.com/) for deployment and management of Helm Charts in clusters. This Helm chart has been tested on top of [Bitnami Kubernetes Production Runtime](https://kubeprod.io/) (BKPR). Deploy BKPR to get automated TLS certificates, logging and monitoring for your applications. + +## Prerequisites + +- Kubernetes 1.12+ +- Helm 3.1.0 + +## Parameters + +The following table lists the helpers available in the library which are scoped in different sections. + +### Affinities + +| Helper identifier | Description | Expected Input | +|-------------------------------|------------------------------------------------------|------------------------------------------------| +| `common.affinities.node.soft` | Return a soft nodeAffinity definition | `dict "key" "FOO" "values" (list "BAR" "BAZ")` | +| `common.affinities.node.hard` | Return a hard nodeAffinity definition | `dict "key" "FOO" "values" (list "BAR" "BAZ")` | +| `common.affinities.pod.soft` | Return a soft podAffinity/podAntiAffinity definition | `dict "component" "FOO" "context" $` | +| `common.affinities.pod.hard` | Return a hard podAffinity/podAntiAffinity definition | `dict "component" "FOO" "context" $` | + +### Capabilities + +| Helper identifier | Description | Expected Input | +|----------------------------------------------|------------------------------------------------------------------------------------------------|-------------------| +| `common.capabilities.kubeVersion` | Return the target Kubernetes version (using client default if .Values.kubeVersion is not set). | `.` Chart context | +| `common.capabilities.deployment.apiVersion` | Return the appropriate apiVersion for deployment. | `.` Chart context | +| `common.capabilities.statefulset.apiVersion` | Return the appropriate apiVersion for statefulset. | `.` Chart context | +| `common.capabilities.ingress.apiVersion` | Return the appropriate apiVersion for ingress. | `.` Chart context | +| `common.capabilities.rbac.apiVersion` | Return the appropriate apiVersion for RBAC resources. | `.` Chart context | +| `common.capabilities.crd.apiVersion` | Return the appropriate apiVersion for CRDs. | `.` Chart context | +| `common.capabilities.supportsHelmVersion` | Returns true if the used Helm version is 3.3+ | `.` Chart context | + +### Errors + +| Helper identifier | Description | Expected Input | +|-----------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-------------------------------------------------------------------------------------| +| `common.errors.upgrade.passwords.empty` | It will ensure required passwords are given when we are upgrading a chart. If `validationErrors` is not empty it will throw an error and will stop the upgrade action. | `dict "validationErrors" (list $validationError00 $validationError01) "context" $` | + +### Images + +| Helper identifier | Description | Expected Input | +|-----------------------------|------------------------------------------------------|---------------------------------------------------------------------------------------------------------| +| `common.images.image` | Return the proper and full image name | `dict "imageRoot" .Values.path.to.the.image "global" $`, see [ImageRoot](#imageroot) for the structure. | +| `common.images.pullSecrets` | Return the proper Docker Image Registry Secret Names | `dict "images" (list .Values.path.to.the.image1, .Values.path.to.the.image2) "global" .Values.global` | + +### Ingress + +| Helper identifier | Description | Expected Input | +|--------------------------|----------------------------------------------------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| `common.ingress.backend` | Generate a proper Ingress backend entry depending on the API version | `dict "serviceName" "foo" "servicePort" "bar"`, see the [Ingress deprecation notice](https://kubernetes.io/blog/2019/07/18/api-deprecations-in-1-16/) for the syntax differences | + +### Labels + +| Helper identifier | Description | Expected Input | +|-----------------------------|------------------------------------------------------|-------------------| +| `common.labels.standard` | Return Kubernetes standard labels | `.` Chart context | +| `common.labels.matchLabels` | Return the proper Docker Image Registry Secret Names | `.` Chart context | + +### Names + +| Helper identifier | Description | Expected Inpput | +|-------------------------|------------------------------------------------------------|-------------------| +| `common.names.name` | Expand the name of the chart or use `.Values.nameOverride` | `.` Chart context | +| `common.names.fullname` | Create a default fully qualified app name. | `.` Chart context | +| `common.names.chart` | Chart name plus version | `.` Chart context | + +### Secrets + +| Helper identifier | Description | Expected Input | +|---------------------------|--------------------------------------------------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| `common.secrets.name` | Generate the name of the secret. | `dict "existingSecret" .Values.path.to.the.existingSecret "defaultNameSuffix" "mySuffix" "context" $` see [ExistingSecret](#existingsecret) for the structure. | +| `common.secrets.key` | Generate secret key. | `dict "existingSecret" .Values.path.to.the.existingSecret "key" "keyName"` see [ExistingSecret](#existingsecret) for the structure. | +| `common.passwords.manage` | Generate secret password or retrieve one if already created. | `dict "secret" "secret-name" "key" "keyName" "providedValues" (list "path.to.password1" "path.to.password2") "length" 10 "strong" false "chartName" "chartName" "context" $`, length, strong and chartNAme fields are optional. | +| `common.secrets.exists` | Returns whether a previous generated secret already exists. | `dict "secret" "secret-name" "context" $` | + +### Storage + +| Helper identifier | Description | Expected Input | +|-------------------------------|---------------------------------------|---------------------------------------------------------------------------------------------------------------------| +| `common.affinities.node.soft` | Return a soft nodeAffinity definition | `dict "persistence" .Values.path.to.the.persistence "global" $`, see [Persistence](#persistence) for the structure. | + +### TplValues + +| Helper identifier | Description | Expected Input | +|---------------------------|----------------------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------| +| `common.tplvalues.render` | Renders a value that contains template | `dict "value" .Values.path.to.the.Value "context" $`, value is the value should rendered as template, context frequently is the chart context `$` or `.` | + +### Utils + +| Helper identifier | Description | Expected Input | +|--------------------------------|------------------------------------------------------------------------------------------|------------------------------------------------------------------------| +| `common.utils.fieldToEnvVar` | Build environment variable name given a field. | `dict "field" "my-password"` | +| `common.utils.secret.getvalue` | Print instructions to get a secret value. | `dict "secret" "secret-name" "field" "secret-value-field" "context" $` | +| `common.utils.getValueFromKey` | Gets a value from `.Values` object given its key path | `dict "key" "path.to.key" "context" $` | +| `common.utils.getKeyFromList` | Returns first `.Values` key with a defined value or first of the list if all non-defined | `dict "keys" (list "path.to.key1" "path.to.key2") "context" $` | + +### Validations + +| Helper identifier | Description | Expected Input | +|--------------------------------------------------|-------------------------------------------------------------------------------------------------------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| `common.validations.values.single.empty` | Validate a value must not be empty. | `dict "valueKey" "path.to.value" "secret" "secret.name" "field" "my-password" "subchart" "subchart" "context" $` secret, field and subchart are optional. In case they are given, the helper will generate a how to get instruction. See [ValidateValue](#validatevalue) | +| `common.validations.values.multiple.empty` | Validate a multiple values must not be empty. It returns a shared error for all the values. | `dict "required" (list $validateValueConf00 $validateValueConf01) "context" $`. See [ValidateValue](#validatevalue) | +| `common.validations.values.mariadb.passwords` | This helper will ensure required password for MariaDB are not empty. It returns a shared error for all the values. | `dict "secret" "mariadb-secret" "subchart" "true" "context" $` subchart field is optional and could be true or false it depends on where you will use mariadb chart and the helper. | +| `common.validations.values.postgresql.passwords` | This helper will ensure required password for PostgreSQL are not empty. It returns a shared error for all the values. | `dict "secret" "postgresql-secret" "subchart" "true" "context" $` subchart field is optional and could be true or false it depends on where you will use postgresql chart and the helper. | +| `common.validations.values.redis.passwords` | This helper will ensure required password for RedisTM are not empty. It returns a shared error for all the values. | `dict "secret" "redis-secret" "subchart" "true" "context" $` subchart field is optional and could be true or false it depends on where you will use redis chart and the helper. | +| `common.validations.values.cassandra.passwords` | This helper will ensure required password for Cassandra are not empty. It returns a shared error for all the values. | `dict "secret" "cassandra-secret" "subchart" "true" "context" $` subchart field is optional and could be true or false it depends on where you will use cassandra chart and the helper. | +| `common.validations.values.mongodb.passwords` | This helper will ensure required password for MongoDB® are not empty. It returns a shared error for all the values. | `dict "secret" "mongodb-secret" "subchart" "true" "context" $` subchart field is optional and could be true or false it depends on where you will use mongodb chart and the helper. | + +### Warnings + +| Helper identifier | Description | Expected Input | +|------------------------------|----------------------------------|------------------------------------------------------------| +| `common.warnings.rollingTag` | Warning about using rolling tag. | `ImageRoot` see [ImageRoot](#imageroot) for the structure. | + +## Special input schemas + +### ImageRoot + +```yaml +registry: + type: string + description: Docker registry where the image is located + example: docker.io + +repository: + type: string + description: Repository and image name + example: bitnami/nginx + +tag: + type: string + description: image tag + example: 1.16.1-debian-10-r63 + +pullPolicy: + type: string + description: Specify a imagePullPolicy. Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' + +pullSecrets: + type: array + items: + type: string + description: Optionally specify an array of imagePullSecrets. + +debug: + type: boolean + description: Set to true if you would like to see extra information on logs + example: false + +## An instance would be: +# registry: docker.io +# repository: bitnami/nginx +# tag: 1.16.1-debian-10-r63 +# pullPolicy: IfNotPresent +# debug: false +``` + +### Persistence + +```yaml +enabled: + type: boolean + description: Whether enable persistence. + example: true + +storageClass: + type: string + description: Ghost data Persistent Volume Storage Class, If set to "-", storageClassName: "" which disables dynamic provisioning. + example: "-" + +accessMode: + type: string + description: Access mode for the Persistent Volume Storage. + example: ReadWriteOnce + +size: + type: string + description: Size the Persistent Volume Storage. + example: 8Gi + +path: + type: string + description: Path to be persisted. + example: /bitnami + +## An instance would be: +# enabled: true +# storageClass: "-" +# accessMode: ReadWriteOnce +# size: 8Gi +# path: /bitnami +``` + +### ExistingSecret + +```yaml +name: + type: string + description: Name of the existing secret. + example: mySecret +keyMapping: + description: Mapping between the expected key name and the name of the key in the existing secret. + type: object + +## An instance would be: +# name: mySecret +# keyMapping: +# password: myPasswordKey +``` + +#### Example of use + +When we store sensitive data for a deployment in a secret, some times we want to give to users the possibility of using theirs existing secrets. + +```yaml +# templates/secret.yaml +--- +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "common.names.fullname" . }} + labels: + app: {{ include "common.names.fullname" . }} +type: Opaque +data: + password: {{ .Values.password | b64enc | quote }} + +# templates/dpl.yaml +--- +... + env: + - name: PASSWORD + valueFrom: + secretKeyRef: + name: {{ include "common.secrets.name" (dict "existingSecret" .Values.existingSecret "context" $) }} + key: {{ include "common.secrets.key" (dict "existingSecret" .Values.existingSecret "key" "password") }} +... + +# values.yaml +--- +name: mySecret +keyMapping: + password: myPasswordKey +``` + +### ValidateValue + +#### NOTES.txt + +```console +{{- $validateValueConf00 := (dict "valueKey" "path.to.value00" "secret" "secretName" "field" "password-00") -}} +{{- $validateValueConf01 := (dict "valueKey" "path.to.value01" "secret" "secretName" "field" "password-01") -}} + +{{ include "common.validations.values.multiple.empty" (dict "required" (list $validateValueConf00 $validateValueConf01) "context" $) }} +``` + +If we force those values to be empty we will see some alerts + +```console +$ helm install test mychart --set path.to.value00="",path.to.value01="" + 'path.to.value00' must not be empty, please add '--set path.to.value00=$PASSWORD_00' to the command. To get the current value: + + export PASSWORD_00=$(kubectl get secret --namespace default secretName -o jsonpath="{.data.password-00}" | base64 --decode) + + 'path.to.value01' must not be empty, please add '--set path.to.value01=$PASSWORD_01' to the command. To get the current value: + + export PASSWORD_01=$(kubectl get secret --namespace default secretName -o jsonpath="{.data.password-01}" | base64 --decode) +``` + +## Upgrading + +### To 1.0.0 + +[On November 13, 2020, Helm v2 support was formally finished](https://github.com/helm/charts#status-of-the-project), this major version is the result of the required changes applied to the Helm Chart to be able to incorporate the different features added in Helm v3 and to be consistent with the Helm project itself regarding the Helm v2 EOL. + +**What changes were introduced in this major version?** + +- Previous versions of this Helm Chart use `apiVersion: v1` (installable by both Helm 2 and 3), this Helm Chart was updated to `apiVersion: v2` (installable by Helm 3 only). [Here](https://helm.sh/docs/topics/charts/#the-apiversion-field) you can find more information about the `apiVersion` field. +- Use `type: library`. [Here](https://v3.helm.sh/docs/faq/#library-chart-support) you can find more information. +- The different fields present in the *Chart.yaml* file has been ordered alphabetically in a homogeneous way for all the Bitnami Helm Charts + +**Considerations when upgrading to this version** + +- If you want to upgrade to this version from a previous one installed with Helm v3, you shouldn't face any issues +- If you want to upgrade to this version using Helm v2, this scenario is not supported as this version doesn't support Helm v2 anymore +- If you installed the previous version with Helm v2 and wants to upgrade to this version with Helm v3, please refer to the [official Helm documentation](https://helm.sh/docs/topics/v2_v3_migration/#migration-use-cases) about migrating from Helm v2 to v3 + +**Useful links** + +- https://docs.bitnami.com/tutorials/resolve-helm2-helm3-post-migration-issues/ +- https://helm.sh/docs/topics/v2_v3_migration/ +- https://helm.sh/blog/migrate-from-helm-v2-to-helm-v3/ diff --git a/gitea/charts/postgresql/charts/common/templates/_affinities.tpl b/gitea/charts/postgresql/charts/common/templates/_affinities.tpl new file mode 100644 index 0000000..493a6dc --- /dev/null +++ b/gitea/charts/postgresql/charts/common/templates/_affinities.tpl @@ -0,0 +1,94 @@ +{{/* vim: set filetype=mustache: */}} + +{{/* +Return a soft nodeAffinity definition +{{ include "common.affinities.nodes.soft" (dict "key" "FOO" "values" (list "BAR" "BAZ")) -}} +*/}} +{{- define "common.affinities.nodes.soft" -}} +preferredDuringSchedulingIgnoredDuringExecution: + - preference: + matchExpressions: + - key: {{ .key }} + operator: In + values: + {{- range .values }} + - {{ . }} + {{- end }} + weight: 1 +{{- end -}} + +{{/* +Return a hard nodeAffinity definition +{{ include "common.affinities.nodes.hard" (dict "key" "FOO" "values" (list "BAR" "BAZ")) -}} +*/}} +{{- define "common.affinities.nodes.hard" -}} +requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: {{ .key }} + operator: In + values: + {{- range .values }} + - {{ . }} + {{- end }} +{{- end -}} + +{{/* +Return a nodeAffinity definition +{{ include "common.affinities.nodes" (dict "type" "soft" "key" "FOO" "values" (list "BAR" "BAZ")) -}} +*/}} +{{- define "common.affinities.nodes" -}} + {{- if eq .type "soft" }} + {{- include "common.affinities.nodes.soft" . -}} + {{- else if eq .type "hard" }} + {{- include "common.affinities.nodes.hard" . -}} + {{- end -}} +{{- end -}} + +{{/* +Return a soft podAffinity/podAntiAffinity definition +{{ include "common.affinities.pods.soft" (dict "component" "FOO" "context" $) -}} +*/}} +{{- define "common.affinities.pods.soft" -}} +{{- $component := default "" .component -}} +preferredDuringSchedulingIgnoredDuringExecution: + - podAffinityTerm: + labelSelector: + matchLabels: {{- (include "common.labels.matchLabels" .context) | nindent 10 }} + {{- if not (empty $component) }} + {{ printf "app.kubernetes.io/component: %s" $component }} + {{- end }} + namespaces: + - {{ .context.Release.Namespace | quote }} + topologyKey: kubernetes.io/hostname + weight: 1 +{{- end -}} + +{{/* +Return a hard podAffinity/podAntiAffinity definition +{{ include "common.affinities.pods.hard" (dict "component" "FOO" "context" $) -}} +*/}} +{{- define "common.affinities.pods.hard" -}} +{{- $component := default "" .component -}} +requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchLabels: {{- (include "common.labels.matchLabels" .context) | nindent 8 }} + {{- if not (empty $component) }} + {{ printf "app.kubernetes.io/component: %s" $component }} + {{- end }} + namespaces: + - {{ .context.Release.Namespace | quote }} + topologyKey: kubernetes.io/hostname +{{- end -}} + +{{/* +Return a podAffinity/podAntiAffinity definition +{{ include "common.affinities.pods" (dict "type" "soft" "key" "FOO" "values" (list "BAR" "BAZ")) -}} +*/}} +{{- define "common.affinities.pods" -}} + {{- if eq .type "soft" }} + {{- include "common.affinities.pods.soft" . -}} + {{- else if eq .type "hard" }} + {{- include "common.affinities.pods.hard" . -}} + {{- end -}} +{{- end -}} diff --git a/gitea/charts/postgresql/charts/common/templates/_capabilities.tpl b/gitea/charts/postgresql/charts/common/templates/_capabilities.tpl new file mode 100644 index 0000000..4dde56a --- /dev/null +++ b/gitea/charts/postgresql/charts/common/templates/_capabilities.tpl @@ -0,0 +1,95 @@ +{{/* vim: set filetype=mustache: */}} + +{{/* +Return the target Kubernetes version +*/}} +{{- define "common.capabilities.kubeVersion" -}} +{{- if .Values.global }} + {{- if .Values.global.kubeVersion }} + {{- .Values.global.kubeVersion -}} + {{- else }} + {{- default .Capabilities.KubeVersion.Version .Values.kubeVersion -}} + {{- end -}} +{{- else }} +{{- default .Capabilities.KubeVersion.Version .Values.kubeVersion -}} +{{- end -}} +{{- end -}} + +{{/* +Return the appropriate apiVersion for deployment. +*/}} +{{- define "common.capabilities.deployment.apiVersion" -}} +{{- if semverCompare "<1.14-0" (include "common.capabilities.kubeVersion" .) -}} +{{- print "extensions/v1beta1" -}} +{{- else -}} +{{- print "apps/v1" -}} +{{- end -}} +{{- end -}} + +{{/* +Return the appropriate apiVersion for statefulset. +*/}} +{{- define "common.capabilities.statefulset.apiVersion" -}} +{{- if semverCompare "<1.14-0" (include "common.capabilities.kubeVersion" .) -}} +{{- print "apps/v1beta1" -}} +{{- else -}} +{{- print "apps/v1" -}} +{{- end -}} +{{- end -}} + +{{/* +Return the appropriate apiVersion for ingress. +*/}} +{{- define "common.capabilities.ingress.apiVersion" -}} +{{- if .Values.ingress -}} +{{- if .Values.ingress.apiVersion -}} +{{- .Values.ingress.apiVersion -}} +{{- else if semverCompare "<1.14-0" (include "common.capabilities.kubeVersion" .) -}} +{{- print "extensions/v1beta1" -}} +{{- else if semverCompare "<1.19-0" (include "common.capabilities.kubeVersion" .) -}} +{{- print "networking.k8s.io/v1beta1" -}} +{{- else -}} +{{- print "networking.k8s.io/v1" -}} +{{- end }} +{{- else if semverCompare "<1.14-0" (include "common.capabilities.kubeVersion" .) -}} +{{- print "extensions/v1beta1" -}} +{{- else if semverCompare "<1.19-0" (include "common.capabilities.kubeVersion" .) -}} +{{- print "networking.k8s.io/v1beta1" -}} +{{- else -}} +{{- print "networking.k8s.io/v1" -}} +{{- end -}} +{{- end -}} + +{{/* +Return the appropriate apiVersion for RBAC resources. +*/}} +{{- define "common.capabilities.rbac.apiVersion" -}} +{{- if semverCompare "<1.17-0" (include "common.capabilities.kubeVersion" .) -}} +{{- print "rbac.authorization.k8s.io/v1beta1" -}} +{{- else -}} +{{- print "rbac.authorization.k8s.io/v1" -}} +{{- end -}} +{{- end -}} + +{{/* +Return the appropriate apiVersion for CRDs. +*/}} +{{- define "common.capabilities.crd.apiVersion" -}} +{{- if semverCompare "<1.19-0" (include "common.capabilities.kubeVersion" .) -}} +{{- print "apiextensions.k8s.io/v1beta1" -}} +{{- else -}} +{{- print "apiextensions.k8s.io/v1" -}} +{{- end -}} +{{- end -}} + +{{/* +Returns true if the used Helm version is 3.3+. +A way to check the used Helm version was not introduced until version 3.3.0 with .Capabilities.HelmVersion, which contains an additional "{}}" structure. +This check is introduced as a regexMatch instead of {{ if .Capabilities.HelmVersion }} because checking for the key HelmVersion in <3.3 results in a "interface not found" error. +**To be removed when the catalog's minimun Helm version is 3.3** +*/}} +{{- define "common.capabilities.supportsHelmVersion" -}} +{{- if regexMatch "{(v[0-9])*[^}]*}}$" (.Capabilities | toString ) }} + {{- true -}} +{{- end -}} +{{- end -}} diff --git a/gitea/charts/postgresql/charts/common/templates/_errors.tpl b/gitea/charts/postgresql/charts/common/templates/_errors.tpl new file mode 100644 index 0000000..a79cc2e --- /dev/null +++ b/gitea/charts/postgresql/charts/common/templates/_errors.tpl @@ -0,0 +1,23 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Through error when upgrading using empty passwords values that must not be empty. + +Usage: +{{- $validationError00 := include "common.validations.values.single.empty" (dict "valueKey" "path.to.password00" "secret" "secretName" "field" "password-00") -}} +{{- $validationError01 := include "common.validations.values.single.empty" (dict "valueKey" "path.to.password01" "secret" "secretName" "field" "password-01") -}} +{{ include "common.errors.upgrade.passwords.empty" (dict "validationErrors" (list $validationError00 $validationError01) "context" $) }} + +Required password params: + - validationErrors - String - Required. List of validation strings to be return, if it is empty it won't throw error. + - context - Context - Required. Parent context. +*/}} +{{- define "common.errors.upgrade.passwords.empty" -}} + {{- $validationErrors := join "" .validationErrors -}} + {{- if and $validationErrors .context.Release.IsUpgrade -}} + {{- $errorString := "\nPASSWORDS ERROR: You must provide your current passwords when upgrading the release." -}} + {{- $errorString = print $errorString "\n Note that even after reinstallation, old credentials may be needed as they may be kept in persistent volume claims." -}} + {{- $errorString = print $errorString "\n Further information can be obtained at https://docs.bitnami.com/general/how-to/troubleshoot-helm-chart-issues/#credential-errors-while-upgrading-chart-releases" -}} + {{- $errorString = print $errorString "\n%s" -}} + {{- printf $errorString $validationErrors | fail -}} + {{- end -}} +{{- end -}} diff --git a/gitea/charts/postgresql/charts/common/templates/_images.tpl b/gitea/charts/postgresql/charts/common/templates/_images.tpl new file mode 100644 index 0000000..60f04fd --- /dev/null +++ b/gitea/charts/postgresql/charts/common/templates/_images.tpl @@ -0,0 +1,47 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Return the proper image name +{{ include "common.images.image" ( dict "imageRoot" .Values.path.to.the.image "global" $) }} +*/}} +{{- define "common.images.image" -}} +{{- $registryName := .imageRoot.registry -}} +{{- $repositoryName := .imageRoot.repository -}} +{{- $tag := .imageRoot.tag | toString -}} +{{- if .global }} + {{- if .global.imageRegistry }} + {{- $registryName = .global.imageRegistry -}} + {{- end -}} +{{- end -}} +{{- if $registryName }} +{{- printf "%s/%s:%s" $registryName $repositoryName $tag -}} +{{- else -}} +{{- printf "%s:%s" $repositoryName $tag -}} +{{- end -}} +{{- end -}} + +{{/* +Return the proper Docker Image Registry Secret Names +{{ include "common.images.pullSecrets" ( dict "images" (list .Values.path.to.the.image1, .Values.path.to.the.image2) "global" .Values.global) }} +*/}} +{{- define "common.images.pullSecrets" -}} + {{- $pullSecrets := list }} + + {{- if .global }} + {{- range .global.imagePullSecrets -}} + {{- $pullSecrets = append $pullSecrets . -}} + {{- end -}} + {{- end -}} + + {{- range .images -}} + {{- range .pullSecrets -}} + {{- $pullSecrets = append $pullSecrets . -}} + {{- end -}} + {{- end -}} + + {{- if (not (empty $pullSecrets)) }} +imagePullSecrets: + {{- range $pullSecrets }} + - name: {{ . }} + {{- end }} + {{- end }} +{{- end -}} diff --git a/gitea/charts/postgresql/charts/common/templates/_ingress.tpl b/gitea/charts/postgresql/charts/common/templates/_ingress.tpl new file mode 100644 index 0000000..622ef50 --- /dev/null +++ b/gitea/charts/postgresql/charts/common/templates/_ingress.tpl @@ -0,0 +1,42 @@ +{{/* vim: set filetype=mustache: */}} + +{{/* +Generate backend entry that is compatible with all Kubernetes API versions. + +Usage: +{{ include "common.ingress.backend" (dict "serviceName" "backendName" "servicePort" "backendPort" "context" $) }} + +Params: + - serviceName - String. Name of an existing service backend + - servicePort - String/Int. Port name (or number) of the service. It will be translated to different yaml depending if it is a string or an integer. + - context - Dict - Required. The context for the template evaluation. +*/}} +{{- define "common.ingress.backend" -}} +{{- $apiVersion := (include "common.capabilities.ingress.apiVersion" .context) -}} +{{- if or (eq $apiVersion "extensions/v1beta1") (eq $apiVersion "networking.k8s.io/v1beta1") -}} +serviceName: {{ .serviceName }} +servicePort: {{ .servicePort }} +{{- else -}} +service: + name: {{ .serviceName }} + port: + {{- if typeIs "string" .servicePort }} + name: {{ .servicePort }} + {{- else if typeIs "int" .servicePort }} + number: {{ .servicePort }} + {{- end }} +{{- end -}} +{{- end -}} + +{{/* +Print "true" if the API pathType field is supported +Usage: +{{ include "common.ingress.supportsPathType" . }} +*/}} +{{- define "common.ingress.supportsPathType" -}} +{{- if (semverCompare "<1.18-0" (include "common.capabilities.kubeVersion" .)) -}} +{{- print "false" -}} +{{- else -}} +{{- print "true" -}} +{{- end -}} +{{- end -}} diff --git a/gitea/charts/postgresql/charts/common/templates/_labels.tpl b/gitea/charts/postgresql/charts/common/templates/_labels.tpl new file mode 100644 index 0000000..252066c --- /dev/null +++ b/gitea/charts/postgresql/charts/common/templates/_labels.tpl @@ -0,0 +1,18 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Kubernetes standard labels +*/}} +{{- define "common.labels.standard" -}} +app.kubernetes.io/name: {{ include "common.names.name" . }} +helm.sh/chart: {{ include "common.names.chart" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end -}} + +{{/* +Labels to use on deploy.spec.selector.matchLabels and svc.spec.selector +*/}} +{{- define "common.labels.matchLabels" -}} +app.kubernetes.io/name: {{ include "common.names.