From 47e7316c29d1b4c2f24f84b3443f63da1fcdf8c6 Mon Sep 17 00:00:00 2001
From: Brad Davidson <brad.davidson@rancher.com>
Date: Wed, 10 Apr 2024 23:12:11 +0000
Subject: [PATCH] Bump image tag and quote image in pod spec

Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
---
 .../traefik-crd-25.0.3+up25.0.0.tgz           |  Bin 0 -> 31906 bytes
 assets/traefik/traefik-25.0.3+up25.0.0.tgz    |  Bin 0 -> 83589 bytes
 charts/traefik-crd/25.0.3+up25.0.0/Chart.yaml |    8 +
 .../traefik.containo.us_ingressroutes.yaml    |  275 +
 .../traefik.containo.us_ingressroutetcps.yaml |  218 +
 .../traefik.containo.us_ingressrouteudps.yaml |  105 +
 .../traefik.containo.us_middlewares.yaml      |  924 ++
 .../traefik.containo.us_middlewaretcps.yaml   |   72 +
 ...traefik.containo.us_serverstransports.yaml |  128 +
 .../traefik.containo.us_tlsoptions.yaml       |  113 +
 .../traefik.containo.us_tlsstores.yaml        |   99 +
 .../traefik.containo.us_traefikservices.yaml  |  402 +
 .../templates/traefik.io_ingressroutes.yaml   |  275 +
 .../traefik.io_ingressroutetcps.yaml          |  218 +
 .../traefik.io_ingressrouteudps.yaml          |  105 +
 .../templates/traefik.io_middlewares.yaml     |  924 ++
 .../templates/traefik.io_middlewaretcps.yaml  |   72 +
 .../traefik.io_serverstransports.yaml         |  128 +
 .../traefik.io_serverstransporttcps.yaml      |  122 +
 .../templates/traefik.io_tlsoptions.yaml      |  113 +
 .../templates/traefik.io_tlsstores.yaml       |   99 +
 .../templates/traefik.io_traefikservices.yaml |  402 +
 charts/traefik/25.0.3+up25.0.0/.helmignore    |    2 +
 charts/traefik/25.0.3+up25.0.0/Changelog.md   | 7450 +++++++++++++++++
 charts/traefik/25.0.3+up25.0.0/Chart.yaml     |   41 +
 charts/traefik/25.0.3+up25.0.0/EXAMPLES.md    |  530 ++
 charts/traefik/25.0.3+up25.0.0/Guidelines.md  |   92 +
 charts/traefik/25.0.3+up25.0.0/LICENSE        |  202 +
 charts/traefik/25.0.3+up25.0.0/README.md      |  144 +
 charts/traefik/25.0.3+up25.0.0/VALUES.md      |  171 +
 .../25.0.3+up25.0.0/templates/NOTES.txt       |   36 +
 .../25.0.3+up25.0.0/templates/_helpers.tpl    |  139 +
 .../templates/_podtemplate.tpl                |  753 ++
 .../templates/_service-internal.tpl           |   48 +
 .../templates/_service-metrics.tpl            |   25 +
 .../25.0.3+up25.0.0/templates/_service.tpl    |   69 +
 .../25.0.3+up25.0.0/templates/daemonset.yaml  |   47 +
 .../templates/dashboard-ingressroute.yaml     |   36 +
 .../25.0.3+up25.0.0/templates/deployment.yaml |   48 +
 .../templates/extra-objects.yaml              |    4 +
 .../25.0.3+up25.0.0/templates/gateway.yaml    |   35 +
 .../templates/gatewayclass.yaml               |   11 +
 .../templates/healthcheck-ingressroute.yaml   |   36 +
 .../25.0.3+up25.0.0/templates/hpa.yaml        |   35 +
 .../templates/ingressclass.yaml               |   21 +
 .../templates/poddisruptionbudget.yaml        |   23 +
 .../templates/prometheusrules.yaml            |   30 +
 .../25.0.3+up25.0.0/templates/pvc.yaml        |   26 +
 .../templates/rbac/clusterrole.yaml           |  111 +
 .../templates/rbac/clusterrolebinding.yaml    |   17 +
 .../templates/rbac/podsecuritypolicy.yaml     |   68 +
 .../25.0.3+up25.0.0/templates/rbac/role.yaml  |   79 +
 .../templates/rbac/rolebinding.yaml           |   24 +
 .../templates/rbac/serviceaccount.yaml        |   13 +
 .../templates/service-internal.yaml           |   58 +
 .../templates/service-metrics.yaml            |   33 +
 .../25.0.3+up25.0.0/templates/service.yaml    |   69 +
 .../templates/servicemonitor.yaml             |   71 +
 .../25.0.3+up25.0.0/templates/tlsoption.yaml  |   42 +
 .../25.0.3+up25.0.0/templates/tlsstore.yaml   |   12 +
 .../templates/validate-install-crd.yaml       |   32 +
 charts/traefik/25.0.3+up25.0.0/values.yaml    |  949 +++
 index.yaml                                    |   57 +
 .../patch/templates/_podtemplate.tpl.patch    |    2 +-
 .../generated-changes/patch/values.yaml.patch |    2 +-
 packages/traefik/package.yaml                 |    2 +-
 66 files changed, 16494 insertions(+), 3 deletions(-)
 create mode 100644 assets/traefik-crd/traefik-crd-25.0.3+up25.0.0.tgz
 create mode 100644 assets/traefik/traefik-25.0.3+up25.0.0.tgz
 create mode 100644 charts/traefik-crd/25.0.3+up25.0.0/Chart.yaml
 create mode 100644 charts/traefik-crd/25.0.3+up25.0.0/templates/traefik.containo.us_ingressroutes.yaml
 create mode 100644 charts/traefik-crd/25.0.3+up25.0.0/templates/traefik.containo.us_ingressroutetcps.yaml
 create mode 100644 charts/traefik-crd/25.0.3+up25.0.0/templates/traefik.containo.us_ingressrouteudps.yaml
 create mode 100644 charts/traefik-crd/25.0.3+up25.0.0/templates/traefik.containo.us_middlewares.yaml
 create mode 100644 charts/traefik-crd/25.0.3+up25.0.0/templates/traefik.containo.us_middlewaretcps.yaml
 create mode 100644 charts/traefik-crd/25.0.3+up25.0.0/templates/traefik.containo.us_serverstransports.yaml
 create mode 100644 charts/traefik-crd/25.0.3+up25.0.0/templates/traefik.containo.us_tlsoptions.yaml
 create mode 100644 charts/traefik-crd/25.0.3+up25.0.0/templates/traefik.containo.us_tlsstores.yaml
 create mode 100644 charts/traefik-crd/25.0.3+up25.0.0/templates/traefik.containo.us_traefikservices.yaml
 create mode 100644 charts/traefik-crd/25.0.3+up25.0.0/templates/traefik.io_ingressroutes.yaml
 create mode 100644 charts/traefik-crd/25.0.3+up25.0.0/templates/traefik.io_ingressroutetcps.yaml
 create mode 100644 charts/traefik-crd/25.0.3+up25.0.0/templates/traefik.io_ingressrouteudps.yaml
 create mode 100644 charts/traefik-crd/25.0.3+up25.0.0/templates/traefik.io_middlewares.yaml
 create mode 100644 charts/traefik-crd/25.0.3+up25.0.0/templates/traefik.io_middlewaretcps.yaml
 create mode 100644 charts/traefik-crd/25.0.3+up25.0.0/templates/traefik.io_serverstransports.yaml
 create mode 100644 charts/traefik-crd/25.0.3+up25.0.0/templates/traefik.io_serverstransporttcps.yaml
 create mode 100644 charts/traefik-crd/25.0.3+up25.0.0/templates/traefik.io_tlsoptions.yaml
 create mode 100644 charts/traefik-crd/25.0.3+up25.0.0/templates/traefik.io_tlsstores.yaml
 create mode 100644 charts/traefik-crd/25.0.3+up25.0.0/templates/traefik.io_traefikservices.yaml
 create mode 100644 charts/traefik/25.0.3+up25.0.0/.helmignore
 create mode 100644 charts/traefik/25.0.3+up25.0.0/Changelog.md
 create mode 100644 charts/traefik/25.0.3+up25.0.0/Chart.yaml
 create mode 100644 charts/traefik/25.0.3+up25.0.0/EXAMPLES.md
 create mode 100644 charts/traefik/25.0.3+up25.0.0/Guidelines.md
 create mode 100644 charts/traefik/25.0.3+up25.0.0/LICENSE
 create mode 100644 charts/traefik/25.0.3+up25.0.0/README.md
 create mode 100644 charts/traefik/25.0.3+up25.0.0/VALUES.md
 create mode 100644 charts/traefik/25.0.3+up25.0.0/templates/NOTES.txt
 create mode 100644 charts/traefik/25.0.3+up25.0.0/templates/_helpers.tpl
 create mode 100644 charts/traefik/25.0.3+up25.0.0/templates/_podtemplate.tpl
 create mode 100644 charts/traefik/25.0.3+up25.0.0/templates/_service-internal.tpl
 create mode 100644 charts/traefik/25.0.3+up25.0.0/templates/_service-metrics.tpl
 create mode 100644 charts/traefik/25.0.3+up25.0.0/templates/_service.tpl
 create mode 100644 charts/traefik/25.0.3+up25.0.0/templates/daemonset.yaml
 create mode 100644 charts/traefik/25.0.3+up25.0.0/templates/dashboard-ingressroute.yaml
 create mode 100644 charts/traefik/25.0.3+up25.0.0/templates/deployment.yaml
 create mode 100644 charts/traefik/25.0.3+up25.0.0/templates/extra-objects.yaml
 create mode 100644 charts/traefik/25.0.3+up25.0.0/templates/gateway.yaml
 create mode 100644 charts/traefik/25.0.3+up25.0.0/templates/gatewayclass.yaml
 create mode 100644 charts/traefik/25.0.3+up25.0.0/templates/healthcheck-ingressroute.yaml
 create mode 100644 charts/traefik/25.0.3+up25.0.0/templates/hpa.yaml
 create mode 100644 charts/traefik/25.0.3+up25.0.0/templates/ingressclass.yaml
 create mode 100644 charts/traefik/25.0.3+up25.0.0/templates/poddisruptionbudget.yaml
 create mode 100644 charts/traefik/25.0.3+up25.0.0/templates/prometheusrules.yaml
 create mode 100644 charts/traefik/25.0.3+up25.0.0/templates/pvc.yaml
 create mode 100644 charts/traefik/25.0.3+up25.0.0/templates/rbac/clusterrole.yaml
 create mode 100644 charts/traefik/25.0.3+up25.0.0/templates/rbac/clusterrolebinding.yaml
 create mode 100644 charts/traefik/25.0.3+up25.0.0/templates/rbac/podsecuritypolicy.yaml
 create mode 100644 charts/traefik/25.0.3+up25.0.0/templates/rbac/role.yaml
 create mode 100644 charts/traefik/25.0.3+up25.0.0/templates/rbac/rolebinding.yaml
 create mode 100644 charts/traefik/25.0.3+up25.0.0/templates/rbac/serviceaccount.yaml
 create mode 100644 charts/traefik/25.0.3+up25.0.0/templates/service-internal.yaml
 create mode 100644 charts/traefik/25.0.3+up25.0.0/templates/service-metrics.yaml
 create mode 100644 charts/traefik/25.0.3+up25.0.0/templates/service.yaml
 create mode 100644 charts/traefik/25.0.3+up25.0.0/templates/servicemonitor.yaml
 create mode 100644 charts/traefik/25.0.3+up25.0.0/templates/tlsoption.yaml
 create mode 100644 charts/traefik/25.0.3+up25.0.0/templates/tlsstore.yaml
 create mode 100644 charts/traefik/25.0.3+up25.0.0/templates/validate-install-crd.yaml
 create mode 100644 charts/traefik/25.0.3+up25.0.0/values.yaml

diff --git a/assets/traefik-crd/traefik-crd-25.0.3+up25.0.0.tgz b/assets/traefik-crd/traefik-crd-25.0.3+up25.0.0.tgz
new file mode 100644
index 0000000000000000000000000000000000000000..5bd7f6ad1ba651451ea68bc630807d425997ad77
GIT binary patch
literal 31906
zcmZ6yV{m3&^S&M1w(U%uOl;e>ZD%sEZQECDbK+!zE4FRpo#+15|I52-)$UbYy}s_=
zeeUBVj)uVi`QQ4c1)(>VQeiQblIN83=HW15(_k@E<*?RK<>6G+(BPEUw6igGF!NSZ
zcI1~bx3dSi==pZV=SiaG6?_K>HIpx&`4`cwHd+GF@o&v4{g>k|mm^&i9rg6&eyfv2
zmRE@&1|?1P_I!Urq6zs!!-=aj{+xa*T&Dx0F$0sLK+B&>AxMVo$rbyVmj_@;m$c2H
z3S2vN_4D)lIC{YN3iR{a`1-z`6wLoPJ$RVDJ?El!H0brdFW*nrEFT*S6dCKfl=xPK
ziG0nEYx~m3ZofVl&>p2oOEKTOWDCK9CB35=RG~VEXguxyvlk*~^?|k7i#F?|5J;-0
zl-48eNj>Y7ry1D$lb1)p=aYeoY>z$t=I#eN8g-<Qi}>8@W2g}PXkw=8?2nwJwhB)0
z{Bd`MEwY?r*w_Nq*(<wuW<z2^;-0s_D1tBNj|*M4tNepXK%n&Bp94t|mEOJ>4RR(~
z4aFiKxfZetAv-k*Vlhc*Uyt8s4~N<NM{j|zXNQyN?~mU&vrXe>f3=pm%MYq4GT&qg
zHovl!Om?mgRvD-F+D^Jrl1hPM^}&({!3<Us#<^u;dpNQ+AyTqsBqe32meL|GX3~wt
z>m~|Ekn$#jg|{jp1jIc&KCcLc5$F{GqN-#R3ioX^^hpP}B06U5<tDRc{!}h#m5$6j
z^mi(w>`^D9a>yL+>7ARlOHADg6$yct9}kIeu!6_Z1I~ZXkUz+*S{cx$vitZ&rNrbS
z+h@-fc;ci!5J-nWP9}yEygY-G{X!MpZ0Dm&w4O0Y(~>VP&hFARn?`Lzbc))}Sc*y^
zB-p3Xlal0+QB2@N=3_08-<(`sLkpk;>2#-gCSlVT8)XDrXjOgJ&xYWa<n`f3Z0b-p
zkwsY|5zVWxUBn^xD2~NeW;pO9=9Ul|UcV*DyhAKPsx1<<8ptA-FuKU~$P~z0r%tZT
z*TJNrh#|+RbnXAjq2=vDZ0?qjgu_^}%G}~P7xe~5)hrWXph}*g??cSn4Qv&qrgV7m
z<uX+^%Tk(H>zJw4m9w0mb|=I{TgzQZ{lIkN8ThHAEKR2E^kal4R|v?a#UyF{k&`__
zX~6zg)h0p8Go98#Y_#ViAvA5k@v)+|q^1_50l@IA3(VRidAG)i;e7setuC&N_{#)m
z8Y|>nSkEa<B%31IRe}vRPz;t*JNvUJqg<`Z`CC#rM9tJaWJWlkfJa!I$W(fd+%2=v
zH7DtS0RC<VynvgLDyqR)R0-Svaxlxbg}BDZB}UVKX~qSOBTZfo;?TxKmLXCH>G7{*
zti(HZt&bGd>zfRs>~Z<i#%m?r+DUj))Y<(U#$Qo{Mhxj?YqY|StY90Xz^V!O=0Q&}
z#%Ug9TTkKiP_kHy8%S}|*a>1GJc38|O*V8BtW-WQbB*N8U>{y}l?;nX+6O&Pv$cf_
zNbMc6L`PJGq+;w`Ftw!SaPJvdm2XtnIAHDeLoX`}9?PH4eWRy=n*a}d3Hr3*PW2Ut
zf^p-ouJX))&cEaHuqdkTYija6j3}F#<Zk*D9@MVvktmZ%9BATsY)sM!wGWT@10pmk
zn%h)2tYh(8${LDM=FM<q?<3Ue&BEL$lZM?W5!ljw_3&AHorJ9Zby=q~yGkln1k?va
zu0R-1m@2x5S@lMe9J54Ot&?(_(v9Rdt}POcgPhHIEml$Myr1MrFx)pkHSbMT=1)wL
zT}dCE3eMg*v`=!|O0>uM^yqi(P*csiEUs_X7Lcuy^R{(+G<~d1H`G2|2z7Y(Snvi<
zgh=n}$)K8#5;25xk+k3J!&^aveaeoItW@C=*48&ePJjQpw+!!`XZ+g+dP;qq;!FoL
zhX0&M@ql4o&oF42ad0GGxuE_Sl(&A79rT@q8N9Z_pjopha{_3w2@(~`Mv~=_y3V=%
zjcwwH(&8=G_C{a}XIV(%jg-T6oQ&&B1DjfHzMMcZ%e;&(#j&jT6M6tqt|QNapyofx
z^S&kscp&F7V6ZB|7+@67Qmi~79jw+tV38FRkQWw2U!N1IJi@t_p%4i2L(Z^#Yfufj
z#d4NBks#DQ0b5H^o4w~rd=6;`h8FsZCv;odJgXg3b`~tngM_&XOYf;&NZeoRI?`e`
z@n38pHY9B&#$QX!S5<4_=W&ZY(<kAg=duz}AdDsRC^%uE25<{qen$PlT!Djmd$|e~
znvbGlrN&k9wUOhAG;0jYcg2Et^X6cO#+6iSB3KNxn$7C=@xrGJO$aeGc=e7l0()L8
zS4lAYWg;Q=+r`uh&q{6HEo5t;w-PBc95cF72tFsGpdpVf4dp^tiU(^C9Q_V_fOVHV
z?4wG#A!q;5`JCgZnRp3G=Tw4b<72~=D0v0%V4~Knrrx>{AWa>^$Luj8I$E0V%B}m|
zjk87&#*yf;I#9Yn#5QU!idUIuyYJu$g*@v^ClsBTe03@w*@2Vw%ysXs!e=)xr+|}h
zRkbw;@;WQPGYR1hu#Blfn~6MEI80)u_b|-roVFv#a@L7E$D$vyn4MxQ{e7&a%TWo8
z&;MmSk>G<RO{$TeN%4V1EgHJ+^YQL;IEqnpbeJF{Suj?dLIsOSVWQ1|v;^M-Jiki(
zi$qMphhm4pPD*3)x^~5OC^e<sEg)h^LoSPww^l_sXCdPR#s5ozG^>oFOe@JO_C^FP
z4kk|HBu^EWW@gD$VxcCxb6QTCymJbNx?zhGFiyA|tcOT5`9$kT+>AS*6d%izzoX_n
z+WQ@ywFnv;MW&OQx)@Mbfm#24Rv0CTtR5RLnfmx}@WPE*x1jw9A=@3q#?;tmZu-E}
zE@?~W+KD(4F2d+H3SJi6F??g^7;9Rz+7CsEvM^@KALs*tB;`XlcY0baN)wf_R(@@r
zLB{&Wv(VAofqQ27CSZj}aJl*^@8?=57@~}YT~I2w^a?-2`5m2bJ}KCGbJBzZ5_j}`
z7UsrZBu^EcjvVyIB^-AL>h;-|ST47p6tNDu5_q5N;vWb$?8j{Zlo3JM$HuaOpR0>V
zw$qFY$8Y!O@7{eeFxxQXqYkJ26W8^}1ayzil3ZMIT&A7XL?iwAO=d<vefhq2kB(&2
zFM)G~*TS(yD!^zmvc-cuK<r6A3?90hhdV9OW9zT*;Z*-G^zB{T2lot9s}Ko?eB-Wg
z|BokRwzsMdRzk#;+6Qtc84ERszd&p@)ixe3Oh}QQX>E~WcP+p>He&~QWLAwN?Rzd2
ztbmCh59R8?q#UCa>nDDu;u1slSyO7pOhk@VoV@*U*t2IdC{Rl6M&66_cT|@)s>aq3
zQ<4g8>PjCu!7f4~!```GPo!2_Vg+>Fo)6LqDo^kT-}^1;vP3}|MxBCm9Hn;Ls<TCz
z%!1mCQ%rNEn00OIYJV+mS?^{nKs#{+Xs5ttdt|-!j?`R9%A&QeqLPM0Gy-OM&0jdV
zg!6ggs8l#Wxd~-O0<~Hqg>R-ZtpMjk_NQY_pWeZc8Da`K1c`-&OYNP98Wr;Zr9tjg
zLyIhFM!H64SuH^ec~U5u#RmLdU`p@q5-{b*pV7}DdW{T%eDXT7PVA{@_5<di<CWW1
z?#H92YV|6S1xYdy#|!{oJY>?AOv~lCQIT_;8<6U0U{WD*8Z4pJDUr8MbpgAl2M+zH
zEBIr4-i+D6nq9GQ4nvYQQvi_2O53&E2Sk!8&nV5XKr(M0-+|X}ehyn;F9v?`%cHS-
zI)fugC6UsJ&Eq66vJf2pWcxg^41IQK60W9N>d&h$R8TDOrPH+Xc<O*wF3m?lG~_s5
zht0}BeZ1sdC}e99cs($mJEEw!g?ez4oZnjHfk*rrhAl83*emlrPThARKRSQw*LP!a
zA6f|mvA%W;KIHi6`)*xVl<z)I#ZqJ~*7wT2P>N*C-%%2^x)3W)?3#nt0#j4LX0lO{
zFL~nf>xacs<cfK#I!7SeX!&+k9*w*V<A(f5n%n~w3v14qVZo5>SYW-a3-1GG7sX#L
zTw)k~D)d60JpmfXsoNmiGbURPcS-$*Yg)E(0J4wU0O&Z0)Ntg-MNZn~eL1b2B2_jR
zgPW|3o)v4ogDn>g723iusS)%FC53A)K$n_lG*UMSmlmS5yJ(6Aq0|Os+p!W#6Luh&
z2Gv3V$Eku|Jhj;T-P?8;4EL$o4Ef=DJ%VWG-jmUr{XUN+nn>b`JMiLr17ay>w%gwA
zTu}x&ZH=DNEsqBuOjb^>>yM_~u&l{e#l8|~HG(ASIAx?@oBn0M3+Pupk=u>saASrI
z2mB}C`*TXF@&)^xsN5jHHgG(!)spSo5ciN=FX;2Dk6F=>xX<SO`|EXS>-$?d?|SPS
zyKHZ$9b`MlaDe&Kpr7kl(?HT_iIoxG*Z-G!N+7-GPWFAZQoND6+ciqJC(ITfgdk}6
z|8mX(1OJMB+je?%ovZ}A5b19Xy`if6JPvR^9`ww<1MaL88jJnRY)fke{ywWYG{%vc
ze)I-Fk-F>a_!xC*CB-=5xy!9mWh7VcQeRK-$_e41p1iy8HsWn<MLtS%Hy}mkk2#yF
zqiwaeibAU_+2tc!U%CeL!8$Q*7Q&yR-)4Q3qf#M5xNp7Fe<glkKKFWT_XCkA&M_^M
z#O?Y$YkJ(5={Q%M-9PUE-=%nA`A{d@s0g(#j3B{OPv>2C4DIJ^_J}_!XBSI5RDaB{
z|6E~ev}zeh+Jz@U0bzhul+THRPugJ>+R4^fN;?G`gXM7g3)*Ou`3sFC0wa7>JKnrr
zU73~vNrDkuq+N(T`myIuXh^LH6N^R$XG0DE(>_!gOE$=pw;*O6KJBQKhIomabc!|2
z6t%DMTdTk~i6YzzGTL96;y2E=3&s@DGRT*dzgV<v+fW+ck<hwCv*-dsE&;KpKYi>m
zg@*m_`9P~}8cEIlO~RN0F!O^rCpHj1P^fE+2*e=BITD$Zw;k#E3?@c5e)XE^<ldfF
z>74@VKj&o6{Vb={5n&PxqBxXZ^4z@Qs*8@E^UBzsU^!QOAD4v-z9$bvy!<Pf{BAyc
zXHRpdf)s8(o};(M@3-JV2%b@_2%I5-Y%nfyp$YUeQKkDcHRyfgDOcQsgKw-@4n3Hw
zuAyve_MR<XQcl_4Pb_ErF`bhcJp^?5)Xd>e2?v29Qg;?F+hkjWU(W|GkJ&)|kLz>(
zuV>c0Yoc#>)m!76K0_wImu+V3fDgb~29{XQzv8cdH<+<C*9?A!e5pe|pKSBLdB%VF
zgPr`#f}R*|)HRNMU)}Z<eqM0aa0bDBSAVUcetCK(a4c0q2h~(syp!0r%wCe(=2{|a
zuZu1}CA6$Hh1c-pF_PH&x=HT8j-JHDI^p?7@2YwaUIub7mn*OKL0<$?mjev?ycZh3
zd;IQQuD`!&W<9OHs})B!Grx3r5b3K8A4SJ@G|#0cm(!PZec9Oz8NV$mq65{7dktgx
zMSwV<6=Aeps@WtR`MoRINY7<MP|yD!k}QN8lf1(=E6fmnt*``RnmG(7KvLJ;Oh&CH
zid}ArjsR`gIOA%xoS!zB4;4Bw>3Y^Wc0_4B+7-L{DUk&}IwdYYt*Xh-oCs`9%1n*B
zJAVHrWWqyI$<7bPujw@@DMU|`7~mPFU>P!ppNz?c$PhDmID8}bLczI}Y@(qxac`7G
z&@-gas+k*D1f4;ycX-M}I?|dusY&2ZC_94iv4mfyLQ#{@>e;XWb1r%#ls0xTq)AJQ
zG^}v$@0(unFN=%n2KKi<K7i_A&=!}+E7U#bB@H_Z*!{Q@Rqt-JUqkRuP-z;(=%{6=
zDwi1*mni_#^{5Y_Bl-#a{B>mqv33MO9p_dn@1a*6Y<@*@X++V2tlZ&hqY0Ah)$jgu
z`SzAIy#RK|9x_7&0u(*kTHTtd;5||_*(|0LSb-rm-GNtK$V*XLMY+=Wv6-Mq+eO}c
zkzntkemDR>`6qErH`Wl6W88i)aZ2qkpD?Lr%)&NDs0EV;g{Qt*M|Le>124UKV0NsS
zbkT&xgcYaOYJ$&-6&h2#UB~e3Cx$4}W~@<^0InVbR>(7zmfg6KZavfQNze62qwz`|
zD*{RkHSU$&lWVbXk%qGkI8lqs-e|GEQ;fW0^Nizrh(D=1O~#YB{qyz!Wo)ikfMeTL
zjq3S=c7<D@?dC8a7GS&9*YUZt`+Ko=`OfP_W?@k3$8k^iS&K#WxP|7KG&H-Y&}@9r
zZ@{-$uS5uUvf1F<5^-o6GHNJhf!mcrt7a3^<G`PuE~`T###Fz7lZOLLUY6nF{2$VX
zc$+L?0w%o_f@#tS)gxC{k2r*8Q$Nlm!x^+#@=Rc<R=LXa%#S!%2SLu6Vu^P(dJx0f
z<xncaSBdg2+|94Kv+?){PU!HDgutZPMgj5h^8=;){O8FeZ;`H})u0mW=t(;-;|T21
zTsq^MHnGNO^a>$p^(_r9C~(ETeMR$C4MvPYdhkqtR3l9292mg|QdiweQ<G9|Ex=|M
z0)0P^xlVQt(EW`p92#wW&MsqeEw&(U7W`-4BtF#m&fdxaJit}VA-67x)U@*8gY&hP
zFkXgED~)p=V_Cdi2yup7{Ov%Fb1ZQz>tiM-G_`k%v>14|r&ln-kIBAv2?={_LBrzT
z-(T0no?V6D`Xwda;Dl?%TH@6P)T3#tS5<e#>`b5T)MooB@S!T<{t|-rxlv|bc_%~F
zMAF03q>Ei|6+vtS2T_+za!O!h`Qo1o>-WSJxc)PQ2=&JZ0Lg5l!n1PQMwWAa6YH4}
z^lz0o;l3lnE6()~PRz}&dqu>d5FjiC1RHw@&KeB!Vkd<&KdJIzZ~=m_QXw=1Tr5tq
zP*#}3L(lW8ZpYr+0p_8y@FAbVjeR~(K_+XPaywK11G1Gv04_HIQV6$J;>lB#(*!}y
zosq2w3kRrH7S)n^V2xG-?wu@41WkX8)OEyFuWW_Z>egZUmf1XLkcw4U$guWLLtEXR
zA+Rpcw6GXuWSb~ZMo+p0W$tuYg>>1$*yR!HJU&g#xrRi*AsBTe@0wx8>jMSV$h$^4
z!|w^HpJ(;@r>PeG`jT#Jh(f2`W6j-z34Zn$pE+U)!A~F<8g`jI=cmR3O#v$1y$<d+
zp4}R74!Ip#Bm-Ju^(@f(S*ygGF8<}BJLpRcp@-ZR`dKcBkPF>wqehnaq(wieVEL3G
z$7?z`-Ay@K)OS!YMN;*@6z&`6V}twLTI3eiti=B*UXy^A9P=czJBwUs>m0#HwR6a7
z$<824SLjmxN8)UH{)Hnk4x7t;i}wQUVU-aPTgpd*LS9jIm!G;01*=GPdV*FgrK=W_
zUwJ<AqPWw|g$(AQ$+LEav7iONvVRL?NG^!{DT9v6JR1rtPu@>2-{ONxr+BD)aN$L?
zHd7xz@<uC*dmGk}&GRe8Q!!RZD|4TbE_tfJ>@AKdCQD`))+!3w*|Nop<p<#uIT83x
z8mGanYeP*OgB8l)6?u+Z&9*1f2u~)B;bQKpfmIh8O<Q=6Kq<B_A5hIKtoZ@a^8*=G
ze<dLp&$}o^glyi=zOHuHW)G!cA=HdEjeYQHCr~83t{=)49bMsCN-xu68YcQo$rN$V
zQo*=@Ulj?zSUIi`6m%-m0)(^8EsIw(8g}vz>7H4ncTUA+Xk}B&IKV+lf;G0~Fnogi
z;n!v|UmG#FUlQCnckG0~mMsXD!qu$~$TL*~5x-QL1JvZYDnEBsVGPw9mB{tAti?k$
zk8m4BI+YrBK_bfj6&7Wa_A!T0KN(9B#~uY}tvoFq5=-~@(>yt@NhgI!SP(VSL=wk9
zLG^cXKQ%k6@5eBapt67>s^EN(V)M`sZx+<8&(ZjldM+0U2uJj`(|jyYVQx#ml|${+
z&cVqr4@f1i&Hh%Hh+s>Zlng4@N7Agqkfg!8dN=bS<zYQ532xpLg$2Dz^?KaE_Kpq_
zwi`=f)M&1M@3BN~p|-Qr7u97!xIseY5`4Sw{3<=so^O}Wh7e|}QE&i~hMW}Fow5CM
zG4W&V!}ok0|2OugvBG1m6y`(K#w{s=B~`?N_k>RgewmKhVfuM|_6XX7KSE;nvix6k
zs)qB}qmn@=N=VvGlS>Ec30KkmGEk&06nE-)kXnP|_$piMg@Qn$akw$8h<>L-%St-q
zZu&4ds8Nb_XZ9A7a!0;#97oh*Y-PD!3B7T%6}?*6jq5!6>&!LM3-9Wf3y>j5-bqjV
zzS^<aj>*o;2z(dDK%urfM7@cYg?7guF`m?#s*W2t2<=I>md=XF_??O2?Fq+P5y)~<
z`ACs(MZOxTompm)og!5!;Vi|%bSi5obwAcdxbu&AtFxL1R_;u61H3mcq4h3BH!r~T
zFNjBb0&IbAh?{4%n<xI>aWFZtz}zTGVvUR52Ud2rskTjaBhAuZlWgeWrouQBMNMK_
zJE`I-5lf{Vr-Z2PJ0tHtBcl)X&!gd{=<ahi`JoP|^J4l%@0gGYioJC+!CB?tjI-L^
z9u}Voa)C(m?3An{NffrZ!R7_({z}JcNld&cQCK^XaAN7W`@aiyjqtmuJVW5YtRv_Q
zr^Dol@h!!J7ZUoBI+qQ1f=HvR)HgE;Z15m1+_P>Q1mBPw|B&)CaP)HQ1dUaauXwIX
zL@>Zb>=wuq7m_9vII+d_1e7iaG@~B$s`Gaj7RXw+A!b-RP2AX$Y3Fl;WXeMF^835P
z#9G;{^Am2B^?WRi(mM}1Q+@C$QOBwE=l~41m<~w0?kYGcxtPqYeX9xI5g~>G7Ny{~
z(@e$KXZ9vMWZOZmwQKWMlUY~pMso;T_q$5wYpGY&&ZQ7avt2d%(B5>k5%4W8n*7mz
ze4a*rHv7hg+Y6(bwz<jG*SJ>9jUjHTaWjunNUKi0@yJ4<g}C#+|0jl=1I^_Fdz>>a
zikqq0BS=`Y0I@f@|4$8R(HaB$r0yMJI}x@LXxTMVqM?z}4S$=-+>F^&x=Qjn1{)M6
zrTCv15_h>BommOYk*@;&pBVD!r1+kW`9Cql;Qud%@cf?`@{w`o8uFhQf+TN0_Q7|e
z#gtg#6#C$KX9bnon%}3f7W|=5nIdztg&OA+CWUqDUbm%|i366kxC+F8w*((wnycs_
zO5tM>V@)KGZA3`DXH)HttTX1W1M^Ci_jxm9(@=lk<e+bS$(pu~WcYo{^4!H~7hbOJ
zx}V#)=z9T^5i3eM12&XBFw)*T&!sxK@IFBWjfeH8RENrE<A?bw3lTK;{ptCUM|^Sw
zoC{1nay@sln*xb{$`yYk$2;oHHk)cV@-1>|NNE)GvcHZi#uWsewNP<t4~>zY;UvwW
zVxP;Ivc(QJsyG=aK{5xzefnP=I2eu&eVaDaIEh`U6wK2cC%2oomzOco$Ep}(><0D`
zbYYjNT@Rgf45f#g$J<F_eP}g?3wQL5Rv~}xUt4Vc`y~y;I3p;sdylub2akQ<@A2Ug
zJj#^z&}2$>*SNgg`~v(x`Cr>a*Z-If0e{{PukeTj;a*o4waAJu^gqqTWKf(@7#bj*
z!tXAJa%ZIe?0j4H6b#FW?Z@SgdpE8lG{`$mLWEuEeFHj_mQBZA9jir;`YzCr8{;%-
zlp5$+h3dI<lCsvHsiie669zK(Z~`*#&FE8w$gG(LT=FZy%~$JBkyn1YFyy=j5us66
zdDqplm}YKOEKR!07A_<$9C&@FRMp5sg_iv~Su40=Zv%@)My2)+7PcN()fr+S6=s^m
zf{oqTE=yJneg>LJixgq@oZy01tamnOI8wNl1&JRrhMvrP@6O*$zpde@7Z)bWz~58`
zu}UYMy~|kNx;K|tL2DklH@xb70+Y;rz_(XnnisQ)+Smdv5jy1g>@)r3@_l|b5KR1z
zGL(7LAm-!~(<(Q7&^{DJVn@yMW>FwK%E^xv<MqBYn^Qr&gun`78v*d;%;CtY@RcmG
z^}GTS3le?O_~=kx>3E>Lh!~1=8zuV2#R$Y-xLOcDuy%_hCbwI8+ba~~_ARt`cVDby
zZrqQSic}#=_$AibdPanVQWIKO^bYR0R={@vx{X_LiR=rLwjQ$ghA`#PbLe;G<t70A
zLHKbo3krLc0X&9{nF-;XFvn@coMsB<5cW4`FTbj6g<63O%H~+4jb$}*-$01d@AHG6
zO)9Ey9fy(ZkfghWZWmfk|C9YrzVyxPRvzjS?xD#eTH$7bFoxB7z$1Idw1VYYo&a!8
zasm9_;~^5%uJ0J{$|a5B;;TD2HtZy}_szfh4`6HHb|Xxc;J1l8b1qXTd9#V;=BNfh
zR$i_llBY{fzzdn0H;)m`X(>}!Z4v@OsZ?-c-xfe<BZ%5za%++E!(EiSG&*25<}Gu9
za#}zI^+4>f(qV5PV*yJ~W6yg}hXdg((^oPFrc9XSnLUzx%JiP^ZPzf+OGgflALEs~
z6j?I69zFp!sp3ASN(suC3MH)js*`y+bJ%cR822QDl3RB$R5qY1XE2k@6VltC{pjm~
z!?JkhZDyi(qzXRZSmhG^%cm7#AUfaOmSf*+eo^btS^ThnE6t?6GRmph<urI*vT@M)
z1ODjTi14PypjY!!T~PCnWcq2xRc0lx@LnY>N!_(X74A}Bjy`WsmK=Tu7#V)RH8{FI
z>|19}1*T)nW04a3XK{aI?>Xz<=m;$O1G5EfStgW(;8#t)s|Pd8w|c}gd!jJgZf@m|
z>{B{_Nl*e&5}Akd1K_Hii+X3KH>2_!k*N9tNJnyCLCVO1;1O)J0~fx|{xE#{AGJEb
zjtGCy=zXsbBh4=ly;gCm&X|0m0$Xx;?`gwNHgsHl?wxifpu6h0poY8UMI<Lk$Fj5U
z@Q;NrlF+<{U{e{6t^j5EP^DE(0ISBnMIn`N{?Q8IZq8^~u4nCtN$?Lx&Vsq~XM*x!
zCm({I+$_eZ-RF8?H*|zpy#%`+{!&sPANO)%yps!uRUrYcQB^rIVi>N*Nlujmc-y@0
zV%7M)nY}&0;`pgy%sR2*0=7NU+v}^H*`w7wL9rHpXD--C+X;=K+fXkd2mJ;#5I$p#
zeo(b)H&`NRJ);dD_YFHn(#(SmemQrGi|)nj=EC9#xk>0sN`qFWMHhq)B(gd4M1RGd
zNJNenz1w#j=2g{!3|r9u3t;b&kg75c(n1vQ=XI`bf$Mw#!@jOENB5_!2|B14ZD19%
zkpr+(4u1LbC5i|W8xJKTiDCG~Nt=0_Ymqk9&H7p?>VnA9fy=m2E1?3eR0UXoJa6};
zJO;0vY<SHkqUa26>=vdhauQ9mLqZzayP5iu29rX~O-2Qgrh^fV!U7fK^Crt63LEWI
z1T_xXrK}Fpoa>5(?UQJ&PgwT_tPy%P>QFpkoTuE6GG&r5^Gs<%@Phj(XRY=P!Vnr!
z>McU?t0PkAy>#{O((LL5`JR|BY*bX@=!~zHL{=e~F~D|n?rdURg`J{JLGo@{Q}Yst
zde)?&h9F=VbR8jaTD?%jKer-p%Jx&nU<w`YGZiAyYI04MQy=#VMA$3^b`Rps=@Cc|
zytAM=mg$szIK4YUA5_^pSvKmzieZ-CXy;msU~0eL4}p%~b}tq&y}3}dIQUrC`1415
z)kLEHA=iy{>gksgpCH9T0Bz^xG#O+Bgoka*1E(@a-Lwq5#uy045IT_<MLZCZSTd|_
zF?>PJaLR)CcdI30Fh;OAMwcg9b-suhRB{UaGVn#qu>T)NvQa_LP*FT0k|3UVf+*|A
z<AY=)E>r-1he;26gY~J@cc)ga{Pa6oQZR_}6<U+zos_#)>H=cL?Cv8)y0<qtC&<GT
zG>3+{JoU-MHFK{u_koLI8h6a^^AnA9q_j6D2h+8d9ilMX(IVHTr%Xd9t#huFKn<t!
z8l*V*KF5qh@d0-jJ39r*rIdD(p&HQ?kJdhm0wFx)Gi!57Zr9+4>-{>}z$7o^72|{O
zX_mF*9!sa(u18fStU($Kfu&@R4vJMimDldAu|7gp4XXm*OKUn5QKe|pvs06^{1<CT
zOM6Y!@(mVyb_$o!5tbSJfjHxOD(C_5UVl0==`WAvXm0IxR-tM}wPU(7v?qvQNhVct
za$t<4z39$T0zMqgO8%kLw;8iA>8X+q1)60DCKKylT!PqJ8wvU;<IW)_1l9%x!!N#0
zW2TpD>YUp77D7}w_+WGpvHcKq0)V~dr15WGk=6sT_BU^qvC;I_yJGOMEmsA~T_;sr
zf(!!BhV||076BX#m#U>P84Q!iqB{;uETS_KVigx)g2bSnnXM-(`qEDm>#CQ61x71v
z7fEgff>^vT<^4jyJC<%B!%jm9?Ew)R6FVmWd2A8ZP7;ql{}dHljMKDC#dveqmJ_`c
zp6{26m2AD5zrFx)ik7F(T8c4icGP>Pr@fml_l9oX%UgYBt&GBrGwMMs6CjK1_D6$!
z$(fJbedFkGiOEbSpsy&2Lha9~Yu5UV!+9oQa`)`g*mw`TI+1h|MUg^VuDJW*d(Q&L
zgn)%?Xo$~C+R87f3?xRIGC?=gL%BJS^m%YnRzMorlpV(*l%M2~$hq3>5;FiQXWVzF
z+R#8<;iF_guuwtp%ZTO7x}j}GNEi*xI*gG9+h+M!(VkqIMv?=8%m>1qj{Ibq$Y#o?
z#-a}{;F=L&$l;HK%;vdScO1iW+|ouu4^F|hE<#=Ksey8qB}F8SgWj`z5MdrXO2PgF
z%l<pI??dRQfRS}UpqA@98_n<2skhaPIhs@4mzK9p#mgBZQ4fw?Jcj`;S8&j#%RRRO
z?VUgN%8eYSdIQNmZQU-V9)sY1U)mvQ2>+n}=!FG;pDNp=<<c7uX$wV^bEqKJX-M9Q
z&7y;=KZw!6$rm4WY@(+YQ5!>e)L@?h27{+shKoEqVRT%z;l1DI()X|T(&Q{~^p8(~
zw{vX<4EzV}YvsQ=E<3)-HG%NBgt<apHBG;Teo-vT20;(X_DhYUV|(HHXnB5<W^W}<
zyl8)XOl!{u)W-3k*TWsUfSF^P%gMDZtg<$=<gHUK<SXrM>cw8n-`^|DzyjVv%V?#L
z+)a!>&ele?pWRtrsU2qYO#pibxrUs^0gZKjh);Q+?-$@bCK1$9mNaUoy)0d+{nTTP
zQkCnJKLM23L)r?bL8|;nM*9d@!WWXCp6X|WIhxMRMhoh6N9jt%*%Y5;_LCzKlWhok
zx;LR|!wI1v0yEQX#Mx5`j>FF^OQMg%{>@-Nr<7+hM=8Ysk2#BjzZq$6<!o?h0l^5J
zZVcf>Qgwu@sCCtmzvK~;J$N|Zc1Z+y+(yN5d=Y2ymC|7!6j8ZHKF|4HJB}Wrn&TJ7
zmyAj=W3%LEww(RlS^|~f^n+>^OCdc130WX}PvA|EEpi6R<b4^Id8yIRNyL;A(d7bO
znNY-c^nmY=9lAm~lb~1z(<34+`ilGH7O73xyTh_A_lAh15uYr@E-z0|IExaCPvyC_
zWcn6pi?FPFv3XVMkPxdfwV!Mhdy_~cYYpL?jeN0hi-%~-^38R=Dqxe=c{|#qOSLG!
zz@kg_EwA0?-Kg2-R|DxtXXEdyAih2aNupnG)D^4ODZSKnYu5?O!kYmFLJA@-ZU&zZ
zu&`t!39U-cE-slxOH7;?0e1U1Qr;>I*6}xRBX(SOTL(EHEDkDW34R`6ks~4G;0lv-
zh=kUM7|e_do!LX0`MVMpn<j=x;>c~>X$R!;?`DSd;?;~=Y{2RXJU?!u@aw{8Gcbo-
zkSqhLS4b92YE)%v=oqYwJG`)2gF7N#mYC5cFfviLAumMw-(e?AN$PZ2zYcD_M)?Mv
zwNeoE|N5+Gu@t{OkY)ksH?%Yw&CcXrOaaL?vRnUH6g-l;OxDAfIf%?KJN_ARcl!hD
z*2Nns2NUo;DI02z=v-C8GEa;jytoqth_k?xfBNMfIlJkcaZPq^a>!;ey22MLChwi6
zgcO5KaSWmS*^^T6E7}~E7By;I27Tn^Q^Ftbf#2O)Ta_-CtXBiqYoKmmq^!q5-hf>p
z)_m1**79+@NDOM&2@diVu$$=EU!IZHVG2Z1lAT;g$9SGkEeTV$pxQtk7rZwx*yc0m
zLC`hZqjO{Zs4fZ6BY)e5ECy0XRLO5;rgLka$=^_gIe^cdNW{D5Sm?_u)-K_UO>D3v
zN50~~tb$#tp?6TMDp^d7KhA)@@U5%DHs2Hb*NeioSWD!dPjDee@67@4n~LR|usTBE
zlrK6{AU=o#?k~_JGaF=1L^U>hQ`}m&AHgdnR3vq366?g{a+W&_3&(K@PhYhp)IUcY
z_&lg5z^~f$fbDh<g^k8zH9TJKetQX%q6?AGVesyUvh|Z#Q1B9TgB=Vx=~=_0?k8qQ
zuP&d?Lm-HUQ!quv44YDjHBv^b`X@QNhIN7>SBe+iLlCbLSBYxjgYtaD^;(v3a+ROe
zOC>Uw+I3W>XPn%BY<ki<+mu_~_f;h)l-xi5^bZ7Lm!Yr2evS(cqPbgoBTl~Am!Flv
zPo>vzu_#|J_uSNBXw7SSagQ&#t2Z}DxZM;JIA$J9u$vkGaZx{vr4i53V5M}mpkuXM
z72_(nuleL<<&UTCyzT-+&L*l>j5U<$LAYii<lV?fI}7DGHB!dj9(_B|+#_-WgRGL6
zzN@QTTu$IjZ0ARZ8)63&A8*O;QZLU{z^$c^&E?XyCO{F-QBxkqKMS8UQlX{9B+pNH
zQ_kkTF?dFvDrWNSZUq3*d2zr@-NJcB?#+s|6t=|w!i!h~5XOPAhXr3AQED02{5^Ix
zApOkCYDjiW#B}6sC6%!Gkw@H}lvi^YdXn-i>Ea>98K{IHVz+_*Au|wYG3JNb(<P^q
z!~DBF>EyNWJfzx8?5pg$L{+%a-Z?0wRki(Q5DVk1#3u~ouRb43NhuW5LxbMgMTm&J
zBdcq1;`aKddi-^hc>IzTlL5SD@<q6*7}Wnmk!Di8&J(Y}n6mwC!uX(n|K%@Jk?eSO
z@H(gtqfpN2AGU~w6oQIiX%L%Y1Z^=a0u$$sj2cFtlAXTr#j}=PF(J+vkFJ^O_SLHG
z^v!B#I9|db`;SLLYe{pMC^)d2|N6UA0|FyelQlIp4M|ZQ>es+~pk+s>9$O+7oZ!-P
z&^B32$rm-gsdoGNig^^Q=XF0B-wSpNBl~C7b7VXii4MJ~%1Yiz1U%s*$idcBdX>=n
z#Wrz;UCt)lsZ^!H|5*4SQNb8yn}9LZZD$7}8b$wp<h{`i9p8w;F;OZxG5e@v58Pu<
zR?dh<U74C<$rZG2rkXud?To&+GR{0bF#_gS2ix~YXz$BBo6V4rwa1N!n<L*0;^%sA
z%G6X-E7QSAx2otHl|XR|2UbbTtj?i+wLP|uZ_AO4cz44AL6lerjA!RTUQn9B8uVs1
zAx)13%%J<dBg?%{;0cv?enE;9foY^IAO#}e$WBU9vHFrz<Oj(6377hyCt=6GUgK;7
zeVt};tNSp7d?T5MK|p<^*y1_ppYIj@1^f;u)1|y+4vD@y%+H%LEqkQcyHz{QkV!@L
zXe7=Q%etsQ2?UgN$GA8*k6NR>#P0uFT;=6A-~Zy%w_%^p>zg8VxnrDRACLF_-E_7f
zVV~dQ*}-G}+%5P5k|HU^Q6TTuo38y{Z}Rb~*$?k9SDUh9-4IuqUYVo;Gycv`uELP*
z&2cvV-AMujr%I2)l7!y%)@bB3SqoF5j1iL}YU&WhGzvZypY84fX*q6o2SI;NzlWof
zQXP>Tp+|i8_C)UK?V=hGf9@e#?`R#>2Fq3fReD2z0tc?8;47^8T8`!W^2Xh4S3(HB
zLXoeQciqgxai&j;^k()#T$rQfcp0*P5HcAGHBa2mg_Gss5F2GXd#)!n_qgVZ7#DV}
zR8(!hDbM&!9aEq;hi$im<6x|U?#kNhqd4Y`?)ih!QDfU%mDSSWn?(II=lB&&U-3b2
zE8Ej`M9b>R3XBfzD1b@6a@4|VMapD|*&eFE=;=UAD_D0uo=lKUcL+7>7iQ6v4}QZ%
zoKqxs<jRlYzI1!|^KeL!CVU5sjZ-v#ss-U|)tVG-Cs_JM9beu(R{&mP$=|xch*IlB
z<&M0;;G%nxA53K^^MQ0HF2UZ-MM+|fJ7!U?yua!!>(S!>zVL9Jx29?@H8>6>-NXdx
zVDVZO*4ZHCQx;F^g$PbNBz&?XNMygSN!QiTRFNtn6t9BS1zBCbh&6JDw~s4m3Mo&K
z_S$$Cr6H)uR*8=0kR;Du!suI^5R_B!j0OLE0ijWdjx@1bL0K%d>2i`(ZzP*#H9%Bm
znUr4C;$lUW$p@pyo!=`^F04fARM*Bgd(JWEM;S@mEc-_h%kGEY485Qu%IO~Vq2?wu
zD-VjLn)b;ht46b*H_~zJ&o1|Z@(qcWnr%qubogX+jMf9Uu5A`Q(b1~}aTcA{hObF+
z7Qeh6!vh9q1K%7Zr0`({K44A+zjM3&TzxipzjO1t*YdxK4qusO12-$%yT}XXe@=!#
z*Qy%5AI}KaFSIRd*MGhj6G5-{5c8t8P69m{oto<p*mY_)Ethhbzqap$%m{g+((uRR
z4R?Ey`#(sW-3gR@VPiL{23K6^Ekk*G<!Yn%AH026z5*HrN3Y@=<gc#d8{(Z}?4wH(
zl4}%WUKLOt^*q?noc}^ETZILmF4ORZ+c&yX>|oF75uQfyu?CYY5Xd+R%yd#iA6Jrs
z_%3?tL{#?Qhxq;b_2a`MbS++6QCptetzak;e@?C1-a#mW@JQn3huuu|O*EY*qir;@
z1JiS@W;I1*ZCEw4E)EQouj|RIxnXzfsJtOoGmS!DD5M6h>Zo`#O%0iN169HsXRj;!
zLm{72x53dQLC9i}XuxYrsG_s=v(V)5ho0RIv+RCIP7{N#j9!o3Q{|<k!$!~2;zE$9
zB?zi`j)Jk9tdzh2Y>#b5f}B(s#sY$yC_8ZXwkU+hsb;PUgF^el4&u%xkstQTQ2nzZ
zhij71I3lVdvu?{4mh)$MEggJVH_kj{y9VxXp;<o|yge)G4-c*(o`HreWyQ!b;IzQ&
z3j%8gIyDK6PU6Y(%8bh;R<x>$Gl6SR|A6EUO;I2;p*Gvve7!WAF=wR>izheJBgUhm
zt(%X}QTjC!)fqRjPSkJkp3Hly(k9#!@k9z+w^{2-@pn{3XgvMeL<6wte~@d4cxuPS
zg=ZvLNhXQ%!1zVlQ6Gu|w&=_Gq(Z0+bk?*0r^(N)%IzgVU&}1T5$RjaF2@M^!S`I7
zY)$@6yk)3`4JRXfo{H84;`bCODBqa194h+dWBbeOavoAW+7ZJ#W@ui2^;EmT<A}fL
zi{t8_e_aCgOtKzl%2rn`X^62m6nYv9Sw;VLHFBHYeK6ceIc?HxxZ-gOHbH~Q5`Z{3
zI|{+I2rEM9TTH91BL~vV$@Xlk_Z$Z;-^z2r5w}<9@(y5>>wo7S|3U?C>YKp%4q5*;
zC)28v2O+OF48&{w&hHLb8V&66`@C~={0@vc?rQ!9mhD|3d~*?73Lcj#w=}+_U-OlH
zRpB$@2fhv!<2_HtLG5=7%p}w)KQ{+Y+ODu^W8Oi+mVpQFr%07<<6hHAwWwOpaSWN(
zj*uktVPs8+$>mRq$sw3NOFZ=?_Kbh_Bz~gCT$IwlHq@nuicX(#k2lfJP(*9}DB<tp
ze)oFpVAwd3v6g4P%W;P3N<EI8KlXhX7i%zZpKLZawWY&t9n@yfcu5ly6CO3aJk4_b
zA8U{5Oyy4GT&;!f90i%&NUv|0sBe3XI;|Np3rF`pH7g&N51c?^(c_ASNV#lF0{6WP
z3y;zp7yj3QP7b}=vhkoF%c<WM;`@aX@GVD-rlRi~jb?9;Lxp%`t(uv5T(4wI3w4zK
z{zGpb4XM>Odz2{<b;D-xG2hTMb|k_Hpa@2USRRhO_naokwRd6k`GxbfQ;p}8hauqL
z=_Gl0CYOJUx15&Id33xGKg2yGYuR!;0MBb#FwP+rzFPK8-mP<MC;#U5J95N(k~f(=
z0RM6x;Q+MvsT!G!calNr$S^QJ;`CAv5aAm&UgI>Wc5Ud%rHiV>IzI&zlp_S~nwST#
z>T@qth_lqPC&~W+Faj^tQ@Zrt)zU6Tgn+{x9*-R5k$H8&l?J+EadVjH!87RlMNC^{
z_lf@|?d1KTH$&>!K7%LmUlpHUXB94YpHqzj)P~5DDp{e8r3|ZZNcsHUt&7<NV?_Mo
zEy4Z*BBAXri|2?JrER0V@^&L2MDh4OP=mCSY5x$)3jxu89E?#!Vr^hWYYjHDPbrXc
z!z%${7QK`WE2&h=-quOIflS+8g=Ey09=hJXgo|J=ls8`J0yt`Hq&^i-mZp%-FtF;<
zX{Ji3Z|?K<_OR4oOY;T*6_c<`TIk(So#r1*J7-zXdzT;n#A7d3bXOgto*t7>=I=6v
z(#+DKs+-I%==<&6)=V7RalC@>*f-8L@dZy2$N7!)`j6n81sJqm_5lp8FZ<%}`~Xje
zY?z)lU%Ar0!;V^kyYBh7n$Lx{@0ew|k{q8R%wt*sg@dRzqr7cei0srTexc^$Yk1NR
z*lOwfK0=>=@r=M-o0Agy0~#zKqnd^7L$6_yp5@@>n(}uXCUK)q!7$8L1LMXS47vWG
zsA`Vdl1xTkEo_~2xAAgy^tJH{#x3ER$ra3N!`BOCyZWcb_dA`hE)3fL-r*60kfeXN
z8A)p2Ui&rAsI7P&mP(+yC38U6SwfPJ+P`FoZVC(Z)oF9JMRl<B*%r2-d6qB-xM&9w
zK+$(`EV*LDG^nMv(v44;hT9#L+-KK-fkn3><1evQqF%92c(Fk|fL%TsXyW&iw)>Zh
z*yf(}G|ePmZj?hyy#E^YnM{0&Yw}I$F}=Vw9(w#1{xO(3tWk{485c{}L*CI$dA9hR
zDbtE;o}0*J6ylC##MjxGb;a3|NV=PT#lFcdnbc*PJL5li+5OK7;Hfe_T>B#{W_&&1
zsl(ca(^?d@j#3NoIGJo?&f+Prw3Stu!vX$kv*?ky(Sg?3dOM=jYzUIEEwszU;vkvN
zD1=gDUR<_lv77eYK3b0YMEp6^IUH9H_IfD@Fzk7|x90m=Ki}u_eV;Y`xn2HQ&VlJ^
z1^IWxqVuqovEtSgNVa&PzRtAx^5|SE8XFM479n>V_B)`7)S``}T_NFuF{_~Ir{eNS
z-rOM^Mti0_+SHE}76Qd1?g8z^lo|AgNRcSX@msJuttPszo3h?_sv-{Tg{<%hG}qZB
zCB>}$hPIarMuC6boKYa&_|_UGg``WdSfb*Q8uC`8=`dkGg%Nln@whA%eHo{_$+NMJ
zoiXv~P~oGIc~!bCAP}PNZ+ZT;*7Vtu{|j9*s;}4d)<+@`nHATsO6ECOKIE-14Sv&n
zMH}@7)2=iy_yO+FQ7t26FB~*3V$@u77QcmJ`gQ0JI^EnsNuoO;Ca#%=r%x`O3K1P^
z+m!`OkeuRSfL6IR<fiC_FjoMiHiE34ReP;KVP=mnc(;}!a&46INDQzCU*S&>7&=Us
zrm<o<r(yJ)GeGL|1z5_6UeEi8Zie}%Tia3>;ifE$&~jAVXon4t!V%t$5MsjML%BA6
zCbF9vNytL_US^wad0%n$;*G`c-={g3)PNqiyFbQxfdqB~tRtV?Ly|V@%Fys-WXeOF
zpC4DSgnr?}4}nD~I{ySVUQPK=>Wx$@SwVNNl`&6dh$s#ANS<-GI<G(A)=XvpY&tN_
zJPA#@(CSOrYjaur(2q{+GH|4@ecgAKX}za_+G48{HBI-dSc@xr6=m0ut=d}9mwJ<0
z6%J=IFbQD#B#uCE=u5vH*6EILuZ`My=pAlFJKZ7Wg4uUj5x!*ke+DN0oX2>HTx)qa
z;}Y)%_!(3pp8J`{`iqg&y19ulty0()XoK<Y=F{nGm}!|=czA4n4L?4ft0DK+Nc;)Z
zYX#pbV#OM`&k(U1t26?+cA_*V%=kQpAT`#3a3@M%_ZTunu~R5GTLF9ssQLKVRAuoZ
zxI9H*ZdGiI)3Tc>R%#$}+T(%OA?b3{hsZ%X7KlJ==!wOdHbtn`>-`i@#>1X}kB#Zz
z%9MS0#9Iq2L^P9h#ds)`gRunSygqqp=?F~EJEr`{l&}%pG*F!ZW60lKfagDpjz3?C
zBCb7!`Zsyzl@dR04s0J7OsKB{rS;QNAE#1>z*%Q2T9I33<wC;N`u{m|oS)qFR|~`5
zb>S02Vhh7|)GP~u*WX~+kwp<2ht*qp3DeLg7zHFJpi#Qui&ANp1Gm4Y^9YE``M+?d
zsg<%2^_ow|(m%BYfAJK^PZ;{ro(tY&At7B4oT#k%V`+e7l!T>p)F|exSk;x61CR=F
zA$TUQts~;t`p-QUSDZXrho+wheSAzIy7DF_VD>=~803#QkbR4hAeyZXl_HO4O`0tr
znN5+4Tyw1DfnuxT3gP^pF`Gg|qe6dATB$=+9-GleEAOT=YYbs?m*qlozaE=@C-mLi
zMt-&{LWMZk{3A~myIT3|c*5!Y_2y$^ccr}~6JghHT+_TH>)R%Y9USV^M!v|w9(W6+
z)y^!H#X_=%?^{q0(S=Qe|IK$Jg<DkhLf?_sHwbSm-Cdzo?@zctQXgCjO@FYGpN1DT
zcX79upGfYcOj!{J*cGHRTa;P2hE?{$KWcQ*hd;ChjwkXZRnU5-G;Uib?U0YAt0u|!