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end -}} diff --git a/gitea/charts/postgresql/charts/common/templates/_names.tpl b/gitea/charts/postgresql/charts/common/templates/_names.tpl new file mode 100644 index 0000000..adf2a74 --- /dev/null +++ b/gitea/charts/postgresql/charts/common/templates/_names.tpl @@ -0,0 +1,32 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "common.names.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "common.names.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "common.names.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} diff --git a/gitea/charts/postgresql/charts/common/templates/_secrets.tpl b/gitea/charts/postgresql/charts/common/templates/_secrets.tpl new file mode 100644 index 0000000..60b84a7 --- /dev/null +++ b/gitea/charts/postgresql/charts/common/templates/_secrets.tpl @@ -0,0 +1,129 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Generate secret name. + +Usage: +{{ include "common.secrets.name" (dict "existingSecret" .Values.path.to.the.existingSecret "defaultNameSuffix" "mySuffix" "context" $) }} + +Params: + - existingSecret - ExistingSecret/String - Optional. The path to the existing secrets in the values.yaml given by the user + to be used instead of the default one. Allows for it to be of type String (just the secret name) for backwards compatibility. + +info: https://github.com/bitnami/charts/tree/master/bitnami/common#existingsecret + - defaultNameSuffix - String - Optional. It is used only if we have several secrets in the same deployment. + - context - Dict - Required. The context for the template evaluation. +*/}} +{{- define "common.secrets.name" -}} +{{- $name := (include "common.names.fullname" .context) -}} + +{{- if .defaultNameSuffix -}} +{{- $name = printf "%s-%s" $name .defaultNameSuffix | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{- with .existingSecret -}} +{{- if not (typeIs "string" .) -}} +{{- with .name -}} +{{- $name = . -}} +{{- end -}} +{{- else -}} +{{- $name = . -}} +{{- end -}} +{{- end -}} + +{{- printf "%s" $name -}} +{{- end -}} + +{{/* +Generate secret key. + +Usage: +{{ include "common.secrets.key" (dict "existingSecret" .Values.path.to.the.existingSecret "key" "keyName") }} + +Params: + - existingSecret - ExistingSecret/String - Optional. The path to the existing secrets in the values.yaml given by the user + to be used instead of the default one. Allows for it to be of type String (just the secret name) for backwards compatibility. + +info: https://github.com/bitnami/charts/tree/master/bitnami/common#existingsecret + - key - String - Required. Name of the key in the secret. +*/}} +{{- define "common.secrets.key" -}} +{{- $key := .key -}} + +{{- if .existingSecret -}} + {{- if not (typeIs "string" .existingSecret) -}} + {{- if .existingSecret.keyMapping -}} + {{- $key = index .existingSecret.keyMapping $.key -}} + {{- end -}} + {{- end }} +{{- end -}} + +{{- printf "%s" $key -}} +{{- end -}} + +{{/* +Generate secret password or retrieve one if already created. + +Usage: +{{ include "common.secrets.passwords.manage" (dict "secret" "secret-name" "key" "keyName" "providedValues" (list "path.to.password1" "path.to.password2") "length" 10 "strong" false "chartName" "chartName" "context" $) }} + +Params: + - secret - String - Required - Name of the 'Secret' resource where the password is stored. + - key - String - Required - Name of the key in the secret. + - providedValues - List - Required - The path to the validating value in the values.yaml, e.g: "mysql.password". Will pick first parameter with a defined value. + - length - int - Optional - Length of the generated random password. + - strong - Boolean - Optional - Whether to add symbols to the generated random password. + - chartName - String - Optional - Name of the chart used when said chart is deployed as a subchart. + - context - Context - Required - Parent context. +*/}} +{{- define "common.secrets.passwords.manage" -}} + +{{- $password := "" }} +{{- $subchart := "" }} +{{- $chartName := default "" .chartName }} +{{- $passwordLength := default 10 .length }} +{{- $providedPasswordKey := include "common.utils.getKeyFromList" (dict "keys" .providedValues "context" $.context) }} +{{- $providedPasswordValue := include "common.utils.getValueFromKey" (dict "key" $providedPasswordKey "context" $.context) }} +{{- $secret := (lookup "v1" "Secret" $.context.Release.Namespace .secret) }} +{{- if $secret }} + {{- if index $secret.data .key }} + {{- $password = index $secret.data .key }} + {{- end -}} +{{- else if $providedPasswordValue }} + {{- $password = $providedPasswordValue | toString | b64enc | quote }} +{{- else }} + + {{- if .context.Values.enabled }} + {{- $subchart = $chartName }} + {{- end -}} + + {{- $requiredPassword := dict "valueKey" $providedPasswordKey "secret" .secret "field" .key "subchart" $subchart "context" $.context -}} + {{- $requiredPasswordError := include "common.validations.values.single.empty" $requiredPassword -}} + {{- $passwordValidationErrors := list $requiredPasswordError -}} + {{- include "common.errors.upgrade.passwords.empty" (dict "validationErrors" $passwordValidationErrors "context" $.context) -}} + + {{- if .strong }} + {{- $subStr := list (lower (randAlpha 1)) (randNumeric 1) (upper (randAlpha 1)) | join "_" }} + {{- $password = randAscii $passwordLength }} + {{- $password = regexReplaceAllLiteral "\\W" $password "@" | substr 5 $passwordLength }} + {{- $password = printf "%s%s" $subStr $password | toString | shuffle | b64enc | quote }} + {{- else }} + {{- $password = randAlphaNum $passwordLength | b64enc | quote }} + {{- end }} +{{- end -}} +{{- printf "%s" $password -}} +{{- end -}} + +{{/* +Returns whether a previous generated secret already exists + +Usage: +{{ include "common.secrets.exists" (dict "secret" "secret-name" "context" $) }} + +Params: + - secret - String - Required - Name of the 'Secret' resource where the password is stored. + - context - Context - Required - Parent context. +*/}} +{{- define "common.secrets.exists" -}} +{{- $secret := (lookup "v1" "Secret" $.context.Release.Namespace .secret) }} +{{- if $secret }} + {{- true -}} +{{- end -}} +{{- end -}} diff --git a/gitea/charts/postgresql/charts/common/templates/_storage.tpl b/gitea/charts/postgresql/charts/common/templates/_storage.tpl new file mode 100644 index 0000000..60e2a84 --- /dev/null +++ b/gitea/charts/postgresql/charts/common/templates/_storage.tpl @@ -0,0 +1,23 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Return the proper Storage Class +{{ include "common.storage.class" ( dict "persistence" .Values.path.to.the.persistence "global" $) }} +*/}} +{{- define "common.storage.class" -}} + +{{- $storageClass := .persistence.storageClass -}} +{{- if .global -}} + {{- if .global.storageClass -}} + {{- $storageClass = .global.storageClass -}} + {{- end -}} +{{- end -}} + +{{- if $storageClass -}} + {{- if (eq "-" $storageClass) -}} + {{- printf "storageClassName: \"\"" -}} + {{- else }} + {{- printf "storageClassName: %s" $storageClass -}} + {{- end -}} +{{- end -}} + +{{- end -}} diff --git a/gitea/charts/postgresql/charts/common/templates/_tplvalues.tpl b/gitea/charts/postgresql/charts/common/templates/_tplvalues.tpl new file mode 100644 index 0000000..2db1668 --- /dev/null +++ b/gitea/charts/postgresql/charts/common/templates/_tplvalues.tpl @@ -0,0 +1,13 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Renders a value that contains template. +Usage: +{{ include "common.tplvalues.render" ( dict "value" .Values.path.to.the.Value "context" $) }} +*/}} +{{- define "common.tplvalues.render" -}} + {{- if typeIs "string" .value }} + {{- tpl .value .context }} + {{- else }} + {{- tpl (.value | toYaml) .context }} + {{- end }} +{{- end -}} diff --git a/gitea/charts/postgresql/charts/common/templates/_utils.tpl b/gitea/charts/postgresql/charts/common/templates/_utils.tpl new file mode 100644 index 0000000..ea083a2 --- /dev/null +++ b/gitea/charts/postgresql/charts/common/templates/_utils.tpl @@ -0,0 +1,62 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Print instructions to get a secret value. +Usage: +{{ include "common.utils.secret.getvalue" (dict "secret" "secret-name" "field" "secret-value-field" "context" $) }} +*/}} +{{- define "common.utils.secret.getvalue" -}} +{{- $varname := include "common.utils.fieldToEnvVar" . -}} +export {{ $varname }}=$(kubectl get secret --namespace {{ .context.Release.Namespace | quote }} {{ .secret }} -o jsonpath="{.data.{{ .field }}}" | base64 --decode) +{{- end -}} + +{{/* +Build env var name given a field +Usage: +{{ include "common.utils.fieldToEnvVar" dict "field" "my-password" }} +*/}} +{{- define "common.utils.fieldToEnvVar" -}} + {{- $fieldNameSplit := splitList "-" .field -}} + {{- $upperCaseFieldNameSplit := list -}} + + {{- range $fieldNameSplit -}} + {{- $upperCaseFieldNameSplit = append $upperCaseFieldNameSplit ( upper . ) -}} + {{- end -}} + + {{ join "_" $upperCaseFieldNameSplit }} +{{- end -}} + +{{/* +Gets a value from .Values given +Usage: +{{ include "common.utils.getValueFromKey" (dict "key" "path.to.key" "context" $) }} +*/}} +{{- define "common.utils.getValueFromKey" -}} +{{- $splitKey := splitList "." .key -}} +{{- $value := "" -}} +{{- $latestObj := $.context.Values -}} +{{- range $splitKey -}} + {{- if not $latestObj -}} + {{- printf "please review the entire path of '%s' exists in values" $.key | fail -}} + {{- end -}} + {{- $value = ( index $latestObj . ) -}} + {{- $latestObj = $value -}} +{{- end -}} +{{- printf "%v" (default "" $value) -}} +{{- end -}} + +{{/* +Returns first .Values key with a defined value or first of the list if all non-defined +Usage: +{{ include "common.utils.getKeyFromList" (dict "keys" (list "path.to.key1" "path.to.key2") "context" $) }} +*/}} +{{- define "common.utils.getKeyFromList" -}} +{{- $key := first .keys -}} +{{- $reverseKeys := reverse .keys }} +{{- range $reverseKeys }} + {{- $value := include "common.utils.getValueFromKey" (dict "key" . "context" $.context ) }} + {{- if $value -}} + {{- $key = . }} + {{- end -}} +{{- end -}} +{{- printf "%s" $key -}} +{{- end -}} diff --git a/gitea/charts/postgresql/charts/common/templates/_warnings.tpl b/gitea/charts/postgresql/charts/common/templates/_warnings.tpl new file mode 100644 index 0000000..ae10fa4 --- /dev/null +++ b/gitea/charts/postgresql/charts/common/templates/_warnings.tpl @@ -0,0 +1,14 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Warning about using rolling tag. +Usage: +{{ include "common.warnings.rollingTag" .Values.path.to.the.imageRoot }} +*/}} +{{- define "common.warnings.rollingTag" -}} + +{{- if and (contains "bitnami/" .repository) (not (.tag | toString | regexFind "-r\\d+$|sha256:")) }} +WARNING: Rolling tag detected ({{ .repository }}:{{ .tag }}), please note that it is strongly recommended to avoid using rolling tags in a production environment. ++info https://docs.bitnami.com/containers/how-to/understand-rolling-tags-containers/ +{{- end }} + +{{- end -}} diff --git a/gitea/charts/postgresql/charts/common/templates/validations/_cassandra.tpl b/gitea/charts/postgresql/charts/common/templates/validations/_cassandra.tpl new file mode 100644 index 0000000..8679ddf --- /dev/null +++ b/gitea/charts/postgresql/charts/common/templates/validations/_cassandra.tpl @@ -0,0 +1,72 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Validate Cassandra required passwords are not empty. + +Usage: +{{ include "common.validations.values.cassandra.passwords" (dict "secret" "secretName" "subchart" false "context" $) }} +Params: + - secret - String - Required. Name of the secret where Cassandra values are stored, e.g: "cassandra-passwords-secret" + - subchart - Boolean - Optional. Whether Cassandra is used as subchart or not. Default: false +*/}} +{{- define "common.validations.values.cassandra.passwords" -}} + {{- $existingSecret := include "common.cassandra.values.existingSecret" . -}} + {{- $enabled := include "common.cassandra.values.enabled" . -}} + {{- $dbUserPrefix := include "common.cassandra.values.key.dbUser" . -}} + {{- $valueKeyPassword := printf "%s.password" $dbUserPrefix -}} + + {{- if and (not $existingSecret) (eq $enabled "true") -}} + {{- $requiredPasswords := list -}} + + {{- $requiredPassword := dict "valueKey" $valueKeyPassword "secret" .secret "field" "cassandra-password" -}} + {{- $requiredPasswords = append $requiredPasswords $requiredPassword -}} + + {{- include "common.validations.values.multiple.empty" (dict "required" $requiredPasswords "context" .context) -}} + + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for existingSecret. + +Usage: +{{ include "common.cassandra.values.existingSecret" (dict "context" $) }} +Params: + - subchart - Boolean - Optional. Whether Cassandra is used as subchart or not. Default: false +*/}} +{{- define "common.cassandra.values.existingSecret" -}} + {{- if .subchart -}} + {{- .context.Values.cassandra.dbUser.existingSecret | quote -}} + {{- else -}} + {{- .context.Values.dbUser.existingSecret | quote -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for enabled cassandra. + +Usage: +{{ include "common.cassandra.values.enabled" (dict "context" $) }} +*/}} +{{- define "common.cassandra.values.enabled" -}} + {{- if .subchart -}} + {{- printf "%v" .context.Values.cassandra.enabled -}} + {{- else -}} + {{- printf "%v" (not .context.Values.enabled) -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for the key dbUser + +Usage: +{{ include "common.cassandra.values.key.dbUser" (dict "subchart" "true" "context" $) }} +Params: + - subchart - Boolean - Optional. Whether Cassandra is used as subchart or not. Default: false +*/}} +{{- define "common.cassandra.values.key.dbUser" -}} + {{- if .subchart -}} + cassandra.dbUser + {{- else -}} + dbUser + {{- end -}} +{{- end -}} diff --git a/gitea/charts/postgresql/charts/common/templates/validations/_mariadb.tpl b/gitea/charts/postgresql/charts/common/templates/validations/_mariadb.tpl new file mode 100644 index 0000000..bb5ed72 --- /dev/null +++ b/gitea/charts/postgresql/charts/common/templates/validations/_mariadb.tpl @@ -0,0 +1,103 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Validate MariaDB required passwords are not empty. + +Usage: +{{ include "common.validations.values.mariadb.passwords" (dict "secret" "secretName" "subchart" false "context" $) }} +Params: + - secret - String - Required. Name of the secret where MariaDB values are stored, e.g: "mysql-passwords-secret" + - subchart - Boolean - Optional. Whether MariaDB is used as subchart or not. Default: false +*/}} +{{- define "common.validations.values.mariadb.passwords" -}} + {{- $existingSecret := include "common.mariadb.values.auth.existingSecret" . -}} + {{- $enabled := include "common.mariadb.values.enabled" . -}} + {{- $architecture := include "common.mariadb.values.architecture" . -}} + {{- $authPrefix := include "common.mariadb.values.key.auth" . -}} + {{- $valueKeyRootPassword := printf "%s.rootPassword" $authPrefix -}} + {{- $valueKeyUsername := printf "%s.username" $authPrefix -}} + {{- $valueKeyPassword := printf "%s.password" $authPrefix -}} + {{- $valueKeyReplicationPassword := printf "%s.replicationPassword" $authPrefix -}} + + {{- if and (not $existingSecret) (eq $enabled "true") -}} + {{- $requiredPasswords := list -}} + + {{- $requiredRootPassword := dict "valueKey" $valueKeyRootPassword "secret" .secret "field" "mariadb-root-password" -}} + {{- $requiredPasswords = append $requiredPasswords $requiredRootPassword -}} + + {{- $valueUsername := include "common.utils.getValueFromKey" (dict "key" $valueKeyUsername "context" .context) }} + {{- if not (empty $valueUsername) -}} + {{- $requiredPassword := dict "valueKey" $valueKeyPassword "secret" .secret "field" "mariadb-password" -}} + {{- $requiredPasswords = append $requiredPasswords $requiredPassword -}} + {{- end -}} + + {{- if (eq $architecture "replication") -}} + {{- $requiredReplicationPassword := dict "valueKey" $valueKeyReplicationPassword "secret" .secret "field" "mariadb-replication-password" -}} + {{- $requiredPasswords = append $requiredPasswords $requiredReplicationPassword -}} + {{- end -}} + + {{- include "common.validations.values.multiple.empty" (dict "required" $requiredPasswords "context" .context) -}} + + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for existingSecret. + +Usage: +{{ include "common.mariadb.values.auth.existingSecret" (dict "context" $) }} +Params: + - subchart - Boolean - Optional. Whether MariaDB is used as subchart or not. Default: false +*/}} +{{- define "common.mariadb.values.auth.existingSecret" -}} + {{- if .subchart -}} + {{- .context.Values.mariadb.auth.existingSecret | quote -}} + {{- else -}} + {{- .context.Values.auth.existingSecret | quote -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for enabled mariadb. + +Usage: +{{ include "common.mariadb.values.enabled" (dict "context" $) }} +*/}} +{{- define "common.mariadb.values.enabled" -}} + {{- if .subchart -}} + {{- printf "%v" .context.Values.mariadb.enabled -}} + {{- else -}} + {{- printf "%v" (not .context.Values.enabled) -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for architecture + +Usage: +{{ include "common.mariadb.values.architecture" (dict "subchart" "true" "context" $) }} +Params: + - subchart - Boolean - Optional. Whether MariaDB is used as subchart or not. Default: false +*/}} +{{- define "common.mariadb.values.architecture" -}} + {{- if .subchart -}} + {{- .context.Values.mariadb.architecture -}} + {{- else -}} + {{- .context.Values.architecture -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for the key auth + +Usage: +{{ include "common.mariadb.values.key.auth" (dict "subchart" "true" "context" $) }} +Params: + - subchart - Boolean - Optional. Whether MariaDB is used as subchart or not. Default: false +*/}} +{{- define "common.mariadb.values.key.auth" -}} + {{- if .subchart -}} + mariadb.auth + {{- else -}} + auth + {{- end -}} +{{- end -}} diff --git a/gitea/charts/postgresql/charts/common/templates/validations/_mongodb.tpl b/gitea/charts/postgresql/charts/common/templates/validations/_mongodb.tpl new file mode 100644 index 0000000..7d5ecbc --- /dev/null +++ b/gitea/charts/postgresql/charts/common/templates/validations/_mongodb.tpl @@ -0,0 +1,108 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Validate MongoDB(R) required passwords are not empty. + +Usage: +{{ include "common.validations.values.mongodb.passwords" (dict "secret" "secretName" "subchart" false "context" $) }} +Params: + - secret - String - Required. Name of the secret where MongoDB(R) values are stored, e.g: "mongodb-passwords-secret" + - subchart - Boolean - Optional. Whether MongoDB(R) is used as subchart or not. Default: false +*/}} +{{- define "common.validations.values.mongodb.passwords" -}} + {{- $existingSecret := include "common.mongodb.values.auth.existingSecret" . -}} + {{- $enabled := include "common.mongodb.values.enabled" . -}} + {{- $authPrefix := include "common.mongodb.values.key.auth" . -}} + {{- $architecture := include "common.mongodb.values.architecture" . -}} + {{- $valueKeyRootPassword := printf "%s.rootPassword" $authPrefix -}} + {{- $valueKeyUsername := printf "%s.username" $authPrefix -}} + {{- $valueKeyDatabase := printf "%s.database" $authPrefix -}} + {{- $valueKeyPassword := printf "%s.password" $authPrefix -}} + {{- $valueKeyReplicaSetKey := printf "%s.replicaSetKey" $authPrefix -}} + {{- $valueKeyAuthEnabled := printf "%s.enabled" $authPrefix -}} + + {{- $authEnabled := include "common.utils.getValueFromKey" (dict "key" $valueKeyAuthEnabled "context" .context) -}} + + {{- if and (not $existingSecret) (eq $enabled "true") (eq $authEnabled "true") -}} + {{- $requiredPasswords := list -}} + + {{- $requiredRootPassword := dict "valueKey" $valueKeyRootPassword "secret" .secret "field" "mongodb-root-password" -}} + {{- $requiredPasswords = append $requiredPasswords $requiredRootPassword -}} + + {{- $valueUsername := include "common.utils.getValueFromKey" (dict "key" $valueKeyUsername "context" .context) }} + {{- $valueDatabase := include "common.utils.getValueFromKey" (dict "key" $valueKeyDatabase "context" .context) }} + {{- if and $valueUsername $valueDatabase -}} + {{- $requiredPassword := dict "valueKey" $valueKeyPassword "secret" .secret "field" "mongodb-password" -}} + {{- $requiredPasswords = append $requiredPasswords $requiredPassword -}} + {{- end -}} + + {{- if (eq $architecture "replicaset") -}} + {{- $requiredReplicaSetKey := dict "valueKey" $valueKeyReplicaSetKey "secret" .secret "field" "mongodb-replica-set-key" -}} + {{- $requiredPasswords = append $requiredPasswords $requiredReplicaSetKey -}} + {{- end -}} + + {{- include "common.validations.values.multiple.empty" (dict "required" $requiredPasswords "context" .context) -}} + + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for existingSecret. + +Usage: +{{ include "common.mongodb.values.auth.existingSecret" (dict "context" $) }} +Params: + - subchart - Boolean - Optional. Whether MongoDb is used as subchart or not. Default: false +*/}} +{{- define "common.mongodb.values.auth.existingSecret" -}} + {{- if .subchart -}} + {{- .context.Values.mongodb.auth.existingSecret | quote -}} + {{- else -}} + {{- .context.Values.auth.existingSecret | quote -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for enabled mongodb. + +Usage: +{{ include "common.mongodb.values.enabled" (dict "context" $) }} +*/}} +{{- define "common.mongodb.values.enabled" -}} + {{- if .subchart -}} + {{- printf "%v" .context.Values.mongodb.enabled -}} + {{- else -}} + {{- printf "%v" (not .context.Values.enabled) -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for the key auth + +Usage: +{{ include "common.mongodb.values.key.auth" (dict "subchart" "true" "context" $) }} +Params: + - subchart - Boolean - Optional. Whether MongoDB(R) is used as subchart or not. Default: false +*/}} +{{- define "common.mongodb.values.key.auth" -}} + {{- if .subchart -}} + mongodb.auth + {{- else -}} + auth + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for architecture + +Usage: +{{ include "common.mongodb.values.architecture" (dict "subchart" "true" "context" $) }} +Params: + - subchart - Boolean - Optional. Whether MariaDB is used as subchart or not. Default: false +*/}} +{{- define "common.mongodb.values.architecture" -}} + {{- if .subchart -}} + {{- .context.Values.mongodb.architecture -}} + {{- else -}} + {{- .context.Values.architecture -}} + {{- end -}} +{{- end -}} diff --git a/gitea/charts/postgresql/charts/common/templates/validations/_postgresql.tpl b/gitea/charts/postgresql/charts/common/templates/validations/_postgresql.tpl new file mode 100644 index 0000000..992bcd3 --- /dev/null +++ b/gitea/charts/postgresql/charts/common/templates/validations/_postgresql.tpl @@ -0,0 +1,131 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Validate PostgreSQL required passwords are not empty. + +Usage: +{{ include "common.validations.values.postgresql.passwords" (dict "secret" "secretName" "subchart" false "context" $) }} +Params: + - secret - String - Required. Name of the secret where postgresql values are stored, e.g: "postgresql-passwords-secret" + - subchart - Boolean - Optional. Whether postgresql is used as subchart or not. Default: false +*/}} +{{- define "common.validations.values.postgresql.passwords" -}} + {{- $existingSecret := include "common.postgresql.values.existingSecret" . -}} + {{- $enabled := include "common.postgresql.values.enabled" . -}} + {{- $valueKeyPostgresqlPassword := include "common.postgresql.values.key.postgressPassword" . -}} + {{- $valueKeyPostgresqlReplicationEnabled := include "common.postgresql.values.key.replicationPassword" . -}} + + {{- if and (not $existingSecret) (eq $enabled "true") -}} + {{- $requiredPasswords := list -}} + + {{- $requiredPostgresqlPassword := dict "valueKey" $valueKeyPostgresqlPassword "secret" .secret "field" "postgresql-password" -}} + {{- $requiredPasswords = append $requiredPasswords $requiredPostgresqlPassword -}} + + {{- $enabledReplication := include "common.postgresql.values.enabled.replication" . -}} + {{- if (eq $enabledReplication "true") -}} + {{- $requiredPostgresqlReplicationPassword := dict "valueKey" $valueKeyPostgresqlReplicationEnabled "secret" .secret "field" "postgresql-replication-password" -}} + {{- $requiredPasswords = append $requiredPasswords $requiredPostgresqlReplicationPassword -}} + {{- end -}} + + {{- include "common.validations.values.multiple.empty" (dict "required" $requiredPasswords "context" .context) -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to decide whether evaluate global values. + +Usage: +{{ include "common.postgresql.values.use.global" (dict "key" "key-of-global" "context" $) }} +Params: + - key - String - Required. Field to be evaluated within global, e.g: "existingSecret" +*/}} +{{- define "common.postgresql.values.use.global" -}} + {{- if .context.Values.global -}} + {{- if .context.Values.global.postgresql -}} + {{- index .context.Values.global.postgresql .key | quote -}} + {{- end -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for existingSecret. + +Usage: +{{ include "common.postgresql.values.existingSecret" (dict "context" $) }} +*/}} +{{- define "common.postgresql.values.existingSecret" -}} + {{- $globalValue := include "common.postgresql.values.use.global" (dict "key" "existingSecret" "context" .context) -}} + + {{- if .subchart -}} + {{- default (.context.Values.postgresql.existingSecret | quote) $globalValue -}} + {{- else -}} + {{- default (.context.Values.existingSecret | quote) $globalValue -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for enabled postgresql. + +Usage: +{{ include "common.postgresql.values.enabled" (dict "context" $) }} +*/}} +{{- define "common.postgresql.values.enabled" -}} + {{- if .subchart -}} + {{- printf "%v" .context.Values.postgresql.enabled -}} + {{- else -}} + {{- printf "%v" (not .context.Values.enabled) -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for the key postgressPassword. + +Usage: +{{ include "common.postgresql.values.key.postgressPassword" (dict "subchart" "true" "context" $) }} +Params: + - subchart - Boolean - Optional. Whether postgresql is used as subchart or not. Default: false +*/}} +{{- define "common.postgresql.values.key.postgressPassword" -}} + {{- $globalValue := include "common.postgresql.values.use.global" (dict "key" "postgresqlUsername" "context" .context) -}} + + {{- if not $globalValue -}} + {{- if .subchart -}} + postgresql.postgresqlPassword + {{- else -}} + postgresqlPassword + {{- end -}} + {{- else -}} + global.postgresql.postgresqlPassword + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for enabled.replication. + +Usage: +{{ include "common.postgresql.values.enabled.replication" (dict "subchart" "true" "context" $) }} +Params: + - subchart - Boolean - Optional. Whether postgresql is used as subchart or not. Default: false +*/}} +{{- define "common.postgresql.values.enabled.replication" -}} + {{- if .subchart -}} + {{- printf "%v" .context.Values.postgresql.replication.enabled -}} + {{- else -}} + {{- printf "%v" .context.Values.replication.enabled -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for the key replication.password. + +Usage: +{{ include "common.postgresql.values.key.replicationPassword" (dict "subchart" "true" "context" $) }} +Params: + - subchart - Boolean - Optional. Whether postgresql is used as subchart or not. Default: false +*/}} +{{- define "common.postgresql.values.key.replicationPassword" -}} + {{- if .subchart -}} + postgresql.replication.password + {{- else -}} + replication.password + {{- end -}} +{{- end -}} diff --git a/gitea/charts/postgresql/charts/common/templates/validations/_redis.tpl b/gitea/charts/postgresql/charts/common/templates/validations/_redis.tpl new file mode 100644 index 0000000..3e2a47c --- /dev/null +++ b/gitea/charts/postgresql/charts/common/templates/validations/_redis.tpl @@ -0,0 +1,72 @@ + +{{/* vim: set filetype=mustache: */}} +{{/* +Validate Redis(TM) required passwords are not empty. + +Usage: +{{ include "common.validations.values.redis.passwords" (dict "secret" "secretName" "subchart" false "context" $) }} +Params: + - secret - String - Required. Name of the secret where redis values are stored, e.g: "redis-passwords-secret" + - subchart - Boolean - Optional. Whether redis is used as subchart or not. Default: false +*/}} +{{- define "common.validations.values.redis.passwords" -}} + {{- $existingSecret := include "common.redis.values.existingSecret" . -}} + {{- $enabled := include "common.redis.values.enabled" . -}} + {{- $valueKeyPrefix := include "common.redis.values.keys.prefix" . -}} + {{- $valueKeyRedisPassword := printf "%s%s" $valueKeyPrefix "password" -}} + {{- $valueKeyRedisUsePassword := printf "%s%s" $valueKeyPrefix "usePassword" -}} + + {{- if and (not $existingSecret) (eq $enabled "true") -}} + {{- $requiredPasswords := list -}} + + {{- $usePassword := include "common.utils.getValueFromKey" (dict "key" $valueKeyRedisUsePassword "context" .context) -}} + {{- if eq $usePassword "true" -}} + {{- $requiredRedisPassword := dict "valueKey" $valueKeyRedisPassword "secret" .secret "field" "redis-password" -}} + {{- $requiredPasswords = append $requiredPasswords $requiredRedisPassword -}} + {{- end -}} + + {{- include "common.validations.values.multiple.empty" (dict "required" $requiredPasswords "context" .context) -}} + {{- end -}} +{{- end -}} + +{{/* +Redis Auxiliary function to get the right value for existingSecret. + +Usage: +{{ include "common.redis.values.existingSecret" (dict "context" $) }} +Params: + - subchart - Boolean - Optional. Whether Redis(TM) is used as subchart or not. Default: false +*/}} +{{- define "common.redis.values.existingSecret" -}} + {{- if .subchart -}} + {{- .context.Values.redis.existingSecret | quote -}} + {{- else -}} + {{- .context.Values.existingSecret | quote -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right value for enabled redis. + +Usage: +{{ include "common.redis.values.enabled" (dict "context" $) }} +*/}} +{{- define "common.redis.values.enabled" -}} + {{- if .subchart -}} + {{- printf "%v" .context.Values.redis.enabled -}} + {{- else -}} + {{- printf "%v" (not .context.Values.enabled) -}} + {{- end -}} +{{- end -}} + +{{/* +Auxiliary function to get the right prefix path for the values + +Usage: +{{ include "common.redis.values.key.prefix" (dict "subchart" "true" "context" $) }} +Params: + - subchart - Boolean - Optional. Whether redis is used as subchart or not. Default: false +*/}} +{{- define "common.redis.values.keys.prefix" -}} + {{- if .subchart -}}redis.