zPA$4%Ec7M5VvyaQ7H9oOo+!xM1H(MFZ#RM~?2ElQe%s_}*IL-2l-JlndFQKCD!9p6
z_DWDhzwko;(L8m>Ts#5gCzGsyv4}JBp0=FAgZZl`f=MvmKrwlfYivQsUb~DiR?#iT
zgpat!O%D)t4ypUkhGPJ_ZsaD@2IUy7qs#^CsG5dE0~BsjGt7f_J$8Jn>zToK{j7Tc
zb2YT1%1KX~u!F<H{{zUncYD9G_u?dRE9fN2RA7-Oqx(Z@f;*4Gk~9Mwl*$1~u`K$_
zh@qQ}dw6O`^q$OY7qbq&w9xw^e6iy>I-Ir2(L$k(%Jms@#Y*(8|AUAnPcUND&-M2!
z39A74D|qG@7h4Seep~T$BGql$s;`j@63!4ml;d;rL&gBKt2cB;ZySpb{!nZAx#`rV
zduzJ`uOv<<wD<l`YC(^jD`gLZdUc+arpi#y=z>{MjZOQDjy&=1NJ^kBB7p!cl#Ufw
z!!)NofJmNXif-N3{jvG1Y0T%MHV-Q|O{=eTX`yHq3g5)^pAXg4pU_hOu~{FA61Tn@
zY81t#%1VI#Omsz&t0iZUJFJ?i*uL!dZn?-s39<$0<{wU85NKR;OhV&Vg1wTlwO1C8
z8OcT`Bu5BQjcMox%P{R9Lv|UawdoQ7ochd*Wd~fFTHIFkt3NWhR?hHEat<cRZsG?u
zg7FTq2!}F3kS^Vqs3q$lk`h{kl3Ex;7M2CtBR!SAjN$m}2+*7<%FBaJ(L4Qex7wgw
zt>5Zcgl+z$D|bN4P1h`(*8101<P3qpD+Bm^%ec*K1w=2{6o0^dcYJ|;?)9SpVMX%1
zM~H0n`IR!cGnQhm*Z8uL>@v#+!5Mo%mil^d&n4GH35|BCu&4){vOAe(I6<2g?JqZ9
zC9m%$=+JB7-F4KC|Kh()x~uQT0})rxn0)%|f8pAB;lIqL_fz}nQPY_G|4aNU`S0lV
z_#y1PfNx4uBV~Qg|Bv59`@Fyt-$i1E&Q;n(L(dsWwpi@qA2o?@STSXI!ilDiYFLq!
z`uffP^)j3C`Jbs>X?+W-vTx^hEHJ?R?QSVs<KsA4GjQwp+b89?E9QG6Cwa-t9n!z7
zhI#qE)ZtL41q@IvHT#&)>zs#g2t=!nxzqc;WHtQ><Rie_!3E(|`mKpSEAVmq-)^vk
z@xc9R@3jg4O$?L`hx-58JE!2xqApBF9ox2Tc5HpIla8H^(Xs6>=-6h*wr$(CJ^BBd
zshZ2Vn3}7(Ikjt@eRXP8?X%yto_7gQrtY87anJ|yc>0z_JoZB8(iDVh9^qXfXmb@C
zv~r6GsvQJNzd}Jq-yRl;8PUL6vU^c)+?OEoFA=0Zvg@>x?~tFs<Tstkt$S=?V<TYi
ze>yO?{rdCG|19;M_ELh#Bi{KA<8O;9gpg6?vPmAdN}U4^f1cInER|s_p^QQ`W^@m=
zQ!-2$vJJ3m|A_zCO`u&R#t%DS`UTw|S)jlCL*8K{CPhGFq8TvNS1`>D80J5;4OHNx
z@zBcktx`8rR0tX?OLA0LB`!2K*bI%3z)FV%GB)I?tu0oKh+MTZD5|RUIyFC;?$0Tt
z(AetqC4zV3iHTwpP_O%-1(kU#>i)i(UkCjy%J~RN=Q-^?qc~fgp)y$Nto{329(S<}
zy{?T$ScYptv3W%E**R=myM9xNx+y6!_8^6~B}Da%bKus=4=Z#^OB(vOm>K6fY%vy-
zQ;_m&dIVdmk<UB|*)2*jo^u~qV_Y0%*c8P)6s1&!lP|UlKKvvE6%FMuvmBf-=+;nZ
zb5_9;uxuC_4duGBJZx#4Gr*cL1K8js>~}D>UW&e^8?k?imM7qbq^=AWgmu}0M&p#!
z;dO}G-T~R>=uR?@VjF^XiwSi)UJjQX!UPZ)Z}1XM*BG-c#rRQ*W<d3V7Ukpr<g~xR
zwn1?LV@Ke1hp0b6oZq*<gSK#@Hc(lb`4)z9y5;pWV*Qebe%Rmci<S!-gYyK#`(}$u
zrSuI!cUuxWJ1$=siw?yKt3c@*MY()nqhdY$Q{;30#0E`+aRYI;$BGNJ2Xlw!io1y+
z-q~Y0hQIxHNgR8Q%xXpk?*!|v*c9gwL$aqUN;u48lHn<3kg%5_HP{*-#0NZIPBJO*
z?B{j^LOD~vG%`}`wP2pBvts_^F%th7W<B!f2v}oHrYH-mQ4E$LM>smMPl7Km(Ut}=
zwQ1;<AWr~*Oua{Dq)O+>glFeD2co8BT(9Y;zIZVETZe2Cfe=pL$%4SQRa3FzK-{i-
zWpGfYzP6Pv*dVdRNyp+IEd`VI9&n)0x4^-+f9|%cZ@P!);ugY5iCkc-+NS@b3Uflh
zpSSxMCYMa;_)|FZGgw3gztH5hU1G4{T>I-6A91EpvQb)af0U;~Zsg;peVW<*YN*K;
zKm(tfSURKxS=?BtvD-fJZu~w!8)L`eki8W0F$lrMgH)KkZDr+%P%OzugxzaF_ut+Q
z)x(8Zqvu23>D(g<#QzZ&SxJDR^-Hw6Df^K2RSWAk7+IRceR?dL-YN28f^1m|e}^1u
zlu90^KZc7$6yC!fv>v14U<EHq+jwKyq21u~z0Lw!p>%0*Tj??|d=r8)L?ykI;}ywO
z9uT@|_E+qcat}Or%!HI(vN6nt$XR~FbfW6Agzk~wl=9_4IF^wc-6%yYV|dCCCd16s
z(35rLXJCSrbT}LX<l^rO$N@2<G;WA<0~?P+Ui~J3V-#8wIh!)HjJtTM61L0&NavO^
zLKSMj4<*v^4CZY`jR;!FvB$f`upg}FmLr76TTLkZ-A7m2w-$%|hM4?O>kgmGUo9|Y
zJlXDR%bv%VL|1I1Um6lGl#JazUt52Ri|qi~|6v+q^e;briS}N;pN4?T-XG70@31~6
zPhg!qUAMeo<+c_p%V%)(`R_U{;NP5Mum?nWo@eNGhv@Yt$ukT$#CI(E4(5CFYTJ*i
zjR4WNmEW4-U!!cA9}Q$f+r>wuZ%+x5PC$YKG99|#5AmJFjtMU4ID1bIY|y1=v$No9
z13;6Yxf0{i#fk^~-Rx$%GiFdjv7D>1lVPhro>YreJN>-mK7>QjYSMq!RuKuL)atwi
zzRMmjAC%oK&Y_G23jNl%*%B!~k>}m7s-GoqHP+u&y}|YQ;wm&Uq%mtiw`v|2waS+b
zh87;Cx<3C}Vf*0b_)0R@k2Zinr!7}sjn-{fP1SP@7YL~QJp_z!&s`g|4d*RD%7!rc
zO)K696;lERen?+q6JN`hTa7vU?*-v<pMYrn8yA8>7K;$ws~BQkE-OLDgvw8bBhe*J
z8+iTYo?}Qm0}F>v0dHHR0kOU_FM+ayKV_L$-*?DGJr?o^KjIu|hBe?&E=)hoFAWr}
z4;bjA1`0>n@xYoPS%df%2;>bEt{ILIIOY5%Th0Bh-p0i0(bOkCO0Y5CAYI@c99y-w
z1)`|tM6ILPLK;wYZ)bwlfc^u)6@$?u`bmR3R~TGX9MRxD+r%XZgMSa<uD4H!P5A*a
zGaY6MoexnBBUx+_@p{3?d%6qooAVCs`UV)0GB-twq4?@T0d|rbguEZ2L4d1CZUGxX
zACR~m082<u$h94$@MI0L<A7F;^LnbwE?4U8_YaAt;9zfM6RBsFy+qqZ6($mlE!z~K
zL`SHS8&2I{(Sy7FgK0wGd#E3IZ0{H54fwY2cfw_Np6>d_K0R*@{ps|4XBr>T+xG3!
zef|&6`2MWFfWQ#uanmLKKJlMGRei@F=#O&P%b70E`zykaH;C!)DA;sYvz}?}*T$aj
ze>3hk2*#(zcgDS6T@qWDsUU%9sZ2ZyFIr`PGmN}bgtd*K72i-}!#C9E^ixM@@$ooj
z@Gg3W0B?u=5woxO4Sw~@>JpG{`bGHfD>I|h!`oxE_KV=_Wum;}<LaBYoc+|uPDoGt
z-&w{t+yBop{$FPqpL+kFvWzSF7&}(prE?1KJkDGJG_NN1HJZqq=>|0vfxmlN;TgAn
zQw2~ITje?=Dk|<6gywgl5x@?VInlwVHoP&SO0zW`<4ZP?M{-@K97j;d?%umcbfryx
zn_^^Do9a|b1n%+<=vTX-U1_%aG+lOVoZWt^G-;3R?a;}?k&R?L5tc2bRZ^zwl~NH*
z!-Mh*f+2Q(qP^gv?8*UQ&NO_{wFSh`)%|8$_*Q;Rw9Z43JzeG{dDg4m{>Yz8&^Yc!
zj`bNOPqKFI!+s5W0lsTevQ%KU<u4dJ$FYo+5E0ZG^!$mSNHN*U@JLQwGl2uIXk+&Y
z(s|&--enaoAT;y*Q@fPZv1em-Zl6<blL8JyK7rjOARqzt_wl|$A>f#55~msxdqz$w
zV2_Gznta28!mXSmM5~G$MW%aka8#H&>hdE(qI@u*0mOl!nOK1&qO`dI9zw%xDM?*M
zc`zO3r^468L-tlqV1mNEe`?D}*-2>=n`@doR=2_v&l%p0%0<apcITn4xd!~)1+JQQ
z7A&yZdI|UR-*KK+<xvoWWe^&AjkB%S*FuF3x>iAETer00MS><P<MhfAobxr)*Dfwj
zgWkJWG~(x5m+$&T2%>X5@DRb-BGw3_(jyaF2hdVJ8avy3zmyplt-^>dL-2_6QSU+v
z+;PuCs`em9p$b;KI?V^0w2z}}oMIJ*!S}^{P_Ucw%`v;@abxbzVrwV-9S~fWT{Y5M
z@f23bg9dn)<$?T2b8B9+xm#0pzM2%|fJgg96^A@NjcjB=)~<L4?0*OnOM(kvg%A!V
zM5bmpk^{5EZJl}AJhD58I7`q-l>Cu&#og27eduR4xGu5N3Nj~{)AC}v&CHFwYapJt
zM%PQ@^lvn<5~gP!!oV_3RpX<^XuxcksfRcZgpIU=to4mC*T~fKuf9iuI24FXE)FWH
z`HffQ?*~M<b4X2GRtf$R8p!(fQaQ;TT}B=~Mi?$_tYY^|T{WR0iOyuW4DwS8U&F(>
zgcS5Eoy=NzTC$sxKG#BxG*CB!nF)4~!aKsbTUgQChMFfQRAJava7E1;)5ogf(3kO7
z>6_Qqh0={1ZJK76LnD6(W1QYzd}m8DU+1xhOhkVL)jIU#y&PA|Q4VyuJ1e}v%-=y_
zw<+Z3Vi@FghpY3^3-jv!qN>npt}lEOV-j4jpR)_B^49qn^0yd_UAs=n(!h~)7s3LE
z&v}(ftO~*tu&fD!MArpho2q-cbhL$%hS>CrKr<9s47kdqd8eRLc(sumn-+gFzGlad
zoSsCpbb=SpQw{`E_PLPSL=1pHT`(u4AEYhfs{x@r97#GMwOJVwUKSumKg;6^TNgOp
zHam90UJ$QFk$xnd!h4FQ!{C0KWF-~Mqm{PELlwW8ul^jv8WSNm3t<?J8sJ%N$^Hnk
z44wN1AHuD@V^f;x#jK59yG>DLUNIR4H^LZ3t~8u9p{3P~$ygLL$(D#5&Gk~*388m`
zc0c-4%-K*B)@nao88%$(uA!wdq&!^I4}kSu2bqO#3;cp1Xa&QokeB1`AagKX<shRk
z6OHBw%jOC8f0W~~iIU(6frMbDN&{V9pS3*IWuT-d3k^%4ICRKs#44Ixr0i-X!5Ls*
zOeUg@orZE%xLo&vzm}#Y-(#nJ`%?|7$=xz!4Z5D*?{QD8)rv!Jr|_^{62h8xoDSX5
z#gsZzeF(7u)J;>=^OF#XYST#^H_KcC0gddIS`15osOKy!;qJcvT$7A72|EEo<A7x~
zQ_C(w1Xg`2fMrkjpWmQ)zKgy56n_^37nngD+wT$k^Mog;+`Bo9gVHX)UgWC{0kM;D
zWBAux?G%;?ZxsV%%LROmlo&RPM#(5`d?C~#1XTuhtZz06K@!C&7iZ^KkyqZSP`$_O
z{hR%Qo#@W~Ax^(Zo?;@o3$jsGyr-b`MGfsH7H|9S!?(;4;o)=aVF<M|2M4L0SCi#i
zdkJmWi1nFon*EY&dwkdbZh2a0B2}9%cN_|3&PXK&9MPP`+oo8>Cw(`A*<#AdJ+X-0
zYI8{|r1V#Dr6s`PC88HNM>e!&Qcod7r$cg|i_B;K1grPR6fCRKlMDQGC#S>LAqMM9
z$}TJmx~amZ#l}vs8Jd|7$mqNvH*Ob?`X$B^jORd+VCd99Y2W2p_3d00`tPWcwH6#6
z>zID)_j@BD*CFFsBbn`R!#n84D3?9W5@4@$gn2VlSH8o+n0Z^KDszBe-u766a91SD
zm_&e?#G9A=H1bkQ?bHfLaSB_iOxPO*St?~I+B|B3wda*~R$(;@X*?GB`{lr;iO9YI
z$)yg-xyBd!>9tbtjLW&a$u<A!fQQtc^OqZKvX^Gf+w9QvIP;e4oS$A2B;%AEe#{TU
zxUfl7Lw}9`+Cd!_xrxpDV_ltL;LY`I;t|Ej&kL7(W44Nmp}B-#YM=`VytMMdS!E&C
z|1`f@O??n${ooOsOYBFN1y;DgCi|;D2xqEDw;n6fYWq>qBI}t&A%)ob|2|J!M`466
zASv_Wz~l6`$-saCh=TDQYy0|xhfwFKxtKeaSR(&hvK$=xJQf@#4ZZ(2|Gel2PFNgc
zuw{xzQcF!763FQt6e1MRJHh<;ngn>8mWX>(f4B|_U@Y9=G$`t!>8lPm@!kb7VZ=DT
zzh59>&#U?U<oqZ7@m2$`x*uUE_4-OElUw=0s>8#*EiUwYG=H&RvpKQwqSE!83mN`R
ziHyNZCkADPJCbgVVF#?;yurgvVbEX<&&hQ;<_aj$lx3n)Nyd_BJE`>{b8KzOVv|xc
z^(Z}jUrhBlcgaE6_(MEuW0s|-b~0Clh|5`JryV<iT%P6Zh#p4@dGX{tG(DY8ty2Fl
z$H&8<VQuVe+BRuGzeOi!uN$d_-1N#qA@{ry0o;A|GvZVZRPM`sNT6_T4)Je-Q$BN7
zHdoOW+0#roXsF=0Zkkjjo<`qqJ^7atXX!7v2TpUC=*2$%3w`zd7;-BQg2HpRH1g-L
zn}bA?1SYnI{r-D969Kh5<FY9fBVIDcJRbH2g1f66;})^JUX0nTk$fE0Ri967OSoIU
zLS@=qPf6}x98#_Rr4|nrQzK{#WpjNM`V0he4bl8V55>!F<N+~9`Vm&u$tk%T%GQvb
zX4q{t&XW`02~D*Nx21~VU2D!_idy)=zV)lse*{_T6VYy?%2zdH2Aqh&+;H%AkXU=K
z5?gW%3RiUL_!gSPf2~rF9mWz(`~Ki>j~7>`uki!^qa$|<bnnW|^7!8?wLXzAo=bN7
zPRS7n^b4w@CespXK3PsEHKUajfJUo7=J`2zGvp@<evFn%ruy%Rp@&1*%PlgG>&sZv
z5YO+smTpLJ;|7x{sTVl)&h(t^?GYg@l(UBD_0OU!K#Z`2u373S3(fQ`4KevT6DZdF
zTave51AEwk@R+)fP8jqtKo_MCUm6-pSo$_i5F{i$6iccn2otL5FhAbDf4;xI-`_&~
zO%{uwe>aY1d;|?@)?OX4$cP~iz9!0M1T0DLa_1>v3ev&aHBi4jKGoU!z;@&WGvDUE
z3~h1!<6b1oNpA3Vs^6BB#>v&1t-^qNC7&M^WH_#!<l&Hu;W%;<(%)UCqBW@P_TF*7
z+HN+PP^k(QUeE$D=3RvN{nd&D4eo|(><_^`q%uklTN-<#Og-||nU)xW0kVLEy$_YL
zT237FG{`*bz}C5SSb71mjC~l$!XM_=2z5aaE%Z9%>;b;%00Edy{R9e_aP|8<bBG+<
zvq9~S`0-RQ%%mptJif0`$v&<#Yh%^u5CAPhcQM#ErCWAIS2(aV1I#1PO<fu|bb8R2
zO+G>JGAEl>w)0q@d~RUd=e(#ly=Cz}z3F$PMxynhS<vxbK1Vjp^qDbFLgJYg`*YaC
z?ULf;!-;yb-;f|I%TbS}2{MV^b@|<*PA`2Cr#y9k*d-AlajJD$BD7z=kG<{wFU)oX
z_k$A60exp{p7UBKD3+AbckOgLPk<*T-849Kub8EGDODp9fD-qJZMpS`2@a|z@~x1^
zk8K$s`E}Wjc<@Qg$}v@cTbuflWH5>-4FAoH=x~K$B1cP&ub2K|{m-6{4$1+ylY`5C
z7TAtFdpxvrQ)<iG@M@4e&B<%8qY{1ofl}~Qo$%zEp7L(pf?<a$Gb(yJTDW|l8+&%C
z>uR@pm=U)N&y-#aG2@6`Ytq-bIJeKqmuczwsw+w)k2JnELk0QoBg?vZObht$?GBa`
zH;?P}^r@1x%L8i22@l`^AF<Hk+=?DE9iiufr_;g6!7@O3c+UE=&7X1nr%|d~%^XsR
z0gYKG>61FPy2G{PLu@}{Al+ef9$_bu@s*$L)Ew}a{Y^?d4lSv;H5|$qpkuEUeiUxK
zz+7T}N#H=50@<@ZM;^l*J8^X!>ie-{$wG6lxWAVufd9LfQHWA1Z<4J{1Scp}2>Z76
ztW(n*)mI$KG{-o3+Xe=U@#Vr1);wYzWB*|$<!x>$BbxV&kM0e#obfqRwn5?fY=sqq
z$!D>0Au2&!#W-mQBMID7Ct|0Fws&T<5YCq9+YI1_DWy8lrMu4K<yV8ohb{?`UeQsj
zdC@6Ecrm44b0=P@nd+CL>&d+p>+gNoFq`KNB)NNv<1@!R^>&uUNRgTQSTL&Bs-ZAE
zEGoI_uK$>=;bMP0*ZEAYbP&I5kZjJ0K~4m@6^+^ymERNmu!r}jo~cgIH?JE}J25+K
z5IgaNSCa?d2Yd!7V<vp1P|>$;*jPlPG3k=3v~&i*J%Hd&y`47XK&(2fV5T0k`hfXY
zMbqzd_&!X@nK<wG?X~JI$y0o3E@akFt%B@p4_%;)$-M=ldkn(H&@7z4igRFynCf>7
zYDT9Ar$Kn98M_5J;ikK8Heg1=jJB`%iBxZW`>yq!INZBhHByIc^+C?aGqXDi*FHQZ
zhUi{xYf1|Ajx6K^JDT{FW(lxkn`!1cm9-+QOV}xuQ%)r`G<2k8t_=|uix1XPZBriZ
zyzF%@uOtf#G}!uy!UdT2NdLR`aS(O{bVI!}7+6(9E0l)7;Y!;YZ`zt1>oXI^uT0Qu
zx_NAsY$x>8rKbvxgSC)p6;dzQf|h`g&zj}A87{d)vlPl*Us90mE3|~`zTdxeHLeJ&
z%TR#NdpwgIiM9c@Dxg&ATZ$ZQZ|KA2A&?8-OFR8q^v+lrG@th9JXCcpgbZYAk@xyc
zJG{0Oi&bX}J49(}Ju_N1f<}yl^Jo)g^a2IM>Q*EPn8f6LI;Noc2M~g0a3o-InezMs
zgUDZ9HFkAK6|=U(Qjj&Rl<-Bmu|ZBxm}=lD=zGI)$+6BQ)Ig_QC$)5s#fw~AnqT$n
zz%~L81ah0i{zlQov|z_?C{40%(_AwbDt&<eLnlo>go%eZqy)S8YbL89XkHf^hIT<g
zO)G)RcV&oU83G&BQRO09PG=`O6SvMwFruTc*Pt(1GNrA=^6UlLNrqck4TyXcGUke&
zxTbbzQLwnzKo!elux46uHf;unh*zQvLp$zU(681VOV7=qJ7JtD9!pn%mJQF>3B1r|
z?j(2E+q58S-JXm^BmC*J6b&2QQzw`je`lvdLS}9niPJOdHaoz)2Gx7<9w+x!c-+Vp
ziB62VT)8m2CbrPbNjIZO06q_|@CP~m=PxcVe4I^XA^@8=OS(7wY8D5yGBl>r`DS>9
z4{SV+oN|?>{+_WnX!%pPV}8}YoES_vVNCHnF8YpxW1bQWP=CZ>jSBK^oqN%bQI$-I
z6(mN&50K=2B3=LU(CvEC8Z?81kvo-d?_O9(u+``v_Id3Y>Z_3xrV(qdvs-cO=J<CH
zPqIPie_tIP)yErVk%MeIQ(ej)(zGqLPDTDYDjFVlf=9tlIsq4c&X^<X+bHu6Cl%4x
zRd7aG7Svk;nekB{tzFsJf;~sZC+s32n9k6fo2H=(t&0f4`;J+I*GkPO|7elgXAnGC
z3FmmHZ3hp9y0BQ(4su^?ul>UPQ-C<J**7uB@iK(GxLZrB-KR5cqr3@{suRZ$ht*)C
z0U4)1<;FoJBXg92<JRb79Re_{>eL$~SO<NNGfR{E#%c%~5d1YnZK-n%e3QvO5;`D)
z3q&pBr7}>|oBO5A?b!#*aVnWZPY~Of`}=vlU#^ZrTDH5g?HeVQT*avAp#dPs(P#ks
z_C`I1P=rgE6(HKq=}`|pp8o1+EF!+=6i-r6pM0f*f#dpst#9?>tAXNhsX7szQW!<V
z=#r}DpOQeY;eI_)To|YL$_;Tj)w{65(%nEnQ;zAk6)Lv_yA`%XbZF<Lj?G7n-w?1U
z&U3tZdbwQyUxn%)f#tndk)$s2N>r*$uuEw5id-V&IfP6uLyz)<%Zn~s@&0=eNrQy|
z-jV;)?roWKZ@Jjsff|o>I&gZ0dKS&JlaYU#L?>Ex=pt&~A^opLTb$*~M}!Pek)(La
z(w48S(%e<<RzQP@>WNX+om?6i#=GH)xsY`A1X!YeOJTr3J>AhUf+98KtuIOaoEA@H
z69(6nKnm(_*N$MWTS&yaCP09zR2k6dYR9#wyh5n<aaZHHNr3zc;{A9I>?tW8*yIKO
zAuUya)0m@Mq6HNZ!KS4x-ReMn!!~Tq!H^E?qVlMtbY|M#+4S9sde8H7eBGrji|sID
zX)~Y#K5pCwF4ON(N4UhA)ScW=?p`~AEExtjVS1Tr8lLm>7Cbeuv0v`3e)HW<=K7)U
zWfj;#zlwfQc)TvNGoU2qNHdM@P)qIn30;1%=#nRM{>0uo7j01C$XBmrTc^~kY(E}L
z)gp~(7YClc*Jl%zZWFQ4cx1`_M-+YqK9I8)fvaaC<zN#8ys^3G;<p$+-BTl{i4p{k
zXLKF0;(i6~MwE>RE|tQ-CHPsxmGqGslb}8x+1bm%K!Xt}{dMtv@%KH>R$y{c*fk@e
zGe=!s%XOhj5zVrU#U7{PMP*^%N1-cSN75}n%$N@|Jcf$MIK2EvNk{zK>H>jZ=e*Ze
z_rwNnQ6nbs^o$kdRp*p#uL<ShVF$+}l_AB@-!L?08s&kzs#G3yuAf7AhZOtlP1jHG
zUrbK3biWwVm00u@MCT=&1Y`z7Fm=FQ+AoovqBYCEavKFtLXcj|6uE}|q?u`Srm6Y~
zm&iW9)NlROu=RJx3n02j{*I?Ej|*4<Z|23+$Ki?C-$W)I`&j%))lFtGhBkz0=C9)|
zaX%L8PduZYk`L*fM3g)%+btIFr+I~p%i)j|*!<*6@Y!;R<T19wR?WH|;uf){p;3LS
z)Zp~8x6<Y_>iE)LR1O<KNsA(4#n#T7C>4+a4!1a$auRXe<!X2FT6UjnKwN{~k(8f0
z+<K(EKc8(P-j2V<$$9a@E_A5cRmXgKV4{=QhijO`T%a#-60V5r<hk`)-;oVl=eY{x
z43-!?LrZWj+q9~8?BNLfFX-cg&h|kFdxd(A3#*C=^gN*EAsH5;lS|bR!3V@LuNi1&
z$6+Z3|G5g4b3|V*tRgIE_jUOKI$VqUy_q5|0O39XX%~PK&)u?%z?rfigCXc=qlm5G
zm+!3v?hvQnpkvp6LB}ppZ77#Fe=r`Hks0@gIV$onbkS9jjj<8a2=%sQ#pjx6W8wqp
zngae_I`q1YVb267u<mB*c;VX>7;;Rs7<g_5Q7-3#B$f7hxiecteeV#wRF_C^9(4Zo
zT}@yt`$d9xC3<C}!Gvx#t@ZVeA3<j*BM_$91<b-Dbswu+HA74+6Q5bzVAL90z;nd&
zxSJVQ11=1H0)CI90v<Q7O-jAg0ung1hjRrzWT?dHEPZBZ+!J*=7i!U2WpAuC0xV_Q
ziR}Q?GP=upNLu+dn++!JiK3a{);@5@&NsvtuPFDCwS*&tk(Fl7)4Kv(QZ|)_k4>nZ
z*njHhf9sc#vC~n)p*6Oy094ml0Qbv~>hbUv4oOW(G^;Cn>6$3ap{$UOL8chDQ5AXP
znkebf52RZo_u|opp=PKqYp7|Mp#BW-!;TQ}0WSc>PzI$nxpD?M^-`1pTsIRZ<R(QC
z4zD{k;mIa<hV}Z&k_c<{4--A>5zAvZ^69c67$}SC)ap<dnoHatDNmIHR<%Lx;`kqu
zEfvKF^hmftj-8KzRGh<eoP_mlL+6l&uKLhYoflD`mH{E@@K;cpC5&o{#6umQgdT1G
z#TgIkLN__H`0pQ)KspXwppJU-wfpc|U3J;6<eT4rgEX5$KuQ5i`Ip%hC+ee3>t{!x
zjS|xQnw4>W`;xO|`YR}8^NFm!H3ei`qqkiwXHp|IZ#nAi)y{;Dh7i;pZZF(~i!vg~
zQxRe_&L=VTFzR5_W0yi7)!P5ELd9FkP2k!8mbVbV*%R5w!eVNj$vFOz`VTngI)(VQ
zd_uPf*4!bY?c=pbDigqRU3hgHW%95VK31zI&^DO2q(zmkZ4;M2XrFFMtSm+=5YUJ&
z+>n7oed(nDY^d(3zMy62GY>fE&zdsJ(ixfcYd5>aI&_|T+msE&^>=p2HI~$7261P4
zVjbH}fpl|m!6aj9NnCm84%!2W<Ef?n8K!6(ev@^NXZ`m-vyMBjV1L?pR0weR&^)lV