{{- else -}}{{- end -}} +{{- end -}} diff --git a/gitea/charts/postgresql/charts/common/templates/validations/_validations.tpl b/gitea/charts/postgresql/charts/common/templates/validations/_validations.tpl new file mode 100644 index 0000000..9a814cf --- /dev/null +++ b/gitea/charts/postgresql/charts/common/templates/validations/_validations.tpl @@ -0,0 +1,46 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Validate values must not be empty. + +Usage: +{{- $validateValueConf00 := (dict "valueKey" "path.to.value" "secret" "secretName" "field" "password-00") -}} +{{- $validateValueConf01 := (dict "valueKey" "path.to.value" "secret" "secretName" "field" "password-01") -}} +{{ include "common.validations.values.empty" (dict "required" (list $validateValueConf00 $validateValueConf01) "context" $) }} + +Validate value params: + - valueKey - String - Required. The path to the validating value in the values.yaml, e.g: "mysql.password" + - secret - String - Optional. Name of the secret where the validating value is generated/stored, e.g: "mysql-passwords-secret" + - field - String - Optional. Name of the field in the secret data, e.g: "mysql-password" +*/}} +{{- define "common.validations.values.multiple.empty" -}} + {{- range .required -}} + {{- include "common.validations.values.single.empty" (dict "valueKey" .valueKey "secret" .secret "field" .field "context" $.context) -}} + {{- end -}} +{{- end -}} + +{{/* +Validate a value must not be empty. + +Usage: +{{ include "common.validations.value.empty" (dict "valueKey" "mariadb.password" "secret" "secretName" "field" "my-password" "subchart" "subchart" "context" $) }} + +Validate value params: + - valueKey - String - Required. The path to the validating value in the values.yaml, e.g: "mysql.password" + - secret - String - Optional. Name of the secret where the validating value is generated/stored, e.g: "mysql-passwords-secret" + - field - String - Optional. Name of the field in the secret data, e.g: "mysql-password" + - subchart - String - Optional - Name of the subchart that the validated password is part of. +*/}} +{{- define "common.validations.values.single.empty" -}} + {{- $value := include "common.utils.getValueFromKey" (dict "key" .valueKey "context" .context) }} + {{- $subchart := ternary "" (printf "%s." .subchart) (empty .subchart) }} + + {{- if not $value -}} + {{- $varname := "my-value" -}} + {{- $getCurrentValue := "" -}} + {{- if and .secret .field -}} + {{- $varname = include "common.utils.fieldToEnvVar" . -}} + {{- $getCurrentValue = printf " To get the current value:\n\n %s\n" (include "common.utils.secret.getvalue" .) -}} + {{- end -}} + {{- printf "\n '%s' must not be empty, please add '--set %s%s=$%s' to the command.%s" .valueKey $subchart .valueKey $varname $getCurrentValue -}} + {{- end -}} +{{- end -}} diff --git a/gitea/charts/postgresql/charts/common/values.yaml b/gitea/charts/postgresql/charts/common/values.yaml new file mode 100644 index 0000000..9ecdc93 --- /dev/null +++ b/gitea/charts/postgresql/charts/common/values.yaml @@ -0,0 +1,3 @@ +## bitnami/common +## It is required by CI/CD tools and processes. +exampleValue: common-chart diff --git a/gitea/charts/postgresql/ci/commonAnnotations.yaml b/gitea/charts/postgresql/ci/commonAnnotations.yaml new file mode 100644 index 0000000..97e18a4 --- /dev/null +++ b/gitea/charts/postgresql/ci/commonAnnotations.yaml @@ -0,0 +1,3 @@ +commonAnnotations: + helm.sh/hook: "\"pre-install, pre-upgrade\"" + helm.sh/hook-weight: "-1" diff --git a/gitea/charts/postgresql/ci/default-values.yaml b/gitea/charts/postgresql/ci/default-values.yaml new file mode 100644 index 0000000..fc2ba60 --- /dev/null +++ b/gitea/charts/postgresql/ci/default-values.yaml @@ -0,0 +1 @@ +# Leave this file empty to ensure that CI runs builds against the default configuration in values.yaml. diff --git a/gitea/charts/postgresql/ci/shmvolume-disabled-values.yaml b/gitea/charts/postgresql/ci/shmvolume-disabled-values.yaml new file mode 100644 index 0000000..347d3b4 --- /dev/null +++ b/gitea/charts/postgresql/ci/shmvolume-disabled-values.yaml @@ -0,0 +1,2 @@ +shmVolume: + enabled: false diff --git a/gitea/charts/postgresql/files/README.md b/gitea/charts/postgresql/files/README.md new file mode 100644 index 0000000..1813a2f --- /dev/null +++ b/gitea/charts/postgresql/files/README.md @@ -0,0 +1 @@ +Copy here your postgresql.conf and/or pg_hba.conf files to use it as a config map. diff --git a/gitea/charts/postgresql/files/conf.d/README.md b/gitea/charts/postgresql/files/conf.d/README.md new file mode 100644 index 0000000..184c187 --- /dev/null +++ b/gitea/charts/postgresql/files/conf.d/README.md @@ -0,0 +1,4 @@ +If you don't want to provide the whole configuration file and only specify certain parameters, you can copy here your extended `.conf` files. +These files will be injected as a config maps and add/overwrite the default configuration using the `include_dir` directive that allows settings to be loaded from files other than the default `postgresql.conf`. + +More info in the [bitnami-docker-postgresql README](https://github.com/bitnami/bitnami-docker-postgresql#configuration-file). diff --git a/gitea/charts/postgresql/files/docker-entrypoint-initdb.d/README.md b/gitea/charts/postgresql/files/docker-entrypoint-initdb.d/README.md new file mode 100644 index 0000000..cba3809 --- /dev/null +++ b/gitea/charts/postgresql/files/docker-entrypoint-initdb.d/README.md @@ -0,0 +1,3 @@ +You can copy here your custom `.sh`, `.sql` or `.sql.gz` file so they are executed during the first boot of the image. + +More info in the [bitnami-docker-postgresql](https://github.com/bitnami/bitnami-docker-postgresql#initializing-a-new-instance) repository. \ No newline at end of file diff --git a/gitea/charts/postgresql/templates/NOTES.txt b/gitea/charts/postgresql/templates/NOTES.txt new file mode 100644 index 0000000..4e98958 --- /dev/null +++ b/gitea/charts/postgresql/templates/NOTES.txt @@ -0,0 +1,59 @@ +** Please be patient while the chart is being deployed ** + +PostgreSQL can be accessed via port {{ template "postgresql.port" . }} on the following DNS name from within your cluster: + + {{ template "common.names.fullname" . }}.{{ .Release.Namespace }}.svc.cluster.local - Read/Write connection +{{- if .Values.replication.enabled }} + {{ template "common.names.fullname" . }}-read.{{ .Release.Namespace }}.svc.cluster.local - Read only connection +{{- end }} + +{{- if not (eq (include "postgresql.username" .) "postgres") }} + +To get the password for "postgres" run: + + export POSTGRES_ADMIN_PASSWORD=$(kubectl get secret --namespace {{ .Release.Namespace }} {{ template "postgresql.secretName" . }} -o jsonpath="{.data.postgresql-postgres-password}" | base64 --decode) +{{- end }} + +To get the password for "{{ template "postgresql.username" . }}" run: + + export POSTGRES_PASSWORD=$(kubectl get secret --namespace {{ .Release.Namespace }} {{ template "postgresql.secretName" . }} -o jsonpath="{.data.postgresql-password}" | base64 --decode) + +To connect to your database run the following command: + + kubectl run {{ template "common.names.fullname" . }}-client --rm --tty -i --restart='Never' --namespace {{ .Release.Namespace }} --image {{ template "postgresql.image" . }} --env="PGPASSWORD=$POSTGRES_PASSWORD" {{- if and (.Values.networkPolicy.enabled) (not .Values.networkPolicy.allowExternal) }} + --labels="{{ template "common.names.fullname" . }}-client=true" {{- end }} --command -- psql --host {{ template "common.names.fullname" . }} -U {{ .Values.postgresqlUsername }} -d {{- if .Values.postgresqlDatabase }} {{ .Values.postgresqlDatabase }}{{- else }} postgres{{- end }} -p {{ template "postgresql.port" . }} + +{{ if and (.Values.networkPolicy.enabled) (not .Values.networkPolicy.allowExternal) }} +Note: Since NetworkPolicy is enabled, only pods with label {{ template "common.names.fullname" . }}-client=true" will be able to connect to this PostgreSQL cluster. +{{- end }} + +To connect to your database from outside the cluster execute the following commands: + +{{- if contains "NodePort" .Values.service.type }} + + export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") + export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ template "common.names.fullname" . }}) + {{ if (include "postgresql.password" . ) }}PGPASSWORD="$POSTGRES_PASSWORD" {{ end }}psql --host $NODE_IP --port $NODE_PORT -U {{ .Values.postgresqlUsername }} -d {{- if .Values.postgresqlDatabase }} {{ .Values.postgresqlDatabase }}{{- else }} postgres{{- end }} + +{{- else if contains "LoadBalancer" .Values.service.type }} + + NOTE: It may take a few minutes for the LoadBalancer IP to be available. + Watch the status with: 'kubectl get svc --namespace {{ .Release.Namespace }} -w {{ template "common.names.fullname" . }}' + + export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ template "common.names.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}") + {{ if (include "postgresql.password" . ) }}PGPASSWORD="$POSTGRES_PASSWORD" {{ end }}psql --host $SERVICE_IP --port {{ template "postgresql.port" . }} -U {{ .Values.postgresqlUsername }} -d {{- if .Values.postgresqlDatabase }} {{ .Values.postgresqlDatabase }}{{- else }} postgres{{- end }} + +{{- else if contains "ClusterIP" .Values.service.type }} + + kubectl port-forward --namespace {{ .Release.Namespace }} svc/{{ template "common.names.fullname" . }} {{ template "postgresql.port" . }}:{{ template "postgresql.port" . }} & + {{ if (include "postgresql.password" . ) }}PGPASSWORD="$POSTGRES_PASSWORD" {{ end }}psql --host 127.0.0.1 -U {{ .Values.postgresqlUsername }} -d {{- if .Values.postgresqlDatabase }} {{ .Values.postgresqlDatabase }}{{- else }} postgres{{- end }} -p {{ template "postgresql.port" . }} + +{{- end }} + +{{- include "postgresql.validateValues" . -}} + +{{- include "common.warnings.rollingTag" .Values.image -}} + +{{- $passwordValidationErrors := include "common.validations.values.postgresql.passwords" (dict "secret" (include "common.names.fullname" .) "context" $) -}} + +{{- include "common.errors.upgrade.passwords.empty" (dict "validationErrors" (list $passwordValidationErrors) "context" $) -}} diff --git a/gitea/charts/postgresql/templates/_helpers.tpl b/gitea/charts/postgresql/templates/_helpers.tpl new file mode 100644 index 0000000..1f98efe --- /dev/null +++ b/gitea/charts/postgresql/templates/_helpers.tpl @@ -0,0 +1,337 @@ +{{/* vim: set filetype=mustache: */}} + +{{/* +Expand the name of the chart. +*/}} +{{- define "postgresql.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +*/}} +{{- define "postgresql.primary.fullname" -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- $fullname := default (printf "%s-%s" .Release.Name $name) .Values.fullnameOverride -}} +{{- if .Values.replication.enabled -}} +{{- printf "%s-%s" $fullname "primary" | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s" $fullname | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} + +{{/* +Return the proper PostgreSQL image name +*/}} +{{- define "postgresql.image" -}} +{{ include "common.images.image" (dict "imageRoot" .Values.image "global" .Values.global) }} +{{- end -}} + +{{/* +Return the proper PostgreSQL metrics image name +*/}} +{{- define "postgresql.metrics.image" -}} +{{ include "common.images.image" (dict "imageRoot" .Values.metrics.image "global" .Values.global) }} +{{- end -}} + +{{/* +Return the proper image name (for the init container volume-permissions image) +*/}} +{{- define "postgresql.volumePermissions.image" -}} +{{ include "common.images.image" (dict "imageRoot" .Values.volumePermissions.image "global" .Values.global) }} +{{- end -}} + +{{/* +Return the proper Docker Image Registry Secret Names +*/}} +{{- define "postgresql.imagePullSecrets" -}} +{{ include "common.images.pullSecrets" (dict "images" (list .Values.image .Values.metrics.image .Values.volumePermissions.image) "global" .Values.global) }} +{{- end -}} + +{{/* +Return PostgreSQL postgres user password +*/}} +{{- define "postgresql.postgres.password" -}} +{{- if .Values.global.postgresql.postgresqlPostgresPassword }} + {{- .Values.global.postgresql.postgresqlPostgresPassword -}} +{{- else if .Values.postgresqlPostgresPassword -}} + {{- .Values.postgresqlPostgresPassword -}} +{{- else -}} + {{- randAlphaNum 10 -}} +{{- end -}} +{{- end -}} + +{{/* +Return PostgreSQL password +*/}} +{{- define "postgresql.password" -}} +{{- if .Values.global.postgresql.postgresqlPassword }} + {{- .Values.global.postgresql.postgresqlPassword -}} +{{- else if .Values.postgresqlPassword -}} + {{- .Values.postgresqlPassword -}} +{{- else -}} + {{- randAlphaNum 10 -}} +{{- end -}} +{{- end -}} + +{{/* +Return PostgreSQL replication password +*/}} +{{- define "postgresql.replication.password" -}} +{{- if .Values.global.postgresql.replicationPassword }} + {{- .Values.global.postgresql.replicationPassword -}} +{{- else if .Values.replication.password -}} + {{- .Values.replication.password -}} +{{- else -}} + {{- randAlphaNum 10 -}} +{{- end -}} +{{- end -}} + +{{/* +Return PostgreSQL username +*/}} +{{- define "postgresql.username" -}} +{{- if .Values.global.postgresql.postgresqlUsername }} + {{- .Values.global.postgresql.postgresqlUsername -}} +{{- else -}} + {{- .Values.postgresqlUsername -}} +{{- end -}} +{{- end -}} + +{{/* +Return PostgreSQL replication username +*/}} +{{- define "postgresql.replication.username" -}} +{{- if .Values.global.postgresql.replicationUser }} + {{- .Values.global.postgresql.replicationUser -}} +{{- else -}} + {{- .Values.replication.user -}} +{{- end -}} +{{- end -}} + +{{/* +Return PostgreSQL port +*/}} +{{- define "postgresql.port" -}} +{{- if .Values.global.postgresql.servicePort }} + {{- .Values.global.postgresql.servicePort -}} +{{- else -}} + {{- .Values.service.port -}} +{{- end -}} +{{- end -}} + +{{/* +Return PostgreSQL created database +*/}} +{{- define "postgresql.database" -}} +{{- if .Values.global.postgresql.postgresqlDatabase }} + {{- .Values.global.postgresql.postgresqlDatabase -}} +{{- else if .Values.postgresqlDatabase -}} + {{- .Values.postgresqlDatabase -}} +{{- end -}} +{{- end -}} + +{{/* +Get the password secret. +*/}} +{{- define "postgresql.secretName" -}} +{{- if .Values.global.postgresql.existingSecret }} + {{- printf "%s" (tpl .Values.global.postgresql.existingSecret $) -}} +{{- else if .Values.existingSecret -}} + {{- printf "%s" (tpl .Values.existingSecret $) -}} +{{- else -}} + {{- printf "%s" (include "common.names.fullname" .) -}} +{{- end -}} +{{- end -}} + +{{/* +Return true if we should use an existingSecret. +*/}} +{{- define "postgresql.useExistingSecret" -}} +{{- if or .Values.global.postgresql.existingSecret .Values.existingSecret -}} + {{- true -}} +{{- end -}} +{{- end -}} + +{{/* +Return true if a secret object should be created +*/}} +{{- define "postgresql.createSecret" -}} +{{- if not (include "postgresql.useExistingSecret" .) -}} + {{- true -}} +{{- end -}} +{{- end -}} + +{{/* +Get the configuration ConfigMap name. +*/}} +{{- define "postgresql.configurationCM" -}} +{{- if .Values.configurationConfigMap -}} +{{- printf "%s" (tpl .Values.configurationConfigMap $) -}} +{{- else -}} +{{- printf "%s-configuration" (include "common.names.fullname" .) -}} +{{- end -}} +{{- end -}} + +{{/* +Get the extended configuration ConfigMap name. +*/}} +{{- define "postgresql.extendedConfigurationCM" -}} +{{- if .Values.extendedConfConfigMap -}} +{{- printf "%s" (tpl .Values.extendedConfConfigMap $) -}} +{{- else -}} +{{- printf "%s-extended-configuration" (include "common.names.fullname" .) -}} +{{- end -}} +{{- end -}} + +{{/* +Return true if a configmap should be mounted with PostgreSQL configuration +*/}} +{{- define "postgresql.mountConfigurationCM" -}} +{{- if or (.Files.Glob "files/postgresql.conf") (.Files.Glob "files/pg_hba.conf") .Values.postgresqlConfiguration .Values.pgHbaConfiguration .Values.configurationConfigMap }} + {{- true -}} +{{- end -}} +{{- end -}} + +{{/* +Get the initialization scripts ConfigMap name. +*/}} +{{- define "postgresql.initdbScriptsCM" -}} +{{- if .Values.initdbScriptsConfigMap -}} +{{- printf "%s" (tpl .Values.initdbScriptsConfigMap $) -}} +{{- else -}} +{{- printf "%s-init-scripts" (include "common.names.fullname" .) -}} +{{- end -}} +{{- end -}} + +{{/* +Get the initialization scripts Secret name. +*/}} +{{- define "postgresql.initdbScriptsSecret" -}} +{{- printf "%s" (tpl .Values.initdbScriptsSecret $) -}} +{{- end -}} + +{{/* +Get the metrics ConfigMap name. +*/}} +{{- define "postgresql.metricsCM" -}} +{{- printf "%s-metrics" (include "common.names.fullname" .) -}} +{{- end -}} + +{{/* +Get the readiness probe command +*/}} +{{- define "postgresql.readinessProbeCommand" -}} +- | +{{- if (include "postgresql.database" .) }} + exec pg_isready -U {{ include "postgresql.username" . | quote }} -d "dbname={{ include "postgresql.database" . }} {{- if and .Values.tls.enabled .Values.tls.certCAFilename }} sslcert={{ include "postgresql.tlsCert" . }} sslkey={{ include "postgresql.tlsCertKey" . }}{{- end }}" -h 127.0.0.1 -p {{ template "postgresql.port" . }} +{{- else }} + exec pg_isready -U {{ include "postgresql.username" . | quote }} {{- if and .Values.tls.enabled .Values.tls.certCAFilename }} -d "sslcert={{ include "postgresql.tlsCert" . }} sslkey={{ include "postgresql.tlsCertKey" . }}"{{- end }} -h 127.0.0.1 -p {{ template "postgresql.port" . }} +{{- end }} +{{- if contains "bitnami/" .Values.image.repository }} + [ -f /opt/bitnami/postgresql/tmp/.initialized ] || [ -f /bitnami/postgresql/.initialized ] +{{- end -}} +{{- end -}} + +{{/* +Compile all warnings into a single message, and call fail. +*/}} +{{- define "postgresql.validateValues" -}} +{{- $messages := list -}} +{{- $messages := append $messages (include "postgresql.validateValues.ldapConfigurationMethod" .) -}} +{{- $messages := append $messages (include "postgresql.validateValues.psp" .) -}} +{{- $messages := append $messages (include "postgresql.validateValues.tls" .) -}} +{{- $messages := without $messages "" -}} +{{- $message := join "\n" $messages -}} + +{{- if $message -}} +{{- printf "\nVALUES VALIDATION:\n%s" $message | fail -}} +{{- end -}} +{{- end -}} + +{{/* +Validate values of Postgresql - If ldap.url is used then you don't need the other settings for ldap +*/}} +{{- define "postgresql.validateValues.ldapConfigurationMethod" -}} +{{- if and .Values.ldap.enabled (and (not (empty .Values.ldap.url)) (not (empty .Values.ldap.server))) }} +postgresql: ldap.url, ldap.server + You cannot set both `ldap.url` and `ldap.server` at the same time. + Please provide a unique way to configure LDAP. + More info at https://www.postgresql.org/docs/current/auth-ldap.html +{{- end -}} +{{- end -}} + +{{/* +Validate values of Postgresql - If PSP is enabled RBAC should be enabled too +*/}} +{{- define "postgresql.validateValues.psp" -}} +{{- if and .Values.psp.create (not .Values.rbac.create) }} +postgresql: psp.create, rbac.create + RBAC should be enabled if PSP is enabled in order for PSP to work. + More info at https://kubernetes.io/docs/concepts/policy/pod-security-policy/#authorizing-policies +{{- end -}} +{{- end -}} + +{{/* +Return the appropriate apiVersion for podsecuritypolicy. +*/}} +{{- define "podsecuritypolicy.apiVersion" -}} +{{- if semverCompare "<1.10-0" .Capabilities.KubeVersion.GitVersion -}} +{{- print "extensions/v1beta1" -}} +{{- else -}} +{{- print "policy/v1beta1" -}} +{{- end -}} +{{- end -}} + +{{/* +Return the appropriate apiVersion for networkpolicy. +*/}} +{{- define "postgresql.networkPolicy.apiVersion" -}} +{{- if semverCompare ">=1.4-0, <1.7-0" .Capabilities.KubeVersion.GitVersion -}} +"extensions/v1beta1" +{{- else if semverCompare "^1.7-0" .Capabilities.KubeVersion.GitVersion -}} +"networking.k8s.io/v1" +{{- end -}} +{{- end -}} + +{{/* +Validate values of Postgresql TLS - When TLS is enabled, so must be VolumePermissions +*/}} +{{- define "postgresql.validateValues.tls" -}} +{{- if and .Values.tls.enabled (not .Values.volumePermissions.enabled) }} +postgresql: tls.enabled, volumePermissions.enabled + When TLS is enabled you must enable volumePermissions as well to ensure certificates files have + the right permissions. +{{- end -}} +{{- end -}} + +{{/* +Return the path to the cert file. +*/}} +{{- define "postgresql.tlsCert" -}} +{{- required "Certificate filename is required when TLS in enabled" .Values.tls.certFilename | printf "/opt/bitnami/postgresql/certs/%s" -}} +{{- end -}} + +{{/* +Return the path to the cert key file. +*/}} +{{- define "postgresql.tlsCertKey" -}} +{{- required "Certificate Key filename is required when TLS in enabled" .Values.tls.certKeyFilename | printf "/opt/bitnami/postgresql/certs/%s" -}} +{{- end -}} + +{{/* +Return the path to the CA cert file. +*/}} +{{- define "postgresql.tlsCACert" -}} +{{- printf "/opt/bitnami/postgresql/certs/%s" .Values.tls.certCAFilename -}} +{{- end -}} + +{{/* +Return the path to the CRL file. +*/}} +{{- define "postgresql.tlsCRL" -}} +{{- if .Values.tls.crlFilename -}} +{{- printf "/opt/bitnami/postgresql/certs/%s" .Values.tls.crlFilename -}} +{{- end -}} +{{- end -}} diff --git a/gitea/charts/postgresql/templates/configmap.yaml b/gitea/charts/postgresql/templates/configmap.yaml new file mode 100644 index 0000000..3a5ea18 --- /dev/null +++ b/gitea/charts/postgresql/templates/configmap.yaml @@ -0,0 +1,31 @@ +{{ if and (or (.Files.Glob "files/postgresql.conf") (.Files.Glob "files/pg_hba.conf") .Values.postgresqlConfiguration .Values.pgHbaConfiguration) (not .Values.configurationConfigMap) }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ template "common.names.fullname" . }}-configuration + labels: + {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} + namespace: {{ .Release.Namespace }} +data: +{{- if (.Files.Glob "files/postgresql.conf") }} +{{ (.Files.Glob "files/postgresql.conf").AsConfig | indent 2 }} +{{- else if .Values.postgresqlConfiguration }} + postgresql.conf: | +{{- range $key, $value := default dict .Values.postgresqlConfiguration }} + {{- if kindIs "string" $value }} + {{ $key | snakecase }} = '{{ $value }}' + {{- else }} + {{ $key | snakecase }} = {{ $value }} + {{- end }} +{{- end }} +{{- end }} +{{- if (.Files.Glob "files/pg_hba.conf") }} +{{ (.Files.Glob "files/pg_hba.conf").AsConfig | indent 2 }} +{{- else if .Values.pgHbaConfiguration }} + pg_hba.conf: | +{{ .Values.pgHbaConfiguration | indent 4 }} +{{- end }} +{{ end }} diff --git a/gitea/charts/postgresql/templates/extended-config-configmap.yaml b/gitea/charts/postgresql/templates/extended-config-configmap.yaml new file mode 100644 index 0000000..b0dad25 --- /dev/null +++ b/gitea/charts/postgresql/templates/extended-config-configmap.yaml @@ -0,0 +1,26 @@ +{{- if and (or (.Files.Glob "files/conf.d/*.conf") .Values.postgresqlExtendedConf) (not .Values.extendedConfConfigMap)}} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ template "common.names.fullname" . }}-extended-configuration + labels: + {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} + namespace: {{ .Release.Namespace }} +data: +{{- with .Files.Glob "files/conf.d/*.conf" }} +{{ .AsConfig | indent 2 }} +{{- end }} +{{ with .Values.postgresqlExtendedConf }} + override.conf: | +{{- range $key, $value := . }} + {{- if kindIs "string" $value }} + {{ $key | snakecase }} = '{{ $value }}' + {{- else }} + {{ $key | snakecase }} = {{ $value }} + {{- end }} +{{- end }} +{{- end }} +{{- end }} diff --git a/gitea/charts/postgresql/templates/extra-list.yaml b/gitea/charts/postgresql/templates/extra-list.yaml new file mode 100644 index 0000000..9ac65f9 --- /dev/null +++ b/gitea/charts/postgresql/templates/extra-list.yaml @@ -0,0 +1,4 @@ +{{- range .Values.extraDeploy }} +--- +{{ include "common.tplvalues.render" (dict "value" . "context" $) }} +{{- end }} diff --git a/gitea/charts/postgresql/templates/initialization-configmap.yaml b/gitea/charts/postgresql/templates/initialization-configmap.yaml new file mode 100644 index 0000000..7796c67 --- /dev/null +++ b/gitea/charts/postgresql/templates/initialization-configmap.yaml @@ -0,0 +1,25 @@ +{{- if and (or (.Files.Glob "files/docker-entrypoint-initdb.d/*.{sh,sql,sql.gz}") .Values.initdbScripts) (not .Values.initdbScriptsConfigMap) }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ template "common.names.fullname" . }}-init-scripts + labels: + {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} + namespace: {{ .Release.Namespace }} +{{- with .Files.Glob "files/docker-entrypoint-initdb.d/*.sql.gz" }} +binaryData: +{{- range $path, $bytes := . }} + {{ base $path }}: {{ $.Files.Get $path | b64enc | quote }} +{{- end }} +{{- end }} +data: +{{- with .Files.Glob "files/docker-entrypoint-initdb.d/*.