z_c<Ti8*7(g9To(N>v`dwCFqBHPQ##=;Bt($6)Ee8u8QqG%2C75L8DVF`CO`Jy7HRV
zSFyWp+7vnnp*tvxqu7-YF$PK(CaOkxiJVIQ-tG3>5M+*RJ-=D){H1Vg039_$aELyY
z5N*WcjwQ_mUD&}&uFsVm__{`;Y}om9Ut0qP(xs`w^RLCLBx)U4MCnDDws)M|EUIEp
zz|o_Ni4tQZ;S7R2@b!SgizdaKoMg_CP{f4x6!i2frk-&>$fRZ3WX{ID#EkyXK_sZ8
z5i9{kj%vs&r!H#$>_$UY8OV+Vcl0}gll>Uo+?o%w!KKjYp_$S89zU1y?IeyP+)PzD
zL)Q#=&8M+jDcK3v{EfxnT;jvaJf+AG9Bj7j#8=}2#T>xU(it#8aEN>RQCXTG=6%9p
z(RavcQ5Be(IO?t}3n&aDy$vXtYFY0t4I54`Eq7}(G>pS6(ts&O((~G_G=ac6@i*DP
zIxu458Y@;dF08l;%-ey}IO7@@RSqC3jL7H%aEmcE`J9^4O=aNdNFxQ#ac6=_@D;Y7
zjGn}N3xf)dw?uBdERUlH20`c+ytOi#!qlx`r&`=-j=7YeH%TV<F%v3Yk~f&d%c)*<
z);|!9Uc`9<>uPLP-o`J!U7S>2!Zz(F0%<v%iN!xxRXj6Jb?QemZ}qH+a%uH*5pS}d
z1Su)R;pF=r*6Xh1R0#rj;YttOOveQ`*S+1FGArBEYHM8n9RT4Z{W)rJQ8R8)z&gpT
zvQf|CVj+zV<7N=(M2&htx_$!m1k?7gByzTM&ACq_fnJ*E>KQ-#$W7n(4p1g_h@z<K
zP)2=Dts^1euWVd{9sxPe-%^Fya@mJP^&KoFXxB*_u$w^=>?U$ow$FI~I@i;;TjvH&
zIe~aXf!)QyZ+~J9Wr<!M{G6POu>;zWU1WN5<3rYqxxuMN29z|;-JM|315u@w&=+hy
z@hhHz&EiTX@$~8+WttRU`{q>3Z_7~kzF%M3^)kRM>5)?+{f=!?tXFcz1f0LTE%tq8
z6M*M@tv5B@e<y@?b-7z9Q%84qPggrzFJ87^p02!t-VJ|z1qAu@GrIT$eK~xGzC3~t
z71&Jb&NYL_H0~sQ#|YQmlz%BuCM-2e9Rz&%*~bIzFh&et09T)p4z7Q?{xCEOWhQ}+
z+Ys^Sqb}Mu5Ez0V(830+3$SK6N{o)A?W-`tY@W~3lTff%33v-;XDMvm$g83L`A940
z!`Q?mQtSkW;Th7o1=X^y)vB!Kf!p4KV58bvc|g0Vs>v2yn$XpcAYRrQE!$e1I;B^z
zI!h-&UMHXMXVF38kqo0T7w-nZ;s;*ZS3mbzPd4|LTw-z4asDAmi{vti#OTZaF~XFr
z(Un~lm3<+)d|dCS)As&a1M|#a;^EhlsFtnqyS0J{B9@2pgrDY0<u)fX>Jm*!$8%8F
zpb%UC*NFC@A@zt9sx%WQcmarKa!@I#&JYrj4`XZyjW#H(l6gn8rH{fWY!Z3V+0TzU
z+w@XT&2G}Q9f=)YJxXU*lzX4Z7G^k&Ue}hztgz>EbkRl2!be@XrZv4R^*0=w?0Ykf
z8Q=tQ-d9xN84Tl|ymox^YLZDvq%)Y_l;M_q(+E=GdZD`6LW~n$V~{!Ib0abj+(5bV
zO9hPH5$XHdDQ>AkpULt(*5Cb8EG@Pl83vX<aFjW!D%nz5=*V0xceKQ78$w<S+WA$~
z1<Cs|g9yT`*=y)}2gj&((yrk+?zb@8iDqbk<$pBO?j?FH6tpyeB^G^1I!z36&PRC>
z?7zhz6l4Je*i0$A22IrE0q4JF*LU(Pb~xqL@|gw$?M>f<A&Y+BZv9i2TIJ5K7^%@O
z9+@GXaLtu5d)K<avuFLOCNr4dpE}n!jx$&F;Zva{2#}+8V=nou58o1HE>Y^hja2e@
z5Hu_>OoD~+^@BZL`og@L#5zj;e7bc0oGba_mwaJ-=z2{1srn-kXr6i9Jqva*#324}
z0ZkUGK3lMy*W#&Dfvo=QtQb?bUa^lwd;VN&^&s-A6ob?y-q>7kuh~`2)f+?|TpHKK
zFPp-0oq-m9K}WWA?{rK~&mrT(Kw*t2QYo5XK{MesANLL3s$v2t!mdSxcV~(0!Ptfo
zF1zcv$Sm4Zzg5B)s#fdLzYQZ*^$kMm{1=2={pG9Oz!3_lB<X${E@U95>EptAd3g1B
zsWNXTYA8G9kKcEBMD(bzE;4AjxWjh*bNmcn&-(Q%t-8fR$gP9zUiR#V@q_BA<fePW
z$-0@NL%KAJ0#DVY(lf>a`9SLVbfkUR%ksS>3=G06XcapKh7U(uyG-3=`8sYzE?*Rl
z0#kegqC@H>rR+)(Tr>A}r%js4KJf5GHt#fPh3bv4rTuc^Z<amxIXrPM6qPde28yzr
zeexzAG7x^`-+(1zElDfN&dqL=>vN4rIR@Fv#f({w1?Ng+&S&jOY+n2NCA6rjn6UF_
z+qS`nwRU(d$UX&iM{v2??B2gTA+Up0QZf^KyWqbNR9@m8<hZ^ZZ~OUd{ri)=1OdAU
z;aB9Y>S5M3e`IkZ_E2@Vx5;uM!j6c^;6&Wm>F4BzMaxph$tEMS@;*%`V)D&>J~xHM
zP>w|H9h!xhmfGb`=&4>^|C)N<D;71NUp)QspldG=F2)k&VqeMbE*fpCS|OT?WS+nY
zccakSC>*#dkh6Pxuddc+VrQMUdKd}2`7@P$_r<G`rqI8#Yj?VCAgkQUw2)Sm^@s=S
zz=DL&EwRZdIULJK0_?@<Ln<B#X|>gPTeK9G8VTO@_31c0xvwp?Y@I@3q_Uq#60E5b
zta3=>)0jKmg_~D!E!6gK5fv@!Z>f`!DIbdzO4=@0TFFJw{Y4!tgn)=|Tf;{DLokPm
zUhl}P?4no$wqM;%U(Jo$qO$Eoc{`Bq)GEVE-pJvhON9uVnI)fQ58IUa)7KA6ljzg;
zajv)bOW`Q;4&}=?2DKwgj#4S?2k|Kjs8}=tacvaHj6I#u{BOuG-V2aqE=_V9(D*TI
z<b_4QVPnMRPF)FpO3)KRO!o<}c4MVj%bbYFVN=2|=Qp8!W@NF}VB%9|6fu9!0OX;X
zF;h6BNbRBkT1MSRs0nSqGa-3o21GmQSyt%d3)~QhrkCyqB^ciM8ynOPd5pLTQzdL8
zN$yO@R20CL7$cv^J}0@Df|+z!R&SyK*K6Ky7$qto!O9}U7CXKzz(T%9=^VzjoM|%$
znG<Pn#7F}xG14YKz<d>7?h3iD_u;@1*98abJXK0L<3mEqp@*Y-Q6(6m-nYrm{}T3h
z8IQ!L(p9k0{R6@fo-#i&@Qm76X%=r*yF$tkjHj2SAZ}RtL1>JRz+eZeC%d44>f#ZZ
zF}z&9^E!AZhX=nu#zUvLT{4o*#r#In4{o_?yAG7)Qa5@uWeFqN5>hT~Dn86?__2a?
zjpmiqv%0M3_i$@kUGa5M`&Y7}-@A!q{SIqll@m%7X%fi~e|jD*(ZgsojX8i7O$kYA
zqyCAgxUQ_yj;im02)>EKw0g1=ux}h8mMSYO9r_!%0PcL~OY~TmlVLvXc2T3sIDu?C
z0d`A^_AM9UUd2Q_bwv`ofMN!8c;n>AmsUU`URanY2Y<U+`pU<l9N)#mN={RON_Zoo
z5GlQS>#i%q^^!jJ^D;Mxw|{Lbgk&{u6riv!9LM@r!$F}LD(jGn;1;{0N*AhGkS0fG
z`9aEhYR*!uIi8_`rJ2r+C<~y=#l`aAs04_9uO%xTl=Rf>ep!7t(^V{VDfMvZroI!5
z({ZyPj_{$fe0;yUT(@;=Njo|a&e-SKdE2#recX<1(Fd<=s3KX58*E+rnAOF`j-OO8
z@%0mRRbCSqmQYK}p#p~h(kd7pOyH9vkX2&@<zkQdM0}7z9#|N#+L|T44#G)AlDT5D
zkUM0U_2+njQk(lEqQ{q(<rdxw8wyr`1Rb~E;(uIA0)hmsgx{6$_F~b8i5e6?hy7m2
z;ErOog?#tLUi1GtTIXVYRkKRK<+c(zKE0_4es*!|EI)M}9UbL=ebpsi&3@_YB!u#Q
z>icSc<d<ZY;r;3Q>^L~x@|p*`J%gG$UDtPGf6jU;#z3_@j$hoC0*R03MCLJ4C5IT$
zQI4;TsiMRv#oe~F7x@N;|9Y0Nm$P!d<&G|kp}IQPex3Q>0Ddlp3}i!K_@XMld-nB<
z7Hy{h9y#b>Kzq(cb8R2E>23>q)!urg^t`lvO6l<QN@sw$7X#w)(k_c69%dQ$xH;vH
z)((V?J?_1n&oM$0B-)guv!+Tw9c9O8VYw!>JLpcef*Ni>fb>R^Yek8%=T*OD4atGk
zUv<VOr-a?V+8cxck!C1?tpu2$fL|`#xq3Y>#9x*y-dsP=lO=?2PQst>*^rT+2M4OS
z4j)YQW^$*x3`=sfaIdUKbzKW<4jJrirw_6Yy8zS9PiaUrASvv>>?tY+B|?90!w_GI
z$GborkiArqxg0=v=jIXp?Z;Wp(ufZi2{<jJXc>O$Q2TMbtlHN4;pw5UE;^43IDhgG
z#-h?h|64G-K5%a2FYa=ozKg}MTe+_V^I8cx%XesPN<0C{O|25sl_K;5dZ6t#i~elq
zfsM7?hmMwv=0!=OHmVCX@=-5QhU6>fS|xno<eGbPK#<)M@vr%|zRvpu4RurLV@uUZ
zlz(20li_LNYEXXpb{5$`AdR;2;B2~FNQo&?-23oD@q&?0-d6+jr^itQSS7z;Ca17K
z*YtOdXil{DcUma0u*#AmbVC29);(otyd=F6iGe;MGD$MQ6%U$cSpJMl*l+5fp`MTo
z|Lf#K>wa;s*SLIkbBvxiGL@eeF%?{P8S7`T=VRnhd*3sfjxq0y5vpiyq^cNT#bkdU
z`8DA>6p6kLKcEbMm{EhLZ%nWkt*xY)aqCYlI#cGAPi<y*2xhv;2fyKhjLoU36*+t#
zOEL@AC^{z}tb0|i9CH+{4iD1PGbL89Tp$YTOI*UAAfDpUm<TOL%)EA8ai{@by_!g&
zzHhs}pZ9Y{wtHRXktko@$+sQ5U5@esV4r$wG6P)G`p+vrJ|mbKYxF7C+|`e<Ja`~p
zg0YH*$6d-Ut@7}|dX_A+E-<7>I}QGr_Jx;BgJ7hr$%r5x4P;#^(t|W0bW)Xg<OCRw
z-a$0!Oez641N?Mb9#V8?9{k{MTA8bO;N`@!CFb45GUZQWOYZJ+CcBNngw1=p!C1__
z|00F$kgCTX{Dq1-f<VEyn^(X~qp+<9&*!VnKIxY6R~fd9OyK<kZH@HfMaZw}a}*y=
z^Qtt)2@bPLy;U~;WUOOjTTSm+0m`5-hLT_M2DzYYu#8r_oZw%B2uZnLzfoiDOkz0a
zH9&DNon#ruLNdc;72+{?&9cMb0?onol-*tTc|L2!C$Gh4U(WNW#WT6X={(g?`k^Z!
zBQeAHZUrV?au4H3u1XET`<}66pQVmIqZQ0dlQ(W;MV{S_75T*)F!!tIGW=BGeruyf
z{YYS~^LL(GUV;~e0Bt@`Ukg=udkYd{XNn@*8q5u-Ik8>O1$L!=mg-qY%UR&<;?qIJ
z)riJaY~*=XqVR~Nm>L&&+?3GvUkxt4*NUINKpF7r3lL?SxC0dAPlkN^eHRKBMHPt!
zKb>4XJRT<}zZ`uUv2U`EsJEy-jVnh2m56VgDOPK0i1!TfP*~p#_CyBfj>JQwd_s-H
zYFklqmTbbxj1k6RFh2Y!kMpQ&`8|kFJix&+D#nl}lq4KjTY7LNjT873rjP3BTdoy%
zb(m`orQ&b4mpfSVO-IaDU05gQeYREjS&odwyd?UE3O>W0e?sjVGba+S5B(uS|5yR@
zl)iJ(-)2{vI+nOA-^YwqX<D^jUcu5F_27E;lu2=o(Z|RRP4cO2$mWd^Y`eF>*LlA%
zPdnE*$tH>GIVx(LTM4>>I*plSaDfs=SC7O?JI7N4f5g(QsLn2gH*MBUxFsh>&V^s0
zSwz?Z5=AeA(}*Svghv^}KqA$T)j6lT9{C@Nx~CQVv~mySjteh5cRfq2%z+x_pTFn|
zNJNsYMZ0Vi5lt|E0{t|KA*4mgAHkvXSjvvW`LP4rsds!lzvHQtcu7DL;j3T93)-fV
zNUTcyWY9cJDRky@y2H!}=BFSNS2!^(j!tFzEE}v#n;-WlJ&592C^}4;HU&*CJFLM0
zzRbT_Ak6t%V$B%M=Qqj>-*`wjA*p~*oSKJ%z{gL6sNLXKqxbOZ0#vK?#1{6O>_o<=
zhN9z3!)za)KE-zFx&rbRcrRsOGce>NfD#_{w@VgcURZ%uZw^8w4gaw44EI`1M52Z)
z5ruds>d+c#1g8wO;b2Ok$>ncgtXYK5CLPFg0SN;Zhr=M4SrcDU%R98$xyC3h$`9^8
zz`ujm01bf?+DU8oP?|i5zPNMl*R}vPiXI&((~r7bv<ZBYapx93$O9>ygev*~L|}(j
z1eV;Cv97w+5?ydp-eygBpIwCd!vx#`Bkz&3&bXdW=Hs@Pe}SR>ylIm~1eJONH3>@j
zL>j->@GrmlTA+{(g(6%CBj&Yg{EVM{pQrdV@lMz*0Np4V94s(0&&ZT3l{#Q)ZfUWc
zgP-$0H^g?o=r+3tH37@8&6;Ad?nC7HuK|caZSb&J`??ulV++t>_+9Nn{webFdmf3Z
zZXH_UYat9oI^&o!js|>HaH)aCG>0-71Mr03W_DZwAEMj5#?B~L_SEUaB!cmj*g$#g
zAAjk3VP2jn^@go9a5uul6DJ?$CpzJ1J*k=ghbQ>Lo9N#L9yE;HF;s^}Uy7#!6BDgj
zyEn+t)2r%aVo=$fkZp$I@Yj#7p15Jxo1)L~mxCX_3^GVr(^7K!(}<%5qMf|#>LOpf
z&YH6glZ9*-jV;iA*tgr?pyue)xkf#g=2;BkJ|T7W((x_(LgtstWY+xy2LYa<9Xew1
zDS;YnbqVtOn;{<r^o!z>?%hwXPU2z#0DPJivL_CQ(C4%WqtJJt5EUd&7a<+!P+;1s
zUL}u5Q)u<YZMBp9L5vQJ<a#*xST4Vo(M*p)aXF#XaJP7rso4i$f5JaZB+>gA1%;pG
z3$J!jOG>>!5oMRezWot8&c#&m`0MfH8cF~6IwF!buZDyj=876<i1!(9zKP@P`m%I(
zM&UbCNh(wgo+j4dg*g<&0)0rM^%7JFBaAgh=Sms_Gd}&b>)9S4aG!0PyW2_Ytr(sF
z%P=f9S+IpMaA|avN($SjQ!AtQY0Tf@RR^?7ql<dVywM+UIf(mgZNhJ%!qIn}WB6d3
zVEtKm;3084BB<fTSG&?RJOR&o1FaT4p<a*%Ei<9I^a|M8nGg6A7--oLu=KM$t$LYQ
zhGrA~-6vgLH$Sl1m|K!OcFY@;QU9T`JV#=yNQE_cqUlsB**KZRlUT|T2E)D#Rl|h9
zhqYoKj?zlrA;8Mmal>M|XJwt&MCCr|@^+uD!xDeZ!1dG`VG}brCnk8pPPU1^*JYX(
zWAM)4^j&s&)n!%cj_)sAL5C(I_mw8@GCDcuw*KmY<=W$77cR2LSev3!=X@lvpN5PI
znHy8Ld-yTLudWswRJvc4I0fzs7SSKaYqK4i<|%?PP<e~@v2ETZ8%qJaj0m!rZn%97
zf)iWnN^6UM`z4|KF!Z~s5P0LiuK*EC1Q{iJ-IhP$AJ_cD^ND_hka->aj~kOL68xrH
zQLxZfEJz2%zl)Ps<YpZz*}sKOAk!PN=>YzhmOE#}UU$&)Q{t&y=qoayz+-M}Y>yLv
z`ZF^5QY7S~b%a0k1<7(nc!vkMKeOs$c&mr@!%huh`@)<N73!I!Hb28F^D=VO!dyML
zH$h01$7)p|@P50@pCyP_oSi7*75(`ncbI0}xcQhBo9zNY5F;Q#07t|FnR9gykrf()
zz|ZSZX*SSR0Acb)4%+-ncskTd04573#3aNpMRZ1%M&sUqa%g}-bSBNG;#P{<lz102
zM2;{(+EsjieylD(K35e+h&a?ZwtK^ania$a-;X+^a#BdM@J;cFG!)7>gdb{@xSkmw
z<y?zK0R7tFy;|70^(NS0e=7LWMFc*!`~4lZ=t`goZRf6{25O}=O9#wl%O$N1@_u>j
zX*UBgaYUJ~xA6ANH7uT6!7TF=xM-p=4`K@t;}j4s8{+jWx0{#tyOjtyv?=biS5g90
z*lmngIuzh#_HLLu!xClo5^)XB(0KiKxt56cQ6$-QGGo`un7?&@%*FpIAL}!hzvWyW
z<uhl7^FLpD+@}-%uYELMxju7HZ;I5(Mq~WCrSaiDF&E-91iuh@d)fvlxfLkCdE%KN
qqx%|cZ+Z!$NUT$176~cBG0j2N<gex1tN)B6|5{V$djNR{2l*dEs%=96

literal 0
HcmV?d00001

diff --git a/assets/traefik/traefik-25.0.3+up25.0.0.tgz b/assets/traefik/traefik-25.0.3+up25.0.0.tgz
new file mode 100644
index 0000000000000000000000000000000000000000..b86ed62e92056802aeab3fc0ea90b6f87a2aaddb
GIT binary patch
literal 83589
zcmV)8K*qlxiwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc
zVQyr3R8em|NM&qo0PMZ%avV3(DCoc2Pl0J_K9e@Px|=u2eLl@GP0AK`WT}IsX7-Dj
zSqZE{cf+hM)Bva^+p;3|5q2Z?*Vz+se(rgLeV_9L=MgrLxD@KvH&T@CVa<fat^yJX
zAd$#SBr+w(WJIsKClkzNFvrvQi+g{1y<YF=-~j&Z^?K!h_xJY>zUUtu^$w5vM+Zl}
zFM9pGqy63&sCWOURG&;p%)jW}xvg^Nej^V~5+<>vED?hiLYPZB!l9gGR{>?+aDtOD
z5d+ljpue|A1j_;XAOH2gBOFC&LU1f6;e>?Oh$drBgg9rJB!6%JJ;_TCt{9st$Owrn
zO&OPHB4vs=i6|!_G>mW(>9^qo$1zb&q8lnFC?s5VrZ~Z4!W-doa>MvF0Ksw0Zcvs+
zSQ5lWD8W-AQXCSLvY3W*G-4e6fF-%Xa|e&!4p2k|zKRJti8CPyKW8xk*b1ok?mL=9
zG#R6t2}w}GBuWU0NK^zxBnc%78CU&_=V-Q%W`qmM5&#KxGoiqU2}U$Q@97keNg(m~
zeF2i+n+wUYB;$F&Ssc@3{1)B@Q+)e2!81%_g+9QS3|$eFVj)PRpkp<@h$a#-j)dei
z85diLA~dB!BSccnv1D9T40$A=B!Klw4>_9>IU$)qBIGz#H9a~)EQ#lcj*uXHMnm!=
zOQ-^=#w+9mOEX{wY{Wt_K;P3_B<Cqp4a*5Z5gFkumS~3Kj0iNMu_LT-!Z;ZqPNr-|
zP>iogjBX}W>Y3KlCeh`qi#Mslr%-L1lbB#Zb_VG0Z+pF7|NEn7J(OlwF%=Uu+dB+;
zL9bXNBB|KXlx7Ia@Jtl3@S1QW@mLM|Y%l2dg2TGXwxX_}7S@Es(=4G<5+UJ7$Nqwb
zN|5)1{$8+OgdEbm4~KhC?VkrvpTZoGJ%SWCAUCs2RL{-qw_6B}VnSpPVku*yaJtHp
zC?*{m4bb(zXyKIpMU(9S&GuS2O}(Gc)mB7A$SI8S03D-CGcH$Hk=~!PE5Z{ZiLmSe
zg)EVZehF_)*pv)l(ThR1YerOI(W0S(X1{QJ6O5_iN0}g80U(JCLN>K^+`qHEV85$~
zscTAg)e?}ROQ&PkK+MK0NRx5vn#^w)kHnzWvGdvLSVUVLln|-73ROk3E8@ET<)5DS
zgZ@#_>-4^CO)*U*rU~HyhfFbz2Z&5*Oun7rY)llQEd*@Hyoc9$*$5|;#DQefko@%R
zSiLONiS(DeLL8Bwzs-ls6;$u@Qd1gENF2nB3KEly*VUN1uX(+2f_Y3yFu^gI*HtnF
zI#8gc-`U|4EaM@8k+8F;XRdC#Rw~qim7&^{Ejdrg0O2%^X$X9#HM4U9t9JkEEY-`m
z^||-d-_qk&5AfMfBLFUx|N6bXqo=)+{I}nGy7wsmJ;bwxPD?v2<Cc-PKrT^R-xlh0
z9D9eih?A5FwXe@x$onxs94Fy~@a~jy&NzuWF}>oL&pUSI8*pZa7ix#gH<uPtyWRk`
z^&a!IUEg||#j%m;S_pm(;l}`-jb1Z3<V27}wpvj2IEvJsNEO$>v5^>5t8t7tF>I?9
zvgwp1uhd5|Kp#G~T3f9xbi$Gm9cP>vsU(fre5yciwelZsh+ZThMS8^$BJeI!d@>`p
z;HfL2q_R^?rYyN2s`xccqJj6_)_9#wuLxH{ZOS5{{w*Sewn6Ly2C2knC1omD==pOG
z+K!$q#Y4pa^{c>H9H9vnYAV$baiaD&Gg#~fsonbuhu3KPYy<+GAad6UYu=U*)P$%|
z1yuEZZwDIVWJc9IztnBKqEjk8M2@E{Q)4nhl1>TQrU?=xWJx4;&=namPW(o0XdEL!
zk_g7);_Qb%pS^m81RbksrXxo)5hFrlJIN%9*bR^w;ZvHxR`LVKAsG@*S#+UW8=#|}
zqr3@0Q<~6eHbsdWD1(-3LumrS2;W%>iUZG*M9IbmafPFs>8?isxmcwB6f`1SAS#hB
z*H3A3PH;4L_yKxb=*^69P9qIHrZbWdA-bI4h^oJk(zpV2IiW&LMkdH81KOvFBxCML
zvl<*|T{uDHRuZm8@fE`n`VPl936(%P!4jo}j~Jf{Ujr0@u5Xyh0NNFSl_1nF7*4;+
zka0Oc-}HJbc145}G9>|et2?0>)tE@BMi^8O$ut~JM9Pu~u>{?aD?viFdPySre8^}b
zg9;)S0C<32US19_93|!q!&_v&nzK!UaR6xigvprj4oitvp41eESSe9IX%$z|zOQL3
z_Oh@Y;8A`PBN|JhbT_}$)f|PHkZfwot7hVyfmK^bS=7*lDG`$#U&WNts+OnVrz|>N
z+LIxR7Ii^=uERZL(W^!1tA(P)?E>bK(-5)IC}tS6b2Iz^GUxjzuJQo=?H`&5j0CE*
zh9JTcM{GR#CrF|ZnUPpcsOUy)EF_j9>ShVOeJ7M|CcFPx;;ZKqCJci%^08ncmYtNd
z+c~^PdcRV-d`c72h3|uYptL9b9rLk5sNE6mUDWPm>c3f(b~p)VgJ=D{LwJ$U+m2#%
zk`1~B0sT+=9|q2h#o3hnsMx0%n0LtG6^TffcV7?!Ry)LUGC*DLV{yneSdsH081qaJ
z%_?X@Wj?Ul22(TQg^Bo!2I*#@2}d=!fS$uS)yU2;@A53^>RIWKTg6@oufe{AUQRT^
zFpd$8iDGDA0AXM(5fgTkpequy8%01x5DsazDYW(Abn^P54drt}RZN$Ye`b`ENbN{-
zmZ@z)v0vu5ONCJ4H-J7TF_x;hdN){4P3meu-TiNl3S(Qvv`C&;nV4U(+kt9X*a=V)
z5mwU3-`ZjV)ETP(N|uEa)K%-Hi^C}ieiAJCPbi#BS%f+>bkysWzd9-fZcOD|jVQU5
z`PA|(ITo*3a?Y6aL?!p>2hOr|fQ}9i_xFll-U`BtAC@cyEOEmsaGyFIwaX|L7^<Bo
zHzSG(RvfH_;4d=N1zy|l12n?1a8llhW^jt@p1!^?@@jyN(^MPC-YXJ+tt}0@)9;~b
zln5)%8sp>llneP+Dkm>>jTTacv~cQ}C7?<849pR_haJ@aW-sUkdqE#<A!)<_*x>Or
zjWwo%U>;70S1A$wK+M7*)U9_SHpMgv{7S0WbRI;B2z32GWTO$ig^w(C7UeB(=#z*^
z;l>_B!~tsWwM)fFl!#v4YF4y5%;NZhgq#4R@~a9{na<D2m<q|~e<pKXNX?do4jUC6
zk#HWy1YvEDR=cQu=LR?B<U+F4c8T1QFsChVrF5@o()E{%hzUv2LC>s#lnHquF?Y1D
z*7pxYR=8ZM>CC(<$V%`^(ar$HEX1+fhQQ43Ni#+PQoW3*;2BH{y2_$4k*$<Pr|#u<
z@NVGiD>*3_t;|+jFTdU2|D%3SljHntujbv};U5iVCtwdo*r^a_+5&eHV^PvYy$^#L
zwTcQOd+HK73$b+2(c(rYRNqzeR&pn|DdAKJR5(T>f@Q{uX!&mkhUHUFuSpn+Su!TD
z8AiKW&zTV9Z26!xAwi}y!qJ3|Ct7|^(0<U{MX(dKXZt}f=yk4$#QS;`%=XL5q_s91
za~ImzGhLacG|t9Uueo{vg?^gSP`Co>+NoIPtYk%?rnH{Clk?Mh=pdxSQISBH6D6-J
z2~KT!l6kz=sJLSdR0)iRNCFGQZH>A}2d6X;bS#4FXCk1i%gKmvl7vKbMM}c%mMIwI
z)?Hh4)>o6z55DJY>e#t3-F7%xu6!KF=2J+xq$3()N$emYG}fC{J7k=+-CM2Mw>1;W
zUu*hoPv@fWq0>R%xgPJ@p+z?=izB6Dnv)bYWNMTg&LCo_Vbywq5^^k|OJ+t6{Rhj?