{sh,sql}" }} +{{ .AsConfig | indent 2 }} +{{- end }} +{{- with .Values.initdbScripts }} +{{ toYaml . | indent 2 }} +{{- end }} +{{- end }} diff --git a/gitea/charts/postgresql/templates/metrics-configmap.yaml b/gitea/charts/postgresql/templates/metrics-configmap.yaml new file mode 100644 index 0000000..fa53958 --- /dev/null +++ b/gitea/charts/postgresql/templates/metrics-configmap.yaml @@ -0,0 +1,14 @@ +{{- if and .Values.metrics.enabled .Values.metrics.customMetrics }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ template "postgresql.metricsCM" . }} + labels: + {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} + namespace: {{ .Release.Namespace }} +data: + custom-metrics.yaml: {{ toYaml .Values.metrics.customMetrics | quote }} +{{- end }} diff --git a/gitea/charts/postgresql/templates/metrics-svc.yaml b/gitea/charts/postgresql/templates/metrics-svc.yaml new file mode 100644 index 0000000..af8b67e --- /dev/null +++ b/gitea/charts/postgresql/templates/metrics-svc.yaml @@ -0,0 +1,26 @@ +{{- if .Values.metrics.enabled }} +apiVersion: v1 +kind: Service +metadata: + name: {{ template "common.names.fullname" . }}-metrics + labels: + {{- include "common.labels.standard" . | nindent 4 }} + annotations: + {{- if .Values.commonAnnotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} + {{- toYaml .Values.metrics.service.annotations | nindent 4 }} + namespace: {{ .Release.Namespace }} +spec: + type: {{ .Values.metrics.service.type }} + {{- if and (eq .Values.metrics.service.type "LoadBalancer") .Values.metrics.service.loadBalancerIP }} + loadBalancerIP: {{ .Values.metrics.service.loadBalancerIP }} + {{- end }} + ports: + - name: http-metrics + port: 9187 + targetPort: http-metrics + selector: + {{- include "common.labels.matchLabels" . | nindent 4 }} + role: primary +{{- end }} diff --git a/gitea/charts/postgresql/templates/networkpolicy.yaml b/gitea/charts/postgresql/templates/networkpolicy.yaml new file mode 100644 index 0000000..4f2740e --- /dev/null +++ b/gitea/charts/postgresql/templates/networkpolicy.yaml @@ -0,0 +1,39 @@ +{{- if .Values.networkPolicy.enabled }} +kind: NetworkPolicy +apiVersion: {{ template "postgresql.networkPolicy.apiVersion" . }} +metadata: + name: {{ template "common.names.fullname" . }} + labels: + {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} + namespace: {{ .Release.Namespace }} +spec: + podSelector: + matchLabels: + {{- include "common.labels.matchLabels" . | nindent 6 }} + ingress: + # Allow inbound connections + - ports: + - port: {{ template "postgresql.port" . }} + {{- if not .Values.networkPolicy.allowExternal }} + from: + - podSelector: + matchLabels: + {{ template "common.names.fullname" . }}-client: "true" + {{- if .Values.networkPolicy.explicitNamespacesSelector }} + namespaceSelector: +{{ toYaml .Values.networkPolicy.explicitNamespacesSelector | indent 12 }} + {{- end }} + - podSelector: + matchLabels: + {{- include "common.labels.matchLabels" . | nindent 14 }} + role: read + {{- end }} + {{- if .Values.metrics.enabled }} + # Allow prometheus scrapes + - ports: + - port: 9187 + {{- end }} +{{- end }} diff --git a/gitea/charts/postgresql/templates/podsecuritypolicy.yaml b/gitea/charts/postgresql/templates/podsecuritypolicy.yaml new file mode 100644 index 0000000..0c49694 --- /dev/null +++ b/gitea/charts/postgresql/templates/podsecuritypolicy.yaml @@ -0,0 +1,38 @@ +{{- if .Values.psp.create }} +apiVersion: {{ include "podsecuritypolicy.apiVersion" . }} +kind: PodSecurityPolicy +metadata: + name: {{ template "common.names.fullname" . }} + labels: + {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} + namespace: {{ .Release.Namespace }} +spec: + privileged: false + volumes: + - 'configMap' + - 'secret' + - 'persistentVolumeClaim' + - 'emptyDir' + - 'projected' + hostNetwork: false + hostIPC: false + hostPID: false + runAsUser: + rule: 'RunAsAny' + seLinux: + rule: 'RunAsAny' + supplementalGroups: + rule: 'MustRunAs' + ranges: + - min: 1 + max: 65535 + fsGroup: + rule: 'MustRunAs' + ranges: + - min: 1 + max: 65535 + readOnlyRootFilesystem: false +{{- end }} diff --git a/gitea/charts/postgresql/templates/prometheusrule.yaml b/gitea/charts/postgresql/templates/prometheusrule.yaml new file mode 100644 index 0000000..d0f408c --- /dev/null +++ b/gitea/charts/postgresql/templates/prometheusrule.yaml @@ -0,0 +1,23 @@ +{{- if and .Values.metrics.enabled .Values.metrics.prometheusRule.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: PrometheusRule +metadata: + name: {{ template "common.names.fullname" . }} +{{- with .Values.metrics.prometheusRule.namespace }} + namespace: {{ . }} +{{- end }} + labels: + {{- include "common.labels.standard" . | nindent 4 }} + {{- with .Values.metrics.prometheusRule.additionalLabels }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: +{{- with .Values.metrics.prometheusRule.rules }} + groups: + - name: {{ template "postgresql.name" $ }} + rules: {{ tpl (toYaml .) $ | nindent 8 }} +{{- end }} +{{- end }} diff --git a/gitea/charts/postgresql/templates/role.yaml b/gitea/charts/postgresql/templates/role.yaml new file mode 100644 index 0000000..017a571 --- /dev/null +++ b/gitea/charts/postgresql/templates/role.yaml @@ -0,0 +1,20 @@ +{{- if .Values.rbac.create }} +kind: Role +apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }} +metadata: + name: {{ template "common.names.fullname" . }} + labels: + {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} + namespace: {{ .Release.Namespace }} +rules: + {{- if .Values.psp.create }} + - apiGroups: ["extensions"] + resources: ["podsecuritypolicies"] + verbs: ["use"] + resourceNames: + - {{ template "common.names.fullname" . }} + {{- end }} +{{- end }} diff --git a/gitea/charts/postgresql/templates/rolebinding.yaml b/gitea/charts/postgresql/templates/rolebinding.yaml new file mode 100644 index 0000000..189775a --- /dev/null +++ b/gitea/charts/postgresql/templates/rolebinding.yaml @@ -0,0 +1,20 @@ +{{- if .Values.rbac.create }} +kind: RoleBinding +apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }} +metadata: + name: {{ template "common.names.fullname" . }} + labels: + {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} + namespace: {{ .Release.Namespace }} +roleRef: + kind: Role + name: {{ template "common.names.fullname" . }} + apiGroup: rbac.authorization.k8s.io +subjects: + - kind: ServiceAccount + name: {{ default (include "common.names.fullname" . ) .Values.serviceAccount.name }} + namespace: {{ .Release.Namespace }} +{{- end }} diff --git a/gitea/charts/postgresql/templates/secrets.yaml b/gitea/charts/postgresql/templates/secrets.yaml new file mode 100644 index 0000000..d492cd5 --- /dev/null +++ b/gitea/charts/postgresql/templates/secrets.yaml @@ -0,0 +1,24 @@ +{{- if (include "postgresql.createSecret" .) }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ template "common.names.fullname" . }} + labels: + {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} + namespace: {{ .Release.Namespace }} +type: Opaque +data: + {{- if not (eq (include "postgresql.username" .) "postgres") }} + postgresql-postgres-password: {{ include "postgresql.postgres.password" . | b64enc | quote }} + {{- end }} + postgresql-password: {{ include "postgresql.password" . | b64enc | quote }} + {{- if .Values.replication.enabled }} + postgresql-replication-password: {{ include "postgresql.replication.password" . | b64enc | quote }} + {{- end }} + {{- if (and .Values.ldap.enabled .Values.ldap.bind_password)}} + postgresql-ldap-password: {{ .Values.ldap.bind_password | b64enc | quote }} + {{- end }} +{{- end -}} diff --git a/gitea/charts/postgresql/templates/serviceaccount.yaml b/gitea/charts/postgresql/templates/serviceaccount.yaml new file mode 100644 index 0000000..03f0f50 --- /dev/null +++ b/gitea/charts/postgresql/templates/serviceaccount.yaml @@ -0,0 +1,12 @@ +{{- if and (.Values.serviceAccount.enabled) (not .Values.serviceAccount.name) }} +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + {{- include "common.labels.standard" . | nindent 4 }} + name: {{ template "common.names.fullname" . }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} + namespace: {{ .Release.Namespace }} +{{- end }} diff --git a/gitea/charts/postgresql/templates/servicemonitor.yaml b/gitea/charts/postgresql/templates/servicemonitor.yaml new file mode 100644 index 0000000..587ce85 --- /dev/null +++ b/gitea/charts/postgresql/templates/servicemonitor.yaml @@ -0,0 +1,33 @@ +{{- if and .Values.metrics.enabled .Values.metrics.serviceMonitor.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ include "common.names.fullname" . }} + {{- if .Values.metrics.serviceMonitor.namespace }} + namespace: {{ .Values.metrics.serviceMonitor.namespace }} + {{- end }} + labels: + {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.metrics.serviceMonitor.additionalLabels }} + {{- toYaml .Values.metrics.serviceMonitor.additionalLabels | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} + +spec: + endpoints: + - port: http-metrics + {{- if .Values.metrics.serviceMonitor.interval }} + interval: {{ .Values.metrics.serviceMonitor.interval }} + {{- end }} + {{- if .Values.metrics.serviceMonitor.scrapeTimeout }} + scrapeTimeout: {{ .Values.metrics.serviceMonitor.scrapeTimeout }} + {{- end }} + namespaceSelector: + matchNames: + - {{ .Release.Namespace }} + selector: + matchLabels: + {{- include "common.labels.matchLabels" . | nindent 6 }} +{{- end }} diff --git a/gitea/charts/postgresql/templates/statefulset-readreplicas.yaml b/gitea/charts/postgresql/templates/statefulset-readreplicas.yaml new file mode 100644 index 0000000..b038299 --- /dev/null +++ b/gitea/charts/postgresql/templates/statefulset-readreplicas.yaml @@ -0,0 +1,411 @@ +{{- if .Values.replication.enabled }} +{{- $readReplicasResources := coalesce .Values.readReplicas.resources .Values.resources -}} +apiVersion: {{ include "common.capabilities.statefulset.apiVersion" . }} +kind: StatefulSet +metadata: + name: "{{ template "common.names.fullname" . }}-read" + labels: {{- include "common.labels.standard" . | nindent 4 }} + app.kubernetes.io/component: read +{{- with .Values.readReplicas.labels }} +{{ toYaml . | indent 4 }} +{{- end }} + annotations: + {{- if .Values.commonAnnotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} + {{- with .Values.readReplicas.annotations }} + {{- toYaml . | nindent 4 }} + {{- end }} + namespace: {{ .Release.Namespace }} +spec: + serviceName: {{ template "common.names.fullname" . }}-headless + replicas: {{ .Values.replication.readReplicas }} + selector: + matchLabels: + {{- include "common.labels.matchLabels" . | nindent 6 }} + role: read + template: + metadata: + name: {{ template "common.names.fullname" . }} + labels: + {{- include "common.labels.standard" . | nindent 8 }} + app.kubernetes.io/component: read + role: read +{{- with .Values.readReplicas.podLabels }} +{{ toYaml . | indent 8 }} +{{- end }} +{{- with .Values.readReplicas.podAnnotations }} + annotations: +{{ toYaml . | indent 8 }} +{{- end }} + spec: + {{- if .Values.schedulerName }} + schedulerName: "{{ .Values.schedulerName }}" + {{- end }} +{{- include "postgresql.imagePullSecrets" . | indent 6 }} + {{- if .Values.readReplicas.affinity }} + affinity: {{- include "common.tplvalues.render" (dict "value" .Values.readReplicas.affinity "context" $) | nindent 8 }} + {{- else }} + affinity: + podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.readReplicas.podAffinityPreset "component" "read" "context" $) | nindent 10 }} + podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.readReplicas.podAntiAffinityPreset "component" "read" "context" $) | nindent 10 }} + nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.readReplicas.nodeAffinityPreset.type "key" .Values.readReplicas.nodeAffinityPreset.key "values" .Values.readReplicas.nodeAffinityPreset.values) | nindent 10 }} + {{- end }} + {{- if .Values.readReplicas.nodeSelector }} + nodeSelector: {{- include "common.tplvalues.render" (dict "value" .Values.readReplicas.nodeSelector "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.readReplicas.tolerations }} + tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.readReplicas.tolerations "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.terminationGracePeriodSeconds }} + terminationGracePeriodSeconds: {{ .Values.terminationGracePeriodSeconds }} + {{- end }} + {{- if .Values.securityContext.enabled }} + securityContext: {{- omit .Values.securityContext "enabled" | toYaml | nindent 8 }} + {{- end }} + {{- if .Values.serviceAccount.enabled }} + serviceAccountName: {{ default (include "common.names.fullname" . ) .Values.serviceAccount.name}} + {{- end }} + {{- if or .Values.readReplicas.extraInitContainers (and .Values.volumePermissions.enabled (or .Values.persistence.enabled (and .Values.shmVolume.enabled .Values.shmVolume.chmod.enabled))) }} + initContainers: + {{- if and .Values.volumePermissions.enabled (or .Values.persistence.enabled (and .Values.shmVolume.enabled .Values.shmVolume.chmod.enabled) .Values.tls.enabled) }} + - name: init-chmod-data + image: {{ template "postgresql.volumePermissions.image" . }} + imagePullPolicy: {{ .Values.volumePermissions.image.pullPolicy | quote }} + {{- if .Values.resources }} + resources: {{- toYaml .Values.resources | nindent 12 }} + {{- end }} + command: + - /bin/sh + - -cx + - | + {{- if .Values.persistence.enabled }} + {{- if eq ( toString ( .Values.volumePermissions.securityContext.runAsUser )) "auto" }} + chown `id -u`:`id -G | cut -d " " -f2` {{ .Values.persistence.mountPath }} + {{- else }} + chown {{ .Values.containerSecurityContext.runAsUser }}:{{ .Values.securityContext.fsGroup }} {{ .Values.persistence.mountPath }} + {{- end }} + mkdir -p {{ .Values.persistence.mountPath }}/data {{- if (include "postgresql.mountConfigurationCM" .) }} {{ .Values.persistence.mountPath }}/conf {{- end }} + chmod 700 {{ .Values.persistence.mountPath }}/data {{- if (include "postgresql.mountConfigurationCM" .) }} {{ .Values.persistence.mountPath }}/conf {{- end }} + find {{ .Values.persistence.mountPath }} -mindepth 1 -maxdepth 1 {{- if not (include "postgresql.mountConfigurationCM" .) }} -not -name "conf" {{- end }} -not -name ".snapshot" -not -name "lost+found" | \ + {{- if eq ( toString ( .Values.volumePermissions.securityContext.runAsUser )) "auto" }} + xargs chown -R `id -u`:`id -G | cut -d " " -f2` + {{- else }} + xargs chown -R {{ .Values.containerSecurityContext.runAsUser }}:{{ .Values.securityContext.fsGroup }} + {{- end }} + {{- end }} + {{- if and .Values.shmVolume.enabled .Values.shmVolume.chmod.enabled }} + chmod -R 777 /dev/shm + {{- end }} + {{- if .Values.tls.enabled }} + cp /tmp/certs/* /opt/bitnami/postgresql/certs/ + {{- if eq ( toString ( .Values.volumePermissions.securityContext.runAsUser )) "auto" }} + chown -R `id -u`:`id -G | cut -d " " -f2` /opt/bitnami/postgresql/certs/ + {{- else }} + chown -R {{ .Values.containerSecurityContext.runAsUser }}:{{ .Values.securityContext.fsGroup }} /opt/bitnami/postgresql/certs/ + {{- end }} + chmod 600 {{ template "postgresql.tlsCertKey" . }} + {{- end }} + {{- if eq ( toString ( .Values.volumePermissions.securityContext.runAsUser )) "auto" }} + securityContext: {{- omit .Values.volumePermissions.securityContext "runAsUser" | toYaml | nindent 12 }} + {{- else }} + securityContext: {{- .Values.volumePermissions.securityContext | toYaml | nindent 12 }} + {{- end }} + volumeMounts: + {{ if .Values.persistence.enabled }} + - name: data + mountPath: {{ .Values.persistence.mountPath }} + subPath: {{ .Values.persistence.subPath }} + {{- end }} + {{- if .Values.shmVolume.enabled }} + - name: dshm + mountPath: /dev/shm + {{- end }} + {{- if .Values.tls.enabled }} + - name: raw-certificates + mountPath: /tmp/certs + - name: postgresql-certificates + mountPath: /opt/bitnami/postgresql/certs + {{- end }} + {{- end }} + {{- if .Values.readReplicas.extraInitContainers }} + {{- include "common.tplvalues.render" ( dict "value" .Values.readReplicas.extraInitContainers "context" $ ) | nindent 8 }} + {{- end }} + {{- end }} + {{- if .Values.readReplicas.priorityClassName }} + priorityClassName: {{ .Values.readReplicas.priorityClassName }} + {{- end }} + containers: + - name: {{ template "common.names.fullname" . }} + image: {{ template "postgresql.image" . }} + imagePullPolicy: "{{ .Values.image.pullPolicy }}" + {{- if $readReplicasResources }} + resources: {{- toYaml $readReplicasResources | nindent 12 }} + {{- end }} + {{- if .Values.containerSecurityContext.enabled }} + securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 12 }} + {{- end }} + env: + - name: BITNAMI_DEBUG + value: {{ ternary "true" "false" .Values.image.debug | quote }} + - name: POSTGRESQL_VOLUME_DIR + value: "{{ .Values.persistence.mountPath }}" + - name: POSTGRESQL_PORT_NUMBER + value: "{{ template "postgresql.port" . }}" + {{- if .Values.persistence.mountPath }} + - name: PGDATA + value: {{ .Values.postgresqlDataDir | quote }} + {{- end }} + - name: POSTGRES_REPLICATION_MODE + value: "slave" + - name: POSTGRES_REPLICATION_USER + value: {{ include "postgresql.replication.username" . | quote }} + {{- if .Values.usePasswordFile }} + - name: POSTGRES_REPLICATION_PASSWORD_FILE + value: "/opt/bitnami/postgresql/secrets/postgresql-replication-password" + {{- else }} + - name: POSTGRES_REPLICATION_PASSWORD + valueFrom: + secretKeyRef: + name: {{ template "postgresql.secretName" . }} + key: postgresql-replication-password + {{- end }} + - name: POSTGRES_CLUSTER_APP_NAME + value: {{ .Values.replication.applicationName }} + - name: POSTGRES_MASTER_HOST + value: {{ template "common.names.fullname" . }} + - name: POSTGRES_MASTER_PORT_NUMBER + value: {{ include "postgresql.port" . | quote }} + {{- if not (eq (include "postgresql.username" .) "postgres") }} + {{- if .Values.usePasswordFile }} + - name: POSTGRES_POSTGRES_PASSWORD_FILE + value: "/opt/bitnami/postgresql/secrets/postgresql-postgres-password" + {{- else }} + - name: POSTGRES_POSTGRES_PASSWORD + valueFrom: + secretKeyRef: + name: {{ template "postgresql.secretName" . }} + key: postgresql-postgres-password + {{- end }} + {{- end }} + {{- if .Values.usePasswordFile }} + - name: POSTGRES_PASSWORD_FILE + value: "/opt/bitnami/postgresql/secrets/postgresql-password" + {{- else }} + - name: POSTGRES_PASSWORD + valueFrom: + secretKeyRef: + name: {{ template "postgresql.secretName" . }} + key: postgresql-password + {{- end }} + - name: POSTGRESQL_ENABLE_TLS + value: {{ ternary "yes" "no" .Values.tls.enabled | quote }} + {{- if .Values.tls.enabled }} + - name: POSTGRESQL_TLS_PREFER_SERVER_CIPHERS + value: {{ ternary "yes" "no" .Values.tls.preferServerCiphers | quote }} + - name: POSTGRESQL_TLS_CERT_FILE + value: {{ template "postgresql.tlsCert" . }} + - name: POSTGRESQL_TLS_KEY_FILE + value: {{ template "postgresql.tlsCertKey" . }} + {{- if .Values.tls.certCAFilename }} + - name: POSTGRESQL_TLS_CA_FILE + value: {{ template "postgresql.tlsCACert" . }} + {{- end }} + {{- if .Values.tls.crlFilename }} + - name: POSTGRESQL_TLS_CRL_FILE + value: {{ template "postgresql.tlsCRL" . }} + {{- end }} + {{- end }} + - name: POSTGRESQL_LOG_HOSTNAME + value: {{ .Values.audit.logHostname | quote }} + - name: POSTGRESQL_LOG_CONNECTIONS + value: {{ .Values.audit.logConnections | quote }} + - name: POSTGRESQL_LOG_DISCONNECTIONS + value: {{ .Values.audit.logDisconnections | quote }} + {{- if .Values.audit.logLinePrefix }} + - name: POSTGRESQL_LOG_LINE_PREFIX + value: {{ .Values.audit.logLinePrefix | quote }} + {{- end }} + {{- if .Values.audit.logTimezone }} + - name: POSTGRESQL_LOG_TIMEZONE + value: {{ .Values.audit.logTimezone | quote }} + {{- end }} + {{- if .Values.audit.pgAuditLog }} + - name: POSTGRESQL_PGAUDIT_LOG + value: {{ .Values.audit.pgAuditLog | quote }} + {{- end }} + - name: POSTGRESQL_PGAUDIT_LOG_CATALOG + value: {{ .Values.audit.pgAuditLogCatalog | quote }} + - name: POSTGRESQL_CLIENT_MIN_MESSAGES + value: {{ .Values.audit.clientMinMessages | quote }} + - name: POSTGRESQL_SHARED_PRELOAD_LIBRARIES + value: {{ .Values.postgresqlSharedPreloadLibraries | quote }} + {{- if .Values.postgresqlMaxConnections }} + - name: POSTGRESQL_MAX_CONNECTIONS + value: {{ .Values.postgresqlMaxConnections | quote }} + {{- end }} + {{- if .Values.postgresqlPostgresConnectionLimit }} + - name: POSTGRESQL_POSTGRES_CONNECTION_LIMIT + value: {{ .Values.postgresqlPostgresConnectionLimit | quote }} + {{- end }} + {{- if .Values.postgresqlDbUserConnectionLimit }} + - name: POSTGRESQL_USERNAME_CONNECTION_LIMIT + value: {{ .Values.postgresqlDbUserConnectionLimit | quote }} + {{- end }} + {{- if .Values.postgresqlTcpKeepalivesInterval }} + - name: POSTGRESQL_TCP_KEEPALIVES_INTERVAL + value: {{ .Values.postgresqlTcpKeepalivesInterval | quote }} + {{- end }} + {{- if .Values.postgresqlTcpKeepalivesIdle }} + - name: POSTGRESQL_TCP_KEEPALIVES_IDLE + value: {{ .Values.postgresqlTcpKeepalivesIdle | quote }} + {{- end }} + {{- if .Values.postgresqlStatementTimeout }} + - name: POSTGRESQL_STATEMENT_TIMEOUT + value: {{ .Values.postgresqlStatementTimeout | quote }} + {{- end }} + {{- if .Values.postgresqlTcpKeepalivesCount }} + - name: POSTGRESQL_TCP_KEEPALIVES_COUNT + value: {{ .Values.postgresqlTcpKeepalivesCount | quote }} + {{- end }} + {{- if .Values.postgresqlPghbaRemoveFilters }} + - name: POSTGRESQL_PGHBA_REMOVE_FILTERS + value: {{ .Values.postgresqlPghbaRemoveFilters | quote }} + {{- end }} + ports: + - name: tcp-postgresql + containerPort: {{ template "postgresql.port" . }} + {{- if .Values.livenessProbe.enabled }} + livenessProbe: + exec: + command: + - /bin/sh + - -c + {{- if (include "postgresql.database" .) }} + - exec pg_isready -U {{ include "postgresql.username" . | quote }} -d "dbname={{ include "postgresql.database" . }} {{- if and .Values.tls.enabled .Values.tls.certCAFilename }} sslcert={{ include "postgresql.tlsCert" . }} sslkey={{ include "postgresql.tlsCertKey" . }}{{- end }}" -h 127.0.0.1 -p {{ template "postgresql.port" . }} + {{- else }} + - exec pg_isready -U {{ include "postgresql.username" . | quote }} {{- if and .Values.tls.enabled .Values.tls.certCAFilename }} -d "sslcert={{ include "postgresql.tlsCert" . }} sslkey={{ include "postgresql.tlsCertKey" . }}"{{- end }} -h 127.0.0.1 -p {{ template "postgresql.port" . }} + {{- end }} + initialDelaySeconds: {{ .Values.livenessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.livenessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.livenessProbe.timeoutSeconds }} + successThreshold: {{ .Values.livenessProbe.successThreshold }} + failureThreshold: {{ .Values.livenessProbe.failureThreshold }} + {{- else if .Values.customLivenessProbe }} + livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customLivenessProbe "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.readinessProbe.enabled }} + readinessProbe: + exec: + command: + - /bin/sh + - -c + - -e + {{- include "postgresql.readinessProbeCommand" . | nindent 16 }} + initialDelaySeconds: {{ .Values.readinessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.readinessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.readinessProbe.timeoutSeconds }} + successThreshold: {{ .Values.readinessProbe.successThreshold }} + failureThreshold: {{ .Values.readinessProbe.failureThreshold }} + {{- else if .Values.customReadinessProbe }} + readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customReadinessProbe "context" $) | nindent 12 }} + {{- end }} + volumeMounts: + {{- if .Values.usePasswordFile }} + - name: postgresql-password + mountPath: /opt/bitnami/postgresql/secrets/ + {{- end }} + {{- if .Values.shmVolume.enabled }} + - name: dshm + mountPath: /dev/shm + {{- end }} + {{- if .Values.persistence.enabled }} + - name: data + mountPath: {{ .Values.persistence.mountPath }} + subPath: {{ .Values.persistence.subPath }} + {{ end }} + {{- if or (.Files.Glob "files/conf.d/*.conf") .Values.postgresqlExtendedConf .Values.extendedConfConfigMap }} + - name: postgresql-extended-config + mountPath: /bitnami/postgresql/conf/conf.d/ + {{- end }} + {{- if or (.Files.Glob "files/postgresql.conf") (.Files.Glob "files/pg_hba.conf") .Values.postgresqlConfiguration .Values.pgHbaConfiguration .Values.configurationConfigMap }} + - name: postgresql-config + mountPath: /bitnami/postgresql/conf + {{- end }} + {{- if .Values.tls.enabled }} + - name: postgresql-certificates + mountPath: /opt/bitnami/postgresql/certs + readOnly: true + {{- end }} + {{- if .Values.readReplicas.extraVolumeMounts }} + {{- toYaml .Values.readReplicas.extraVolumeMounts | nindent 12 }} + {{- end }} +{{- if .Values.readReplicas.sidecars }} +{{- include "common.tplvalues.render" ( dict "value" .Values.readReplicas.sidecars "context" $ ) | nindent 8 }} +{{- end }} + volumes: + {{- if .Values.usePasswordFile }} + - name: postgresql-password + secret: + secretName: {{ template "postgresql.secretName" . }} + {{- end }} + {{- if or (.Files.Glob "files/postgresql.conf") (.Files.Glob "files/pg_hba.conf") .Values.postgresqlConfiguration .Values.pgHbaConfiguration .Values.configurationConfigMap}} + - name: postgresql-config + configMap: + name: {{ template "postgresql.configurationCM" . }} + {{- end }} + {{- if or (.Files.Glob "files/conf.d/*.conf") .Values.postgresqlExtendedConf .Values.extendedConfConfigMap }} + - name: postgresql-extended-config + configMap: + name: {{ template "postgresql.extendedConfigurationCM" . }} + {{- end }} + {{- if .Values.tls.enabled }} + - name: raw-certificates + secret: + secretName: {{ required "A secret containing TLS certificates is required when TLS is enabled" .Values.tls.certificatesSecret }} + - name: postgresql-certificates + emptyDir: {} + {{- end }} + {{- if .Values.shmVolume.enabled }} + - name: dshm + emptyDir: + medium: Memory + sizeLimit: 1Gi + {{- end }} + {{- if or (not .Values.persistence.enabled) (not .Values.readReplicas.persistence.enabled) }} + - name: data + emptyDir: {} + {{- end }} + {{- if .Values.readReplicas.extraVolumes }} + {{- toYaml .Values.readReplicas.extraVolumes | nindent 8 }} + {{- end }} + updateStrategy: + type: {{ .Values.updateStrategy.type }} + {{- if (eq "Recreate" .Values.updateStrategy.type) }} + rollingUpdate: null + {{- end }} +{{- if and .Values.persistence.enabled .Values.readReplicas.persistence.enabled }} + volumeClaimTemplates: + - metadata: + name: data + {{- with .Values.persistence.annotations }} + annotations: + {{- range $key, $value := . }} + {{ $key }}: {{ $value }} + {{- end }} + {{- end }} + spec: + accessModes: + {{- range .Values.persistence.accessModes }} + - {{ . | quote }} + {{- end }} + resources: + requests: + storage: {{ .Values.persistence.size | quote }} + {{ include "common.storage.class" (dict "persistence" .Values.persistence "global" .Values.global) }} + + {{- if .Values.persistence.selector }} + selector: {{- include "common.tplvalues.render" (dict "value" .Values.persistence.selector "context" $) | nindent 10 }} + {{- end -}} +{{- end }} +{{- end }} diff --git a/gitea/charts/postgresql/templates/statefulset.yaml b/gitea/charts/postgresql/templates/statefulset.yaml new file mode 100644 index 0000000..f8163fd --- /dev/null +++ b/gitea/charts/postgresql/templates/statefulset.yaml @@ -0,0 +1,609 @@ +apiVersion: {{ include "common.capabilities.statefulset.apiVersion" . }} +kind: StatefulSet +metadata: + name: {{ template "postgresql.primary.fullname" . }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + app.kubernetes.io/component: primary + {{- with .Values.primary.