z6weJ1t=8EVXo7IUq#{?>?_DP_QK`2>Eg%ib12nK0n-3oMw)0r8fA}YTYCb@Y;X4LQ
z>6FrlC$&`uC?-;nB;@l{wpv?Tj>jaHxd81!t6)OGVsgbWk6QjIrfSB0@yLH=U<J}Q
z%&1O4^?=lmOuiVQle$6xTx`djQI^%QCG9NG%nF^VQ_)Hare`AIst!j}EW-)nSxkU2
zR!63Q3xI$s=b73Wlpr?bWJGVb-*;V=_dDp9Uy9#wO5g9~2wbEjq@y{s1ePiiX_Y@!
zDnHm|l+MzKjK+S~jEP}xyXb~o?dC>=9lLz|g-PX?!W`#1p6D9hMK==~PV{~u6|-c5
zL>5f<4}V9e%=@C&F87dADi+Hm!pU68qS7koGorge6A7fDAQ^(QRu0f94MHG!ETM@h
zjiQ*`U`~9(z?qzoM4A&9J>FhPBW+nCcy(a~KLbK@G^-7%A@bOzh9(^;c@~+~*PHKz
zkaBiK8n>K(*@f5Sr?GJ9DdF=D>#L^C&#=ONyQ`s9bov++6-xRuDS3qq(7Epxf*40{
zl2Z~Bm}Y%+S}4&%sNhI4Fw{_#=zI3<MaIV<_qUumcBod{z_*d-w(*c9YCa{M5j4Uy
zRsyvn8)FT(mTs8V3DK(;VF4BN44SH!6Hdg0#gTVTP;AfI;w3{jm`dA(P->QiKT;aB
zZY3~g9g5>q664&azPBoPc|%B2=q3OL15R2zN9fm{BluNC7KTI!;#rC$bK~O;jwv|G
zV%3iMwf^V;DI1X5RxU{0tWa5;4oRnkWzrihYoz}yw6On33%@2>Xr-LZ;OJ^l&>&CF
zPrdCNj+49-yu!9;AuN=g73Gxb!8xVT^zs8;rO0^7q;&eXoDj;jY6o<9!da~euh?Rt
zkr(E8Ox3b(ZqVRad4q)({Nfj;^ul&z#uIed+t<gq3UzC9AW3Al+@jZ?ZfBaxd3^%~
z^NHO@J6eFmR+$9}<ATH_l#CA$NoJI@L@D>rQ_i9c#LwL+krNg@&(95Q2RO&`g4d;?
zGZ{_-bT&dU8A(JGj=N4Lg|C_;c=h!Do&WZ?R@63<LAzBTG&A(eiESM^TWi)IC;U@S
zxPEgs%q85K>2)Ip#f@(#iOeu*`l!_r6zrib?n5?JH7ic%YBQ0UKqJnk0s5ZtDVBpA
z`K}?2MBACm0<E^f+u<-}UAYv?i9HA(pmtk(p%^C?dl+YIK2{n|Srh=D*Wa~$27DuO
zM_^SYjf0jkV}>{ZM+NgqdtG1<NKuL@N3bu1aK13bskRWQokh6Ufn?Jd4$u_T<B>G`
zlR;vF1-eo@BfuunF1V$t0=l};XJEDuS92@kPY8OS9~K_-ai-`|yhkw=Qk$K25g89!
zTeaoX`wnV%I&MD-07vy7H89V+y8Ui6Pw<q6(2cgMM3ZshN06%;&u_?8`+aNX9be|>
z3_xaKM-5<Wt9Y!`?y9$<4ezxqu2liA`j;O*pp?@@j!^rLqGN`rje>LSuN(l+`S|h6
z8sJdYhpylJh|}Evsd${LkH)}29XSi4rAT*n*(x8|niDnC@s6T=L=z#gVve3$J4P`Z
ziwR9r!nK3}(h0ov`fPcUd0jk;n_=FKnRDE2wNxp!cE=<kT$|);%%tEt!p7j~f-sWg
z7G#_$mS|f$c<t<>t4xBGG{lLuFUEo)EUujb`;%aat!O;b%`dIfnR+9$_Eqs3%@wdA
zGZK4_P%qBU-<${jE&v=Eq`#Pr$7%qfjy8^;zWDC#54&i1{QB%<7kz(xdHiZu!`MZC
zJwAWE3uo?UufKnzVM5h`F400}<h{YVWQOw<CZ*X<?{^0VRv~r6sg!QIRWDCqY|$$=
zHvAB6pS=2h2eAYR8L=$4*<UiKZl;MQ=zqO<^LiKN3kJPzv|Z&hb0nbj4mUjlWr?|4
zqS%aodq5+h9iJkgRf3)Qt!DBRld$WmM1fsBUO~*pm999d1KT;mVxEK(&Jw0J2`naR
z6Gg(9P%yg6Mk5fbFO()<>LRdb{SI-GYDY!^P2^&H%*H5IYIwe_Dt3QONUCs{k}2bJ
zE5|Dw^;se`ASYyM*SvtOpG1gdGR<Uw&JrZpl%Nm`B6jswWsp%@#+VZ<<2jm;IJJIY
zYV`{{riHF4g{Nnm{ob0oa#}37-*{I5*p=E9@fD4!oSSh6F45f@6`<%}zDZ2)%pr^5
z($Ze9x4Yl#b@qFER(9Y-@;R1LNhP8n^i63JWgP3v4E^3zm?lUZ2`e-dm`}choo~!k
zH>~Di7e$<<yNHtrhlc#sV@Ok#)CG&MKo7A;U%GKMSuveb4+zK_uG?mWU+B|$;bV6a
zQ<BKHLa`Wde&EbDI3d_-YxmL@4|H8$OmlbXjOs?`cuW#GFsOJRk25)8oc?Sku!PNt
zz7o>8gbfmgy`>$;w3C89CeJ<IsIdI7bnd82o=Gb~nTumk%$||8bJw{6O0qas#OJ;9
z4^t(dBakkfEM|@Z40dHp=D>ci>&l$RnzxGKk{qZAtViZ^kJ51zy~s_Y*5j_g_N!2}
zmDvO6D;qe9&h>W-EpM(4m{p#d(6cH{EpFds;Wd%kJ0QlAB;nkRmV?*s1^wM#u)o_6
z_I3}0UfVG!s60UJUU0bE4|=<M!C~8i{;LvVrZ~xPtoj3%4*`AIMO50!7KJ^=s#Mkv
zPZJA`aj@A~-)T5()$)<C?wcB;g16<j4xkw&%UcV0`94y{bJ2N_Y{9uJ=t64C<5?&L
zvR-luA8?tr(;=A!(7|KyaWyIm)-VDK*8Cozc7N|_&<lD&Uppvz?OxhbsTqznMPKPd
z1Hbt+6O+c~^C|52oUhOp)HySN2Wa2>q#I4)<ibCPunmMPj`hKrM;-Poz-s^i419O!
z%~sgfDvPWccH=tRTC&udK{l?ot)&ZY3n7|};_NoM+MK*BgyodwyqN~ide6S`8ax9K
zr{8_)D#L*&3t5b|vnW;isuCx5ygAOI)XlFgJV05L*1!cCyu!k$#GuT$2B-ko9%zql
zY(-GkYXEbiHXbEFnJdWaHsAnQ=ac$&GPB2<dm!MQTOJV)YUV_OdT=Qg;)d~PMR2xw
z3EW2Pz>>=boZz^0%SWJXM|={G1t=sqj{V&=Uj(MASp)eewg1irD7T3DpGJ%g&=uy7
z45Q32_U?gW%=Xq~8b?0$v1^iO($$B=`Y0tKA!y=`)@OSTs8m%3==S#3gY$-uaY6-1
zmTKkle6XyQO-RP|$p}<pd|X-yT4-6Vww6&Im(t@>(l;D7Uq`zBT1%+Ecla5p?opKc
zl;p%xl3bFQD1h@isxrFz8^0Vn(WB1lD6B>~$Z6?dzyGYg`sjP0YKD91(Ad%Tz-&Ca
z9*pvEmVw-+F%79iS1d~+%&ECT4fk8e98W<&EO(KZTHm=!x%)rrDBZN*F1^?<zUT*g
z#TQ1$tzqBR@*<RS2fLx|vRTWV<ZF4s^gHZ5%aLin%()T79vL9-G7%u9Pdxqh${cGE
z`B`^Jd&;1F#v&(2I|ON>KUHSSvK_?{wMbx_#+>K@T5$}DOsrqrI^Dr8^RKj8gTdSL
zS8&XiA7ZLOP+f9X4BrSm!TKC{G*WVlcg!+AAD$>4mk7Az>oC&?C?m$Yvwl}{<Hv51
zJ0&A99K(^%s|#~jWDK7L7Qf*%<+4=llZa*Rs^bQL=l%x1b&OLv*M=4^HUQYE=R%Sx
z(h+Kc9B7CK0I@4sH^f26<-!K_A)ViDpiMsZAj6G%?(nYaU6Z+;4evgmj|bs0$7IA<
z00)5!ap82PI(|*&t04hrvkS4fCi5H#1^1fF3pkvO>?xEsX?Zk|7~f(Xh9s2&T#o(u
zF$WPjb?A#`h?6nqQS5CViuHp@7r{lyna`8+rFn5p)4vc-NAt=e)tA+sd~*j<^cIRk
zVa(IeH0jK_=0r>nE{@U3`KjjOo<;bLx!etvbWQK_QUs%v<7IY|;$_*3LOd)Z;pJWl
zdS|HKzAC%^>Yb^22iur03o}e5x?#ze5*c6IQC*jGfAc#dBr<kIZSFiCo}GYKc0n>N
z^u?jC`+rUVVVaEd3wdUr(#~0SGyU7UcZyWrz4OYTJPO$W{U`rDCu4FuK>zzF&PXDo
zclyxkoj&t<r;ncAZL>HcLjIDF8zSV+yWs00h&09_fuJ4eN#FmZFaNodgDqWr^^Q!5
z#P4!<q<1Nc-X$y|(8IO*w;g=7^ThukF&`5NZ4Hounb<3gt9Q#3v7dfoR|Z~5N~U#^
z`Gh5m*GfQW`;A#OJNY|^7eFqxkKh0udcr?IQeT9`)3gFjlmAO8)4lSi5mVdhxrrNC
zsku<;tZ0`0jit7^?$mMb+BM~JFDbhSbCW$d(0ejt5fN|IuGT8g;*vm!W7uHKVehF9
zVB)5j+@^ehvh>4G>?+rXKBDK(QO_?oQrI6({a0~utjum^E@ziX!&2{zsEvAnZZJ>$
zOR6QdRH~Lur<l(NsBMp|RX5tjLWO{G?GGQ&6OCYyvIu?rsAP2SrCkZ?3l$L8r42W}
zE;$YrV&zk2|B%@p>lY83rLNgk+t!Sdn{Lazfmy7mP-rW^p1J=u1U_teyNs?<kw=?!
z?}PpR)7F-8slfv%2VddL^CjH(bw@9yuR55@!QRm~-<U7sSK1YXCL`9`a$C!BCfSg)
z5sh<n+yPRxMGd!b;By4UB65|D?UtZkjAM3%<4de9Ut3^wry$Z@;AtAe7~0Z0V2W-}
zn6DQgP`o{Vr9&PJy4`$a4xc`K*0lu-wJxp4laPh?L(K7Xfcimig-#tk+t=ecCP{zq
z*>_a>9ZNY&@z|UzYs|H?l@hH@AcL2n61@h4y4nId@UcT9JyvET)ousp#L8Rl7;g(!
zosnAfu)u_AM@BcG2!Y++|6MS=Z=s)QdQB4zL5<=I2cj~j-yHP&U7XVHY_BU)oCrI9
z<RZn1KL9kcgW`~dVJ7ET5<A8dJQos&*PD>-{$a1zYak*R$g@*_fGv4pP7+!BN%g1p
z!xbKn@tEj)PL=N@#zNB2(B%Spe70xs)sB3Z+G=bY*P_vj+?m!maw=~019Z>^3_#er
zEf&MJn&4!Hw|pre=2uG(j_2tJUW)o{00Le@Zp=0DcHyIvnQ_9B`IKcM6L?J8<?v?C
zAyu*Ou&5SR+z1=c#?pfMQlKlEV6NEVaU6T$W9*$M?@iL^3FLgQyBe)d0j+Kr)2`z8
zZv{bN#^X7<;?@gUp=4s(4bb}uiKm*e#xd%21d-3%HO`~YKlpy5xiDuh|CxW`4&d{$
zPxWr66SHvu9(d2eZ|`IKeXGtzReMmD-Bj0XuI)gSTD7F+5g?jjPL1nAiOwn$Mv|GL
zEPXgQd~^El_3@7{S|(h__uNKZ2H&J}GO`Xj@LT)NDM?suDFKM7Wl$Hx<C8nU(?Nc7
zFVc%QKfZYPm*aC-dM2cZU{lhWVcvn?HHF`OfBxpjcPDRNe}DGFyC08-d1Z~zmX(9F
zA1$C|#S{|=)w)K5{N_G_3a-C(l=fX}`r^gO`HRc?)-)^mGnv=4roYuRWj?5;?lS4%
z%AWUEK&WUFWQ8O%K-2m=*NuulCLM23ItEImsNbO$#EMh%Zb)2{Kq2G_%7gMu%m%I_
zOk2lN_u8*gt#~%H)sP>+upCp+x#~02gMF)K?wMLw9D);}FQ&#+NCLMx&3PEy;f6&z
z0$ya|lI!<pLlL;>3pY5iaT36;VNPjGh!GtuDj{mdTmT2t92l#?pOl7qTLzYrLj6%W
z8x9}}Q2*#z(C_tvey?S|T3g`FgqZ751cn{l-}FsdFOGL0=PBGudBt$#LIN^wfW2lB
z85%=mVeD0RFJ8WR`|1?EesgL4+lm($xKv%rj|IIbch0x;Opk~fHP|4v|1y=Dcv&U|
zjm#B#6SrvB)XW4y?-hFuWekmVMvUKJ9=%tD9$GVw2^C1a+dLZC%GI4qa{{IY2$0u)
z<5U#xbC?oks<Z&0V(!Iqc{1$2Jss+cz`4K5<;k#x&<(j7Shq4S2+IWg6zv5C2=(r0
zH-B&Ji`ZGEB1S~=rF6#-G59V*Sg0Hrm3l3J|3@Y&t=Vb8!UcVFPJDXpKFhnDuTJl!
zyJ=ARVh7!UD-7hbo;MJubOaKDG&Yh7NrC0mP=gJBsV3`e2$v<$tMBXzg!;uM)}AJh
z+bHEU_1IK72B%ry6FehM*dkFL<~Bjt0Q8re9rVO3wgKAT>p66REuMRs70mnNDAKtA
z_JX}#d-VZL@wJY9hZ8k`HY0;TGm8Do{f?J332E9RvFlaoZh83~oaeQEbII}$E}Bl<
z^?&!iU{o?ijWTI&(dHcHl4k-Ipjyx*a>rAk`0}Yf*Vz8wI^Ww8ov(JhD**c4OWzq<
zs~w7FqO+lY70uV=J&s_$x<yIQkh9yl`mZJ$jgeAVz#eTcnRut41_T6-wAD61#*O4}
zkXalY>{ppZ{<6$0?3cyN!qtBOZm|(#FE8dI!Zz#%PW;IC`GKcqDoU2Hm-%2;Cu&Oc
z)$Uh#PB?msVumAhRpKHzO&zi6<?R!+PdqO#FNfWIJ4E@s7F@i|MR6bmxKU-!RTSj?
z+AwRj`Vt#mEr$W9`K=kk2^?WuC+sHCR}4%<7k#Cc&vlGoUxLC@Jy~$r<3ODZ(Z8X$
zr$e;;QZ=y?80b_D?G5ACn6oU2^i3ryASZ%7l#VhS+jE|3n6f;AXRhn{f12Q(2T%77
zzS)8wA)BfZ>l{9N`pr@A=|LZ0Lf02uWZgnInh`Fkw+<{_`Ly~g;haS-_4&A`htLIq
z3^Lkts*d0{p;#H~^<@smQSI$><i+WPOJ9me*$Cl0qmAO)5VOMUt;ogO)GmX_oJgM&
z!Qz>*7wXqKkY_#+Ah00yZeT-#n*1Ynm;_E7wpxShpb=w1eQEXe3iHZWPaSxZ5D-5w
zL_z)0i?qX%;;vGaJL-noi@@WV?N_Q=J4+tC9O>>K{*KPzt_P?nL?F#@P)w6+7X$=!
zk2(VyD1kb-m%epe`fTHOZK+1|L6@+>KEOJp$N(Y+v1F#b!3WDa=L}2vsBGDH`Jt0l
zXuU8-ZiRI6^D3y&|2F4Up$TzUS8lJSTs2OTcm2u?vgZZi1;*8PLv2Vx*jttMH)Aw{
zQH*J5+?v!r>KqdXB@*zMZ+>v+|9L~NY1c?69Z(W+95cP+3g05puhD9}mk*~@t9?IV
z(rLt=W^Mft{v|Z){^pu>%f;$?W9`yBkFAM?$8=B5Pep4fOM%Z_8EbamF^svj<rDY&
zLfDP>ppktU$Hvy9EkVZTS_xdSFc{!4WIUqDIGzVBcSUm0+RDp_fjOMhLbkEFdF~^|
z)|k)>h`H*YNP^!i;rblzgr*b1FET2L@DHir;##4t8t`GpXK==1qOa!W%nmw%Z-;yR
z%Deq%2Q9B7It7cJo(sv0fLELx{a(#YlZI`n8k82N@OZvWYfY-D-znBFP6gmpI}zsR
zi61o94uf#PsRs&(4kh8B!Dx8SLY1sCT3=Aa;bPP1u>gwuk=~NXibk)#GZN~1D~CgH
z*8F;_??(jdbJxlBHe&1zvtsTpVu^NiQj#-<#2fne+tVQgrvjuLraDH2&+b~N5{=J~
z$f#4=z{<E{a^jj%BD#yh<3*B<Sr+9Rr!$l49e1@%9Deh*XLeBGkiP)r@?^Lo91rCh
zIB!pz;Mh6~0!Z2zHEZVtQNj<k0*$?qg27_sq6BErYA6E>;RF!3YB|j6u8AkWAbgBg
ztPFIZgOr302b*B#lH<{chNW=#P$c$9<ZL(qpXXpdIM6;LW+Q?R@LFHv^($R~i`KbG
zVd?_ITU&T9=yy%dfDY<E-Gj7#L9g3CatlF6vNn#51r-`mwctUUb=O$@woTk6yUSlc
z69K*v-6XzJi`R5MS4jW`-96p7l9JiTEa(e~!|Pq7IqGSKWAlP>bgtb%-Ag?`H2oe=
zX*{>X>VeVVUr_;Bmd=J~q)Jk^gwBSu1GT)mVD^|D?HIPe$tV{&i=k0%(natbwb746
zCl9jSRcdhu+ylB>_PdWL^^*@M4E!HQp39{o-Nd<A=_MBBj+^f4w5NhAZ4MND%<+^+
zNK+#61V<N6tk`nZEiRf>omfgUZ?~%Mm|L|x1zh2LqAwFkErI&0!zYl^aG}4Uwi>DS
zuKMSwjsDSU;Y>0SV(_(b>r^xBmyFY&)mn{*EIKyjl%#p}6VV|ZN_K=TWRgzh$-=gD
zFi`K6c7kw{yq+=>Zq&r#Gy9tj%U3x^O*8jK8`bg>b^_i?8k@il-ZwlW9FK|j5t4Ro
zfP)T~a{p*tkqMsB+@S}C{FL1!-li|X^GsL#D@`JH<6<iA8y^#`dc-uOMM+9yHDr<S
z&@m_AeeYFTNo>|i2^U}n3rRWMfcMD=4@3J#A{_@xu|+!73)r!RdajTO!aL)PMx^Ti
z%Z>@5)omG#w-k*Gu0v|a^juI9YIh;%z50m9<UM34_KX~&E_FpY;|sZ^LTUWa0b>@?
z+Rl#<!{nUc=&zhg@+JY6AaoR)y=OmC0ALz7%-!72)V+C~U#3nA*<>1|jW<a=cX8K5
zb_I6>%uZv5SqDf1eMWm^i|oooC$c^so+K%NzF{az-aCb1a$>p{Cf`!kmKLCF5^m?K
z6OMw_L}VOJN!I{#*>Ew9zxC}wMifrOiESvSY8#5ngo?9L+?QTF)Y65OL<xB$nRy@>
zR|+E5X#o?h#2RmguJhY48OBL6Q{TPX>vh(dRPse=-waSh$5i5&g#;&l7o!M`GB6I<
z5q5#;6XA_N7AC>?=IBL<aPS<Ih{SmQ9YlvRp8fkdt8rB1b3i4X!2b&Go(1qf^G?Rz
zjQV<|!l!1g{h&7O8*<flRCp%g){|r=sJXOvXLNePoJUEs_$-6f%X3gpKV=rn*~qsm
z<&j-@mI!wgWa5vhf;I^>^8Jo3nbMPIs_jgTEr~LnP!!T~Mj1qj1Or6K;uvyWie06P
zdQCq!g9Aw-&2IXq{;uj7B<Pd0qom@5%DKMkqmKcUNUo~5YvTk?m*oUtc@-e;CKh?z
zqC%c2%^X`+(*rs@XE8zFLEi3TZT&gXNhythAW%%N3F0g^9xdvxE1eA=Ql=HNlC=00
z4r|p^?+%jHEVWmj@bm09<=q!74^!yv893z3Pt#>C9F?y-xt3fL9_#=O?Mn8JGH*2f
z>C-|7KWKTb{Dr$ZW)p>NZv>9xddynBDY9mt%pDy~xHFu|Ndo`<xvK`VyXC>`<S_Ag
z%!$(8FByo0IGWM~gu%k83d?PALy!d^3!7FCw1<)qbet$P-|RV7pF9pj*ra9@`@^M}
zY;}TKX&HD;MyZyw(^<t5n>Nf|XC?rSk#(k0j;)PX74f{aj)!N~Dq;{FcvHWtGo9%@
zztWls3uwzbXE0n>(pjA{$);G+5XZ3}vUHTiF&x!MGEHM0Vc*49srb(pQEtdT!Dtj#
zat;)0mNRkYLz{=ec6yIKHX;I@4Bx_>n=pZ9XVw0^>OCBu7P4=BDZJd9LCXO*!i0iA
zgfu%wm}W{@@Aal_qaI8lF?9Q|_ajxWG<?7CezkC4m$p3u<2lF>H9T^}pr>G~&>YzY
zCh(8=K~C;;5KG{sK$u`03A4e$y^{Jquz?i?E!dNCHkZfnsbuhjcFhK1wgG)cAzBt+
zD}q5PRY{NSYrTtELFY7sIEoqvnvBoJ33IPs+(N{7ma7t-QZQ$4qt?5qy%y!YM+m2B
zP-I7WJX%Z1$X+P||JybSTpZd3U~F7i4XPZ*wo`tmgR~dmN|v&ijpu(R^Fb*Wi@joM
zs6)-B?YBKP6=0tcvaorM7@tDCY8Khpmk`;KB|>rxZYn-3GfxmTH74AeBO#buh1Tp3
z%fRGB4?8djto^8D4knMH`ya*~OS3!OXCzWiaO7boOz;}DC%3lHgx!GVr|DD|HoKsI
zOoQ;0C1aaB!K85nM07hBQ1c{j#h_JKZ;gf5S$CT)x<;z5r)Zp}E0gXN-(Fmk8>cF-
zLT*q{E&I2Lz><m))p=4**=r`vN+o&DMIB}vJp8QpT3|k!pGa++T6xpC0~N=BaLRDv
zKV%VHL51MJ(hiw|9JDM%&_!PtcbW^6i!e_^YxAz!yM30dAsKD4D3Go;-a@c#)bH&b
z=p#7TmhCAOSc!iE*9wSXpF#Fq&X{b~WO)s7s_)oQd%_%XmJZP0j$gg{2PCD(ky44z
z8I#}BnCKh-PHu!nH{^6iV=^W$M2KT!YcVo~CwLTc%Xa_pcXynjGydvSvQ?jNuBr<<
zBk^3RV4(lrsQqq2A)Pyb^AhMfoh{U{MZr!?a5%9M&<pB|X*O`-*8$uWWVQlNAHAI@
z4Mxi<iJ&m;2D+BNFJE00RetR_uw}vfd2pTk7&X*o;?EfsKY>Wog&r1q$40gvu79;1
zY9agQ2@INxQuhXO`Tj@+)M>Z8^Vzdgm)ucR)UIlAA-}g#!_;2yh)cCqpA5LrSO4JM
zgJ^bdL#G%eEa@m}1!3KRuBITa;H=88jk2Gm*oO3faVt4?3YKK%XdZ3r8vsQ8V~;wq
z<7qoky%eaKY9pHViU7AEVq%Nr_m6hLtPC3=yq~bJ=nSxhE(k$ehu<9Ps7nkY0!U0_
zEf>19(@NIs>bq54qB;@G@l<<CT0>6@-oMd(gI&dLD_Xg#3yfj}0xy>(MA9Mg)Cgdj
z|1hbPT@uPtzy^_p6E#%ti*Xj-1McsKh1=TVeapMsohMwdH=egzTe;xbjB&HvqxUUG
zCT1W4cfHqy4yd-=+A{b26#vp(&^V>oM8?4AzqqF-pHod;qWk*I<%^3z-pc!G;)`Cd
z*E>2mfPZ_vUishs{?pzU{ez?4;ZgtS;HdXSuYa(=-~R&j?hS(lPbMVhU-a(WR=IP(
zk*C$N1{LjfsRZ-Cz{(EtOvb-Bf)7q6n9JZeP5)xj5r6!cr~0trL%i%%@!VY6uNTR5
z-~*7$ykt#(Xth3k=pZ_BxcH|MA3xf!YGK!u2yE!?ZOA?2isZ~LC}j2D`S`Kb`k(*p
zzx;PCDG=++>^Ew2)aIuVh0QWS&e&)yQ>~Z@6RydQFei|O%-jGA!Pik_kZFr^#m{_@
z+SHk}3YZ4Kp=(^)+%h(oL?<MkcEB;&Iu-AKa|B+_z}0CoVgXWJ)+0@l$PTObC!pZQ
zx8|Pe$@ytekk3_3gj8J<qv6>2ZVa9ynuKu{dGoJJw9%7tEelPkY7i9VB8{m;?OjDF
zoqk@PgP2yX^-)KXuL3;BH)W8|eUNo^RE0b<%K-gRw9&RsAXfptgSKN_|G|S#wXJE}
zhz_FMU~%Z6DiG&+Zqi|C7K3D9Y+}v}J%V6AT1ta&MbPg*d<Z^%eD7RpSW?W?mb=XW
zZCH#AO%#5tODiTj(<8n7Zs?_)PHiok`P}>7<D;Ld{P%7`Vzu)HGL7%2jm7d`zu)g2
zmE^y}y}jO}{Pz&ghY#Ja(2Pz8a8x#;F_H6>JfEsz2`6NLzUnIJNEK_naEI#dRto6Y
zAQHBqpjzSjn4xTX>*Qa3NfHdgcHdAXtww}?Q7U*6qN9EIlTI(P(TLunb|(j>m`TUs
zXIz~$X9Elsx+Wls(hU9Rmbw(My9KyIsk}WeMVsR5g+A!Ntyuhv4Y-EdU$;^FU3>HX
z<k*5l4m~p{*WwJNI>k}<b|gT&AmVe9GNDxEIoe)J_}@V#ynVEDUu&%f{4>Kb9jRRe
zr>W`0Ux^+RC@<B}sE#UaBE*>>+Qi`*>R?h$RwT@cK1s5Us#KtDGr6a)FYJvOk&<vH
zXq}A^H|7NZ;x<!{TC9(A;Vz{@-XHS15x0kb`FMM(i~Z;b+m>l8uo9)jB8T(@&>uWs
zeQ|ks=3)gvDIV20Tnlg4MzFkY3ea@B>nx9^zcu|G>uftFRl0T)GOVg(odFZpf_b&Y
zJM}DVdttY#=UY4Zx~sDRt<NFQ#RPK_S+{U6p0JkROvk!kxvLR4L3BFJBzOhDLK>Lc
zHQG7~F5TMrZ7;QD>6qh)pvF<st(zt_rcK9+OO9r0>gDH%wRKA~6qKaQ#!-SKc@jr>
zS-0%SH>o48+t9R9y8|)l0#j)~*=#8d{hi_jk4e<InnQI*MAjXnPTkUpE%j-bE`TKa
z4?K-4<53=(mOjnPLg{w(-0)h+&>Q6*1rNxzhnzqdwt~^sy4Bi6eeUsfjXh{gxy6<`
z9VJ>Ur5I~e4HK`JiYr{aT4HT3S#u)3oZDTNq_K)m4Wv<M?sw6l<aIrxs}O&_;{`ca
zD}sU%SrO?KT)%Wbg4S^qi4w6&rh$2$7g468CFG7Uy1bWPyQN5Rn#Gc)F)0!{%!0@r
zjv!EgFFq`i7<1H%gIV4!mJMpn_OXbf>Ltj+@&*@5duq8t+&LS6GH^MxT}Ha^=H69g
z?{FC0E^Gu4g8tnN>z}&+ZYl$-{!{TV(W3?H;bd}cN)iRFw*s7+abmGn`<Pqaz^f7$
zpTw;IIUzd6md?!p9&GPdF;SIMh6jF9?)TNHUkBC@%SlcXPa-lhA6^>~E~k=iMW)c?
zzJzcbY>~I<%ZBAP?>r*N7xIeDuBzxbGQ~PFX2*ocR=c*jsdO`;l0fW^$aC~uZ!+?F
ztMEAgd}0S}|HNpbO^PcFSl&{Nj<gurlk?LDK(yFO1xY<G=Oh7tSeTVGCQ2FQgzO^4
zWKD2Qof_UL5mw$=z#%z6)g5ydPB~A>nLuqJIZeiG6zDT>&kQQl*uD*n7mGD8>TR@C
zcH0#G#Rx+?m1-5Ss8d#{K?^p@u9F0}g*F9$+eX`NQB@Ddo>Wxnot@xauhL$jL4Dx+
z&VYT#&5>`dOk!iZ)}0a8XkOj+dNm88Nqeyp_PMQCkI$x0jr})ekz2+0Vgp`i|Lyno
z_IpoD_TQs^@6rDIAWt2GPFZwm2%v4bs*S;GLjjcn{aeOc&`Z7Zc5rpho!mcu^y)ZW
z^%s=TBvRu0vtkK%mgF6Y*+y)nlk#_^Mr@Y~1$nra9kiV=S%%^j2#Og_cJc=N%nwRs
z*V!%xYWy<NZYZSh1h%`Tp~hm&*bV-fF$tnxL~iqq9K13Y;GAEn+JVALhOzJ>PX*yd
zvFQZ1I8~hj%moyXTPQZ1e7H=#LR+xo4zoDE(6|0_faNcFdif0~v8p=5)K!M9PQ?y#
zFp}^oO<-mGz;Q^1#rwJ+J~+|us8`q9h4u4h3O5xzHy{5>+)6VUCBj@Ba>d;%4S5OK
zEdZ?J(H8*gSH+1^>t7Je!wC`o!nE)5(#45&b@B=B_j~{qeDn4|T87v-g(kh%O|AMh
zH)z=25%oUVcyA32+8Qf2w$?NiJd*siRd_#GyvUDM=kQ+BVuCptauyQp^KP$=*acbl
zxe!~g(pFeOxTBeb&OeizZyP0ZMeX&rY403P70P+O<3j$TDQF9+`&g#62CK4X0`P0(
zH?>NnQkdNQvY1!3aq5b+w1{-KVG}Mo;lUneZ!PaEaM7C(9Lou$wGczb<<3sE*%78O
zYQH!?e{(+2&U-r53K$H%*si-?EOll=0?pC;1+Berudq6wlxv~E^IRv~uJ5wmm{;lW
z!saf*3DFiK*I@hQ<>j!w479GeQ=}3c(S!&w<m`(0q%x5*{eejTm5XnX>fBG>dn>$D
z$E7fH2rl^;Qm*S%BNaM&_3>>a&6v)}Z>U!VbQg4LM8bI(lZ7kVn|oK`z81Gj*Wgp8
zCqxXMFP1F|u6T-P?V=|-EQ4QF%eqybVvAO=G%|ky6<|Q7M&J@h*cWMek$IpJg0?Fa
ze?dyJ&OfBy%MzFx{&XD2dGd;BCS+~^r(ALBl!Wfej|+9JPb}Vhy?PIkB(;lkyAJ)*
zeAT|}<eP~-f7dEUp<*fMwkL`fhQR(PB3?H`l_4z@%HwG&v=$a^>}RQwvthM~vtgxy
za<N+QdFV)QAljEF!*)I#Ht1x{aF(%ysMyu-1(H=|oICrX5z(tq6}S6Pd8R7luYngM
zMc0u?+tJ9!j~%GgUPvMZ(pWIRIkpX>{PuLXYzN->Re@WU?kg5Gipr%zAIwq?TGPC~
zR`;XQ1q))Cw<PN>HJBMFtagYWq(cHV)Pgg=dKOn#+(a0v>})phP(v#X)oNFf?WUZj
zO?~MWzX5H-RXw#oR2Qn=N-SO`xKw?kN_K{`0rhjoK=pj}g0?+OT`<h<XStlc#9B}}
z8V8~@4Ssz5AdRyzO@v$ewVg4Anow<bO@WSyi_=~cqx|aNUp$hno8*!t(@=3ODFgHI
zVx^^&4X=?b%3}uxirU?7)xC2=0cNoX1DV|XtScWr0PK$+1CuKB`Jl>NyZ%lj!?boM
zirEd}1qIX_PFvn(=BPzkkm-!@6E;mTC#e1J`#~@0b$Y%RL-DNaNv&X2kcUnyxkt2n
z5Cq;SqzAloIaUKS)Ls~ZNc7&Fti4xi-TT>oaQi-JuP}d$2HTFqb7RR`Y1ORu5}L&+
z4I(TiR}Ay$dC_KUa{|(2Y`!$F&Whn1)vXe1BsM8tYw#(Rs9@y5G=#Vuh$GpWF{~dN
zuaz_tlQWZrdWEL^;+wSx$v{_W2@0;+hSnw2fSj{T5-yAtJfU&j3ULEnEd2|T>;jI)
zR~!67?OKc%puDUjFWf1^s-3CUShqtJ2>0D7<Jq!mk4nYY?M|`!o%`awT!k6XWE5w&
z(bWQ6ZIOBgRW4On?>U!PUeE4QP|<B!HH%C4Lyh1S7Gwp)UD=Iz0w+@YwpER=P3@Jc
zY}9Nf2(QZd_3hcRoAEr8HhPtYY}rrA%=5-J=jKI$OgsN5d90j}e-$*!bplTZR%ku3
z?n%GCUBK_d?_(SAd-QwQ2mJp0IyQp66|mh~Z7bN@bT8NoB)cXFRD-`(tHk&isxUrY
zt-@6nUK1_d>pz>fn>Cr&-mipv?fo9u*WT}sf9?I=7}(yY<zST_F7)SWMmI0Dn1z)c
zslYby+%tJD^th@q6)2R+KNq3BXp!s~kFwReR$VUTzAhTsge>ahii@Rjn^^{GC8Apb
zWOa6Xr*T-ix>g*7BAg8dV1;G3cJCLUthdTVyHB<7lBJV_T-PvN18j<u49Dj>q2p>;
z>MAA&<m#)X_GRsi3yGyzq+;m;i<y!xvw~2yzT9F!e|iI&ZD>RLS%tMNZD}bl{B;Qk
zIo7`i=^*dTgDE#_s5~qs$t8)2`aQ27s(U!>sGfGbDYR?y?tO{_j|E2$wPUcD{S=C>
z%7s3|5~|?&$yd@R*Murv`lQ;>12Be4hwhm_co^Etz~8Yfi7@0hTotcsRfSl7sdC-j
z(I!=|8O<i0e`Q<^?A6r!4TsX^NnaT$Tj5jMi;FGZU4p4Nb1Z5N%gIKq$g=gu{}|$x
z5s<M6LcGp$@!KI~hpS~R5ng*1zCv5qWYNh<wW(`Te{8b6B};P`*EIbL;dHcK!`15d
z$&AK44Od1-72ZgjYgU&e*O`b`DfBNbAJvXQy?j(#)R&K3zPiHo1Q%PlILs_T2H-Aw
zzYz3$oe)gJ4%&;SuR%uhww`M;FYG)Eq1EnW3r54=oir<G+?-a?`s*86ustoV;9Dn_
zg1#SI8@8F|!pm_qAnymi$_BM+t@_<-QSs$Hb71eSZ%upO;tDHbszKi$uJwE8!t$$O
zssZ00qAP8^>r`K@8@0`DZopgG)rL*Hx$xQ+#pM|3Xm^X2nkiA+b~C^rW+9G`$0U(2
znOL+$>MPXESR?37DX$8!dUs$6uByUnxEj!R$94RQ%t)Ok(^PaZeh%DSG1HFa$C+e9
z&PKF+JFFJPN}WZx)-`ai%d^>|wNzr&#bDj@iWIwq$eJtF4bH+QHl0!nG$L2o3d5nx
zt#vxs)S`C5zr?Gw>dGz}7a!nVk+TWXF7Pys>kU)Os@(BVs0O*8Fc}lR02N(eRg%@E
z17YyJfFJ{J&tENVpjxGFS{8ucbaqN0FX!nZ&Qnu*1w0MVdqQ!DIi9YLBNSf&NelLl
zSgysa8tW{;_g-0*fjK5gfA86MbOl^p(FG{_;O>Z7%2|rXI%f1z+`PgIuq%SRBYx^9
zF?SJPf_nYB-d%X5dJC{_Z0L?1(D50_v6N(*%5xI3Bq3qLq5aBr7j$G{gLmvq$YMW_
z&6<@08((#K&#QG7^tiTx`|2sUov(wiD!&r42JpQhy1>PKX`Pi2_8PdyJ7Nvp`<bTK
zbP-R|1y&UtbZNK({$e>5)|9Rrp?aX3PN;z<@RVGnczM@d$pxr+!0w0^jh60UrIHKK
z@_^law9=TI<MP$khVe3G7mrvD@LomX37!jy!|Mfz+9In`wJpE8J)@yU-GDR$-*nDu
zATAN$8fvVF?j40U2XPg(uUdE^lJ}wbIba~WoSm*DA2nB6h;LmJcg8!#oFsBx#H+Oy
zVqV+GolzGlPS!=dTxTKLH4WSu=_@=Q<1rb6TjF}SH&k8Nh34k&m9LT*3rQE*s!fSi
zxvD81h!w00m9ljsQU`F;$;@GeoXAUaZ)iDsuJmFAeV}(o5xkvVBs0ocG9?Q|uI5V1
zMzqqzrxQ+_0?Ri<EopZ;bu~gBEug|R^3JZ(Qn8*tma8_jE*UhzHAyy3Vq6<hp$UJ#
z+A8Rmnz=9RaU8Ro6V7Vma4zjcP3?^g(hISBaVrT=aIBiJo`&n<SO?=1U^-3Zd}9>-
z%J*lnUX<Npz4dJ<aLqMt+q&yi(q(Y&Z90n>Z!o2_5x`nF`dQI!!X7(gtKeTr_Oj7*
zFHIu!yb#BB{Tw<g$L3ja+BVrxXkFc9T)C;i`|QjHn+vU}x@uQ8*<_Y=uMiI{Z}JB$
z$qk;bNt9z<tK!Dj&`3@3MwC~{l3&|V2u|wyvCTO0GV++vr4}x~!eJf<vhX&~T((mV
zk-Tv8$lF@J63aP>p4@4YSIrgwYa2CMN$#{d54*q7GoG9I4dp`gIoHcI!_Sq!2Ao8c
zlTco=azR^?{1a`<c}m{YRocl@IhCtx00rmYi+LjPEn*||UI)v*Ay*!-_h^EJ$x8|m
zylYEAm){5Ilt@ftfoOt;=V<Gj{ey}NaKrGL_fI6VK~#1Ajnbf2ds`Fhv?j!yKWXUW
zM=+E-Ae1HkZSp`e9q&)$qPQW;W3*QJ*yauCsMXI^8PTqt=(_$IPl@~OvxWNH3v^iD
zXbqwb_X8SUd)=DSD2mAq=Cy*_3f=Jl6s`)@H?Z=}1`oxWn<I5)7Ho<ubVJtNlWl6L
zCMm^QEm;8mR2SjaqfxhJ>oE)om*+&VcvgF0xgwfAlrpZR7Ve60#HNr!ucmZ?^8-)X
zMNf2jVEU^<$=lV%0)Vjb;Fz}lriy4z`SIgF045Aov5o5REE%F2bOpW($<?E)U>28c
zv9S&CUNY~ikwhgv_~MfFYrj%wgS$I5<Lyh$(0T*oSUOToc>U@5UU0MlVoM2Oe*uzl
zZD7I0F!iXvyu2LVeGFC&%)WYOOF(=E*3ifUQTv@X>=ENPm`5afS%0;5X@x-YOh^))
z4cF%;3t-i5{)^i#5BI_WThyZk*PzzykA<`%YO76I%GvFFn8){A+`B^QyG&LSpxT*Q
z(CVhsR0O&49Myxl%LLs)VUO9k;g*=r*c~g9n&LW+6|=GV2!^Ff`E{aI*~&3oh|r2;
zyP?h4U92e9`UPcax}Mh=4#UM3a9to?aP7c=XdER6!5^z~rF9V=(U??I7L?ngF>%)p
zs}<L6^C}yS2&c*Tg8p1b^m)Usq@X_&zx6VR4Z1BWJ4AgMh+C71kVUn6U}2QX<x2xr
z18zga15PBLW9_`U8d`-K0J}g$zneBYrAd_WCO_zEqh9&Cu_%Ju%=T4jnZ%I@O!9*%
zi%79y_-dECSE~6gG}JM%IN)y#7787Ovlc8E^;W?W3Ibzyjo91JeoHG1O+9>j(|Yk}
z)Rel9(Xe1w9*shUdl{9DEU4V5?)COlU%78gF7ia1D|XQnK_vK;=h}GfI=iMxbS6-H
ziqm#psR=raf`321z6Ol4!k3O{h$RuWXL@jXZlVZqI3@5>Bd%V#;WlIMVJTu7l6HP$
zzaTYvFOBBpU+!0Llhs|L>s7B!`vfGE57j-BPeB^WBkg{UOf(gANHX)klVo-u8LR4=
z`JS_BsVVj9?#-2s0liFy`B>MbpDnhxV(rxu(wdY~dEeGf)m1*a^$ORDlCFT%8I(?9
zOsB<sm7#j&l1{s%qm}H_US`;xdIWB%P%8!6SY>TO%GOiL2k65R`mE3ORa^f<W0J2A
ztEBk4OM<WbJS&j%l%Tfu`zw{wFN<@a-@R^bxqdVYjp^OuN3|goO1t;PCKq&b6>d@U
zYT07@OI<>>Ro9xWT$@pS6_i#@i`JYJt&!Xou^l`b(WG#|W#5!i#;aK<r#~|#cUI0M
zUtzG4#YD@?-ne@&@07Q`(pthIQuTcC-`=^sg5Qch#shDWqQiCNQ<23sS6tr56jI{X
zr+I8l@_6^oN|v&ijpr9BCpbD`iI5!Af|OutY?n>*{h<GiHh~8xIK@{qrjim7{5iX_
zR`9_5TS*mNI9+eXK{X_@G-X_pNXOY?3Cg_}(4U^8nZl!uI?Y{fgui^LG*(?@?HCzT
zVfMx2v)N;$gs$~s5#4vjKd(a*?JOC{G`>?Cy<V?(bZ`Lw_IkbYzk5gfy)XI)N4>+N
z{?Wlv?~7jlX>Wh;3)H)}UM_etAu<1=cjvaso%@YEYB@z@L=#V9EE7OyN+gc3#705^
z$3<A&z`Du;r~ce7EZ_sfKPqh5I;c8gi@hu-4ea+I|LQnF9z|)T9*LBMZ4aj>Ad7if
zliMe8CM4l!UPAo}uF^%XP=D#H#`(MDeN|X2?CD;mr)snEx8wygV9J#z!a>whs7AQ`
zis9%x9OEP;yuB*^u~+GWWjrM3N=`Sk*YtI;a(_DwzZPRfjFY!JF!Ek(()QxkX!<>#
z(s=GCiYva;GEB`(t_<9TFV26j*O9f?2ROQUbkLaWwm?qy*h@RB=}#S$u9Q2z=->vl
zy*NX?#C%L-H8DMubsjOUkgc{(5_eOj)H@{?7tl1n3(3#Rg(?$Y_rv@1q4@uT{olr?
zz3cYBZ2#{c_WPy%|LEwb|G57@#8bx&%*1y*LRe$_H?>XWwS<A1BrTRD-h)`s{R)|A
z^_d_M8ZnM+PdSOn3@6fUu3vSbdiN`IIiUhkfpCK8bec&BK@9ft0g~#Qn6NC4P{O3~
zP)1io-Vl<YEFE(k5oCZh4s>a|whVjuw*K*B3#X~)Z5~k84cRnh2}$I@cCR`P7Zc1$
zWM)zi2ThQjXT(ORL<4ZC$oxHJ36+d5?N*5bbhjGmrLJ=m5>Ep$>4p<**lX@=Z>z(%
z#=)541dmD7xiY)(Ie}==fw@U!iKIY<A)8KFl4sjf&01<J5|ux$pL-#1_%!qXyYqef
zEaCtAPxlT={Qq!o@9>fTKg6?08hik??~`hK%ay#M)>B4qL-o$rd%O#HmDe?T!D7I_
zQFZZGr6oR$a`-89!Ut9bA2q;FsR33%;xsM0$9k^{fNP2_)-LNW71Vtx9;^Y+g!lG3
zTzUTdDO>Kn?h%3qwlLLgFOyNn^Ve^h>N+}FG~;hihrfdfy+_+YRsM^xlJEtQ!5mNT
zMFLzV|0!XwB>x>A96ZW@5Al4c#*FaJ@!d6R^3S@@*EESx`xFS~g2?tx)5cimCDrjr
z-8x8h%7>z%cGVH6t=+uZg+kt0=XT0zB1foweDdQ9G|G}tw@2k%Y41uq&ks6pCL}>T
zOA?xlT`nOk5JuI$_^Yu~TAfXjhq)YWxm0kXbkyKDP0eww8yA<aXa}`n_2o_{`6=$-
zlfNg(9OddlNaC??ceo;;!?#zFC$cocl3YlRB^l34%nOoLD+zB0wa-}`(`5V>%C{@W
z)vDd?e0u)aM%yk0V8H#l!4%)VO<ew_oyuXgp}%eCdpTi3z9#a9@#`J59ZR%5iW!zi
z2TLHMe$Xpj=Ff+*Sk?~T6+vT8up}JG2~JR76GtXgKRi5&SIBEm{Y!g69g}W#I-M3y
zsiA{`+7d)})^DkmG{~v1WmPXF+vOfV72}8J+ojubVFns1xbLpUMp|7xX?dJsBfSnG
zoFq)<9xjVo@QSY4j8dZp70qahWjJ}|24fRt$+!>}SD2oNqSr%d4OWny(&U`rXnsLL
zmPDf91mg`ssaQd*t0~UOj4G;oNrhy5{)$d*_}aQJO^r4~Da@oLy#_i=S#)V$wu@%9
zM{kY?ed^>tF}Y%xM;#OIgtJVNy9k5J&VQcn9~I@lz24qo?@|7Hh^NFZ%#=f>;lNRX
zlLI?oWY4!RyPPTO&iXh`C)jRfXC9!<cC(IaexrS@w3XCsCJlY9Y%I&RmJ;WSy**^z
zEp>G){S9_41nusZhh1@7ZPCfPkrZ4#tJOD{vVd;@@Q&VH3tLJ9cqn+D<@u;IIjJ`-
z?W(CG;_30VPQN&%-&)@Vvw7=!Mz}Y}J!_3{O;{N3l`kXIjQmk~<U2aS+p3MbfG^S~
zrM0Z%t8Jt;{6F98@5unLO#km6RrLR-kNp2(9yksTCnUT^6B19+%xI|YaJSAgdA1*X
z6ZG0>yXctwlEl-JV>0?Bx3JD2)<}D2r=Uj{Je3s$^rz<t;QN_w+XdTo#~QEiYPoPP
z3Z@G>LSwi|BkKj=G^QaIJE&ji$jSzfCX>g?MvpqP$A7R4g*XAVT=yNRx(eK!Wsn_t
z$~e(VE=!2rx{>Kl!QN4|c>IQKAj@=aH?xmQ_X8;1p7qGBl}s`b;ur#%`{xgKr4>y6
z{Y7iC`2gf|>%*VQ*dRWWnc-2t|9w1F`H$R6jyvq?ClX3=FCyR)`LEYMEX#jK`};?a
z^4~)|RlN`9|Bar0wQ$w;S?9OMNfHs>M%xh$m2{_StF_(^^)0$Kda`qegUQF|L7wXR
zH?gnp?eur~{ja@){YU@5&-8rQH0XL+s<vd4=<_lq%w0bdo@H>)2;2r%jkIlOv1340
zB<toF2fl>8vubCOV&am!*zGDZ^OB}3a&(OhzLr>RhRnM+ZLn4ygFp|2muzM?<jUT<
zww^A9FxL=WyBOCx_oI1vc{yylX}#*O``&Tj9uvpxhD7JiY^a|+a=IS~VZ_<gccN={
z$XO9BFV>6&;Ej}yxK|#pCzS!y<rWUxg}pT$dmZvxKPRI?Pitb0tlpKHP$USAIm^;b
z0Yc?6M7^>%0|=&=s+~Ij^K-Mv-}TeD|A&f|+>a2jO#VOEJ1WcndxwwyUk~zpw*4Qr
zs%9bJP8+h_6_qB!Ssd#`i-qG#gKj4;@~^3=RM-E6;8;%JNZ_740G6KrA3iOg{~sPb
zeO&(!@hm$3_bB1>cmQ|^JcJK`-``)e7l4oF1N#9KN#YZD0{9JV<_nP0WPDG~00m?o
z-W|Yi{!=*w)bRfl-=pp4i&gml(OyaZJJ>&Xy#N0oPl^9GoW-@49NSIt?Rn)0u5hyN
zm+;Q@5lhg^;c*+)+)S&>3epeu_E(IFhDtk?hi`Ybr&}|jEt`v75sCMF%rqx?$vFL)
zDIs~tqGMBo@XvCBys2;uC||-|sdF+Km>WvfWAdDTdPn65t<%8;L<Wb8KIM2X3cJLD
zN`<|~BedrFMRHw)o(@i6K<giaR`sa0uFfyWANCSMZfNg{Oz@1_D2(>kvKC#fg-zD#
zHdX#_wxEa8|NDmrPb>QW)5rL45AxK@|Dc=~WPWE(tvG}21^dCmG))Wqz0Ul+u_4IZ
z){#fcMfP&mza!Jk0(YaD&0^&Mny8}K)Y&m?%O-|zU4us(?oM^hsm-U*X45eK2g}ej
z6H*Nv!V<*<3yJ=mhw+>#%=Cyt%$gG&G^H#l78JLtfu^EP6<9?v@Cp?jb6nF2^I!*c
zR7S<AE~u%XaL4;DT2#eqUTD?aCtopacCAgRp!^!(b@rrRwZ}`9|EDa9sNfj{)4$51
z@tto1FXR9FW&2P6>CvP8=V6`_|4&(T>L&j?J^B7NV2c;n+wt(s@G%j*!~(TbIN9sY
z`rTm_Uc1ctT<J!c+?CKAvBI%xTKR2>;-APlaD~a8(&X6PiM0Z_ds8|UUZwgX=gV3M
z#cR1%hWFkrN1_JA#up;~#hx1e?}G2~EGGA%0xa|Y>Frnee{X;Pk^eu$Q(B?b2#hrf
zYfYHO{LkE8YZV5F6tHB+Ffj#{_!}}#7)0Ug&id^<T0jw8Gb#}kiVYkO&rT*Jy!OKl
z)C$fMJR?Xlq&=Qd6DDXxdFg6G-3@<#+iC)3cdf#hZM<QvJ2_>)r{adUF_=$z`mr3D
z{JzbryB>(FJ)XcOH9&BVF$WzB=1|Yy6N>}@XgHu+tNFE0sp>66|B?sc|DsRL{yz&J
z`26RvSC0RDu>W}f^I@KvTa<Ol$+rEIpT^{2I~6NhzS-3!G<!fLZP_I^zfb<zzvYvw
zUZz9H1})}9Ksd`zY9c;f6O!JGx~LOs{>Y;I=(`~iU0$+iSF^a8`keeTBO=e&BP8Q^
z+??M|(4R{H%Zi>~SOfDSq55yCNuHXjR@!USGCc@7Q(T@aD*xTss8^+_$={JiS>^xy
z3WwcLXFuUAzEk8E{Vd`C2S>ef{O6~=$MgS(d20B-B7mInGw$VIV>1ewdvjaAIV`B(
zC;*b<#gRD)>U270Q!qJp&RI+fy9U(5nVc|Ae+EYEox!ZQXM{QI*Z$UVch#im9;I;|
zk2x7*NiLZa>Kpsu3U?&y7>}ueYTu@d_c)DH4LS&?^arP2Xs%CgB}qVwcCRYuNQS`|
z_`NFVpWP5q=ipJAy<Ej`m5FGTHoqC+S6(AyBHiCH75R@FEW^pljn;O)-EQid^$W|#
zDTz|>Q}c?1oS5Gm;k?e8Xzs&3Odt_mooT+VFZu>}VZT}d|C9666>!fFzlwn&%jd%o
z^`o=!gxDu7w|;dH3>IXf{(4XIkZ5<q+P5-H>px_X_rY`Qt9e&|A!DJ_P8VJ&!Nsd<
z`c$Dy^@4CAIZgyzAzC<+e|o;kQ2Jw8hVNm1=XKjePkEY6eZOl3O40&yVNw;#_DZa#
z71Yv1$|9TI6WXDqex-<o%VhO?5o>d+{C-;<UNxiN&_d${jHZVDi#{Gvn%DV@iIiz+
zNy)JCCia)zdgSzJI^?rOzhC9|dH2d+TrVphY-iVJy>)+oPWf-S{C`E0NR9pGYQQr4
zPrtWUzW=d*^yvTfAkVKw{{K!>*>6A%P;0_C%vz?k0M(Xtp7nK|4KNm&j>w^P0S(ez
zWH=5(mX&>SEBz6L!mo?_=DPN@UkmqoeD3-*@c**Zbf<72OZfkO@9AMB{_oRA`_F?s
z>xl0QE@d39;r3c{4nHh6izZm0D?$>)$&}4>e!`+d>)zql<!dA5JIN)#G3P8+Y-_QP
zs~};>rfFc8Ljac?OWv*~bj6Uf5si)Vf_RolIwf7>W4bytQ^A8)2W*}5lDnTdq@2!Z
zOvWS{pb?IR+QgvOL;K-{2yqM}mzS{Dd`>w_ebTVU7RRq%)fs{8=$z<CQUTABWAU0L
z=Zu-K8fL)jV7`8F`R=>3*Qf6;UY!5s?Bqq!MCGM)D4YOz@AHCZ!;`!(>c#NvG=DJ?