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} + annotations: + {{- if .Values.commonAnnotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} + {{- with .Values.primary.annotations }} + {{- toYaml . | nindent 4 }} + {{- end }} + namespace: {{ .Release.Namespace }} +spec: + serviceName: {{ template "common.names.fullname" . }}-headless + replicas: 1 + updateStrategy: + type: {{ .Values.updateStrategy.type }} + {{- if (eq "Recreate" .Values.updateStrategy.type) }} + rollingUpdate: null + {{- end }} + selector: + matchLabels: + {{- include "common.labels.matchLabels" . | nindent 6 }} + role: primary + template: + metadata: + name: {{ template "common.names.fullname" . }} + labels: + {{- include "common.labels.standard" . | nindent 8 }} + role: primary + app.kubernetes.io/component: primary + {{- with .Values.primary.podLabels }} + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.primary.podAnnotations }} + annotations: {{- toYaml . | nindent 8 }} + {{- end }} + spec: + {{- if .Values.schedulerName }} + schedulerName: "{{ .Values.schedulerName }}" + {{- end }} +{{- include "postgresql.imagePullSecrets" . | indent 6 }} + {{- if .Values.primary.affinity }} + affinity: {{- include "common.tplvalues.render" (dict "value" .Values.primary.affinity "context" $) | nindent 8 }} + {{- else }} + affinity: + podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.primary.podAffinityPreset "component" "primary" "context" $) | nindent 10 }} + podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.primary.podAntiAffinityPreset "component" "primary" "context" $) | nindent 10 }} + nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.primary.nodeAffinityPreset.type "key" .Values.primary.nodeAffinityPreset.key "values" .Values.primary.nodeAffinityPreset.values) | nindent 10 }} + {{- end }} + {{- if .Values.primary.nodeSelector }} + nodeSelector: {{- include "common.tplvalues.render" (dict "value" .Values.primary.nodeSelector "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.primary.tolerations }} + tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.primary.tolerations "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.terminationGracePeriodSeconds }} + terminationGracePeriodSeconds: {{ .Values.terminationGracePeriodSeconds }} + {{- end }} + {{- if .Values.securityContext.enabled }} + securityContext: {{- omit .Values.securityContext "enabled" | toYaml | nindent 8 }} + {{- end }} + {{- if .Values.serviceAccount.enabled }} + serviceAccountName: {{ default (include "common.names.fullname" . ) .Values.serviceAccount.name }} + {{- end }} + {{- if or .Values.primary.extraInitContainers (and .Values.volumePermissions.enabled (or .Values.persistence.enabled (and .Values.shmVolume.enabled .Values.shmVolume.chmod.enabled))) }} + initContainers: + {{- if and .Values.volumePermissions.enabled (or .Values.persistence.enabled (and .Values.shmVolume.enabled .Values.shmVolume.chmod.enabled) .Values.tls.enabled) }} + - name: init-chmod-data + image: {{ template "postgresql.volumePermissions.image" . }} + imagePullPolicy: {{ .Values.volumePermissions.image.pullPolicy | quote }} + {{- if .Values.resources }} + resources: {{- toYaml .Values.resources | nindent 12 }} + {{- end }} + command: + - /bin/sh + - -cx + - | + {{- if .Values.persistence.enabled }} + {{- if eq ( toString ( .Values.volumePermissions.securityContext.runAsUser )) "auto" }} + chown `id -u`:`id -G | cut -d " " -f2` {{ .Values.persistence.mountPath }} + {{- else }} + chown {{ .Values.containerSecurityContext.runAsUser }}:{{ .Values.securityContext.fsGroup }} {{ .Values.persistence.mountPath }} + {{- end }} + mkdir -p {{ .Values.persistence.mountPath }}/data {{- if (include "postgresql.mountConfigurationCM" .) }} {{ .Values.persistence.mountPath }}/conf {{- end }} + chmod 700 {{ .Values.persistence.mountPath }}/data {{- if (include "postgresql.mountConfigurationCM" .) }} {{ .Values.persistence.mountPath }}/conf {{- end }} + find {{ .Values.persistence.mountPath }} -mindepth 1 -maxdepth 1 {{- if not (include "postgresql.mountConfigurationCM" .) }} -not -name "conf" {{- end }} -not -name ".snapshot" -not -name "lost+found" | \ + {{- if eq ( toString ( .Values.volumePermissions.securityContext.runAsUser )) "auto" }} + xargs chown -R `id -u`:`id -G | cut -d " " -f2` + {{- else }} + xargs chown -R {{ .Values.containerSecurityContext.runAsUser }}:{{ .Values.securityContext.fsGroup }} + {{- end }} + {{- end }} + {{- if and .Values.shmVolume.enabled .Values.shmVolume.chmod.enabled }} + chmod -R 777 /dev/shm + {{- end }} + {{- if .Values.tls.enabled }} + cp /tmp/certs/* /opt/bitnami/postgresql/certs/ + {{- if eq ( toString ( .Values.volumePermissions.securityContext.runAsUser )) "auto" }} + chown -R `id -u`:`id -G | cut -d " " -f2` /opt/bitnami/postgresql/certs/ + {{- else }} + chown -R {{ .Values.containerSecurityContext.runAsUser }}:{{ .Values.securityContext.fsGroup }} /opt/bitnami/postgresql/certs/ + {{- end }} + chmod 600 {{ template "postgresql.tlsCertKey" . }} + {{- end }} + {{- if eq ( toString ( .Values.volumePermissions.securityContext.runAsUser )) "auto" }} + securityContext: {{- omit .Values.volumePermissions.securityContext "runAsUser" | toYaml | nindent 12 }} + {{- else }} + securityContext: {{- .Values.volumePermissions.securityContext | toYaml | nindent 12 }} + {{- end }} + volumeMounts: + {{- if .Values.persistence.enabled }} + - name: data + mountPath: {{ .Values.persistence.mountPath }} + subPath: {{ .Values.persistence.subPath }} + {{- end }} + {{- if .Values.shmVolume.enabled }} + - name: dshm + mountPath: /dev/shm + {{- end }} + {{- if .Values.tls.enabled }} + - name: raw-certificates + mountPath: /tmp/certs + - name: postgresql-certificates + mountPath: /opt/bitnami/postgresql/certs + {{- end }} + {{- end }} + {{- if .Values.primary.extraInitContainers }} + {{- include "common.tplvalues.render" ( dict "value" .Values.primary.extraInitContainers "context" $ ) | nindent 8 }} + {{- end }} + {{- end }} + {{- if .Values.primary.priorityClassName }} + priorityClassName: {{ .Values.primary.priorityClassName }} + {{- end }} + containers: + - name: {{ template "common.names.fullname" . }} + image: {{ template "postgresql.image" . }} + imagePullPolicy: "{{ .Values.image.pullPolicy }}" + {{- if .Values.resources }} + resources: {{- toYaml .Values.resources | nindent 12 }} + {{- end }} + {{- if .Values.containerSecurityContext.enabled }} + securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 12 }} + {{- end }} + env: + - name: BITNAMI_DEBUG + value: {{ ternary "true" "false" .Values.image.debug | quote }} + - name: POSTGRESQL_PORT_NUMBER + value: "{{ template "postgresql.port" . }}" + - name: POSTGRESQL_VOLUME_DIR + value: "{{ .Values.persistence.mountPath }}" + {{- if .Values.postgresqlInitdbArgs }} + - name: POSTGRES_INITDB_ARGS + value: {{ .Values.postgresqlInitdbArgs | quote }} + {{- end }} + {{- if .Values.postgresqlInitdbWalDir }} + - name: POSTGRES_INITDB_WALDIR + value: {{ .Values.postgresqlInitdbWalDir | quote }} + {{- end }} + {{- if .Values.initdbUser }} + - name: POSTGRESQL_INITSCRIPTS_USERNAME + value: {{ .Values.initdbUser }} + {{- end }} + {{- if .Values.initdbPassword }} + - name: POSTGRESQL_INITSCRIPTS_PASSWORD + value: {{ .Values.initdbPassword }} + {{- end }} + {{- if .Values.persistence.mountPath }} + - name: PGDATA + value: {{ .Values.postgresqlDataDir | quote }} + {{- end }} + {{- if .Values.primaryAsStandBy.enabled }} + - name: POSTGRES_MASTER_HOST + value: {{ .Values.primaryAsStandBy.primaryHost }} + - name: POSTGRES_MASTER_PORT_NUMBER + value: {{ .Values.primaryAsStandBy.primaryPort | quote }} + {{- end }} + {{- if or .Values.replication.enabled .Values.primaryAsStandBy.enabled }} + - name: POSTGRES_REPLICATION_MODE + {{- if .Values.primaryAsStandBy.enabled }} + value: "slave" + {{- else }} + value: "master" + {{- end }} + - name: POSTGRES_REPLICATION_USER + value: {{ include "postgresql.replication.username" . | quote }} + {{- if .Values.usePasswordFile }} + - name: POSTGRES_REPLICATION_PASSWORD_FILE + value: "/opt/bitnami/postgresql/secrets/postgresql-replication-password" + {{- else }} + - name: POSTGRES_REPLICATION_PASSWORD + valueFrom: + secretKeyRef: + name: {{ template "postgresql.secretName" . }} + key: postgresql-replication-password + {{- end }} + {{- if not (eq .Values.replication.synchronousCommit "off")}} + - name: POSTGRES_SYNCHRONOUS_COMMIT_MODE + value: {{ .Values.replication.synchronousCommit | quote }} + - name: POSTGRES_NUM_SYNCHRONOUS_REPLICAS + value: {{ .Values.replication.numSynchronousReplicas | quote }} + {{- end }} + - name: POSTGRES_CLUSTER_APP_NAME + value: {{ .Values.replication.applicationName }} + {{- end }} + {{- if not (eq (include "postgresql.username" .) "postgres") }} + {{- if .Values.usePasswordFile }} + - name: POSTGRES_POSTGRES_PASSWORD_FILE + value: "/opt/bitnami/postgresql/secrets/postgresql-postgres-password" + {{- else }} + - name: POSTGRES_POSTGRES_PASSWORD + valueFrom: + secretKeyRef: + name: {{ template "postgresql.secretName" . }} + key: postgresql-postgres-password + {{- end }} + {{- end }} + - name: POSTGRES_USER + value: {{ include "postgresql.username" . | quote }} + {{- if .Values.usePasswordFile }} + - name: POSTGRES_PASSWORD_FILE + value: "/opt/bitnami/postgresql/secrets/postgresql-password" + {{- else }} + - name: POSTGRES_PASSWORD + valueFrom: + secretKeyRef: + name: {{ template "postgresql.secretName" . }} + key: postgresql-password + {{- end }} + {{- if (include "postgresql.database" .) }} + - name: POSTGRES_DB + value: {{ (include "postgresql.database" .) | quote }} + {{- end }} + {{- if .Values.extraEnv }} + {{- include "common.tplvalues.render" (dict "value" .Values.extraEnv "context" $) | nindent 12 }} + {{- end }} + - name: POSTGRESQL_ENABLE_LDAP + value: {{ ternary "yes" "no" .Values.ldap.enabled | quote }} + {{- if .Values.ldap.enabled }} + - name: POSTGRESQL_LDAP_SERVER + value: {{ .Values.ldap.server }} + - name: POSTGRESQL_LDAP_PORT + value: {{ .Values.ldap.port | quote }} + - name: POSTGRESQL_LDAP_SCHEME + value: {{ .Values.ldap.scheme }} + {{- if .Values.ldap.tls }} + - name: POSTGRESQL_LDAP_TLS + value: "1" + {{- end }} + - name: POSTGRESQL_LDAP_PREFIX + value: {{ .Values.ldap.prefix | quote }} + - name: POSTGRESQL_LDAP_SUFFIX + value: {{ .Values.ldap.suffix | quote }} + - name: POSTGRESQL_LDAP_BASE_DN + value: {{ .Values.ldap.baseDN }} + - name: POSTGRESQL_LDAP_BIND_DN + value: {{ .Values.ldap.bindDN }} + {{- if (not (empty .Values.ldap.bind_password)) }} + - name: POSTGRESQL_LDAP_BIND_PASSWORD + valueFrom: + secretKeyRef: + name: {{ template "postgresql.secretName" . }} + key: postgresql-ldap-password + {{- end}} + - name: POSTGRESQL_LDAP_SEARCH_ATTR + value: {{ .Values.ldap.search_attr }} + - name: POSTGRESQL_LDAP_SEARCH_FILTER + value: {{ .Values.ldap.search_filter }} + - name: POSTGRESQL_LDAP_URL + value: {{ .Values.ldap.url }} + {{- end}} + - name: POSTGRESQL_ENABLE_TLS + value: {{ ternary "yes" "no" .Values.tls.enabled | quote }} + {{- if .Values.tls.enabled }} + - name: POSTGRESQL_TLS_PREFER_SERVER_CIPHERS + value: {{ ternary "yes" "no" .Values.tls.preferServerCiphers | quote }} + - name: POSTGRESQL_TLS_CERT_FILE + value: {{ template "postgresql.tlsCert" . }} + - name: POSTGRESQL_TLS_KEY_FILE + value: {{ template "postgresql.tlsCertKey" . }} + {{- if .Values.tls.certCAFilename }} + - name: POSTGRESQL_TLS_CA_FILE + value: {{ template "postgresql.tlsCACert" . }} + {{- end }} + {{- if .Values.tls.crlFilename }} + - name: POSTGRESQL_TLS_CRL_FILE + value: {{ template "postgresql.tlsCRL" . }} + {{- end }} + {{- end }} + - name: POSTGRESQL_LOG_HOSTNAME + value: {{ .Values.audit.logHostname | quote }} + - name: POSTGRESQL_LOG_CONNECTIONS + value: {{ .Values.audit.logConnections | quote }} + - name: POSTGRESQL_LOG_DISCONNECTIONS + value: {{ .Values.audit.logDisconnections | quote }} + {{- if .Values.audit.logLinePrefix }} + - name: POSTGRESQL_LOG_LINE_PREFIX + value: {{ .Values.audit.logLinePrefix | quote }} + {{- end }} + {{- if .Values.audit.logTimezone }} + - name: POSTGRESQL_LOG_TIMEZONE + value: {{ .Values.audit.logTimezone | quote }} + {{- end }} + {{- if .Values.audit.pgAuditLog }} + - name: POSTGRESQL_PGAUDIT_LOG + value: {{ .Values.audit.pgAuditLog | quote }} + {{- end }} + - name: POSTGRESQL_PGAUDIT_LOG_CATALOG + value: {{ .Values.audit.pgAuditLogCatalog | quote }} + - name: POSTGRESQL_CLIENT_MIN_MESSAGES + value: {{ .Values.audit.clientMinMessages | quote }} + - name: POSTGRESQL_SHARED_PRELOAD_LIBRARIES + value: {{ .Values.postgresqlSharedPreloadLibraries | quote }} + {{- if .Values.postgresqlMaxConnections }} + - name: POSTGRESQL_MAX_CONNECTIONS + value: {{ .Values.postgresqlMaxConnections | quote }} + {{- end }} + {{- if .Values.postgresqlPostgresConnectionLimit }} + - name: POSTGRESQL_POSTGRES_CONNECTION_LIMIT + value: {{ .Values.postgresqlPostgresConnectionLimit | quote }} + {{- end }} + {{- if .Values.postgresqlDbUserConnectionLimit }} + - name: POSTGRESQL_USERNAME_CONNECTION_LIMIT + value: {{ .Values.postgresqlDbUserConnectionLimit | quote }} + {{- end }} + {{- if .Values.postgresqlTcpKeepalivesInterval }} + - name: POSTGRESQL_TCP_KEEPALIVES_INTERVAL + value: {{ .Values.postgresqlTcpKeepalivesInterval | quote }} + {{- end }} + {{- if .Values.postgresqlTcpKeepalivesIdle }} + - name: POSTGRESQL_TCP_KEEPALIVES_IDLE + value: {{ .Values.postgresqlTcpKeepalivesIdle | quote }} + {{- end }} + {{- if .Values.postgresqlStatementTimeout }} + - name: POSTGRESQL_STATEMENT_TIMEOUT + value: {{ .Values.postgresqlStatementTimeout | quote }} + {{- end }} + {{- if .Values.postgresqlTcpKeepalivesCount }} + - name: POSTGRESQL_TCP_KEEPALIVES_COUNT + value: {{ .Values.postgresqlTcpKeepalivesCount | quote }} + {{- end }} + {{- if .Values.postgresqlPghbaRemoveFilters }} + - name: POSTGRESQL_PGHBA_REMOVE_FILTERS + value: {{ .Values.postgresqlPghbaRemoveFilters | quote }} + {{- end }} + {{- if .Values.extraEnvVarsCM }} + envFrom: + - configMapRef: + name: {{ tpl .Values.extraEnvVarsCM . }} + {{- end }} + ports: + - name: tcp-postgresql + containerPort: {{ template "postgresql.port" . }} + {{- if .Values.startupProbe.enabled }} + startupProbe: + exec: + command: + - /bin/sh + - -c + {{- if (include "postgresql.database" .) }} + - exec pg_isready -U {{ include "postgresql.username" . | quote }} -d "dbname={{ include "postgresql.database" . }} {{- if and .Values.tls.enabled .Values.tls.certCAFilename }} sslcert={{ include "postgresql.tlsCert" . }} sslkey={{ include "postgresql.tlsCertKey" . }}{{- end }}" -h 127.0.0.1 -p {{ template "postgresql.port" . }} + {{- else }} + - exec pg_isready -U {{ include "postgresql.username" . | quote }} {{- if and .Values.tls.enabled .Values.tls.certCAFilename }} -d "sslcert={{ include "postgresql.tlsCert" . }} sslkey={{ include "postgresql.tlsCertKey" . }}"{{- end }} -h 127.0.0.1 -p {{ template "postgresql.port" . }} + {{- end }} + initialDelaySeconds: {{ .Values.startupProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.startupProbe.periodSeconds }} + timeoutSeconds: {{ .Values.startupProbe.timeoutSeconds }} + successThreshold: {{ .Values.startupProbe.successThreshold }} + failureThreshold: {{ .Values.startupProbe.failureThreshold }} + {{- else if .Values.customStartupProbe }} + startupProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customStartupProbe "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.livenessProbe.enabled }} + livenessProbe: + exec: + command: + - /bin/sh + - -c + {{- if (include "postgresql.database" .) }} + - exec pg_isready -U {{ include "postgresql.username" . | quote }} -d "dbname={{ include "postgresql.database" . }} {{- if and .Values.tls.enabled .Values.tls.certCAFilename }} sslcert={{ include "postgresql.tlsCert" . }} sslkey={{ include "postgresql.tlsCertKey" . }}{{- end }}" -h 127.0.0.1 -p {{ template "postgresql.port" . }} + {{- else }} + - exec pg_isready -U {{ include "postgresql.username" . | quote }} {{- if and .Values.tls.enabled .Values.tls.certCAFilename }} -d "sslcert={{ include "postgresql.tlsCert" . }} sslkey={{ include "postgresql.tlsCertKey" . }}"{{- end }} -h 127.0.0.1 -p {{ template "postgresql.port" . }} + {{- end }} + initialDelaySeconds: {{ .Values.livenessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.livenessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.livenessProbe.timeoutSeconds }} + successThreshold: {{ .Values.livenessProbe.successThreshold }} + failureThreshold: {{ .Values.livenessProbe.failureThreshold }} + {{- else if .Values.customLivenessProbe }} + livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customLivenessProbe "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.readinessProbe.enabled }} + readinessProbe: + exec: + command: + - /bin/sh + - -c + - -e + {{- include "postgresql.readinessProbeCommand" . | nindent 16 }} + initialDelaySeconds: {{ .Values.readinessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.readinessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.readinessProbe.timeoutSeconds }} + successThreshold: {{ .Values.readinessProbe.successThreshold }} + failureThreshold: {{ .Values.readinessProbe.failureThreshold }} + {{- else if .Values.customReadinessProbe }} + readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customReadinessProbe "context" $) | nindent 12 }} + {{- end }} + volumeMounts: + {{- if or (.Files.Glob "files/docker-entrypoint-initdb.d/*.{sh,sql,sql.gz}") .Values.initdbScriptsConfigMap .Values.initdbScripts }} + - name: custom-init-scripts + mountPath: /docker-entrypoint-initdb.d/ + {{- end }} + {{- if .Values.initdbScriptsSecret }} + - name: custom-init-scripts-secret + mountPath: /docker-entrypoint-initdb.d/secret + {{- end }} + {{- if or (.Files.Glob "files/conf.d/*.conf") .Values.postgresqlExtendedConf .Values.extendedConfConfigMap }} + - name: postgresql-extended-config + mountPath: /bitnami/postgresql/conf/conf.d/ + {{- end }} + {{- if .Values.usePasswordFile }} + - name: postgresql-password + mountPath: /opt/bitnami/postgresql/secrets/ + {{- end }} + {{- if .Values.tls.enabled }} + - name: postgresql-certificates + mountPath: /opt/bitnami/postgresql/certs + readOnly: true + {{- end }} + {{- if .Values.shmVolume.enabled }} + - name: dshm + mountPath: /dev/shm + {{- end }} + {{- if .Values.persistence.enabled }} + - name: data + mountPath: {{ .Values.persistence.mountPath }} + subPath: {{ .Values.persistence.subPath }} + {{- end }} + {{- if or (.Files.Glob "files/postgresql.conf") (.Files.Glob "files/pg_hba.conf") .Values.postgresqlConfiguration .Values.pgHbaConfiguration .Values.configurationConfigMap }} + - name: postgresql-config + mountPath: /bitnami/postgresql/conf + {{- end }} + {{- if .Values.primary.extraVolumeMounts }} + {{- toYaml .Values.primary.extraVolumeMounts | nindent 12 }} + {{- end }} +{{- if .Values.primary.sidecars }} +{{- include "common.tplvalues.render" ( dict "value" .Values.primary.sidecars "context" $ ) | nindent 8 }} +{{- end }} +{{- if .Values.metrics.enabled }} + - name: metrics + image: {{ template "postgresql.metrics.image" . }} + imagePullPolicy: {{ .Values.metrics.image.pullPolicy | quote }} + {{- if .Values.metrics.securityContext.enabled }} + securityContext: {{- omit .Values.metrics.securityContext "enabled" | toYaml | nindent 12 }} + {{- end }} + env: + {{- $database := required "In order to enable metrics you need to specify a database (.Values.postgresqlDatabase or .Values.global.postgresql.postgresqlDatabase)" (include "postgresql.database" .) }} + {{- $sslmode := ternary "require" "disable" .Values.tls.enabled }} + {{- if and .Values.tls.enabled .Values.tls.certCAFilename }} + - name: DATA_SOURCE_NAME + value: {{ printf "host=127.0.0.1 port=%d user=%s sslmode=%s sslcert=%s sslkey=%s" (int (include "postgresql.port" .)) (include "postgresql.username" .) $sslmode (include "postgresql.tlsCert" .) (include "postgresql.tlsCertKey" .) }} + {{- else }} + - name: DATA_SOURCE_URI + value: {{ printf "127.0.0.1:%d/%s?sslmode=%s" (int (include "postgresql.port" .)) $database $sslmode }} + {{- end }} + {{- if .Values.usePasswordFile }} + - name: DATA_SOURCE_PASS_FILE + value: "/opt/bitnami/postgresql/secrets/postgresql-password" + {{- else }} + - name: DATA_SOURCE_PASS + valueFrom: + secretKeyRef: + name: {{ template "postgresql.secretName" . }} + key: postgresql-password + {{- end }} + - name: DATA_SOURCE_USER + value: {{ template "postgresql.username" . }} + {{- if .Values.metrics.extraEnvVars }} + {{- include "common.tplvalues.render" (dict "value" .Values.metrics.extraEnvVars "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.livenessProbe.enabled }} + livenessProbe: + httpGet: + path: / + port: http-metrics + initialDelaySeconds: {{ .Values.metrics.livenessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.metrics.livenessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.metrics.livenessProbe.timeoutSeconds }} + successThreshold: {{ .Values.metrics.livenessProbe.successThreshold }} + failureThreshold: {{ .Values.metrics.livenessProbe.failureThreshold }} + {{- end }} + {{- if .Values.readinessProbe.enabled }} + readinessProbe: + httpGet: + path: / + port: http-metrics + initialDelaySeconds: {{ .Values.metrics.readinessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.metrics.readinessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.metrics.readinessProbe.timeoutSeconds }} + successThreshold: {{ .Values.metrics.readinessProbe.successThreshold }} + failureThreshold: {{ .Values.metrics.readinessProbe.failureThreshold }} + {{- end }} + volumeMounts: + {{- if .Values.usePasswordFile }} + - name: postgresql-password + mountPath: /opt/bitnami/postgresql/secrets/ + {{- end }} + {{- if .Values.tls.enabled }} + - name: postgresql-certificates + mountPath: /opt/bitnami/postgresql/certs + readOnly: true + {{- end }} + {{- if .Values.metrics.customMetrics }} + - name: custom-metrics + mountPath: /conf + readOnly: true + args: ["--extend.query-path", "/conf/custom-metrics.yaml"] + {{- end }} + ports: + - name: http-metrics + containerPort: 9187 + {{- if .Values.metrics.resources }} + resources: {{- toYaml .Values.metrics.resources | nindent 12 }} + {{- end }} +{{- end }} + volumes: + {{- if or (.Files.Glob "files/postgresql.conf") (.Files.Glob "files/pg_hba.conf") .Values.postgresqlConfiguration .Values.pgHbaConfiguration .Values.configurationConfigMap}} + - name: postgresql-config + configMap: + name: {{ template "postgresql.configurationCM" . }} + {{- end }} + {{- if or (.Files.Glob "files/conf.d/*.conf") .Values.postgresqlExtendedConf .Values.extendedConfConfigMap }} + - name: postgresql-extended-config + configMap: + name: {{ template "postgresql.extendedConfigurationCM" . }} + {{- end }} + {{- if .Values.usePasswordFile }} + - name: postgresql-password + secret: + secretName: {{ template "postgresql.secretName" . }} + {{- end }} + {{- if or (.Files.Glob "files/docker-entrypoint-initdb.d/*.{sh,sql,sql.gz}") .Values.initdbScriptsConfigMap .Values.initdbScripts }} + - name: custom-init-scripts + configMap: + name: {{ template "postgresql.initdbScriptsCM" . }} + {{- end }} + {{- if .Values.initdbScriptsSecret }} + - name: custom-init-scripts-secret + secret: + secretName: {{ template "postgresql.initdbScriptsSecret" . }} + {{- end }} + {{- if .Values.tls.enabled }} + - name: raw-certificates + secret: + secretName: {{ required "A secret containing TLS certificates is required when TLS is enabled" .Values.tls.certificatesSecret }} + - name: postgresql-certificates + emptyDir: {} + {{- end }} + {{- if .Values.primary.extraVolumes }} + {{- toYaml .Values.primary.extraVolumes | nindent 8 }} + {{- end }} + {{- if and .Values.metrics.enabled .Values.metrics.customMetrics }} + - name: custom-metrics + configMap: + name: {{ template "postgresql.metricsCM" . }} + {{- end }} + {{- if .Values.shmVolume.enabled }} + - name: dshm + emptyDir: + medium: Memory + sizeLimit: 1Gi + {{- end }} +{{- if and .Values.persistence.enabled .Values.persistence.existingClaim }} + - name: data + persistentVolumeClaim: +{{- with .Values.persistence.existingClaim }} + claimName: {{ tpl . $ }} +{{- end }} +{{- else if not .Values.persistence.enabled }} + - name: data + emptyDir: {} +{{- else if and .Values.persistence.enabled (not .Values.persistence.existingClaim) }} + volumeClaimTemplates: + - metadata: + name: data + {{- with .Values.persistence.annotations }} + annotations: + {{- range $key, $value := . }} + {{ $key }}: {{ $value }} + {{- end }} + {{- end }} + spec: + accessModes: + {{- range .Values.persistence.accessModes }} + - {{ . | quote }} + {{- end }} + resources: + requests: + storage: {{ .Values.persistence.size | quote }} + {{ include "common.storage.class" (dict "persistence" .Values.persistence "global" .Values.global) }} + {{- if .Values.persistence.selector }} + selector: {{- include "common.tplvalues.render" (dict "value" .Values.persistence.selector "context" $) | nindent 10 }} + {{- end -}} +{{- end }} diff --git a/gitea/charts/postgresql/templates/svc-headless.yaml b/gitea/charts/postgresql/templates/svc-headless.yaml new file mode 100644 index 0000000..6f5f3b9 --- /dev/null +++ b/gitea/charts/postgresql/templates/svc-headless.yaml @@ -0,0 +1,28 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ template "common.names.fullname" . }}-headless + labels: + {{- include "common.labels.standard" . | nindent 4 }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} + # Use this annotation in addition to the actual publishNotReadyAddresses + # field below because the annotation will stop being respected soon but the + # field is broken in some versions of Kubernetes: + # https://github.com/kubernetes/kubernetes/issues/58662 + service.alpha.kubernetes.io/tolerate-unready-endpoints: "true" + namespace: {{ .Release.Namespace }} +spec: + type: ClusterIP + clusterIP: None + # We want all pods in the StatefulSet to have their addresses published for + # the sake of the other Postgresql pods even before they're ready, since they + # have to be able to talk to each other in order to become ready. + publishNotReadyAddresses: true + ports: + - name: tcp-postgresql + port: {{ template "postgresql.port" . }} + targetPort: tcp-postgresql + selector: + {{- include "common.labels.matchLabels" . | nindent 4 }} diff --git a/gitea/charts/postgresql/templates/svc-read.yaml b/gitea/charts/postgresql/templates/svc-read.yaml new file mode 100644 index 0000000..56195ea --- /dev/null +++ b/gitea/charts/postgresql/templates/svc-read.yaml @@ -0,0 +1,43 @@ +{{- if .Values.replication.enabled }} +{{- $serviceAnnotations := coalesce .Values.readReplicas.service.annotations .Values.service.annotations -}} +{{- $serviceType := coalesce .Values.readReplicas.service.type .Values.service.type -}} +{{- $serviceLoadBalancerIP := coalesce .Values.readReplicas.service.loadBalancerIP .Values.service.loadBalancerIP -}} +{{- $serviceLoadBalancerSourceRanges := coalesce .Values.readReplicas.service.loadBalancerSourceRanges .Values.service.loadBalancerSourceRanges -}} +{{- $serviceClusterIP := coalesce .Values.readReplicas.service.clusterIP .Values.service.clusterIP -}} +{{- $serviceNodePort := coalesce .Values.readReplicas.service.nodePort .Values.service.nodePort -}} +apiVersion: v1 +kind: Service +metadata: + name: {{ template "common.names.fullname" . }}-read + labels: + {{- include "common.labels.standard" . | nindent 4 }} + annotations: + {{- if .Values.commonAnnotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} + {{- if $serviceAnnotations }} + {{- include "common.tplvalues.render" (dict "value" $serviceAnnotations "context" $) | nindent 4 }} + {{- end }} + namespace: {{ .Release.Namespace }} +spec: + type: {{ $serviceType }} + {{- if and $serviceLoadBalancerIP (eq $serviceType "LoadBalancer") }} + loadBalancerIP: {{ $serviceLoadBalancerIP }} + {{- end }} + {{- if and (eq $serviceType "LoadBalancer") $serviceLoadBalancerSourceRanges }} + loadBalancerSourceRanges: {{- include "common.tplvalues.render" (dict "value" $serviceLoadBalancerSourceRanges "context" $) | nindent 4 }} + {{- end }} + {{- if and (eq $serviceType "ClusterIP") $serviceClusterIP }} + clusterIP: {{ $serviceClusterIP }} + {{- end }} + ports: + - name: tcp-postgresql + port: {{ template "postgresql.port" . }} + targetPort: tcp-postgresql + {{- if $serviceNodePort }} + nodePort: {{ $serviceNodePort }} + {{- end }} + selector: + {{- include "common.labels.matchLabels" . | nindent 4 }} + role: read +{{- end }} diff --git a/gitea/charts/postgresql/templates/svc.yaml b/gitea/charts/postgresql/templates/svc.yaml new file mode 100644 index 0000000..a29431b --- /dev/null +++ b/gitea/charts/postgresql/templates/svc.yaml @@ -0,0 +1,41 @@ +{{- $serviceAnnotations := coalesce .Values.primary.service.annotations .Values.service.annotations -}} +{{- $serviceType := coalesce .Values.primary.service.type .Values.service.type -}} +{{- $serviceLoadBalancerIP := coalesce .Values.primary.service.loadBalancerIP .Values.service.loadBalancerIP -}} +{{- $serviceLoadBalancerSourceRanges := coalesce .Values.primary.service.loadBalancerSourceRanges .Values.service.loadBalancerSourceRanges -}} +{{- $serviceClusterIP := coalesce .Values.primary.service.clusterIP .Values.service.clusterIP -}} +{{- $serviceNodePort := coalesce .Values.primary.service.nodePort .Values.service.nodePort -}} +apiVersion: v1 +kind: Service +metadata: + name: {{ template "common.names.fullname" . }} + labels: + {{- include "common.labels.standard" . | nindent 4 }} + annotations: + {{- if .Values.commonAnnotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} + {{- if $serviceAnnotations }} + {{- include "common.tplvalues.render" (dict "value" $serviceAnnotations "context" $) | nindent 4 }} + {{- end }} + namespace: {{ .Release.Namespace }} +spec: + type: {{ $serviceType }} + {{- if and $serviceLoadBalancerIP (eq $serviceType "LoadBalancer") }} + loadBalancerIP: {{ $serviceLoadBalancerIP }} + {{- end }} + {{- if and (eq $serviceType "LoadBalancer") $serviceLoadBalancerSourceRanges }} + loadBalancerSourceRanges: {{- include "common.tplvalues.render" (dict "value" $serviceLoadBalancerSourceRanges "context" $) | nindent 4 }} + {{- end }} + {{- if and (eq $serviceType "ClusterIP") $serviceClusterIP }} + clusterIP: {{ $serviceClusterIP }} + {{- end }} + ports: + - name: tcp-postgresql + port: {{ template "postgresql.port" . }} + targetPort: tcp-postgresql + {{- if $serviceNodePort }} + nodePort: {{ $serviceNodePort }} + {{- end }} + selector: + {{- include "common.labels.matchLabels" . | nindent 4 }} + role: primary diff --git a/gitea/charts/postgresql/values.schema.json b/gitea/charts/postgresql/values.schema.json new file mode 100644 index 0000000..66a2a9d --- /dev/null +++ b/gitea/charts/postgresql/values.schema.json @@ -0,0 +1,103 @@ +{ + "$schema": "http://json-schema.org/schema#", + "type": "object", + "properties": { + "postgresqlUsername": { + "type": "string", + "title": "Admin user", + "form": true + }, + "postgresqlPassword": { + "type": "string", + "title": "Password", + "form": true + }, + "persistence": { + "type": "object", + "properties": { + "size": { + "type": "string", + "title": "Persistent Volume Size", + "form": true, + "render": "slider", + "sliderMin": 1, + "sliderMax": 100, + "sliderUnit": "Gi" + } + } + }, + "resources": { + "type": "object", + "title": "Required Resources", + "description": "Configure resource requests", + "form": true, + "properties": { + "requests": { + "type": "object", + "properties": { + "memory": { + "type": "string", + "form": true, + "render": "slider", + "title": "Memory Request", + "sliderMin": 10, + "sliderMax": 2048, + "sliderUnit": "Mi" + }, + "cpu": { + "type": "string", + "form": true, + "render": "slider", + "title": "CPU Request", + "sliderMin": 10, + "sliderMax": 2000, + "sliderUnit": "m" + } + } + } + } + }, + "replication": { + "type": "object", + "form": true, + "title": "Replication Details", + "properties": { + "enabled": { + "type": "boolean", + "title": "Enable Replication", + "form": true + }, + "readReplicas": { + "type": "integer", + "title": "read Replicas", + "form": true, + "hidden": { + "value": false, + "path": "replication/enabled" + } + } + } + }, + "volumePermissions": { + "type": "object", + "properties": { + "enabled": { + "type": "boolean", + "form": true, + "title": "Enable Init Containers", + "description": "Change the owner of the persist volume mountpoint to RunAsUser:fsGroup" + } + } + }, + "metrics": { + "type": "object", + "properties": { + "enabled": { + "type": "boolean", + "title": "Configure metrics exporter", + "form": true + } + } + } + } +} diff --git a/gitea/charts/postgresql/values.yaml b/gitea/charts/postgresql/values.yaml new file mode 100644 index 0000000..e021d45 --- /dev/null +++ b/gitea/charts/postgresql/values.yaml @@ -0,0 +1,824 @@ +## Global Docker image parameters +## Please, note that this will override the image parameters, including dependencies, configured to use the global value +## Current available global Docker image parameters: imageRegistry and imagePullSecrets +## +global: + postgresql: {} +# imageRegistry: myRegistryName +# imagePullSecrets: +# - myRegistryKeySecretName +# storageClass: myStorageClass + +## Bitnami PostgreSQL image version +## ref: https://hub.docker.com/r/bitnami/postgresql/tags/ +## +image: + registry: docker.io + repository: bitnami/postgresql + tag: 11.11.0-debian-10-r62 + ## Specify a imagePullPolicy + ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' + ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images + ## + pullPolicy: IfNotPresent + ## Optionally specify an array of imagePullSecrets. + ## Secrets must be manually created in the namespace. + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ + ## + # pullSecrets: + # - myRegistryKeySecretName + + ## Set to true if you would like to see extra information on logs + ## It turns BASH and/or NAMI debugging in the image + ## + debug: false + +## String to partially override common.names.fullname template (will maintain the release name) +## +# nameOverride: + +## String to fully override common.names.fullname template +## +# fullnameOverride: + +## +## Init containers parameters: +## volumePermissions: Change the owner of the persist volume mountpoint to RunAsUser:fsGroup +## +volumePermissions: + enabled: false + image: + registry: docker.io + repository: bitnami/bitnami-shell + tag: "10" + ## Specify a imagePullPolicy + ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' + ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images + ## + pullPolicy: Always + ## Optionally specify an array of imagePullSecrets. + ## Secrets must be manually created in the namespace. + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ + ## + # pullSecrets: + # - myRegistryKeySecretName + ## Init container Security Context + ## Note: the chown of the data folder is done to securityContext.runAsUser + ## and not the below volumePermissions.securityContext.runAsUser + ## When runAsUser is set to special value "auto", init container will try to chwon the + ## data folder to autodetermined user&group, using commands: `id -u`:`id -G | cut -d" " -f2` + ## "auto" is especially useful for OpenShift which has scc with dynamic userids (and 0 is not allowed). + ## You may want to use this volumePermissions.securityContext.runAsUser="auto" in combination with + ## pod securityContext.enabled=false and shmVolume.chmod.enabled=false + ## + securityContext: + runAsUser: 0 + +## Use an alternate scheduler, e.g. "stork". +## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ +## +# schedulerName: + +## Pod Security Context +## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ +## +securityContext: + enabled: true + fsGroup: 1001 + +## Container Security Context +## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ +## +containerSecurityContext: + enabled: true + runAsUser: 1001 + +## Pod Service Account +## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ +## +serviceAccount: + enabled: false + ## Name of an already existing service account. Setting this value disables the automatic service account creation. + # name: + +## Pod Security Policy +## ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/ +## +psp: + create: false + +## Creates role for ServiceAccount +## Required for PSP +## +rbac: + create: false + +replication: + enabled: false + user: repl_user + password: repl_password + readReplicas: 1 + ## Set synchronous commit mode: on, off, remote_apply, remote_write and local + ## ref: https://www.postgresql.org/docs/9.6/runtime-config-wal.html#GUC-WAL-LEVEL + synchronousCommit: 'off' + ## From the number of `readReplicas` defined above, set the number of those that will have synchronous replication + ## NOTE: It cannot be > readReplicas + numSynchronousReplicas: 0 + ## Replication Cluster application name. Useful for defining multiple replication policies + ## + applicationName: my_application + +## PostgreSQL admin password (used when `postgresqlUsername` is not `postgres`) +## ref: https://github.com/bitnami/bitnami-docker-postgresql/blob/master/README.md#creating-a-database-user-on-first-run (see note!) +# postgresqlPostgresPassword: + +## PostgreSQL user (has superuser privileges if username is `postgres`) +## ref: https://github.com/bitnami/bitnami-docker-postgresql/blob/master/README.md#setting-the-root-password-on-first-run +## +postgresqlUsername: postgres + +## PostgreSQL password +## ref: https://github.com/bitnami/bitnami-docker-postgresql/blob/master/README.md#setting-the-root-password-on-first-run +## +# postgresqlPassword: + +## PostgreSQL password using existing secret +## existingSecret: secret +## + +## Mount PostgreSQL secret as a file instead of passing environment variable +# usePasswordFile: false + +## Create a database +## ref: https://github.com/bitnami/bitnami-docker-postgresql/blob/master/README.md#creating-a-database-on-first-run +## +# postgresqlDatabase: + +## PostgreSQL data dir +## ref: https://github.com/bitnami/bitnami-docker-postgresql/blob/master/README.md +## +postgresqlDataDir: /bitnami/postgresql/data + +## An array to add extra environment variables +## For example: +## extraEnv: +## - name: FOO +## value: "bar" +## +# extraEnv: +extraEnv: [] + +## Name of a ConfigMap containing extra env vars +## +# extraEnvVarsCM: + +## Specify extra initdb args +## ref: https://github.com/bitnami/bitnami-docker-postgresql/blob/master/README.md +## +# postgresqlInitdbArgs: + +## Specify a custom location for the PostgreSQL transaction log +## ref: https://github.com/bitnami/bitnami-docker-postgresql/blob/master/README.md +## +# postgresqlInitdbWalDir: + +## PostgreSQL configuration +## Specify runtime configuration parameters as a dict, using camelCase, e.g. +## {"sharedBuffers": "500MB"} +## Alternatively, you can put your postgresql.conf under the files/ directory +## ref: https://www.postgresql.org/docs/current/static/runtime-config.html +## +# postgresqlConfiguration: + +## PostgreSQL extended configuration +## As above, but _appended_ to the main configuration +## Alternatively, you can put your *.conf under the files/conf.d/ directory +## https://github.com/bitnami/bitnami-docker-postgresql#allow-settings-to-be-loaded-from-files-other-than-the-default-postgresqlconf +## +# postgresqlExtendedConf: + +## Configure current cluster's primary server to be the standby server in other cluster. +## This will allow cross cluster replication and provide cross cluster high availability. +## You will need to configure pgHbaConfiguration if you want to enable this feature with local cluster replication enabled. +## +primaryAsStandBy: + enabled: false + # primaryHost: + # primaryPort: + +## PostgreSQL client authentication configuration +## Specify content for pg_hba.conf +## Default: do not create pg_hba.conf +## Alternatively, you can put your pg_hba.conf under the files/ directory +# pgHbaConfiguration: |- +# local all all trust +# host all all localhost trust +# host mydatabase mysuser 192.168.0.0/24 md5 + +## ConfigMap with PostgreSQL configuration +## NOTE: This will override postgresqlConfiguration and pgHbaConfiguration +# configurationConfigMap: + +## ConfigMap with PostgreSQL extended configuration +# extendedConfConfigMap: + +## initdb scripts +## Specify dictionary of scripts to be run at first boot +## Alternatively, you can put your scripts under the files/docker-entrypoint-initdb.d directory +## +# initdbScripts: +# my_init_script.sh: | +# #!/bin/sh +# echo "Do something." + +## ConfigMap with scripts to be run at first boot +## NOTE: This will override initdbScripts +# initdbScriptsConfigMap: + +## Secret with scripts to be run at first boot (in case it contains sensitive information) +## NOTE: This can work along initdbScripts or initdbScriptsConfigMap +# initdbScriptsSecret: + +## Specify the PostgreSQL username and password to execute the initdb scripts +# initdbUser: +# initdbPassword: + +## Audit settings +## https://github.com/bitnami/bitnami-docker-postgresql#auditing +## +audit: + ## Log client hostnames + ## + logHostname: false + ## Log connections to the server + ## + logConnections: false + ## Log disconnections + ## + logDisconnections: false + ## Operation to audit using pgAudit (default if not set) + ## + pgAuditLog: "" + ## Log catalog using pgAudit + ## + pgAuditLogCatalog: "off" + ## Log level for clients + ## + clientMinMessages: error + ## Template for log line prefix (default if not set) + ## + logLinePrefix: "" + ## Log timezone + ## + logTimezone: "" + +## Shared preload libraries +## +postgresqlSharedPreloadLibraries: "pgaudit" + +## Maximum total connections +## +postgresqlMaxConnections: + +## Maximum connections for the postgres user +## +postgresqlPostgresConnectionLimit: + +## Maximum connections for the created user +## +postgresqlDbUserConnectionLimit: + +## TCP keepalives interval +## +postgresqlTcpKeepalivesInterval: + +## TCP keepalives idle +## +postgresqlTcpKeepalivesIdle: + +## TCP keepalives count +## +postgresqlTcpKeepalivesCount: + +## Statement timeout +## +postgresqlStatementTimeout: + +## Remove pg_hba.conf lines with the following comma-separated patterns +## (cannot be used with custom pg_hba.conf) +## +postgresqlPghbaRemoveFilters: + +## Optional duration in seconds the pod needs to terminate gracefully. +## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod/#termination-of-pods +## +# terminationGracePeriodSeconds: 30 + +## LDAP configuration +## +ldap: + enabled: false + url: '' + server: '' + port: '' + prefix: '' + suffix: '' + baseDN: '' + bindDN: '' + bind_password: + search_attr: '' + search_filter: '' + scheme: '' + tls: {} + +## PostgreSQL service configuration +## +service: + ## PosgresSQL service type + ## + type: ClusterIP + # clusterIP: None + port: 5432 + + ## Specify the nodePort value for the LoadBalancer and NodePort service types. + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport + ## + # nodePort: + + ## Provide any additional annotations which may be required. Evaluated as a template. + ## + annotations: {} + ## Set the LoadBalancer service type to internal only. + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer + ## + # loadBalancerIP: + ## Load Balancer sources. Evaluated as a template. + ## https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service + ## + # loadBalancerSourceRanges: + # - 10.10.10.0/24 + +## Start primary and read(s) pod(s) without limitations on shm memory. +## By default docker and containerd (and possibly other container runtimes) +## limit `/dev/shm` to `64M` (see e.g. the +## [docker issue](https://github.com/docker-library/postgres/issues/416) and the +## [containerd issue](https://github.com/containerd/containerd/issues/3654), +## which could be not enough if PostgreSQL uses parallel workers heavily. +## +shmVolume: + ## Set `shmVolume.enabled` to `true` to mount a new tmpfs volume to remove + ## this limitation. + ## + enabled: true + ## Set to `true` to `chmod 777 /dev/shm` on a initContainer. + ## This option is ignored if `volumePermissions.enabled` is `false` + ## + chmod: + enabled: true + +## PostgreSQL data Persistent Volume Storage Class +## If defined, storageClassName: +## If set to "-", storageClassName: "", which disables dynamic provisioning +## If undefined (the default) or set to null, no storageClassName spec is +## set, choosing the default provisioner. (gp2 on AWS, standard on +## GKE, AWS & OpenStack) +## +persistence: + enabled: true + ## A manually managed Persistent Volume and Claim + ## If defined, PVC must be created manually before volume will be bound + ## The value is evaluated as a template, so, for example, the name can depend on .Release or .Chart + ## + # existingClaim: + + ## The path the volume will be mounted at, useful when using different + ## PostgreSQL images. + ## + mountPath: /bitnami/postgresql + + ## The subdirectory of the volume to mount to, useful in dev environments + ## and one PV for multiple services. + ## + subPath: '' + + # storageClass: "-" + accessModes: + - ReadWriteOnce + size: 8Gi + annotations: {} + ## selector can be used to match an existing PersistentVolume + ## selector: + ## matchLabels: + ## app: my-app + selector: {} + +## updateStrategy for PostgreSQL StatefulSet and its reads StatefulSets +## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies +## +updateStrategy: + type: RollingUpdate + +## +## PostgreSQL Primary parameters +## +primary: + ## PostgreSQL Primary pod affinity preset + ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity + ## Allowed values: soft, hard + ## + podAffinityPreset: "" + + ## PostgreSQL Primary pod anti-affinity preset + ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity + ## Allowed values: soft, hard + ## + podAntiAffinityPreset: soft + + ## PostgreSQL Primary node affinity preset + ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity + ## Allowed values: soft, hard + ## + nodeAffinityPreset: + ## Node affinity type + ## Allowed values: soft, hard + type: "" + ## Node label key to match + ## E.g. + ## key: "kubernetes.io/e2e-az-name" + ## + key: "" + ## Node label values to match + ## E.g. + ## values: + ## - e2e-az1 + ## - e2e-az2 + ## + values: [] + + ## Affinity for PostgreSQL primary pods assignment + ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity + ## Note: primary.podAffinityPreset, primary.podAntiAffinityPreset, and primary.nodeAffinityPreset will be ignored when it's set + ## + affinity: {} + + ## Node labels for PostgreSQL primary pods assignment + ## ref: https://kubernetes.io/docs/user-guide/node-selection/ + ## + nodeSelector: {} + + ## Tolerations for PostgreSQL primary pods assignment + ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ + ## + tolerations: [] + + labels: {} + annotations: {} + podLabels: {} + podAnnotations: {} + priorityClassName: '' + ## Extra init containers + ## Example + ## + ## extraInitContainers: + ## - name: do-something + ## image: busybox + ## command: ['do', 'something'] + ## + extraInitContainers: [] + + ## Additional PostgreSQL primary Volume mounts + ## + extraVolumeMounts: [] + ## Additional PostgreSQL primary Volumes + ## + extraVolumes: [] + ## Add sidecars to the pod + ## + ## For example: + ## sidecars: + ## - name: your-image-name + ## image: your-image + ## imagePullPolicy: Always + ## ports: + ## - name: portname + ## containerPort: 1234 + ## + sidecars: [] + + ## Override the service configuration for primary + ## + service: {} + # type: + # nodePort: + # clusterIP: + +## +## PostgreSQL read only replica parameters +## +readReplicas: + ## PostgreSQL read only pod affinity preset + ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity + ## Allowed values: soft, hard + ## + podAffinityPreset: "" + + ## PostgreSQL read only pod anti-affinity preset + ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity + ## Allowed values: soft, hard + ## + podAntiAffinityPreset: soft + + ## PostgreSQL read only node affinity preset + ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity + ## Allowed values: soft, hard + ## + nodeAffinityPreset: + ## Node affinity type + ## Allowed values: soft, hard + type: "" + ## Node label key to match + ## E.g. + ## key: "kubernetes.io/e2e-az-name" + ## + key: "" + ## Node label values to match + ## E.g. + ## values: + ## - e2e-az1 + ## - e2e-az2 + ## + values: [] + + ## Affinity for PostgreSQL read only pods assignment + ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity + ## Note: readReplicas.podAffinityPreset, readReplicas.podAntiAffinityPreset, and readReplicas.nodeAffinityPreset will be ignored when it's set + ## + affinity: {} + + ## Node labels for PostgreSQL read only pods assignment + ## ref: https://kubernetes.io/docs/user-guide/node-selection/ + ## + nodeSelector: {} + + ## Tolerations for PostgreSQL read only pods assignment + ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ + ## + tolerations: [] + labels: {} + annotations: {} + podLabels: {} + podAnnotations: {} + priorityClassName: '' + + ## Extra init containers + ## Example + ## + ## extraInitContainers: + ## - name: do-something + ## image: busybox + ## command: ['do', 'something'] + ## + extraInitContainers: [] + + ## Additional PostgreSQL read replicas Volume mounts + ## + extraVolumeMounts: [] + + ## Additional PostgreSQL read replicas Volumes + ## + extraVolumes: [] + + ## Add sidecars to the pod + ## + ## For example: + ## sidecars: + ## - name: your-image-name + ## image: your-image + ## imagePullPolicy: Always + ## ports: + ## - name: portname + ## containerPort: 1234 + ## + sidecars: [] + + ## Override the service configuration for read + ## + service: {} + # type: + # nodePort: + # clusterIP: + + ## Whether to enable PostgreSQL read replicas data Persistent + ## + persistence: + enabled: true + + # Override the resource configuration for read replicas + resources: {} + # requests: + # memory: 256Mi + # cpu: 250m + +## Configure resource requests and limits +## ref: http://kubernetes.io/docs/user-guide/compute-resources/ +## +resources: + requests: + memory: 256Mi + cpu: 250m + +## Add annotations to all the deployed resources +## +commonAnnotations: {} + +networkPolicy: + ## Enable creation of NetworkPolicy resources. Only Ingress traffic is filtered for now. + ## + enabled: false + + ## The Policy model to apply. When set to false, only pods with the correct + ## client label will have network access to the port PostgreSQL is listening + ## on. When true, PostgreSQL will accept connections from any source + ## (with the correct destination port). + ## + allowExternal: true + + ## if explicitNamespacesSelector is missing or set to {}, only client Pods that are in the networkPolicy's namespace + ## and that match other criteria, the ones that have the good label, can reach the DB. + ## But sometimes, we want the DB to be accessible to clients from other namespaces, in this case, we can use this + ## LabelSelector to select these namespaces, note that the networkPolicy's namespace should also be explicitly added. + ## + ## Example: + ## explicitNamespacesSelector: + ## matchLabels: + ## role: frontend + ## matchExpressions: + ## - {key: role, operator: In, values: [frontend]} + ## + explicitNamespacesSelector: {} + +## Configure extra options for startup, liveness and readiness probes +## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#configure-probes +## +startupProbe: + enabled: false + initialDelaySeconds: 30 + periodSeconds: 15 + timeoutSeconds: 5 + failureThreshold: 10 + successThreshold: 1 + +livenessProbe: + enabled: true + initialDelaySeconds: 30 + periodSeconds: 10 + timeoutSeconds: 5 + failureThreshold: 6 + successThreshold: 1 + +readinessProbe: + enabled: true + initialDelaySeconds: 5 + periodSeconds: 10 + timeoutSeconds: 5 + failureThreshold: 6 + successThreshold: 1 + +## Custom Startup probe +## +customStartupProbe: {} + +## Custom Liveness probe +## +customLivenessProbe: {} + +## Custom Rediness probe +## +customReadinessProbe: {} + +## +## TLS configuration +## +tls: + # Enable TLS traffic + enabled: false + # + # Whether to use the server's TLS cipher preferences rather than the client's. + preferServerCiphers: true + # + # Name of the Secret that contains the certificates + certificatesSecret: '' + # + # Certificate filename + certFilename: '' + # + # Certificate Key filename + certKeyFilename: '' + # + # CA Certificate filename + # If provided, PostgreSQL will authenticate TLS/SSL clients by requesting them a certificate + # ref: https://www.postgresql.org/docs/9.6/auth-methods.html + certCAFilename: + # + # File containing a Certificate Revocation List + crlFilename: + +## Configure metrics exporter +## +metrics: + enabled: false + # resources: {} + service: + type: ClusterIP + annotations: + prometheus.io/scrape: 'true' + prometheus.io/port: '9187' + loadBalancerIP: + serviceMonitor: + enabled: false + additionalLabels: {} + # namespace: monitoring + # interval: 30s + # scrapeTimeout: 10s + ## Custom PrometheusRule to be defined + ## The value is evaluated as a template, so, for example, the value can depend on .Release or .Chart + ## ref: https://github.com/coreos/prometheus-operator#customresourcedefinitions + ## + prometheusRule: + enabled: false + additionalLabels: {} + namespace: '' + ## These are just examples rules, please adapt them to your needs. + ## Make sure to constraint the rules to the current postgresql service. + ## rules: + ## - alert: HugeReplicationLag + ## expr: pg_replication_lag{service="{{ template "common.names.fullname" . }}-metrics"} / 3600 > 1 + ## for: 1m + ## labels: + ## severity: critical + ## annotations: + ## description: replication for {{ template "common.names.fullname" . }} PostgreSQL is lagging by {{ "{{ $value }}" }} hour(s). + ## summary: PostgreSQL replication is lagging by {{ "{{ $value }}" }} hour(s). + ## + rules: [] + + image: + registry: docker.io + repository: bitnami/postgres-exporter + tag: 0.9.0-debian-10-r34 + pullPolicy: IfNotPresent + ## Optionally specify an array of imagePullSecrets. + ## Secrets must be manually created in the namespace. + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ + ## + # pullSecrets: + # - myRegistryKeySecretName + ## Define additional custom metrics + ## ref: https://github.com/wrouesnel/postgres_exporter#adding-new-metrics-via-a-config-file + # customMetrics: + # pg_database: + # query: "SELECT d.datname AS name, CASE WHEN pg_catalog.has_database_privilege(d.datname, 'CONNECT') THEN pg_catalog.pg_database_size(d.datname) ELSE 0 END AS size_bytes FROM pg_catalog.pg_database d where datname not in ('template0', 'template1', 'postgres')" + # metrics: + # - name: + # usage: "LABEL" + # description: "Name of the database" + # - size_bytes: + # usage: "GAUGE" + # description: "Size of the database in bytes" + # + ## An array to add extra env vars to configure postgres-exporter + ## see: https://github.com/wrouesnel/postgres_exporter#environment-variables + ## For example: + # extraEnvVars: + # - name: PG_EXPORTER_DISABLE_DEFAULT_METRICS + # value: "true" + extraEnvVars: {} + + ## Pod Security Context + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ + ## + securityContext: + enabled: false + runAsUser: 1001 + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes) + ## Configure extra options for liveness and readiness probes + ## + livenessProbe: + enabled: true + initialDelaySeconds: 5 + periodSeconds: 10 + timeoutSeconds: 5 + failureThreshold: 6 + successThreshold: 1 + + readinessProbe: + enabled: true + initialDelaySeconds: 5 + periodSeconds: 10 + timeoutSeconds: 5 + failureThreshold: 6 + successThreshold: 1 + +## Array with extra yaml to deploy with the chart. Evaluated as a template +## +extraDeploy: [] diff --git a/gitea/templates/NOTES.txt b/gitea/templates/NOTES.txt new file mode 100644 index 0000000..25b35e7 --- /dev/null +++ b/gitea/templates/NOTES.txt @@ -0,0 +1,20 @@ +1. Get the application URL by running these commands: +{{- if .Values.ingress.enabled }} +{{- range $host := .Values.ingress.hosts }} + {{- range .paths }} + http{{ if $.Values.ingress.tls }}s{{ end }}://{{ $host.host }}{{ .path }} + {{- end }} +{{- end }} +{{- else if contains "NodePort" .Values.service.http.type }} + export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "gitea.fullname" . }}) + export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") + echo http://$NODE_IP:$NODE_PORT +{{- else if contains "LoadBalancer" .Values.service.http.type }} + NOTE: It may take a few minutes for the LoadBalancer IP to be available. + You can watch the status of by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "gitea.fullname" . }}' + export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "gitea.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}") + echo http://$SERVICE_IP:{{ .Values.service.port }} +{{- else if contains "ClusterIP" .Values.service.http.type }} + echo "Visit http://127.0.0.1:{{ .Values.service.http.port }} to use your application" + kubectl --namespace {{ .Release.Namespace }} port-forward svc/{{ .Release.Name }}-http {{ .Values.service.http.port }}:{{ .Values.service.http.port }} +{{- end }} diff --git a/gitea/templates/_helpers.tpl b/gitea/templates/_helpers.tpl new file mode 100644 index 0000000..0e481e0 --- /dev/null +++ b/gitea/templates/_helpers.tpl @@ -0,0 +1,333 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "gitea.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "gitea.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "gitea.