zdh;*qip#M_+J@**p5og9IyyYuKQ!vYlqLhzcg_I=^kXLExq{OwJA>=*@a;I6FSuq>
z+ruH_(p}6fAYo7_-s2=VdXvO+)sydOOvGGBG94hvGnj3K#9Kl5W<yf!sQJ1^f7R-G
zMU(7yP*)H^{+F0&9p37iztX9*2UTWjbe^amaSFd8c9Yy-9vu(QTDdI~{v^{>&QB@V
z$+kFCA|r_^Hkz6PUSqjPYmaGvjf(5zb1zSW{C7VGf96>x{~bLo`+poB96aj(5Avwx
z{KOc-Upq^rpX+aNv^De#SoC&QG7{vbPRB}~oSdJ2vUX3-Pix!6aa?ROOXxo#n^lNq
z-Eb7K+-VFzUND_B9cfuKOh(NjG6nm{Cpj3+g~KPc4xnpFj87`|k%dQ=pZC;m8}f`P
z-6E)&<{dAf+j3La&Zj=tyFW|%=R0OB40ve~EgWp`406#xKORE<Di0w)&l%*CyBtE6
z*2rcDkxxF&LF6Zty%)%TcR%<s&r<*2gG&6rr%xZ_|2@d_DE~dU{I{0)_o>dsKDiXQ
z*(urb<FOLrpX6NZ$p+_QPs-<FzYRl41OGRpg7v6;+WY^#!%F<Gr-%JV{r^FpTI;*N
zB6OsTj=O7LT3n^e9<|(OowMkNynes@R!9-i<BhW){d##pb^V(@cWem7PcHxM@9kCZ
ze?R*FKg?4(0D;L5?BwT?&J(-wDtT#9v>fl~X-v>|Op?6r4m#{L908x`=uaUeV@Eha
z4h4ggPRtG%xCD85O1r}z3MZK3P!cX`!wEi-VG74xAY{@|=JH?`HGLtsDH9}eU*YVp
zY{64F?V>08ltz^*qy?zv#B+J_O_jhV2-rdGx2MCl7cUDvd8YshB0VgjLD$}r1bnVB
zmx`}_c`|HQ+ukuB>Kk{1x2*9GH8~o$8TTNRX-&{%9Fv{$?Rj@~(8g=6-CG=Kef-$*
zg1)Z5jQ}sNlq)mCjzwbSi-qMCbx%3;RzOu1cW9>epm)W}P`>TWTJ=D=IDc!6qJ{2A
zy72;f!H}4j->wl@EFtaGxq_@oO~@msP8Ow)Bz1oz)iCM5Vj<~w{4~pdHuA(LkN?wu
zx>r8`Jvw^&c>n)Fo~6-FY8Zb_OcE=jc_%;1OYamy%Y6<h(}wiD2O0B@n~g!_9`_jo
zvE!}h^|qPjiCaHALd}*V=P7Y+@n^$I7`z3#d~M9TgVL_lY07Kn`sF3*(v#9QpY$2E
zgxJ_a0FqCSpU&&@WY|L0Ok>4n5*Cr6-<0{i0JCzHdeNx<&o$S7BmaN6{Er8{y|Vr9
zaBuHX|9_CDL8h-V=3j;OTvR*DuY-w{>HflxrI^;J6j#ocm9gjMQO=8Bi6CbJSDUo^
z8VSWoS!P};^;^cGy>dGJ`rqrC57sgutk&eZMufG@2#qLglYhFVG);la@lI(xi}dy!
z$~1spYOzo)7Qg}R?s(NT8L0VB2#Jtn$e`u|aI=KK9)uW&-W!T~u9tyiR_bUsq5(>8
z0gX>+O8F#lmlo@WE6XI?Q^LnYvzKzGy*igC!$qHWK8bd`iBkMY%q#0#Rch$#LF_C`
zGk<*=lgoXR+uPIM7`Z)~ULK#~(<uL&;I;Rm1}u^P5BK&DEB2p*NBhr%Jojt=`B4)M
z@@4kN_|FaTpDzkycBlByE81;LQ%fR1SNc@rW3i@v&!57wNypSTb(Th7D<{HPKYm*&
zMf{p$caM>#e_~evV_D$s5(c)Km%b)ACrafYK_2PS-JY;F6`Rai2&Gs~2B^Cji9Fk9
zaXqa$d=r*1UK}}uyq8OI`fuLmC7lu>@iZ;Bn}7HeZR-{AQp$8MhvU8c6m5=J9J8Bq
z5>ZY<>Gikt;Zw8?r+qUV=RoY6PtlqPIZlb1L6&)RS$Msm-F5dhQ{r56DVmJEv8{a4
zN&C_mZI?3lZPJWO?02+NjKH!<FL)jPyo~v}Nb_2BQ8_>3+St0?>B5-(OPkh(J2lt@
z>ne0FhoUw1c$-d5v&iP`S>>)sy~^s{U|%H@&}O^u;{A7dHley5c>QCVGO)+&1E2M&
z>VNJs*+bp`-s|_u`rqME|MC9MgFLGo#K>5@N!?-ZYT5rUUtQ=r4QJnp6I9o|V{w;T
zDFrdZo+!lkkujzK5yxpVG)E!^aN*Tp9jjms{E(&-!Y?u^ZRQvM&7GmglqB*vlM@5m
z{k}8gjL*oBlM&%02_5dGx9hZmP~~tinBv<)w5j~JCcTDYbyA8eOOql<_qzzPRBRE*
z6gqqXw_{H#^V#&Z(A;7Wiy9XRy->Tpk(u4k0{Bv)55+iJk0#^a#Z$Zg!_D#ga{yU(
z|LfqOvj3}BkNf`vJS*=17m6a*+Wn!%uWIuz9IxrU#dbC?x%V%|->U0>hGQCGNjfwU
z631~T<k8)D!Ls{b`<49vPY<6yuKx#lwv1#jmfDGSJ7(-UOHq5#CG$3Fd*O`RsIC6L
zvx9oDTDG(^&WL46RPYJYAHWYte{9#pS#hkSYoZ36vrLk<=R0->FyNbXFOa~|YGX)0
zx;QTP0_1Mp(gLKov=LhF0Lp27cY^_Y$6Y|^j~CXxY861<Cbj|PHPv2uW|{!3OlLlT
zb;+x~?nbz8Mofz!Y=p*|gjlM&2K^OkE+IRUII8I++$%{(XoAI`$=tS=dte4TrriHh
zLa9*1xjt?cTpjCv8R_rcE_wpV9Klo9z${>7d?KNU=M8Bvv7vrZ``rF@a(*fh<^)Zt
z5HuMFXb7j2$Ve7QP6!Ga=R~9o!knloaK}QTD>70drzr{^v=b`y#{jmRrQP#>eC}=b
zSNmA`FPM;cO2-M~<lfs@rvFv*zwbZhe}AAy5+Oym74k@QuQMUp)Jl6w<o`WuK9A2A
z-uge8sBIu-<6s)ycN>e=f4|r3ANI@lKll6n$NN7I@@yeJ^XL^Dw_00UXzwuS1wDlR
z@VDbM&E2~9f_^VJ{Kxi0%2W)xT{;~HVnRtAfleqSmNe|n`u`csFVFM3|28E;;4yh_
zK>S<CV#c3~3{n&STg=An`40NS-}2-R1N5io{h)so^g6wj8_cV_2LHJK;*a~M7LsX~
zCL_kDSbK2k*7JCA3Xhj0o(|A#f8~}{g}jsd&F!cicBj?)>MP@{g(57;;H$6DUT<%|
z)9-cqN3GUZh?5!Na)8<+dOJY>^S}L{|BuOmfmm#0s!V`9R8@i6t*=mC?FRD%WrA>h
zt#v}av{h41W|U<DiFqRNEn*4c#w(}*VdaKxE#rLYXFGyR2GvYY=Bh1|aD9eE4g!%R
zlv*qdWjsf-eKa$NDo{n^ASM{m1igpQqk+WZ_Z9%8hA<&%FC@p3jOPJoAVa=|x4{(O
zzD@89(-@GI3|$eFVj*;%5iCsn8MwFuGPMI9MOK<cf~1&Z$+)VcHc-FNFn6E@ZzNU0
zzctH}c&@{%793~u%gHbx1j_;XAOH2g1IP)%v7Cex5?<S=v7jQlf`co@rUS@xz_^5q
zXl`1eQ8g3rHk{x%CdrrxeLxoyE<014;4$H4aGXHO2vye~TEs@V_10usK_kYI$%)wd
z3Pmgw1N1$;MRJ}pHA+h0w?2zAFfOAJja3iA3FBm72@X~kx|vXE;A82XD4WvTT(6@Y
zMXdkj|3GPW6;m-mGtI(Wv52H%XJFAb#H*0ICLBpTR`YL|Q$rnHRxN(DhO>l9B{sp2
zj{Q{zxF7WQf_(=tq=4rC{r{r>`QQGp{}1Mq>=6Vtfvk0B6sfhgwzklzKT2x8)MT|<
z@87?V=xEeZ|3RJ3m`a4Zb`RGh3W6KDs(ag_NkncDCM0}z7zV-9KG}czl%PKB&#g|U
zQxC26_19lFK>YSw)HyiZJ?f#a^*`T!Ydoo^B#~gIPg&%AJK+p{3w1i^*!j`gtM-Ho
zv`vC>0A!@yk`Nn>VupcX2pW+PbFrgf<ZiepuJ!=^?H{cUf)*_ERx}tySmKC{C;tQo
z?1;=r%u>QdH)3PO&PCMC5_<bis40})|19y<^9d8u0_&Kw3&BDxJ1J+kbNdM);6RG)
zq%<L2C^F~=ikMsx%*P73c1N^#QM;3=|7KCz;Ut_5p7r+*;YC7kJAx#UWP`53ME}$N
zM-EEo1^JO>;Mwb5BZp%oB3;Y>h|pBk7-~mf^Zo1l8>g?EM(OKiWAycXjnLP1<MVa%
z=zP6!Y-*^~WMo14zM;r86GXF6noyaOqGp#hG+LzHznCm99^o#SM@ZPC(DbL)IB(A|
z@A53^>S^kbTeSs{|DU~oYjR`B_QUXZe2N_O(QI-TP(a}hNLzn4yUESgaFZR~<Qe^A
z&X}F3N&q!os4Uf`yD@Vn!cPi6*p@9R9AVk=c~bZ|Lhsh+(HGG92##DUZ&fJt4NdMj
zo7@i@?5fI@_mwNx<+sxE%xv}EP;~A|uV!E>JvUo8V|gw%u3+&bVJRG(9M0El#jj&B
zXA!@K?Odi|kH?1<BTXFpwxN+Vp@?A}B+QHoDqN5aFGyOzDbDS>!z>fLOHn^#kvMDd
z@l5ZAWtgvuIqU*$Aj97_Fn!QMb&yu4KOI#kZ@ax){9;~Yn>oLkfzi#HWS_6sG!DdO
z$X2i!eDVLB7ygQL#18FHf6d%KWIX<-#9ys>K-yPi)a_Q^+H9ke*r>FE>?B7rms9nv
z#P1yqhyC8xOUU?CeRnsXqB-5oqTsFb8Ry@5%Gr1Bn0x28nRh<JygNH)-MMAXo!v9;
z?40j=a$P-}J7!vOm5&)CNy^2|&=M}Q6$Kew^k_v>c8XuTGrj{VB^y#X0zH<HJIL|7
zb19p;<S<E4=DsK;ffJp-z_LM{VZH#3OY=HRv;4PVzIua2#CJiQ9f8{b$TM;YLu=7;
zVJ-JI@uoeu>-Joa9H0U_gv$lHq3a~l8!clr^;fK1G|oIXyYf{+*ml6zG>qL!QAi81
zaf3K>k&2rYi$!>&-pj-gWy&xsalrG;-hv?4%}BG?-2Rvaan{8-EOphnXGfiKH=TQS
z(z&&ZPN{=VUH6=t&N+2mt2@}lemyOs=-lL;sXnVay4RaCwhXg8-Ta1a@H??q%WPuT
zN2(pCJRniHVE)DzcW7Uy_s|dR<(H)FJm-lu%j|~vCB|zpn9e+mJ2sceBE}Lj=$a!V
z;aPs3)6_mH1b_UI<#pnRxZjo@LzvmL+wIy<#lD-7i2F3M#cKi~J1ZuJ<;{l=r#Mi$
zOOD+k=YidEDxGmEU8%}F&=IGm8_upyIJI49m{|<MEG=M>l6et8T9bqa$NK3@csPTr
zl;@3FQ{v#yix=vie-zOyn*mX2WF+h+VQGlj4B^6FK(ZJ6F-+9K2eBFP8X0CJ<|N|r
zl7ZwJw7`HUZsl5!A}+5~W_=;6aJdq9+7*pS-|e;t$ac*u%mFiJIqd_lIJoNTRncyf
zSBQk8uG&g{(^n_@XKoPGB3k6!)gD}aGET-iMv|ylhAIPWEsfIf%g=EJdpLtVIfLa1
zA%qxpqtuk#w-)(1tOas(c8tX;jfY8CD#C5DlXS|KMMP7pIjWc{r70`%fRKX&0xBmo
z>!vIN|6oMFG3Pa3zzj-qWWG^4A6HY+q85JBrb*~#;WAS`M#dYwlO@dW9LNvdt-Mt#
zyRZ8?<!h5kL)K(kr4IJPC{p9?vosGEp-*$B=YWtUN<K}Wr>tonqhn(eIdv1KdN^&3
zh$DV_J!`kZ5J`$w7AH6=%zS)!d#=tdd1u1(W=f_NHz%uw&#`DO)hG_J^?@_hT_OEw
z1Z~@o1TJJ^R%|U|lJdEn*~&69<VqJki=M5_G*`ZIB4b&=^~I8Xjzn$971@zHYLf98
zrjkV%<qSL>N<Ex!h>wyVmXH-jM)zdu61NISxs_s&9pqvK4pci(C3P!Mfl_CXz*Pvc
zrzu;6H_tBM{J3~-)pVXPKU{2pq|91OAeI`Vv&GISvij+fwPHhCascH1ZINp>hyQ_)
z&z`HjMPBOd)*@m4T}5ec)!ic3tI%H|6V4@iRp6@ipu)XDFC$CifqKV$SxerUG+N{<
z7UyCuhdh=eRNWoU<9CN+?~X=A|39nT4Z=UN>KEk9HW3h>lK1g3i&)NJulKrxme(at
zuh$j7FJ2Ixa7gnGSZO*gl(6_JOnEH0_YX<Rg92o@)|%xj9{eCj)M5ySX-YRGwK}X0
zNO$IvlLd*`BF7ZJEiDGXTfvW`$SUU|S@Xb%sVIXs<q~P?A-5itPbs;_?DPFCr-7Y~
zy|fM0xLA|9<9qXI&3R*ui`X?V6#7&kuWk@j8t@KON;?v2o`=O@zuBKk*Q`vjIha{*
z+!_<7*YCH+zwCLHU!9y9MprW_m9(4Es=@*}b}A6LdSbv(4*Ej&=?$kS`&?P-&BhLe
zDk=>?$O}M@5L{4=f>!S|wv?t)*&zE5v|ocMF3V}GkbIH#Q4;ZGwhEJkrO1oG_6$#D
zVR<Q2Y98~ZtgN`AX(!@Kr4DL1kFVF+QLA%Toed}t)39VQONCeogFo)JdL!cWCL{6t
z;)VGRM6TEB)U=jnN&9cPH1fIFQ|P6*>0q;=d7XnrnGF7!nY$?5^C45H&jT^{&0e?L
z>UX>Cepe|L#5XC+(+$mYvF<Zl?I>QZ!#F5XI4Net>#nspcMD}_H(h5JRoMj=1v<dq
z3@TCo;lkBw|25Wr$ym}NLCTXBNm)Ss+%-kyo)e$qmlbLts477j8z9zx6s|*?3~Y3J
zY~@_OLiI>CD?KMi5UKew6Z{VJZYfW&^IPSdJ4(s7D@H9=_!NU-Q?DBgS>qFohUiiI
zaLM9)Cfihge`p6c$cB}NlgBxW^Y#Zos)kv-b1-Wvb#AZHxwXQE!s<a029*lNw;;?E
zA1+<91V89^CoRvL5U1Z8z&~ERDA59HzZKkSP2++_;`A0=E6iZi2;ot=b7UpMy-v&{
z1?Vu=<aip0+c}q>0^rGjoKQ;UvWQ@Y2C?ErHPw%+SX8NHib)(0A`O)@_ycM_3<5a4
z1RqWdKhKCVSs~DB9B8cfoU8I}Dkh5195t2{X}FTA{BuT{UT^Gn-LC7QDbmy`t`QpX
z1`gFZO8R!?Ns+B~R_-cG{|{a_Q-q<&iN?+8n>Scx0=EtO>Y&K`Jc`iU!w}ZOyCDzd
z^}%C^OC5ot#$&t(5EKXuNj(vQ8V!P1=C+_r{ZbvVn=&p1i)g8Ypn8U1D2jHabp(|d
zxVxE3{M&A07%!sYCYV2ZMJWPzE+(xwoK3ousj2P+2pqrsP8Zcc^W<3(B;rOQj_c>v
z#1=uKCe?t_7eTU36&Br`X7Y{;LW(9IW<c2@Y?g{DHzUnv4cU|lh86Nyc>q0-ye_ZQ
zGqtr8@@yi{z-<cb?bWd`Gz)!_)e=i+mR<8SxF0d~b(z?s_Ptsn58m>Y%&c@Fdb#Cv
znLQV)UtAOv7?8c@OJH?+d4v3ZH6!N!V!c^#J|lCQe&Y*z&U*VZhO6Ggc*DqAZv2wP
zxKdGNlXG!3ikY8_f9j=u)l(#MQDR1JZf*>f_vw<xVFt2?*rKT!rRy+?$ea-f{0|fn
zo-WJF{$=4`vix3U=kV#bUGr7$8gv?Z^p?Tm57{kVZ}@X9vv2a)=U72JVetnRF+pxq
zvykLv@xA>SIl{r_b&G0Ss5i@J(Dx?Idk?xHR5QwVjfom$L*%i8YA94ku|nb|i9$cj
z$($E)K+}+AutML2S<aU!U4w{M=^T@VUg|Px4hU(JX4mza<-hx-zdg5C`g`bho3)Ht
zUG_6^4TJMdbyaTJl$kAi%Y>_TYjuUHyuy?TI9$&Ny4>jop@P}2tICpYTWl)Ti&FZb
zK_<`wuxeZw<D2RXDaIlg9v<(iVwy4>n)~&>%%!~2VW@TJ{EDS%7_icn{^QwOaDXt1
zVKD%rJL+&mt36s|$clp9o-Gza0<kon%d^uX!No9gTek}pnG4Q4S6(Mi!9J^-cFY!G
zEL992-kuYLWRZHh690bW1ZkNlvKEHo+@jO6xMfZv68IwDpc({+NmrC@vYf5SyoiH{
zxtgX=XF#x%^NvqlKh1Be4ixLYU8{@g7-_FF<K5Dpw4&T4+o*Z4d>*Y<K=hDm$AWWL
zJh`<cX?P_%eaSZWYl0wnYa1@v#xy~Yy<{7^1t$yi^Waj|WX*ky$0g{>lRP6d-jrr0
zNtxIZW>ugo8cErbra@#K4uZFX%8-Dg=#|BH&1O8m43ocRX}H)_w<RoiBe3kT0IkiT
z8n8?gUsc#>qgqeqkHT@K5k_2zy=dwC-X{z~jzk&hd8Bn=$`R?QwPA|xZhe?l^HXcY
zH0c@{tWxb`r7)|CiX3KD@E}RdP`phRyOsJ5X{<!KPIS1H=njdjM6_Ne!%vKs?9pp&
zx1MZknN>7pR+W#|l_?r!ZCMTF2kXns7?w0<b)+AwGc#4xY0c_tx}V<6&@E}s>ImLX
zcV=xUTYI)Im#Dv@-IGB)TpLi@6%~DedAF?*u-|F%^BX6r=On$SU?p{$wcEMLsI(X#
zpj}hNEd82A=>ZxxRZ8jDEGqZXvZ?PaJ=?ea^=*HtPm~7k(VJ_R4(_&n<@JU??;`vr
z1%8RORng7WEU`yu=e92yRsG!kr@<z+OGkIFVYdlAewb}4wYoZ+%)_*Gs$`wM&cxd(
zja}tQzw!jMcBLnvx2tFJPp7$4^tJBJG+~Rqm-Kgb!#=kLPt{e?;gw|My|sAycCw|%
z+wSU@*5v87)#>uA=6wNeo|eI)(qef^jh>-eqtm;!%BR-qSuLs8>)qa(C)4biYHD?R
zrB?iW+C9^Zo%+3!xbRste5wXZ$LGMqhimzulyv-4aXlnp0SuODoIGmEfE1PVk|;4}
zmJ>Ig9NS*pgK@Vt91>?R8HwML+u#8NAo}3`TlFBe9f(!jeA$sW$D$oETUQ~w?lg#e
zq`W$}#0zp@!uI+Oz$PijY&pQX;I@Tjx2!todt-c$j@xvmzJ_nWf%6RndTL$g_6L|t
zanKu0r{?AIExTgTObD`EJ;gyjEOLID@<kYx8fbhO>l%P{loYNb^<}{3#nKA=6VH|r
zpVR0Am7W{;FiAsTedlzYL@?S`nLkjrWT~z`liwf=@5i&Zh>I}mbj;`t$Ky#yeON7s
z&Z|C;F~HY;bxKpZo)ORO-mkNxNna29lEq$c@-oaT9Zpi7(4};!#lEOla5_osgEt^u
zyaVM{F=uHTUbe$P52j2Ti=N|WOff6tcZ%QnYR~HtBPQ9VJ?MmhKCSYo>`x{h|1nH1
z!&p-jgZ)aA+Zy`m!1FpZ2|HK4PL|L(v&NX6Cp4}MPZ+3CvpWG3!p>;Utl3!6O_o#t
z^6^`tKa>IAJ69r%`pL098`d(VDU0)6Z$)o+y_?hJk}erW;njV@BAVr)Z&vv&t9#Nj
zoxq^852)?2+JbEKm5BsG4a~jRms4h5POV^hE8}u3w&mPDQ_gOd<<u}N=QeibSj?)X
z+FDlSY%wZldvQ3oF)7EeDCcnu%Gt%9oE^;R9-RZ$<kT`IXBS&??$4B*d$A;^!jPOg
zcH~r<kyFQt9K(p5N3kKNjtMz6EXb*2K#t9R9<!v8_3T<(^=!wvh3PmuS&nlT!*MKj
z<J^ncICZSXxrNb4;p<1}se-~FG+h?rldOzriQyQE4}F)Bga=te4%4A31FW%4n(a2e
za3KacX4euep;>(|#A6!sc(dk3R%CR^nhobx0?u8<8|0vYVK8uKG;x54xmvzVf~-31
zdo6E3oZ(<BeqX$>l*y)RR{WtglH`h}p$u=SjMoP}R`W2X>81f%XdD4Fke$9i{`Btf
zr&ky;1ZWnoQ@++AND$L?#uipg5<J47K9v>;@*CBWJwH7>dJ5VQB`OBK(rTwf*C|tV
z?r858Ic)7dG_jplB<A`1pI&|X>%+4KoVOCZC*y0@zM^Rx{;vD{)9bVMKYcoS|L*n4
zkDq=zJcUIv>ULXW;*7kJ3f<;uZo+#710iP?PO5rw7z79i+jDy@Kos+7OxE-g(d=j}
z7E!9xY+r@cj_lV#OuK?CQw(eBSY<i~7GA3gxK@uo@R^DCH{p)@rFx`bYqq{6<k@?9
z?R;*1EYIB;@w&3fs^uTjBFn|C@|vb%D74nkLN_MQ{$=~M`l9{)bKPxS?2S_F!Cdqw
zuwh3-wPDMXL4zxn=3&MHDXI(x{c@`i9^g?e!vWoHn8G2-1yvTDoR(mnEZM9Cj<HQg
zk7<RFeqN=t-7$sIvSQ>k<u@Cml7`A2it`F|4GJ*A(tOJX1M;RS_Snu<i0s?5a|Qsu
zXis9+Hql?)p-8CREO~^OJLBG@<&B6l7N-D&K9}_z<+yV}B4il>`>L|5QrPQC8z}WD
zS;BnRKt}*{iHb=l`6gj4ov@qm6j!n$59J``oCVXxBo@Jklr9#bUjds_Uqze-FKI+$
zpQR_KGtkVteRrT?*(6vRyn{Eca>BZ!0_S$}&Q9VWahYQ0yhwd^2B5@c1T=5jbG^|-
z2x=XJ2iYdxxCcP&ZnxuUz{JYOPTi+^XCUs8)c%RakhyFP3575TC`rIKw+0d6vvhRn
z<s@_Ib=HZac>|0mIA)cd(I#?Sbi3rA($*gX(9wAqFC%s?1lJb9B(}!|jpPHK5}6H0
zKa}e!OkUG<7;V%HS#)FtZ^JAXHJqH1h4?hoa4ILKR|7)hpu<z~@6mG%_#IEC;+UIs
zClbg)$X!{^V!aPeayY@}(yIx~ygZf4S)+x`#Ik1OLcF9)b^-Y2EX~hY#-l3<V!I8R
zW#f7th+z#gv1N}U8m=t|h3)6!rV9`QKS6}}8Kc2((=cc6V;=}-;UC2{p*Q&{#D2(z
z$!TpO8q;LhYk585Ovax0HB8{p_jwWLhZW$VhJ^&gGFZ@=;I4Gda+Z=n8ZwSfKLVKV
znyq=dQ5ta+v&C}=Qb!H0ks1x6wc9Y%jjmEqVVM-V;S!e=Vk36DYpr9z3TLD_?EVzW
zr&w8~RKK>Ahs7MbGN)RVQ&W*+s&T57ICWL%febSR_XyaVG|t1eU_)`312nuZ?LwKq
zVnGop2Y_6wNbq6;)Obu{9<WTh!Ni>K9FX6vPtmd_i3M)s;^G2RSPXWjuo&#0!ea0(
zg++Y|i|(ZDbsHvu#J~Md<mK6`!{3~|`;i>IIehoyD>1DW!WHfyGo`7{J|WElE>BpT
zD{Y#aM}T;sZ6|=K5=AnVfGR6G-Pc(V<|(>&tyo+UE=k66o$O#;M0sdo*qyyRJR)lv
zhYPWFG>ku_OHxSw3zgY`$Ev|-nZ7eY!Qhqz1&>ZP(EI$E1Ez!VoDN5>D^m#Un>nC2
zX#rwQ%j?%94#-)$4r5q=Kc>`Yrz{P5aL#-l2ic5_3}~xh;_EOD*TtH|#d^+CadKw(
zrPd<Ej0NhhUnH>h(jo>ZF_~>naHnI+);vCEdFNO+2N-(FBf+zL9%mumHF5(6-vBhT
zSe#uO-NLRk`@Od<^-*}mVwPo{l+i#OF&V6UX_pT(aW*fC2%VvFwoI+86_Os<_W)d1
z;${HAmXdZzzM{D}{l)gpO8d=~1mqf-p~$M`ZP<ZuO524_%OI$CcL#w`UGfn-B6jIg
z+L$2^O3o!AnfOoaAAMQ1kmua(wwzlStLJsXy;(v#5DHNj+vd{5s<KLuF#ZExyD_~)
zMOe7KrdtpSt*^H62@&zNC!{vdo1)aVg%|qy0bGd$aFti^+W=Eh%Gd^rd`c8mvcoPt
z91U9DkT}D!*BWhW4tN}GjLwB;xwyfo8-~~Iy5ek-vi;L-NJ(&y9Vsc?wk1_gllo2B
zzHhJYu`jjC>5h$A)1va$Y^#}24nfx|h63D*K^FnK2q7n}JV>s%Rf|_|t?L`%siO9d
z2kaCalB9wGB>yoW_)W$`+(Js`#GNa|NCVy{p5T$eBbG|;fM`WqqN(}=g-vvFqq)C=
zv7%DPmm4~Gdj#tLf2k}iGDdQq@Q5!rBum6xpzSH83jI?aEfP!a5d~qnUz1ZU5#!g?