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create image name and tag used by the deployment. +*/}} +{{- define "gitea.image" -}} +{{- $registry := .Values.global.imageRegistry | default .Values.image.registry -}} +{{- $name := .Values.image.repository -}} +{{- $tag := .Values.image.tag | default .Chart.AppVersion -}} +{{- $rootless := ternary "-rootless" "" (.Values.image.rootless) -}} +{{- if $registry -}} + {{- printf "%s/%s:%s%s" $registry $name $tag $rootless -}} +{{- else -}} + {{- printf "%s:%s%s" $name $tag $rootless -}} +{{- end -}} +{{- end -}} + +{{/* +Docker Image Registry Secret Names evaluating values as templates +*/}} +{{- define "gitea.images.pullSecrets" -}} +{{- $pullSecrets := .Values.imagePullSecrets -}} +{{- range .Values.global.imagePullSecrets -}} + {{- $pullSecrets = append $pullSecrets (dict "name" .) -}} +{{- end -}} +{{- if (not (empty $pullSecrets)) }} +imagePullSecrets: +{{ toYaml $pullSecrets }} +{{- end }} +{{- end -}} + + +{{/* +Storage Class +*/}} +{{- define "gitea.persistence.storageClass" -}} +{{- $storageClass := .Values.global.storageClass | default .Values.persistence.storageClass }} +{{- if $storageClass }} +storageClassName: {{ $storageClass | quote }} +{{- end }} +{{- end -}} + +{{/* +Common labels +*/}} +{{- define "gitea.labels" -}} +helm.sh/chart: {{ include "gitea.chart" . }} +app: {{ include "gitea.name" . }} +{{ include "gitea.selectorLabels" . }} +app.kubernetes.io/version: {{ .Values.image.tag | default .Chart.AppVersion | quote }} +version: {{ .Values.image.tag | default .Chart.AppVersion | quote }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end -}} + +{{/* +Selector labels +*/}} +{{- define "gitea.selectorLabels" -}} +app.kubernetes.io/name: {{ include "gitea.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end -}} + +{{- define "postgresql.dns" -}} +{{- printf "%s-postgresql.%s.svc.%s:%g" .Release.Name .Release.Namespace .Values.clusterDomain .Values.postgresql.global.postgresql.servicePort -}} +{{- end -}} + +{{- define "mysql.dns" -}} +{{- printf "%s-mysql.%s.svc.%s:%g" .Release.Name .Release.Namespace .Values.clusterDomain .Values.mysql.service.port | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{- define "mariadb.dns" -}} +{{- printf "%s-mariadb.%s.svc.%s:%g" .Release.Name .Release.Namespace .Values.clusterDomain .Values.mariadb.primary.service.port | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{- define "memcached.dns" -}} +{{- printf "%s-memcached.%s.svc.%s:%g" .Release.Name .Release.Namespace .Values.clusterDomain .Values.memcached.service.port | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{- define "gitea.default_domain" -}} +{{- printf "%s-gitea.%s.svc.%s" (include "gitea.fullname" .) .Release.Namespace .Values.clusterDomain | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{- define "gitea.ldap_settings" -}} +{{- $idx := index . 0 }} +{{- $values := index . 1 }} + +{{- if not (hasKey $values "bindDn") -}} +{{- $_ := set $values "bindDn" "" -}} +{{- end -}} + +{{- if not (hasKey $values "bindPassword") -}} +{{- $_ := set $values "bindPassword" "" -}} +{{- end -}} + +{{- $flags := list "notActive" "skipTlsVerify" "allowDeactivateAll" "synchronizeUsers" "attributesInBind" -}} +{{- range $key, $val := $values -}} +{{- if and (ne $key "enabled") (ne $key "existingSecret") -}} +{{- if eq $key "bindDn" -}} +{{- printf "--%s \"${GITEA_LDAP_BIND_DN_%d}\" " ($key | kebabcase) ($idx) -}} +{{- else if eq $key "bindPassword" -}} +{{- printf "--%s \"${GITEA_LDAP_PASSWORD_%d}\" " ($key | kebabcase) ($idx) -}} +{{- else if eq $key "port" -}} +{{- printf "--%s %d " $key ($val | int) -}} +{{- else if has $key $flags -}} +{{- printf "--%s " ($key | kebabcase) -}} +{{- else -}} +{{- printf "--%s %s " ($key | kebabcase) ($val | squote) -}} +{{- end -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{- define "gitea.oauth_settings" -}} +{{- $idx := index . 0 }} +{{- $values := index . 1 }} + +{{- if not (hasKey $values "key") -}} +{{- $_ := set $values "key" (printf "${GITEA_OAUTH_KEY_%d}" $idx) -}} +{{- end -}} + +{{- if not (hasKey $values "secret") -}} +{{- $_ := set $values "secret" (printf "${GITEA_OAUTH_SECRET_%d}" $idx) -}} +{{- end -}} + +{{- range $key, $val := $values -}} +{{- if ne $key "existingSecret" -}} +{{- printf "--%s %s " ($key | kebabcase) ($val | quote) -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{- define "gitea.public_protocol" -}} +{{- if and .Values.ingress.enabled (gt (len .Values.ingress.tls) 0) -}} +https +{{- else -}} +{{ .Values.gitea.config.server.PROTOCOL }} +{{- end -}} +{{- end -}} + +{{- define "gitea.inline_configuration" -}} + {{- include "gitea.inline_configuration.init" . -}} + {{- include "gitea.inline_configuration.defaults" . -}} + + {{- $generals := list -}} + {{- $inlines := dict -}} + + {{- range $key, $value := .Values.gitea.config }} + {{- if kindIs "map" $value }} + {{- if gt (len $value) 0 }} + {{- $section := default list (get $inlines $key) -}} + {{- range $n_key, $n_value := $value }} + {{- $section = append $section (printf "%s=%v" $n_key $n_value) -}} + {{- end }} + {{- $_ := set $inlines $key (join "\n" $section) -}} + {{- end -}} + {{- else }} + {{- if or (eq $key "APP_NAME") (eq $key "RUN_USER") (eq $key "RUN_MODE") -}} + {{- $generals = append $generals (printf "%s=%s" $key $value) -}} + {{- else -}} + {{- (printf "Key %s cannot be on top level of configuration" $key) | fail -}} + {{- end -}} + {{- end }} + {{- end }} + + {{- $_ := set $inlines "_generals_" (join "\n" $generals) -}} + {{- toYaml $inlines -}} +{{- end -}} + +{{- define "gitea.inline_configuration.init" -}} + {{- if not (hasKey .Values.gitea.config "cache") -}} + {{- $_ := set .Values.gitea.config "cache" dict -}} + {{- end -}} + {{- if not (hasKey .Values.gitea.config "server") -}} + {{- $_ := set .Values.gitea.config "server" dict -}} + {{- end -}} + {{- if not (hasKey .Values.gitea.config "metrics") -}} + {{- $_ := set .Values.gitea.config "metrics" dict -}} + {{- end -}} + {{- if not (hasKey .Values.gitea.config "database") -}} + {{- $_ := set .Values.gitea.config "database" dict -}} + {{- end -}} + {{- if not (hasKey .Values.gitea.config "security") -}} + {{- $_ := set .Values.gitea.config "security" dict -}} + {{- end -}} + {{- if not .Values.gitea.config.repository -}} + {{- $_ := set .Values.gitea.config "repository" dict -}} + {{- end -}} + {{- if not (hasKey .Values.gitea.config "oauth2") -}} + {{- $_ := set .Values.gitea.config "oauth2" dict -}} + {{- end -}} +{{- end -}} + +{{- define "gitea.inline_configuration.defaults" -}} + {{- include "gitea.inline_configuration.defaults.server" . -}} + {{- include "gitea.inline_configuration.defaults.database" . -}} + + {{- if not .Values.gitea.config.repository.ROOT -}} + {{- $_ := set .Values.gitea.config.repository "ROOT" "/data/git/gitea-repositories" -}} + {{- end -}} + {{- if not .Values.gitea.config.security.INSTALL_LOCK -}} + {{- $_ := set .Values.gitea.config.security "INSTALL_LOCK" "true" -}} + {{- end -}} + {{- if not (hasKey .Values.gitea.config.metrics "ENABLED") -}} + {{- $_ := set .Values.gitea.config.metrics "ENABLED" .Values.gitea.metrics.enabled -}} + {{- end -}} + {{- if .Values.memcached.enabled -}} + {{- $_ := set .Values.gitea.config.cache "ENABLED" "true" -}} + {{- $_ := set .Values.gitea.config.cache "ADAPTER" "memcache" -}} + {{- if not (.Values.gitea.config.cache.HOST) -}} + {{- $_ := set .Values.gitea.config.cache "HOST" (include "memcached.dns" .) -}} + {{- end -}} + {{- end -}} +{{- end -}} + +{{- define "gitea.inline_configuration.defaults.server" -}} + {{- if not (hasKey .Values.gitea.config.server "HTTP_PORT") -}} + {{- $_ := set .Values.gitea.config.server "HTTP_PORT" .Values.service.http.port -}} + {{- end -}} + {{- if not .Values.gitea.config.server.PROTOCOL -}} + {{- $_ := set .Values.gitea.config.server "PROTOCOL" "http" -}} + {{- end -}} + {{- if not (.Values.gitea.config.server.DOMAIN) -}} + {{- if gt (len .Values.ingress.hosts) 0 -}} + {{- $_ := set .Values.gitea.config.server "DOMAIN" (index .Values.ingress.hosts 0).host -}} + {{- else -}} + {{- $_ := set .Values.gitea.config.server "DOMAIN" (include "gitea.default_domain" .) -}} + {{- end -}} + {{- end -}} + {{- if not .Values.gitea.config.server.ROOT_URL -}} + {{- $_ := set .Values.gitea.config.server "ROOT_URL" (printf "%s://%s" (include "gitea.public_protocol" .) .Values.gitea.config.server.DOMAIN) -}} + {{- end -}} + {{- if not .Values.gitea.config.server.SSH_DOMAIN -}} + {{- $_ := set .Values.gitea.config.server "SSH_DOMAIN" .Values.gitea.config.server.DOMAIN -}} + {{- end -}} + {{- if not .Values.gitea.config.server.SSH_PORT -}} + {{- $_ := set .Values.gitea.config.server "SSH_PORT" .Values.service.ssh.port -}} + {{- end -}} + {{- if not (hasKey .Values.gitea.config.server "SSH_LISTEN_PORT") -}} + {{- if not .Values.image.rootless -}} + {{- $_ := set .Values.gitea.config.server "SSH_LISTEN_PORT" .Values.gitea.config.server.SSH_PORT -}} + {{- else -}} + {{- $_ := set .Values.gitea.config.server "SSH_LISTEN_PORT" "2222" -}} + {{- end -}} + {{- end -}} + {{- if not (hasKey .Values.gitea.config.server "START_SSH_SERVER") -}} + {{- if .Values.image.rootless -}} + {{- $_ := set .Values.gitea.config.server "START_SSH_SERVER" "true" -}} + {{- end -}} + {{- end -}} + {{- if not (hasKey .Values.gitea.config.server "APP_DATA_PATH") -}} + {{- $_ := set .Values.gitea.config.server "APP_DATA_PATH" "/data" -}} + {{- end -}} + {{- if not (hasKey .Values.gitea.config.server "ENABLE_PPROF") -}} + {{- $_ := set .Values.gitea.config.server "ENABLE_PPROF" false -}} + {{- end -}} +{{- end -}} + +{{- define "gitea.inline_configuration.defaults.database" -}} + {{- if .Values.postgresql.enabled -}} + {{- $_ := set .Values.gitea.config.database "DB_TYPE" "postgres" -}} + {{- if not (.Values.gitea.config.database.HOST) -}} + {{- $_ := set .Values.gitea.config.database "HOST" (include "postgresql.dns" .) -}} + {{- end -}} + {{- $_ := set .Values.gitea.config.database "NAME" .Values.postgresql.global.postgresql.postgresqlDatabase -}} + {{- $_ := set .Values.gitea.config.database "USER" .Values.postgresql.global.postgresql.postgresqlUsername -}} + {{- $_ := set .Values.gitea.config.database "PASSWD" .Values.postgresql.global.postgresql.postgresqlPassword -}} + {{- else if .Values.mysql.enabled -}} + {{- $_ := set .Values.gitea.config.database "DB_TYPE" "mysql" -}} + {{- if not (.Values.gitea.config.database.HOST) -}} + {{- $_ := set .Values.gitea.config.database "HOST" (include "mysql.dns" .) -}} + {{- end -}} + {{- $_ := set .Values.gitea.config.database "NAME" .Values.mysql.db.name -}} + {{- $_ := set .Values.gitea.config.database "USER" .Values.mysql.db.user -}} + {{- $_ := set .Values.gitea.config.database "PASSWD" .Values.mysql.db.password -}} + {{- else if .Values.mariadb.enabled -}} + {{- $_ := set .Values.gitea.config.database "DB_TYPE" "mysql" -}} + {{- if not (.Values.gitea.config.database.HOST) -}} + {{- $_ := set .Values.gitea.config.database "HOST" (include "mariadb.dns" .) -}} + {{- end -}} + {{- $_ := set .Values.gitea.config.database "NAME" .Values.mariadb.auth.database -}} + {{- $_ := set .Values.gitea.config.database "USER" .Values.mariadb.auth.username -}} + {{- $_ := set .Values.gitea.config.database "PASSWD" .Values.mariadb.auth.password -}} + {{- end -}} +{{- end -}} + +{{- define "gitea.init-additional-mounts" -}} + {{- /* Honor the deprecated extraVolumeMounts variable when defined */ -}} + {{- if gt (len .Values.extraInitVolumeMounts) 0 -}} + {{- toYaml .Values.extraInitVolumeMounts -}} + {{- else if gt (len .Values.extraVolumeMounts) 0 -}} + {{- toYaml .Values.extraVolumeMounts -}} + {{- end -}} +{{- end -}} + +{{- define "gitea.container-additional-mounts" -}} + {{- /* Honor the deprecated extraVolumeMounts variable when defined */ -}} + {{- if gt (len .Values.extraContainerVolumeMounts) 0 -}} + {{- toYaml .Values.extraContainerVolumeMounts -}} + {{- else if gt (len .Values.extraVolumeMounts) 0 -}} + {{- toYaml .Values.extraVolumeMounts -}} + {{- end -}} +{{- end -}} diff --git a/gitea/templates/gitea/config.yaml b/gitea/templates/gitea/config.yaml new file mode 100644 index 0000000..bcc7c4d --- /dev/null +++ b/gitea/templates/gitea/config.yaml @@ -0,0 +1,172 @@ +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "gitea.fullname" . }}-inline-config + labels: + {{- include "gitea.labels" . | nindent 4 }} +type: Opaque +stringData: + {{- include "gitea.inline_configuration" . | nindent 2 }} +--- +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "gitea.fullname" . }} + labels: + {{- include "gitea.labels" . | nindent 4 }} +type: Opaque +stringData: + config_environment.sh: |- + #!/usr/bin/env bash + set -euo pipefail + + function env2ini::log() { + printf "${1}\n" + } + + function env2ini::read_config_to_env() { + local section="${1}" + local line="${2}" + + if [[ -z "${line}" ]]; then + # skip empty line + return + fi + + # 'xargs echo -n' trims all leading/trailing whitespaces and a trailing new line + local setting="$(awk -F '=' '{print $1}' <<< "${line}" | xargs echo -n)" + + if [[ -z "${setting}" ]]; then + env2ini::log ' ! invalid setting' + exit 1 + fi + + local value='' + local regex="^${setting}(\s*)=(\s*)(.*)" + if [[ $line =~ $regex ]]; then + value="${BASH_REMATCH[3]}" + else + env2ini::log ' ! invalid setting' + exit 1 + fi + + env2ini::log " + '${setting}'" + + if [[ -z "${section}" ]]; then + export "ENV_TO_INI____${setting^^}=${value}" # '^^' makes the variable content uppercase + return + fi + + local masked_section="${section//./_0X2E_}" # '//' instructs to replace all matches + masked_section="${masked_section//-/_0X2D_}" + + export "ENV_TO_INI__${masked_section^^}__${setting^^}=${value}" # '^^' makes the variable content uppercase + } + + function env2ini::reload_preset_envs() { + env2ini::log "Reloading preset envs..." + + while read -r line; do + if [[ -z "${line}" ]]; then + # skip empty line + return + fi + + # 'xargs echo -n' trims all leading/trailing whitespaces and a trailing new line + local setting="$(awk -F '=' '{print $1}' <<< "${line}" | xargs echo -n)" + + if [[ -z "${setting}" ]]; then + env2ini::log ' ! invalid setting' + exit 1 + fi + + local value='' + local regex="^${setting}(\s*)=(\s*)(.*)" + if [[ $line =~ $regex ]]; then + value="${BASH_REMATCH[3]}" + else + env2ini::log ' ! invalid setting' + exit 1 + fi + + env2ini::log " + '${setting}'" + + export "${setting^^}=${value}" # '^^' makes the variable content uppercase + done < "/tmp/existing-envs" + + rm /tmp/existing-envs + } + + + function env2ini::process_config_file() { + local config_file="${1}" + local section="$(basename "${config_file}")" + + if [[ $section == '_generals_' ]]; then + env2ini::log " [ini root]" + section='' + else + env2ini::log " ${section}" + fi + + while read -r line; do + env2ini::read_config_to_env "${section}" "${line}" + done < <(awk 1 "${config_file}") # Helm .toYaml trims the trailing new line which breaks line processing; awk 1 ... adds it back while reading + } + + function env2ini::load_config_sources() { + local path="${1}" + + if [[ -d "${path}" ]]; then + env2ini::log "Processing $(basename "${path}")..." + + while read -d '' configFile; do + env2ini::process_config_file "${configFile}" + done < <(find "${path}" -type l -not -name '..data' -print0) + + env2ini::log "\n" + fi + } + + function env2ini::generate_initial_secrets() { + # These environment variables will either be + # - overwritten with user defined values, + # - initially used to set up Gitea + # Anyway, they won't harm existing app.ini files + + export ENV_TO_INI__SECURITY__INTERNAL_TOKEN=$(gitea generate secret INTERNAL_TOKEN) + export ENV_TO_INI__SECURITY__SECRET_KEY=$(gitea generate secret SECRET_KEY) + export ENV_TO_INI__OAUTH2__JWT_SECRET=$(gitea generate secret JWT_SECRET) + export ENV_TO_INI__SERVER__LFS_JWT_SECRET=$(gitea generate secret LFS_JWT_SECRET) + + env2ini::log "...Initial secrets generated\n" + } + + env | (grep ENV_TO_INI || [[ $? == 1 ]]) > /tmp/existing-envs + + # MUST BE CALLED BEFORE OTHER CONFIGURATION + env2ini::generate_initial_secrets + + env2ini::load_config_sources '/env-to-ini-mounts/inlines/' + env2ini::load_config_sources '/env-to-ini-mounts/additionals/' + + # load existing envs to override auto generated envs + env2ini::reload_preset_envs + + env2ini::log "=== All configuration sources loaded ===\n" + + # safety to prevent rewrite of secret keys if an app.ini already exists + if [ -f ${GITEA_APP_INI} ]; then + env2ini::log 'An app.ini file already exists. To prevent overwriting secret keys, these settings are dropped and remain unchanged:' + env2ini::log ' - security.INTERNAL_TOKEN' + env2ini::log ' - security.SECRET_KEY' + env2ini::log ' - oauth2.JWT_SECRET' + env2ini::log ' - server.LFS_JWT_SECRET' + + unset ENV_TO_INI__SECURITY__INTERNAL_TOKEN + unset ENV_TO_INI__SECURITY__SECRET_KEY + unset ENV_TO_INI__OAUTH2__JWT_SECRET + unset ENV_TO_INI__SERVER__LFS_JWT_SECRET + fi + + environment-to-ini -o $GITEA_APP_INI -p ENV_TO_INI diff --git a/gitea/templates/gitea/deprecation.yaml b/gitea/templates/gitea/deprecation.yaml new file mode 100644 index 0000000..057c5bd --- /dev/null +++ b/gitea/templates/gitea/deprecation.yaml @@ -0,0 +1,34 @@ +{{- if .Values.checkDeprecation -}} + {{/* CUSTOM PROBES */}} + {{- if .Values.gitea.customLivenessProbe -}} + {{- fail "`gitea.customLivenessProbe` does no longer exist. Please refer to the changelog and configure `gitea.livenessProbe` instead." -}} + {{- end -}} + {{- if .Values.gitea.customReadinessProbe -}} + {{- fail "`gitea.customReadinessProbe` does no longer exist. Please refer to the changelog and configure `gitea.readinessProbe` instead." -}} + {{- end -}} + {{- if .Values.gitea.customStartupProbe -}} + {{- fail "`gitea.customStartupProbe` does no longer exist. Please refer to the changelog and configure `gitea.startupProbe` instead." -}} + {{- end -}} + + {{/* LDAP SOURCES */}} + {{- if kindIs "map" .Values.gitea.ldap -}} + {{- fail "You can configure multiple LDAP sources. Please refer to the changelog and switch `gitea.ldap` from object to array notation." -}} + {{- end -}} + + {{/* OAUTH SOURCES */}} + {{- if kindIs "map" .Values.gitea.oauth -}} + {{- fail "You can configure multiple OAuth sources. Please refer to the changelog and switch `gitea.oauth` from object to array notation." -}} + {{- end -}} + + {{/* BUILTIN */}} + {{- if .Values.gitea.cache -}} + {{- if .Values.gitea.cache.builtIn -}} + {{- fail "`gitea.cache.builtIn` does no longer exist. Please use `memcached` at root level instead." -}} + {{- end -}} + {{- end -}} + {{- if .Values.gitea.database -}} + {{- if .Values.gitea.database.builtIn -}} + {{- fail "`gitea.database.builtIn` does no longer exist. Builtin databases can be configured inside the dependencies itself. Please refer to the changelog." -}} + {{- end -}} + {{- end -}} +{{- end -}} diff --git a/gitea/templates/gitea/http-svc.yaml b/gitea/templates/gitea/http-svc.yaml new file mode 100644 index 0000000..659724c --- /dev/null +++ b/gitea/templates/gitea/http-svc.yaml @@ -0,0 +1,45 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ include "gitea.fullname" . }}-http + labels: + {{- include "gitea.labels" . | nindent 4 }} + annotations: + {{- toYaml .Values.service.http.annotations | nindent 4 }} +spec: + type: {{ .Values.service.http.type }} + {{- if and .Values.service.http.loadBalancerIP (eq .Values.service.http.type "LoadBalancer") }} + loadBalancerIP: {{ .Values.service.http.loadBalancerIP }} + {{- end }} + {{- if .Values.service.http.loadBalancerSourceRanges }} + loadBalancerSourceRanges: + {{- range .Values.service.http.loadBalancerSourceRanges }} + - {{ . }} + {{- end }} + {{- end }} + {{- if .Values.service.http.externalIPs }} + externalIPs: + {{- toYaml .Values.service.http.externalIPs | nindent 4 }} + {{- end }} + {{- if .Values.service.http.ipFamilyPolicy }} + ipFamilyPolicy: {{ .Values.service.http.ipFamilyPolicy }} + {{- end }} + {{- with .Values.service.http.ipFamilies }} + ipFamilies: + {{- toYaml . | nindent 4 }} + {{- end -}} + {{- if .Values.service.http.externalTrafficPolicy }} + externalTrafficPolicy: {{ .Values.service.http.externalTrafficPolicy }} + {{- end }} + {{- if and .Values.service.http.clusterIP (eq .Values.service.http.type "ClusterIP") }} + clusterIP: {{ .Values.service.http.clusterIP }} + {{- end }} + ports: + - name: http + port: {{ .Values.service.http.port }} + {{- if .Values.service.http.nodePort }} + nodePort: {{ .Values.service.http.nodePort }} + {{- end }} + targetPort: {{ .Values.gitea.config.server.HTTP_PORT }} + selector: + {{- include "gitea.selectorLabels" . | nindent 4 }} diff --git a/gitea/templates/gitea/ingress.yaml b/gitea/templates/gitea/ingress.yaml new file mode 100644 index 0000000..224e777 --- /dev/null +++ b/gitea/templates/gitea/ingress.yaml @@ -0,0 +1,58 @@ +{{- if .Values.ingress.enabled -}} +{{- $fullName := include "gitea.fullname" . -}} +{{- $httpPort := .Values.service.http.port -}} +{{- $apiVersion := "extensions/v1beta1" -}} +{{- if .Values.ingress.apiVersion -}} +{{- $apiVersion = .Values.ingress.apiVersion -}} +{{- else if .Capabilities.APIVersions.Has "networking.k8s.io/v1/Ingress" -}} +{{- $apiVersion = "networking.k8s.io/v1" }} +{{- else if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1/Ingress" -}} +{{- $apiVersion = "networking.k8s.io/v1beta1" }} +{{- end }} +apiVersion: {{ $apiVersion }} +kind: Ingress +metadata: + name: {{ $fullName }} + labels: + {{- include "gitea.labels" . | nindent 4 }} + {{- with .Values.ingress.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +spec: +{{- if .Values.ingress.className }} + ingressClassName: {{ .Values.ingress.className }} +{{- end }} +{{- if .Values.ingress.tls }} + tls: + {{- range .Values.ingress.tls }} + - hosts: + {{- range .hosts }} + - {{ . | quote }} + {{- end }} + secretName: {{ .secretName }} + {{- end }} +{{- end }} + rules: + {{- range .Values.ingress.hosts }} + - host: {{ .host | quote }} + http: + paths: + {{- range .paths }} + - path: {{ .path }} + {{- if and .pathType (eq $apiVersion "networking.k8s.io/v1") }} + pathType: {{ .pathType }} + {{- end }} + backend: + {{- if eq $apiVersion "networking.k8s.io/v1" }} + service: + name: {{ $fullName }}-http + port: + number: {{ $httpPort }} + {{- else }} + serviceName: {{ $fullName }}-http + servicePort: {{ $httpPort }} + {{- end }} + {{- end }} + {{- end }} +{{- end }} diff --git a/gitea/templates/gitea/init.yaml b/gitea/templates/gitea/init.yaml new file mode 100644 index 0000000..00af29b --- /dev/null +++ b/gitea/templates/gitea/init.yaml @@ -0,0 +1,116 @@ +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "gitea.fullname" . }}-init + labels: + {{- include "gitea.labels" . | nindent 4 }} +type: Opaque +stringData: + init_directory_structure.sh: |- + #!/usr/bin/env bash + + set -euo pipefail + + {{- if .Values.initPreScript }} + # BEGIN: initPreScript + {{- with .Values.initPreScript -}} + {{ . | nindent 4}} + {{- end -}} + # END: initPreScript + {{- end }} + + set -x + + {{- if not .Values.image.rootless }} + chown 1000:1000 /data + {{- end }} + mkdir -p /data/git/.ssh + chmod -R 700 /data/git/.ssh + [ ! -d /data/gitea ] && mkdir -p /data/gitea/conf + + # prepare temp directory structure + mkdir -p "${GITEA_TEMP}" + {{- if not .Values.image.rootless }} + chown 1000:1000 "${GITEA_TEMP}" + {{- end }} + chmod ug+rwx "${GITEA_TEMP}" + + configure_gitea.sh: |- + #!/usr/bin/env bash + + set -euo pipefail + + echo '==== BEGIN GITEA CONFIGURATION ====' + + { # try + gitea migrate + } || { # catch + echo "Gitea migrate might fail due to database connection...This init-container will try again in a few seconds" + exit 1 + } + + + {{- if or .Values.gitea.admin.existingSecret (and .Values.gitea.admin.username .Values.gitea.admin.password) }} + function configure_admin_user() { + local ACCOUNT_ID=$(gitea admin user list --admin | grep -e "\s\+${GITEA_ADMIN_USERNAME}\s\+" | awk -F " " "{printf \$1}") + if [[ -z "${ACCOUNT_ID}" ]]; then + echo "No admin user '${GITEA_ADMIN_USERNAME}' found. Creating now..." + gitea admin user create --admin --username "${GITEA_ADMIN_USERNAME}" --password "${GITEA_ADMIN_PASSWORD}" --email {{ .Values.gitea.admin.email | quote }} --must-change-password=false + echo '...created.' + else + echo "Admin account '${GITEA_ADMIN_USERNAME}' already exist. Running update to sync password..." + gitea admin user change-password --username "${GITEA_ADMIN_USERNAME}" --password "${GITEA_ADMIN_PASSWORD}" + echo '...password sync done.' + fi + } + + configure_admin_user + {{- end }} + + function configure_ldap() { + {{- if .Values.gitea.ldap }} + {{- range $idx, $value := .Values.gitea.ldap }} + local LDAP_NAME={{ (printf "%s" $value.name) | squote }} + local GITEA_AUTH_ID=$(gitea admin auth list --vertical-bars | grep -E "\|${LDAP_NAME}\s+\|" | grep -iE '\|LDAP \(via BindDN\)\s+\|' | awk -F " " "{print \$1}") + + if [[ -z "${GITEA_AUTH_ID}" ]]; then + echo "No ldap configuration found with name '${LDAP_NAME}'. Installing it now..." + gitea admin auth add-ldap {{- include "gitea.ldap_settings" (list $idx $value) | indent 1 }} + echo '...installed.' + else + echo "Existing ldap configuration with name '${LDAP_NAME}': '${GITEA_AUTH_ID}'. Running update to sync settings..." + gitea admin auth update-ldap --id "${GITEA_AUTH_ID}" {{- include "gitea.ldap_settings" (list $idx $value) | indent 1 }} + echo '...sync settings done.' + fi + {{- end }} + {{- else }} + echo 'no ldap configuration... skipping.' + {{- end }} + } + + configure_ldap + + function configure_oauth() { + {{- if .Values.gitea.oauth }} + {{- range $idx, $value := .Values.gitea.oauth }} + local OAUTH_NAME={{ (printf "%s" $value.name) | squote }} + local AUTH_ID=$(gitea admin auth list --vertical-bars | grep -E "\|${OAUTH_NAME}\s+\|" | grep -iE '\|OAuth2\s+\|' | awk -F " " "{print \$1}") + + if [[ -z "${AUTH_ID}" ]]; then + echo "No oauth configuration found with name '${OAUTH_NAME}'. Installing it now..." + gitea admin auth add-oauth {{- include "gitea.oauth_settings" (list $idx $value) | indent 1 }} + echo '...installed.' + else + echo "Existing oauth configuration with name '${OAUTH_NAME}': '${AUTH_ID}'. Running update to sync settings..." + gitea admin auth update-oauth --id "${AUTH_ID}" {{- include "gitea.oauth_settings" (list $idx $value) | indent 1 }} + echo '...sync settings done.' + fi + {{- end }} + {{- else }} + echo 'no oauth configuration... skipping.' + {{- end }} + } + + configure_oauth + + echo '==== END GITEA CONFIGURATION ====' diff --git a/gitea/templates/gitea/servicemonitor.yaml b/gitea/templates/gitea/servicemonitor.yaml new file mode 100644 index 0000000..02750d0 --- /dev/null +++ b/gitea/templates/gitea/servicemonitor.yaml @@ -0,0 +1,17 @@ +{{- if .Values.gitea.metrics.serviceMonitor.enabled -}} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ include "gitea.fullname" . }} + labels: + {{- include "gitea.labels" . | nindent 4 }} + {{- if .Values.gitea.metrics.serviceMonitor.additionalLabels }} + {{- toYaml .Values.gitea.metrics.serviceMonitor.additionalLabels | nindent 4 }} + {{- end }} +spec: + selector: + matchLabels: + {{- include "gitea.selectorLabels" . | nindent 6 }} + endpoints: + - port: http +{{- end -}} \ No newline at end of file diff --git a/gitea/templates/gitea/ssh-svc.yaml b/gitea/templates/gitea/ssh-svc.yaml new file mode 100644 index 0000000..620f624 --- /dev/null +++ b/gitea/templates/gitea/ssh-svc.yaml @@ -0,0 +1,48 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ include "gitea.fullname" . }}-ssh + labels: + {{- include "gitea.labels" . | nindent 4 }} + annotations: + {{- toYaml .Values.service.ssh.annotations | nindent 4 }} +spec: + type: {{ .Values.service.ssh.type }} + {{- if eq .Values.service.ssh.type "LoadBalancer" }} + {{- if .Values.service.ssh.loadBalancerIP }} + loadBalancerIP: {{ .Values.service.ssh.loadBalancerIP }} + {{- end -}} + {{- if .Values.service.ssh.loadBalancerSourceRanges }} + loadBalancerSourceRanges: + {{- range .Values.service.ssh.loadBalancerSourceRanges }} + - {{ . }} + {{- end }} + {{- end }} + {{- end }} + {{- if and .Values.service.ssh.clusterIP (eq .Values.service.ssh.type "ClusterIP") }} + clusterIP: {{ .Values.service.ssh.clusterIP }} + {{- end }} + {{- if .Values.service.ssh.externalIPs }} + externalIPs: + {{- toYaml .Values.service.ssh.externalIPs | nindent 4 }} + {{- end }} + {{- if .Values.service.ssh.ipFamilyPolicy }} + ipFamilyPolicy: {{ .Values.service.ssh.ipFamilyPolicy }} + {{- end }} + {{- with .Values.service.ssh.ipFamilies }} + ipFamilies: + {{- toYaml . | nindent 4 }} + {{- end -}} + {{- if .Values.service.ssh.externalTrafficPolicy }} + externalTrafficPolicy: {{ .Values.service.ssh.externalTrafficPolicy }} + {{- end }} + ports: + - name: ssh + port: {{ .Values.service.ssh.port }} + targetPort: {{ .Values.gitea.config.server.SSH_LISTEN_PORT }} + protocol: TCP + {{- if .Values.service.ssh.nodePort }} + nodePort: {{ .Values.service.ssh.nodePort }} + {{- end }} + selector: + {{- include "gitea.selectorLabels" . | nindent 4 }} diff --git a/gitea/templates/gitea/statefulset.yaml b/gitea/templates/gitea/statefulset.yaml new file mode 100644 index 0000000..ed9a887 --- /dev/null +++ b/gitea/templates/gitea/statefulset.yaml @@ -0,0 +1,342 @@ +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: {{ include "gitea.fullname" . }} + annotations: + {{- if .Values.statefulset.annotations }} + {{- toYaml .Values.statefulset.annotations | nindent 4 }} + {{- end }} + labels: + {{- include "gitea.labels" . | nindent 4 }} +spec: + replicas: {{ .Values.replicaCount }} + selector: + matchLabels: + {{- include "gitea.selectorLabels" . | nindent 6 }} + {{- if .Values.statefulset.labels }} + {{- toYaml .Values.statefulset.labels | nindent 6 }} + {{- end }} + serviceName: {{ include "gitea.fullname" . }} + template: + metadata: + annotations: + checksum/config: {{ include (print $.Template.BasePath "/gitea/config.yaml") . | sha256sum }} + {{- range $idx, $value := .Values.gitea.ldap }} + checksum/ldap_{{ $idx }}: {{ include "gitea.ldap_settings" (list $idx $value) | sha256sum }} + {{- end }} + {{- range $idx, $value := .Values.gitea.oauth }} + checksum/oauth_{{ $idx }}: {{ include "gitea.oauth_settings" (list $idx $value) | sha256sum }} + {{- end }} + {{- with .Values.gitea.podAnnotations }} + {{- toYaml . | nindent 8 }} + {{- end }} + labels: + {{- include "gitea.labels" . | nindent 8 }} + {{- if .Values.statefulset.labels }} + {{- toYaml .Values.statefulset.labels | nindent 8 }} + {{- end }} + spec: + {{- if .Values.schedulerName }} + schedulerName: "{{ .Values.schedulerName }}" + {{- end }} + {{- include "gitea.images.pullSecrets" . | nindent 6 }} + securityContext: + {{- toYaml .Values.podSecurityContext | nindent 8 }} + initContainers: + - name: init-directories + image: "{{ include "gitea.image" . }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + command: ["/usr/sbin/init_directory_structure.sh"] + env: + - name: GITEA_APP_INI + value: /data/gitea/conf/app.ini + - name: GITEA_CUSTOM + value: /data/gitea + - name: GITEA_WORK_DIR + value: /data + - name: GITEA_TEMP + value: /tmp/gitea + {{- if .Values.statefulset.env }} + {{- toYaml .Values.statefulset.env | nindent 12 }} + {{- end }} + volumeMounts: + - name: init + mountPath: /usr/sbin + - name: temp + mountPath: /tmp + - name: data + mountPath: /data + {{- if .Values.persistence.subPath }} + subPath: {{ .Values.persistence.subPath }} + {{- end }} + {{- include "gitea.init-additional-mounts" . | nindent 12 }} + securityContext: + {{- toYaml .Values.containerSecurityContext | nindent 12 }} + - name: init-app-ini + image: "{{ include "gitea.image" . }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + command: ["/usr/sbin/config_environment.sh"] + env: + - name: GITEA_APP_INI + value: /data/gitea/conf/app.ini + - name: GITEA_CUSTOM + value: /data/gitea + - name: GITEA_WORK_DIR + value: /data + - name: GITEA_TEMP + value: /tmp/gitea + {{- if .Values.statefulset.env }} + {{- toYaml .Values.statefulset.env | nindent 12 }} + {{- end }} + {{- if .Values.gitea.additionalConfigFromEnvs }} + {{- toYaml .Values.gitea.additionalConfigFromEnvs | nindent 12 }} + {{- end }} + volumeMounts: + - name: config + mountPath: /usr/sbin + - name: temp + mountPath: /tmp + - name: data + mountPath: /data + {{- if .Values.persistence.subPath }} + subPath: {{ .Values.persistence.subPath }} + {{- end }} + - name: inline-config-sources + mountPath: /env-to-ini-mounts/inlines/ + {{- range $idx, $value := .Values.gitea.additionalConfigSources }} + - name: additional-config-sources-{{ $idx }} + mountPath: "/env-to-ini-mounts/additionals/{{ $idx }}/" + {{- end }} + {{- include "gitea.init-additional-mounts" . | nindent 12 }} + securityContext: + {{- toYaml .Values.containerSecurityContext | nindent 12 }} + - name: configure-gitea + image: "{{ include "gitea.image" . }}" + command: ["/usr/sbin/configure_gitea.sh"] + imagePullPolicy: {{ .Values.image.pullPolicy }} + securityContext: + {{- /* By default this container runs as user 1000 unless otherwise stated */ -}} + {{- $csc := deepCopy .Values.containerSecurityContext -}} + {{- if not (hasKey $csc "runAsUser") -}} + {{- $_ := set $csc "runAsUser" 1000 -}} + {{- end -}} + {{- toYaml $csc | nindent 12 }} + env: + - name: GITEA_APP_INI + value: /data/gitea/conf/app.ini + - name: GITEA_CUSTOM + value: /data/gitea + - name: GITEA_WORK_DIR + value: /data + - name: GITEA_TEMP + value: /tmp/gitea + {{- if .Values.gitea.ldap }} + {{- range $idx, $value := .Values.gitea.ldap }} + {{- if $value.existingSecret }} + - name: GITEA_LDAP_BIND_DN_{{ $idx }} + valueFrom: + secretKeyRef: + key: bindDn + name: {{ $value.existingSecret }} + - name: GITEA_LDAP_PASSWORD_{{ $idx }} + valueFrom: + secretKeyRef: + key: bindPassword + name: {{ $value.existingSecret }} + {{- else }} + - name: GITEA_LDAP_BIND_DN_{{ $idx }} + value: {{ $value.bindDn | quote }} + - name: GITEA_LDAP_PASSWORD_{{ $idx }} + value: {{ $value.bindPassword | quote }} + {{- end }} + {{- end }} + {{- end }} + {{- if .Values.gitea.oauth }} + {{- range $idx, $value := .Values.gitea.oauth }} + {{- if $value.existingSecret }} + - name: GITEA_OAUTH_KEY_{{ $idx }} + valueFrom: + secretKeyRef: + key: key + name: {{ $value.existingSecret }} + - name: GITEA_OAUTH_SECRET_{{ $idx }} + valueFrom: + secretKeyRef: + key: secret + name: {{ $value.existingSecret }} + {{- end }} + {{- end }} + {{- end }} + {{- if .Values.gitea.admin.existingSecret }} + - name: GITEA_ADMIN_USERNAME + valueFrom: + secretKeyRef: + key: username + name: {{ .Values.gitea.admin.existingSecret }} + - name: GITEA_ADMIN_PASSWORD + valueFrom: + secretKeyRef: + key: password + name: {{ .Values.gitea.admin.existingSecret }} + {{- else }} + - name: GITEA_ADMIN_USERNAME + value: {{ .Values.gitea.admin.username | quote }} + - name: GITEA_ADMIN_PASSWORD + value: {{ .Values.gitea.admin.password | quote }} + {{- end }} + {{- if .Values.statefulset.env }} + {{- toYaml .Values.statefulset.env | nindent 12 }} + {{- end }} + volumeMounts: + - name: init + mountPath: /usr/sbin + - name: temp + mountPath: /tmp + - name: data + mountPath: /data + {{- if .Values.persistence.subPath }} + subPath: {{ .Values.persistence.subPath }} + {{- end }} + {{- include "gitea.init-additional-mounts" . | nindent 12 }} + terminationGracePeriodSeconds: {{ .Values.statefulset.terminationGracePeriodSeconds }} + containers: + - name: {{ .Chart.Name }} + image: "{{ include "gitea.image" . }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + env: + # SSH Port values have to be set here as well for openssh configuration + - name: SSH_LISTEN_PORT + value: {{ .Values.gitea.config.server.SSH_LISTEN_PORT | quote }} + - name: SSH_PORT + value: {{ .Values.gitea.config.server.SSH_PORT | quote }} + - name: GITEA_APP_INI + value: /data/gitea/conf/app.ini + - name: GITEA_CUSTOM + value: /data/gitea + - name: GITEA_WORK_DIR + value: /data + - name: GITEA_TEMP + value: /tmp/gitea + - name: TMPDIR + value: /tmp/gitea + {{- if .Values.signing.enabled }} + - name: GNUPGHOME + value: {{ .Values.signing.gpgHome }} + {{- end }} + {{- if .Values.statefulset.env }} + {{- toYaml .Values.statefulset.env | nindent 12 }} + {{- end }} + ports: + - name: ssh + containerPort: {{ .Values.gitea.config.server.SSH_LISTEN_PORT }} + {{- if .Values.service.ssh.hostPort }} + hostPort: {{ .Values.service.ssh.hostPort }} + {{- end }} + - name: http + containerPort: {{ .Values.gitea.config.server.HTTP_PORT }} + {{- if .Values.gitea.config.server.ENABLE_PPROF }} + - name: profiler + containerPort: 6060 + {{- end }} + {{- if .Values.gitea.livenessProbe.enabled }} + livenessProbe: + {{- toYaml (omit .Values.gitea.livenessProbe "enabled") | nindent 12 }} + {{- end }} + {{- if .Values.gitea.readinessProbe.enabled }} + readinessProbe: + {{- toYaml (omit .Values.gitea.readinessProbe "enabled") | nindent 12 }} + {{- end }} + {{- if .Values.gitea.startupProbe.enabled }} + startupProbe: + {{- toYaml (omit .Values.gitea.startupProbe "enabled") | nindent 12 }} + {{- end }} + resources: + {{- toYaml .Values.resources | nindent 12 }} + securityContext: + {{- /* Honor the deprecated securityContext variable when defined */ -}} + {{- if .Values.containerSecurityContext -}} + {{ toYaml .Values.containerSecurityContext | nindent 12 -}} + {{- else -}} + {{ toYaml .Values.securityContext | nindent 12 -}} + {{- end }} + volumeMounts: + - name: temp + mountPath: /tmp + - name: data + mountPath: /data + {{- if .Values.persistence.subPath }} + subPath: {{ .Values.persistence.subPath }} + {{- end }} + {{- include "gitea.container-additional-mounts" . | nindent 12 }} + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- if .Values.dnsConfig }} + dnsConfig: + {{- toYaml .Values.dnsConfig | nindent 8 }} + {{- end }} + volumes: + - name: init + secret: + secretName: {{ include "gitea.fullname" . }}-init + defaultMode: 110 + - name: config + secret: + secretName: {{ include "gitea.fullname" . }} + defaultMode: 110 + {{- if gt (len .Values.extraVolumes) 0 }} + {{- toYaml .Values.extraVolumes | nindent 8 }} + {{- end }} + - name: inline-config-sources + secret: + secretName: {{ include "gitea.fullname" . }}-inline-config + {{- range $idx, $value := .Values.gitea.additionalConfigSources }} + - name: additional-config-sources-{{ $idx }} + {{- toYaml $value | nindent 10 }} + {{- end }} + - name: temp + emptyDir: {} + {{- if and .Values.persistence.enabled .Values.persistence.existingClaim }} + - name: data + persistentVolumeClaim: + {{- with .Values.persistence.existingClaim }} + claimName: {{ tpl . $ }} + {{- end }} + {{- else if not .Values.persistence.enabled }} + - name: data + emptyDir: {} + {{- else if and .Values.persistence.enabled (not .Values.persistence.existingClaim) }} + volumeClaimTemplates: + - metadata: + name: data + {{- with .Values.persistence.annotations }} + annotations: + {{- range $key, $value := . }} + {{ $key }}: {{ $value }} + {{- end }} + {{- end }} + {{- with .Values.persistence.labels }} + labels: + {{- range $key, $value := . }} + {{ $key }}: {{ $value }} + {{- end }} + {{- end }} + spec: + accessModes: + {{- range .Values.persistence.accessModes }} + - {{ . | quote }} + {{- end }} + {{- include "gitea.persistence.storageClass" . | indent 8 }} + resources: + requests: + storage: {{ .Values.persistence.size | quote }} + {{- end }} diff --git a/gitea/templates/tests/test-http-connection.yaml b/gitea/templates/tests/test-http-connection.yaml new file mode 100644 index 0000000..7fab1b7 --- /dev/null +++ b/gitea/templates/tests/test-http-connection.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: Pod +metadata: + name: "{{ include "gitea.fullname" . }}-test-connection" + labels: +{{ include "gitea.labels" . | nindent 4 }} + annotations: + "helm.sh/hook": test-success +spec: + containers: + - name: wget + image: busybox + command: ['wget'] + args: ['{{ include "gitea.fullname" . }}-http:{{ .Values.service.http.port }}'] + restartPolicy: Never diff --git a/gitea/values.yaml b/gitea/values.yaml new file mode 100644 index 0000000..37b357b --- /dev/null +++ b/gitea/values.yaml @@ -0,0 +1,474 @@ +# Default values for gitea. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. +## @section Global +# +## @param global.imageRegistry global image registry override +## @param global.imagePullSecrets global image pull secrets override; can be extended by `imagePullSecrets` +## @param global.storageClass global storage class override +global: + imageRegistry: "" + ## E.g. + ## imagePullSecrets: + ## - myRegistryKeySecretName + ## + imagePullSecrets: [] + storageClass: "" + +## @param replicaCount number of replicas for the statefulset +replicaCount: 1 + +## @param clusterDomain cluster domain +clusterDomain: cluster.local + +## @section Image +## @param image.registry image registry, e.g. gcr.io,docker.io +## @param image.repository Image to start for this pod +## @param image.tag Visit: [Image tag](https://hub.docker.com/r/gitea/gitea/tags?page=1&ordering=last_updated). Defaults to `appVersion` within Chart.yaml. +## @param image.pullPolicy Image pull policy +## @param image.rootless Wether or not to pull the rootless version of Gitea, only works on Gitea 1.14.x or higher +image: + registry: "" + repository: gitea/gitea + # Overrides the image tag whose default is the chart appVersion. + tag: "" + pullPolicy: Always + rootless: true # only possible when running 1.14 or later + +## @param imagePullSecrets Secret to use for pulling the image +imagePullSecrets: [] + +## @section Security +# Security context is only usable with rootless image due to image design +## @param podSecurityContext.fsGroup Set the shared file system group for all containers in the pod. +podSecurityContext: + fsGroup: 1000 + +## @param containerSecurityContext Security context +containerSecurityContext: {} +# allowPrivilegeEscalation: false +# capabilities: +# drop: +# - ALL +# # Add the SYS_CHROOT capability for root and rootless images if you intend to +# # run pods on nodes that use the container runtime cri-o. Otherwise, you will +# # get an error message from the SSH server that it is not possible to read from +# # the repository. +# # https://gitea.com/gitea/helm-chart/issues/161 +# add: +# - SYS_CHROOT +# privileged: false +# readOnlyRootFilesystem: true +# runAsGroup: 1000 +# runAsNonRoot: true +# runAsUser: 1000 + +## @depracated The securityContext variable has been split two: +## - containerSecurityContext +## - podSecurityContext. +## @param securityContext Run init and Gitea containers as a specific securityContext +securityContext: {} + +## @section Service +service: + ## @param service.http.type Kubernetes service type for web traffic + ## @param service.http.port Port number for web traffic + ## @param service.http.clusterIP ClusterIP setting for http autosetup for statefulset is None + ## @param service.http.loadBalancerIP LoadBalancer IP setting + ## @param service.http.nodePort NodePort for http service + ## @param service.http.externalTrafficPolicy If `service.http.type` is `NodePort` or `LoadBalancer`, set this to `Local` to enable source IP preservation + ## @param service.http.externalIPs External IPs for service + ## @param service.http.ipFamilyPolicy HTTP service dual-stack policy + ## @param service.http.ipFamilies HTTP service dual-stack familiy selection,for dual-stack parameters see official kubernetes [dual-stack concept documentation](https://kubernetes.io/docs/concepts/services-networking/dual-stack/). + ## @param service.http.loadBalancerSourceRanges Source range filter for http loadbalancer + ## @param service.http.annotations HTTP service annotations + http: + type: ClusterIP + port: 3000 + clusterIP: None + loadBalancerIP: + nodePort: + externalTrafficPolicy: + externalIPs: + ipFamilyPolicy: + ipFamilies: + loadBalancerSourceRanges: [] + annotations: {} + ## @param service.ssh.type Kubernetes service type for ssh traffic + ## @param service.ssh.port Port number for ssh traffic + ## @param service.ssh.clusterIP ClusterIP setting for ssh autosetup for statefulset is None + ## @param service.ssh.loadBalancerIP LoadBalancer IP setting + ## @param service.ssh.nodePort NodePort for ssh service + ## @param service.ssh.externalTrafficPolicy If `service.ssh.type` is `NodePort` or `LoadBalancer`, set this to `Local` to enable source IP preservation + ## @param service.ssh.externalIPs External IPs for service + ## @param service.ssh.ipFamilyPolicy SSH service dual-stack policy + ## @param service.ssh.ipFamilies SSH service dual-stack familiy selection,for dual-stack parameters see official kubernetes [dual-stack concept documentation](https://kubernetes.io/docs/concepts/services-networking/dual-stack/). + ## @param service.ssh.hostPort HostPort for ssh service + ## @param service.ssh.loadBalancerSourceRanges Source range filter for ssh loadbalancer + ## @param service.ssh.annotations SSH service annotations + ssh: + type: ClusterIP + port: 22 + clusterIP: None + loadBalancerIP: + nodePort: + externalTrafficPolicy: + externalIPs: + ipFamilyPolicy: + ipFamilies: + hostPort: + loadBalancerSourceRanges: [] + annotations: {} + + +## @section Ingress +## @param ingress.enabled Enable ingress +## @param ingress.className Ingress class name +## @param ingress.annotations Ingress annotations +## @param ingress.hosts[0].host Default Ingress host +## @param ingress.hosts[0].paths[0].path Default Ingress path +## @param ingress.hosts[0].paths[0].pathType Ingress path type +## @param ingress.tls Ingress tls settings +## @extra ingress.apiVersion Specify APIVersion of ingress object. Mostly would only be used for argocd. +ingress: + enabled: false + # className: nginx + className: + annotations: {} + # kubernetes.io/ingress.class: nginx + # kubernetes.io/tls-acme: "true" + hosts: + - host: git.example.com + paths: + - path: / + pathType: Prefix + tls: [] + # - secretName: chart-example-tls + # hosts: + # - git.example.com + # Mostly for argocd or any other CI that uses `helm template | kubectl apply` or similar + # If helm doesn't correctly detect your ingress API version you can set it here. + # apiVersion: networking.k8s.io/v1 + +## @section StatefulSet +# +## @param resources Kubernetes resources +resources: {} + # We usually recommend not to specify default resources and to leave this as a conscious + # choice for the user. This also increases chances charts run on environments with little + # resources, such as Minikube. If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + # limits: + # cpu: 100m + # memory: 128Mi + # requests: + # cpu: 100m + # memory: 128Mi + +## Use an alternate scheduler, e.g. "stork". +## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ +## +## @param schedulerName Use an alternate scheduler, e.g. "stork" +schedulerName: "" + +## @param nodeSelector NodeSelector for the statefulset +nodeSelector: {} + +## @param tolerations Tolerations for the statefulset +tolerations: [] + +## @param affinity Affinity for the statefulset +affinity: {} + +## @param dnsConfig dnsConfig for the statefulset +dnsConfig: {} + +## @param statefulset.env Additional environment variables to pass to containers +## @param statefulset.terminationGracePeriodSeconds How long to wait until forcefully kill the pod +## @param statefulset.labels Labels for the statefulset +## @param statefulset.annotations Annotations for the Gitea StatefulSet to be created +statefulset: + env: [] + # - name: VARIABLE + # value: my-value + terminationGracePeriodSeconds: 60 + labels: {} + annotations: {} + +## @section Persistence +# +## @param persistence.enabled Enable persistent storage +## @param persistence.existingClaim Use an existing claim to store repository information +## @param persistence.size Size for persistence to store repo information +## @param persistence.accessModes AccessMode for persistence +## @param persistence.labels Labels for the persistence volume claim to be created +## @param persistence.annotations Annotations for the persistence volume claim to be created +## @param persistence.storageClass Name of the storage class to use +## @param persistence.subPath Subdirectory of the volume to mount at +persistence: + enabled: true + existingClaim: + size: 10Gi + accessModes: + - ReadWriteOnce + labels: {} + annotations: {} + storageClass: + subPath: + +## @param extraVolumes Additional volumes to mount to the Gitea statefulset +extraVolumes: [] +# - name: postgres-ssl-vol +# secret: +# secretName: gitea-postgres-ssl + +## @param extraContainerVolumeMounts Mounts that are only mapped into the Gitea runtime/main container, to e.g. override custom templates. +extraContainerVolumeMounts: [] + +## @param extraInitVolumeMounts Mounts that are only mapped into the init-containers. Can be used for additional preconfiguration. +extraInitVolumeMounts: [] + +## @depracated The extraVolumeMounts variable has been split two: +## - extraContainerVolumeMounts +## - extraInitVolumeMounts +## As an example, can be used to mount a client cert when connecting to an external Postgres server. +## @param extraVolumeMounts **DEPRECATED** Additional volume mounts for init containers and the Gitea main container +extraVolumeMounts: [] +# - name: postgres-ssl-vol +# readOnly: true +# mountPath: "/pg-ssl" + +## @section Init +## @param initPreScript Bash shell script copied verbatim to the start of the init-container. +initPreScript: "" +# +# initPreScript: | +# mkdir -p /data/git/.postgresql +# cp /pg-ssl/* /data/git/.postgresql/ +# chown -R git:git /data/git/.postgresql/ +# chmod 400 /data/git/.postgresql/postgresql.key + +# Configure commit/action signing prerequisites +## @section Signing +# +## @param signing.enabled Enable commit/action signing +## @param signing.gpgHome GPG home directory +signing: + enabled: false + gpgHome: /data/git/.gnupg + +## @section Gitea +# +gitea: + ## @param gitea.admin.username Username for the Gitea admin user + ## @param gitea.admin.existingSecret Use an existing secret to store admin user credentials + ## @param gitea.admin.password Password for the Gitea admin user + ## @param gitea.admin.email Email for the Gitea admin user + admin: + #existingSecret: gitea-admin-secret + existingSecret: + username: gitea_admin + password: + email: "gitea@local.domain" + + ## @param gitea.metrics.enabled Enable Gitea metrics + ## @param gitea.metrics.serviceMonitor.enabled Enable Gitea metrics service monitor + metrics: + enabled: false + serviceMonitor: + enabled: false + # additionalLabels: + # prometheus-release: prom1 + + ## @param gitea.ldap LDAP configuration + ldap: [] + # - name: "LDAP 1" + # existingSecret: + # securityProtocol: + # host: + # port: + # userSearchBase: + # userFilter: + # adminFilter: + # emailAttribute: + # bindDn: + # bindPassword: + # usernameAttribute: + # publicSSHKeyAttribute: + + # Either specify inline `key` and `secret` or refer to them via `existingSecret` + ## @param gitea.oauth OAuth configuration + oauth: [] + # - name: 'OAuth 1' + # provider: + # key: + # secret: + # existingSecret: + # autoDiscoverUrl: + # useCustomUrls: + # customAuthUrl: + # customTokenUrl: + # customProfileUrl: + # customEmailUrl: + + ## @param gitea.config Configuration for the Gitea server,ref: [config-cheat-sheet](https://docs.gitea.io/en-us/config-cheat-sheet/) + config: {} + # APP_NAME: "Gitea: Git with a cup of tea" + # RUN_MODE: dev + # + # server: + # SSH_PORT: 22 + # + # security: + # PASSWORD_COMPLEXITY: spec + + ## @param gitea.additionalConfigSources Additional configuration from secret or configmap + additionalConfigSources: [] + # - secret: + # secretName: gitea-app-ini-oauth + # - configMap: + # name: gitea-app-ini-plaintext + + ## @param gitea.additionalConfigFromEnvs Additional configuration sources from environment variables + additionalConfigFromEnvs: [] + + ## @param gitea.podAnnotations Annotations for the Gitea pod + podAnnotations: {} + + ## @section LivenessProbe + # + ## @param gitea.livenessProbe.enabled Enable liveness probe + ## @param gitea.livenessProbe.tcpSocket.port Port to probe for liveness + ## @param gitea.livenessProbe.initialDelaySeconds Initial delay before liveness probe is initiated + ## @param gitea.livenessProbe.timeoutSeconds Timeout for liveness probe + ## @param gitea.livenessProbe.periodSeconds Period for liveness probe + ## @param gitea.livenessProbe.successThreshold Success threshold for liveness probe + ## @param gitea.livenessProbe.failureThreshold Failure threshold for liveness probe + # Modify the liveness probe for your needs or completely disable it by commenting out. + livenessProbe: + enabled: true + tcpSocket: + port: http + initialDelaySeconds: 200 + timeoutSeconds: 1 + periodSeconds: 10 + successThreshold: 1 + failureThreshold: 10 + + ## @section ReadinessProbe + # + ## @param gitea.readinessProbe.enabled Enable readiness probe + ## @param gitea.readinessProbe.tcpSocket.port Port to probe for readiness + ## @param gitea.readinessProbe.initialDelaySeconds Initial delay before readiness probe is initiated + ## @param gitea.readinessProbe.timeoutSeconds Timeout for readiness probe + ## @param gitea.readinessProbe.periodSeconds Period for readiness probe + ## @param gitea.readinessProbe.successThreshold Success threshold for readiness probe + ## @param gitea.readinessProbe.failureThreshold Failure threshold for readiness probe + # Modify the readiness probe for your needs or completely disable it by commenting out. + readinessProbe: + enabled: true + tcpSocket: + port: http + initialDelaySeconds: 5 + timeoutSeconds: 1 + periodSeconds: 10 + successThreshold: 1 + failureThreshold: 3 + + # # Uncomment the startup probe to enable and modify it for your needs. + ## @section StartupProbe + # + ## @param gitea.startupProbe.enabled Enable startup probe + ## @param gitea.startupProbe.tcpSocket.port Port to probe for startup + ## @param gitea.startupProbe.initialDelaySeconds Initial delay before startup probe is initiated + ## @param gitea.startupProbe.timeoutSeconds Timeout for startup probe + ## @param gitea.startupProbe.periodSeconds Period for startup probe + ## @param gitea.startupProbe.successThreshold Success threshold for startup probe + ## @param gitea.startupProbe.failureThreshold Failure threshold for startup probe + startupProbe: + enabled: false + tcpSocket: + port: http + initialDelaySeconds: 60 + timeoutSeconds: 1 + periodSeconds: 10 + successThreshold: 1 + failureThreshold: 10 + +## @section Memcached +# +## @param memcached.enabled Memcached is loaded as a dependency from [Bitnami](https://github.com/bitnami/charts/tree/master/bitnami/memcached) if enabled in the values. Complete Configuration can be taken from their website. +## @param memcached.service.port Port for Memcached +memcached: + enabled: true + service: + port: 11211 + +## @section PostgreSQL +# +## @param postgresql.enabled Enable PostgreSQL +## @param postgresql.global.postgresql.postgresqlDatabase PostgreSQL database (overrides postgresqlDatabase) +## @param postgresql.global.postgresql.postgresqlUsername PostgreSQL username (overrides postgresqlUsername) +## @param postgresql.global.postgresql.postgresqlPassword PostgreSQL admin password (overrides postgresqlPassword) +## @param postgresql.global.postgresql.servicePort PostgreSQL port (overrides service.port) +## @param postgresql.persistence.size PVC Storage Request for PostgreSQL volume +postgresql: + enabled: true + global: + postgresql: + postgresqlDatabase: gitea + postgresqlUsername: gitea + postgresqlPassword: gitea + servicePort: 5432 + persistence: + size: 10Gi + +## @section MySQL +# +## @param mysql.enabled Enable MySQL +## @param mysql.root.password Password for the root user. Ignored if existing secret is provided +## @param mysql.db.user Username of new user to create. +## @param mysql.db.password Password for the new user.Ignored if existing secret is provided +## @param mysql.db.name Name for new database to create. +## @param mysql.service.port Port to connect to MySQL service +## @param mysql.persistence.size PVC Storage Request for MySQL volume +mysql: + enabled: false + root: + password: gitea + db: + user: gitea + password: gitea + name: gitea + service: + port: 3306 + persistence: + size: 10Gi + +## @section MariaDB +# +## @param mariadb.enabled Enable MariaDB +## @param mariadb.auth.database Name of the database to create. +## @param mariadb.auth.username Username of the new user to create. +## @param mariadb.auth.password Password for the new user. Ignored if existing secret is provided +## @param mariadb.auth.rootPassword Password for the root user. +## @param mariadb.primary.service.port Port to connect to MariaDB service +## @param mariadb.primary.persistence.size Persistence size for MariaDB +mariadb: + enabled: false + auth: + database: gitea + username: gitea + password: gitea + rootPassword: gitea + primary: + service: + port: 3306 + persistence: + size: 10Gi + +# By default, removed or moved settings that still remain in a user defined values.yaml will cause Helm to fail running the install/update. +# Set it to false to skip this basic validation check. +## @section Advanced +## @param checkDeprecation Set it to false to skip this basic validation check. +checkDeprecation: true