zPkEM+4KGr4rzdpH<0V<pFe*|evDUE@SkpNaJu>wmX6->)xZnBp{e^rjs`uUAH&Oj(
z5Y@-+-dKq0|Mfrr>;Lv&{tfw<EK?d7#(Z3p9jgz?>44ab%u<el2S%ucsVt?BE2rGD
z^TnatlOkOzq?%xPZUeuNnhR+Z)%oHi^ejLOgZxgi6)&PdeCw-(rsB+bb}$(Yo^NGU
zQ}+bWr)pEZIUYewEE)AR36<;)*vDxaUWE}`vR9c;BPtV>;fJE0ga@CXc{H<-)QBw+
z*IqINBUlUBl=^-FM-R<1mgeZF%obGeweJEFX77q9D&IfupZRR?w3iXj?SKBuNPjS#
z&x48U%3I04ml3Z!1O*cOO4CFQOn(KFzYe%I%w)f%hRQe|s@xB4T$*iIwvWQ~SNQf{
z1Wo_`(&5h~91cc8D0Bv+zO?auA)m#%kce8RpQ_K|9UkSoTz^Q(XOZ0HsI~Qh?EnNq
zHKHF6dwn5W-(o)(bijTe@ueHFD;E85{OaY$ADeqx*4q%@^}F9U95AsvH70haVg`4r
zW^m_D6MGF=ZM5E#_GdL+4@Z5N9*}Uit~^`Pu-QvOjy!+!{^Q$Y^6vcyDQN>Mu+?qi
z3^Ac~)@9Y)OHMGC)-}Zd1_@yt=46rbHQ_}rF3^N8N`huf83ylHx?EItLL7V-LR#|k
z2pZd#2G<KA8u-c^T3${<8}}P~TQ)^1HIce=m_uJMP<j2pF&}#{=96LFm`gHH+ytF}
zI6CcoJU*348ccZkhoe*R=$g%yA+~Jg4KvFY3W;a6aA2NG*L|w(k^yH~{9UfYem218
zX>8L9bF^(jpf=nl%9WX198ce#=y45FE&!Rn3mYVObZMA~`>u7xKQ&KFjvj-$ncFg6
zlUt0}`r7+#-kxIKj2DMJZ{jJ;+h_#yHt9Zs%dP1K@>eJxW3jr@{oxy{+h%o>Nf*3v
zCewjD{_oHPC}$xMY_-RulmO19uxXMqssx1ah~4B;JMw`;ZpQMrpkF~33djpeyl!uR
zO@{RsGn62}S>q2y2BR#<(2S&<=Td?4G_>(goBDP#MTibdP)>x1OBnqi<;jfv?(pqf
zU@&47-^bDBjPv|;7%>bqGs51kyQ7*>$Q5>8lfCnRbbj?WxS@5PRm|Ghva>os_fk<l
z3$IwTQFk!HuVa>Gs}SrUD0c2cutE=gh)fDh?XKh_#5p)}FzT;l76>ugn1}}e@v&a1
zf%U0$>6k-SBgngn_Pi|TDQ04ivoH^@G<gz*m+01TWVtnn4kD#RIlrZ)jq-MBqrCmK
zQQkLg)DCUbsNEekZ1qybUJCP4RxM?WTuw55`4sDGl~6*HP(3SsUp5M(!B*bT)OWyz
zbDAz0oKF{U&0;hVOZ6gwCp@l()oFFo|MkDA<n`(%|E8FeD^J@DY=w|gK2dT_Q!qfn
zdM+iJApsX>Gwcdo(C6zlkCnkm*}t`iiP1QLMmxjYQ@BO&$lr2{Dk-V7W&MICiSqut
zz^jkdd1R%S;eRGw=VUtnvsZ`5KfMB9SWprL+|P&~g`Zy?H1>MqzVExP)C=vc4r-0N
z#PM3g5qa^VK`M<edHghFYG3Io*49e^9)rX~Qkm@&4+Z@9%;?v46ir#eGqKQQIrZ1f
zHb5Pe!kMXNKbq!_*Fqwu7W~Xs?MV?u5~K=LHboREf3=gvJD#6nv~Hu(J`g9n@!Pl7
zJf6MQo`8>61zw00a)MZ*V!w#fMILY8t58{cKiPzNtjAv#5KH(%4$P{UxAP*7E_5_Z
zg{&2CYe07L)fU!6rP$7#QldS-sb<YGDXwa$9HrdKVq7kNbauQ|7C1(1@^3slQm&fM
z)y`~L(ZSXN#c{7o7HMrtTg#4HQwB%oMI5t8S{$ccPnHwMtL2U3l9O0Ts2N!oc|oIS
zL)eXwcE#B&ZKNCN$tAP9$toh_)mFWYDQ7o2Bh8K#i=Qy#_J+an)@zpLr4Jx#-MqhK
z8+`33v%aPHLiVcSW(;$6ko&$h2?e(TRuGCoT`l0X?bPCwHJ$dCRW&lS`v_-)g)m~4
zKMGHcpNgis>%GoiX+A*m@3gB7SU9C`t>v<SFmE(T!21-=C_#z*@PkF`xo*Hy(L+`j
zg+9$@#H+TIM*&%dLiXEWQaE(SR!L`49z}ENUy^4h3%D3&EN|)CuqDZArMUzv@Va$9
z`JA;$Tl-Zg*zp^z<ZZYPbKUDh$OHx>8Lk<57RJh}>ACV*s><d7TOh{${N%^qoV<NY
zvTzAG8W)-yh<iUac2(pg;MeA;_+k~_%fAc8;4i?r%lS+9GsDI5v~Ez&7xS*VrS*?>
zt-8JOkEL2pCtGbcIz877%bH~?GX|uT{fcCMN|P{N);4-?nxKOVs?P7#rbD**-Gd@t
z-)oE?MF*SscK5&<cluKQh0sR$Vj=D{aL2*LR^PG*(?BDfEPkX*+nVE2WS<O;U;QiB
z=j%?uu2>|tLDmWQ64CTJMI7FI%D{1=^Z(1~{0B%NuatJu9+YvP=52_-Qi@5uT@V^2
zVaz)4!OU~J?ofR|(<P+oZD)`KzYzZ~f~1`?{|Ygh#e+D!X$xkZ^I1o>0)I@}e>*3q
zmFHizEyw~a(XdkY+sP`;+k@>?pP6A}WvH4k4s$cYz%c8E-ikKcIUxFz{f9)8Di4Zd
zdcHj@*2~&~sacp$G&ZH>`qx(C)yncRZPn%v(8!BsnnxPw>x!nGw1_*ng4+tZachPv
z%`{s~>k`9=SsFn?Gm@?Nb&Lwx+AX^`O}I?hH0%KpXL%C`zinwMn^45k9a}J1LZsR7
z0`$URoO8QwP)nMi-!m4$B@7<VOuqXtUlnuU5K8Z$vcH15#9z@g?;x#Ce>#$ZU9Bl`
zMgvT$TXB-FTcV_9iPD_f&&#V5gSH6fuN3D9*e*;oM7E-k@>NaJ?OzcB|7555g}&jI
zE_9fP8_u`mcjr>e;F7~6i8f-KFT|>RhuQw|N_3&Ce@t2Ec@SrnkjU3zn&rO@^VJ(H
zBEAda3~zMG^;>!FAdrKMWS;gQA^3PA9ZqWJMGb!(@I14}U%CY}d(G{SSrBL2A|3F&
z(;|w_0VpD?-7(c~6tA?N)iH(j=1i)je#18S-8+d)aDZoexM2Rqj~JmcMqbrk|5gY}
z>Y+V~Ny^T1o>(KqZkRul{#W3NGL?C_YsV9rmE{#<zsf8R<VK^7Ef2H<7ny?xm%Q@V
zzuV#RRp-ETK-To;W31V>xU-={|FAXf6UXa%Ee`_`cM*k@#D|7Jx9(wY_)nlS7XBMv
zE>A2!w30RwJ9z)^AM4R3S|v3Z^<Hbv1Krw)c5A!K(+q8&yPe8*lDM~1St$qpk2Gi3
zbaP+2@^c*NqqE~(6%ev45w0hlvSks`)M}0@){v~cHgmoe&}(g=CEC53K2Mp&dQd;q
z#I0{Vm)QW;n@qlua^FjxY`CR*ORlxsEv!5pO>Z=u;_RfU(g=wYTrCd?0W1gLb5NIE
zQXT`+s1AV{s){fsG)Cp5KGY06W|&L=Vh}E7rE>vKH`!+O#^TFzzINQ?#7wo<G^R^*
zwT0t9eXji~th<|;nfgLA60tmEv7c^|yu>zQwf{l6t?jV^%~o?x)1cuTJm6!+GT=S5
zO24x=$^GeVFXQ&sDB5-I7)rB8U`()p3tqO*t#&;jQD}LMLgTi!-*Q7PjZ^KF`;IO=
zo;LKPtlm&^vP|2J7W%Y^n1L5A&10!4R%0Je14UI)=ByB>p%7RRb?ezhN0+&HPX6|9
z%kO9sUOZQQI7dS$R0Mik7T8cdHd=gbTd?shIjWK|x5zb{w~VLQbDM>IsT#>PKMwQn
zGKKT2PA6S+OM+8}sE?H{LYhwJSARo}x%CPimQ3>$R5pz_;O3~bPggRu3yo7OSH2d+
z3LAs_xB}e&{au@69R@+fu4&5b)l7?g#o}BXYf4FZ$A-8c9b9MTQyU57!`pLZt&$Y*
zG*p*FG1As)Yd7k_MWG$JGB35&Jt_PnlOY-Bc}jD(+<=O{gqu))Kdao9wkgcW8IPhc
zUVg+_Y`sH(WL?*Fo3?G+wkug_E7G=Y+jdpjsI+a{wr$;f-tTYTMl_;-;_MZBjyV?M
z|0S_lw(WTSDAIZU21C9~%J21bP;QU=_ar)j#(=9x7&+0+7U*`F*X*+R^iU56n%wE%
zTJ8lt&)h4py`K`|O(ve>Qa<f-MYQQwmEooeLJWSIPyI9|tC11`<}N-lzqj+89A*0f
zs)>hei$ZI#4mAUwfTA!c3+D+E%ZH~<FZFmmR*bYZm_o(v_~c6p-R31-1I$!{AGpXy
zUx+w5kzMqzUksTz7y0WooH>x6GQ!Z=V(842a)Nd~G0bWxY6GX<^;b<^o`u0fH+^*X
zKuFzTXg(el%k9tyJFVVT>{P5x20BSIJ+7IQ<s1VxJ4l5Knn7%+l2k1|qsExwHUu7w
zk#qnBv8@`~hkC!tmW)-l7>&72@stvKQ&!}Z1W7sHDoUMeTjPeVvTh+Ww(Gn3_%v_@
zWdBU^vaDK@PI=~%R9BfAu}OR)he(ct&EaEy7tQO~Boyncgdi5@_5X#}`n_hQa)s0(
ztSWI`fW+2r$I;P1QR@U$ip<ryXG!-cnE@Kg5X$==^A&~RrR03gdPQA#M+|}KJ+B#&
zmnMj=4V?HmIl0MCGq1kM8DhEEWh)P#y@!sv;4x}eR<ev4?;<9mWW6r^@G#*&RWeFe
zhElN%Oy;Md@GuA=5$5?%cVv$A>SdHf#Z2Hd?#?GZBFu<VBENc63sGL&WKmUC!ci&a
z<2JKvNNd4?SNp{n<Y`u;(I-a$*@;5g;Pm!|NmD0L_8EWaB_0jCW~G#{T1%nBI*1h0
z4@)5|k(+`G=Ufbu3<u7jCYU~IR&CFJ7O%hV`5Dgmp6HMB^imX`&x8?h$d)nbiU_!T
zrdct#3j*r7+Zr!DJ!Tb9OF?*3uz`}68;EP*@<*|86;Zv<SO(V4ABU=b{%&{r)+~ae
zyM-7wQaP7I*g1yubU~#F&K44<nXeK=7Sr9-!!%UOUkck~vs&FL7B$lq&-qha`$8VD
z%bV0zO<!C{CX0G!RQ3H3Rlk|AE=hAOTaOh(q)o90pC_{ZtzP|{dEtyH&~?BWh1-#F
z>yYgZVdJ-xfvzRMDYS6_c7?qREc(16W&?G)&4X|s5U+R&=qOg&;<R9op?q);h&$Va
zhB5a|dSQ~OdJL`r@DCo_-bcp$;Nj9yjeqGy3;IiITJWNu01zC+zhq{dM7-4&a=Cx?
zj_xrsFkAa9w*JcbGGP}5$FRtmyOyzY_>C}~2_?fZZ%KZIJo~635l-#A^Vq<%h3nLf
z+`)UhxITT!gcae7+n)t^6Wksu$p9w{wP1$#*(S{QyHQHe-@V=R@2+DgnI~)$<aYKe
z3V1xfb!zkU<V91R!81pIdC$%G=Xz2I+F!l`wy4j3mY{ag9j}0hc)%Hmh}GB3Gfh{~
zsYl}(^bBZsp}iv)zn)xLjfiI+0y8?R5H~0$r=62Vk9KqUeOH6Sf>X5HrXqVZa^f|5
z5;%DFOI1LQAh+bOnb7WQjTy(%29Gjh7KAfOfhkC7Eg(r8lN&{pYVF01WhI!GvNisK
ze~qky_pCz-*AQ|~pcK1GOv37$j*w?fZM-<pv;SaF7QZ+DrAGG~O)_Oib11_=mkz@o
zmREvIZ6Xc?y?bfx@VyQ<TX)Ai2ec}4iMgtVR-VQl9+47`zekYOD4YU_MEaiO-h)W4
z%Cu(P=COU#wY!4u4h+?%1UK@PlV!bwVzMFNz{XH!DTAGg4rU@R?gWUaHuUyiPK^d`
zpWQ#ErvehBX|ko(vn=<rBB4nUc3WUuw@X075JHs6Vxa!ue+Yz6BQn&1RX|K51eflu
zNeB+$SBe)WhY+2Bd4m{4p@G-Tp?il29`(FAnKxPp-IU-N-a)>@S(GZY;U{$)_=4SO
zDoFBnw_d)44bXP_C<pPp&@^%hr(!%g#{7&?;BB<cgchjsEYl2yJ3u>t4k;b}LMgoN
zUw8G#k00%qly~7omh3)152*vPm~2x0)fLV|31T(aF3Q5MPBUF>4KE+=cnoOXpoXUO
z?axL&nPg_e;w^K6w?7A6j=r|z7qGQ#o5JJw;jAZevtHwYMRkZ_CDS4;DM1P&!9<t>
zOyIkua~J}eb0UBiq@)g-qiQV=aiu=6B>me+4}{!j5fz1W@W89`bSr0JYSHZ!a7F&6
z=)X)E{lxlk@RU_j9t<(+_$MOERxm)Tglw5>E*q8J=(Q8_{b2HOM|oeOUociqs08tX
z-<ouS=LQp?E!dHq1`x<-lMoXzfgFyxcx#e0hF7rcV5DsL&7L}YaP9oWNS*F=vi7{Q
z3BG{5vyoT0ve*&)pU-AlEJ12TsrTUKtY@ZOKdFt5J)r`|6+*(HMkQUsQj)uyCr%N6
zvf}ooQXG#jnk$g@xzSL#Ug2!$gmRGxYD}VQ2X?DQop}r_b);l_PTfbCX^hrEnBXc5
zash=Z0w%}YHlk{Zz7=fx+4N-8(5AUsTy?DnE(r$L5I+pU_$sfos#u8=AsdYl{~5e?
zCxJt#kG%CRCZn~X_*KT}<vN50{U=Nx?O~R5lf}g%qNvO)On$Wgc(b#)$t^mO%c<?z
zHBhy56I51Y&6-u_$x#z|(PiAFuj+&((q*-Rg|iIKjZr+tpbrhkbHz*hMr1BInqf1N
z@QQmImKSFXXv(tiTK}xO`kW9|LlV=pao9k5fVMcA?ig<@AV<klhR$A}KFD$hKX`r8
z=C$mp5zPTkcY5Iuqv~mHcDdm|Y*1w=42}9ib`k>~uFh$k(tK*C)YwxEb_^>TGKpju
zi7^>Lzc6qC6t5?6C2TCl<HrG;Q)BlI`(kUP0?oL?mWc-C5I9kEv@1{YV?Z_VMu5n+
zN^v-`HTy-+Zs8&>su|Z=#5O%%;dFE%otd-W4i{_6`+Q=I4;f1m-KX)*?^KD6%az|I
z)6MJMjc3qu%^X)Y8cv5=PeO(7A^n-3aOTc;WgP4(dSxyqlBsGv15_)q{oo@8+`{IW
zRaKy&bgg^nDxV-MzXFOvI(#e;FO}n!trdP93I&aB!Zw*wYaNHT?2|14s|;?Z$+(Ku
zq^DME>Q^E%|4lJEpr#tLT?MGr#Aw{jV4ps>nL;(8{s!^Ni`}thJ990Xys+4X{wCp=
z6zr4jz|FKDrdX=ES{c}D_j7J<scKYm%i)dVb1#1vk4_X*c$I~1<phR8LV`iVZVd?$
zE$)EO7p@v`6jJ}!?A))!!cYRWpcD~eMP9%%eiyeTVJG0tb@{NUp#@Fboc1y$A0ey6
zQ`Z{^Zk4Z6M$DqA<DJa#oxYJSwDeD?E;%6Lg5_wLxxB&T4`|zEA+8LtA#BxNU{GlU
zY%YmX2`6~;gQDHaT~qoBg3)G`l+I(Imx{Q$7xh&_r7Lerg<%)3`(3PaiFU^evnJr&
z{lw@*KZ_;;K)Aw~elJ|Jc#UetmL9%c#jPGN1UsdZK{D|8+V<utH-Gta{dP-mJzaas
zc|bXCrUzKuyM(6-Jq8Xz3+wiw)C2}<QhU%fv2yz>rtsKsU(roW+1ditmm@)*UqlA8
zFMT-+i<!ZrO0uEIOa+<~L{r1t{f285+$Ch<=qxv|m82U$yI&zGTIWtZrc;O2xakI0
zs5Y8G&80BChOx(!pr(OZZy;LS<S-aSvISePb+6i?xf#~khFIZ191k|XvIADMjq^=F
z`-0aAsiHuPm%R7pIrwYjs6JdoP@+GK3nfBCy_R1jFWugRUfUgP2*&LDo~HwjSIOP7
ze=|cId03g7)*`E;Z9M+-Vf>Ua7YL=Ta=;xV&@#(gCll_P)rtkj25#E3h7Pw38mTzL
zJ;bg@w+t!&`tx&BhEUh-4k{_38NJvbgBXzfk<6%NXxm+{P%=0u9%=)F%`#?;TY7!Z
z2DML4)-?YG&XVwD43vI44`bRkH_|++n4nuX|7ASG#3l>KzzT61`Rd?@cmcrmR@2sN
zb=y<UFLTo-PU4(TYmNt*N}`ynL!B6i;r%vG#oM>&Uc?O-&K;xmG9h|2H^X5yqUcIs
zXvoaOac;awZfSy`6E@*eLCQ_PYw=DS88C|i&+f4zmcauWw#Owmdg2H^2$-O&zFzzr
z3E%lb-C+=r2)EspT>K2{^6vk~WtpQ_I*ZpnKDBGSRPxQrR!Gt#+VvArq9k2V`s?%d
zW#JBewcaFiN|^&;E+)z}!;1fnc71pTgCh!`Gxj7EigNlsrTS?9whX$nHt?HN7fc*5
z7Yc&bVCj$`U}W<QbX;$x-d|cgQ^>Qnxwpo0=qZSovsGbPk@Q^cSs~MU7B~E;YV~ok
zx%&u%_pU4C;WgWiAF99<qagK0^8q5<))+>mgfV|@S*S_8BdLQ~`I`Dbc8C-l;0YwP
zUUfeA>wNKc6tPmvdN%l#qcZ+?`x~%_G5EfekBL!UUiOsaypxyhHom@0|4NYY!oDtI
zr<Zk?Wg1`DNGGd51EUdjnQ^_&^7(_;(!B$s|I4QBFfMje$PLrnW^G{=$zQH`A?#!;
zyleV{rwoh~M#>E7ntD0B$z8Pg0>##i=7@`$he?!Xv#xl+3t!2XNmO>=^00$2>8pRq
z0UW9D<F5v_ST9s!zvy?CWx2(Ya#=aK8i=B9ag91YB?P0(oPhU*z`SLo<>N62>A1E2
zNCWw4;RG?|HdAi@6B7!>>sDl4L^j|}*n>|TGhDB&yr$v-Y{bxY*uy^!cva9nm<D&5
z)%{e#DZeregEQ%GSuGQ{jb1_@(!KiUZ{iFkL`(R%=p1uj*-$Y5yb`A8weL(wlzI~k
zNz-n8`+`{}yFkKdF9|X3vw9lw_p3<n&qD1^59L1S(z6fUIVUkt=6=$xio7+}7NVq@
z{t0@>K!cK7Ov={Jj$Ps1#VP!gOs`Pz!@7(K(E~r%%O%t`bkg<tyRdC`&=;ie1p41<
zsOA=6LluiSH<As?+>nVg3`n;bW0FPhK4Oo%JA+@XsP#Ah=^~t=hUA}qK20TMXOUm1
z<LRu1r*$WCmrFl1=m-|@-zTU{ylr47o^of2k1AvnttGFW<VlGa&Q%EyX}ptEn=rA~
zRDM%9ndz-ehlPo(8><^c5^MoLc-n3W7H6wAIy%viXGkr!r~-h-gDk5NG4zwRI3cMj
ztIW}uC96rV;lKJiw|&Citd@Gw<aOZibDT?9oSh|j4-z$JE3=~^A;9b2Cm#+Sw^S5c
z-47as9~ngXdJ(i&%4vy@3)XG51~R%nM^11?Qjo_PWBwryzd}P9&?zN~(BV)UW)$N9
zeFHZLP!XvSCK2CIfmlCPl2;e1ZO%b|2!W&%Iei@KN=G9TaU2_H7ZFQ<DgIP5=rH=?
zsqzO%9ju@YdV!fMzy=7i0KK+B$wKrduB9A+NueCqAyRQ&rMg8##R}(O{k_CPvvf4-
z!vtq%l<&+i2c)6#3AxPZG-vLEyeJ;2<As`GoM3R})~Ubu=EZV`<}sy%Z|~%4;w-4~
z=JkRZ2%8A2p_jX|T3g9nNm~kS{AZ!qiz4u#99wlPwqY2rG@;+$b)=Hc2>ud`J)f=c
z`+=gTju|WtL7zRsP=9)Pq7QFt-~~3Q?&V~^7?Z7LrRm4}Oz5s!69voG`~F^o{%VJz
zt_uq(VGk<WWb3xBa+PDHu2{xn`BU`I7G7nExYfZF@Zl7jh^zYB?l$6(%H7>F|3Oh+
zTs|RzKW~+`8GMM+gT!``@>AFa_;OA1Twsx>p5)jnGfco(l^HlTiX^fJmEG)|ERjgI
zZfat=x_z*GwLGkS-(bgX-}<tpM<7t8$Q(U$E0Y>DDL=%m7qK_e-uVqVwJ<s=*`ECb
zn=v;iq&?W_O~*8#2ec!(&^8bi3_bObqOe~c#zFqVb(v~L=8b4Z2Er)$)5^S5#D|KE
z(0~@a%;34CmU@{3OF-yV!^x74>jCd-(p}O(NI~hqWT&PH$-ieRNovtx0zEnU5#L-N
zy{Kog|AQ??$TH3XG7|qN7|0f009u=BN}-;w?GQMoxVrN1v>g46&{7Z|pUSkuS17@N
zk!+}P%5|I8)Q3dUK$W4OA=h`b_j8FLvN}b*)3$-JT>BfGqR-dI@iko^P4AK2im94#
zD%z*mvlE^yb21MufXWP51vFlMLJ|!&w;Fgj7?S1#GtkTBNv>IuBounYWXEMdsYp6F
znnT;E>Pta}MenaO6dsggP#b(AE>HTT_WINSakLCNuN;dcy=5aq5|*+^HWIk{hgP<r
zW6{p?-AhxIVQ{rahsq7$(!a(6%ShXH++a<BD5bOc{vGnNSK_*_#5U@_B~_nG8e2)C
zMmyaed&`{OG?T0aePQ<(S{G@dxE%_nn&3r;V)r6y;F3F4r{t9+yO;g;W}qHS>@D+@
zIe}>uk^xlQ>rZquPCz4MADj)GCZ95~6rz5INMelEF$$b}sKtcif3pLd93?qM0wy=I
z*aFj54UAD!^{Z>MJ5xu>eI4?7qUW7^{(7qbTt1`ZS=#t?Ga>NVpU(k7x9}xc$|+$d
z$#@dIkVeYsSq>YJ74!n#e$A(O9iXK1+}LkP^~_wHudtSdrLX$Clg=fcQAOPu)9Rfp
zwe;f|87_y#o^5;BaP$k!RH0O}55UK*)<y^9v%G3pB_pY%PI4g7neeBnAsq4gtmbmq
zXf`=9dm|-zfX_CnlRDUc0m*Op?<quAb@68YK!4UJvr(C4qo|OVOHzr76^$c<j?)M$
z+_vGKga?I!PkNd5w2`z?usygBxo8z#n<X#^TvA;Cg<2yx1{l)i&THg5x*19D88$bT
zTv+;WB<PioTtAeZAWv&_%jC#H6F$XTK!mdx@nLkt@V)a24vN{C2R%~M?)vkJi3>rV
zWI<a??c8ACs|PqD5$#6`R&bOf);BoYX&(`IHahY+0}h90S8tWFz8cspjDY#k^dTin
z85vK|Me3{xhJ2&9u^s^2{N}*frM6>QNMY?NA;q-g+;e*_+V7TaKgiW?PT{oc``qtq
z`M>>1xOdE&#cWK-5ySBb83$<DyNBT%6CIb5h<@J&8{BrAcK1zQTSWXH<3D*}H@C+#
zDYvK7%hj+tYt_k*%`R4vN(6+HhOE*<20>mP3eVJ$z{~b~o$rh9o(t{%#lK2@^es*~
zbE*sx4hxVQjSM%1O-*UvJOU*v67R!uccDK=$ZzK@e?(o7<}Z1N==W^*os<s+3o&c-
z+oS$3vghK1rTXN;<C6}1;6Sr#z1Je#KsoZi==8?#$8T~LBVpt)Zaxep?6^L6O)dH+
zIi5bvWnx4&nBMdhbf=Nlw6a74JgRQoULJ-9>6?(3z*%ooFbF3HbT_q6-Lu&lJ5|ag
z&|`bzIvW1Z=K;L{rxU@C&F=4Rsfp^r7`=z?+fK)<xjGLrT9ncP2YnN3iC5*VVjPh!
zsJ_8`;xCD{OOtfe^2<J!3J^)Z`?eDJ*?U|T6M=KL_iEn%1*xbt>-g{xF|O@8@>RQB
zQwWhn8c$lJdorH%b}C7WmrHyBe|W#MTfed`s|8QPbjKc#(-n|^=(Kj*>BkXZ8uC6k
zdVV6w3Px6OWxv5OvHc0BdfM%jHtDh|XIinrwDTC;fs81XjY<u=KHNv$H{fJyZD@$9
zhXS?0-l{m}ULs;QGOQmHKM@#zT*p!{S3h&<X0u@~Atr$Fy<Wn;6Q<6qt#+d%A~dZi
zm&O&}RG$TdmFditkPoz-w7_km=NCyq_W~N9D?&N**xTKbQ>UF_&ol{y^DrVZ!JvL7
zDR=EW1#QiFb`swhneM%rpeE$LqMZOido`coGry)pKk$%Y)b`)TM%)8pVZ}HEM@Ip>
zcvSKIQghsfJIPBpqVuGGm>rIyQT_LP@II5%#vE2R%iLkCpHwnxbo`7WE7Dlhq+MF}
z0wraIF$B+TPdSgTNXA8-0cRw&q5L%hbmNB9kDeiAyqj4CGTqF{_;5wrSF%=(FqlM-
zE!5KP7)N}YfD<4~jeq_E#MKF8RL)1GAg>9qk*o8pj!dUd01u}JA=3|zZar^b;q~XA
zhfnaEpIZ_6#?)2Ov{Qllk$o<D30M%;DgE3&M?p|sm}|Xa|20Ui$YS4%MZ2CI^BE<x
zoGhV-@)e{~)pg3VL5n$r$nZTOC_mq@=IvuRT^`g==7;~9uJ?&!u3;yOT}El{hbUv~
z%q-E0<^%XHTue#=kzR!2UA9;%(eZ)+AQEVb!De}(^WRUD+AGG>LuXqK;Vl^|QUEDS
zWUB&pYbZGR>)j1c5lNidx93>&>qMTZ7AtPF#PuAr94k$9p|Vtlr}!eYidh}Vg<{dV
z=W3h!-xJQ_5v&*iOh9pFF8V-gzGQw0LS}5I@F@+S`Xn}Wdh35|6d&H^6(2cTH!T(|
zJ#cdpJQ8e<K1`2VKmU4A{|zuZaGSJVv`#Qx$NZl5*sUqIJv~_Nrued)1f3ITCn>O1
z_r2loLaGOQ>c{@*)@pn8aw@83lY)~<&00pZSP)c|{im&>eVUpS<Z@lZS)ID2cG*^x
z*7TTM>gKAJqr~y$N{ukU$9P;8(EJAuM}`?oIJ}a@`eO8xJv&tSxOSJXwLkQJ0ReYv
zp4*zM5drtviKJAA@=>~C>1eC^F>TdSUK?lRnW@GKdTqTdEAN8dK(<RtgO|LrI=S|%
ze>>@?WJ=RFcKTY@a-qq4KIY{0D~yjf-MKR?LN;mW`5>E|t%y5_$Tmiujsst$7J8IM
z+T0U6f;wT%xsgjWr~g=sWV>hp`?^ziXnScq_HoY23-RB#>}K7|+xLf;7X!Z$>H@Le
z9+EhpZ5@^p#yxFA?VqRN13EDI%WUo5G^}GtgQ$bmUiUTBag;gjGtxe}y-6clY)|T#
zGc(MN;iRh$-t_kB<eq1Y4oLk>WI?2HeKXm#;j5{Q%e&HVIPT>lzPpy}a~=ntRZ0gQ
z(Q1Tte+Z@vDfgV;J2c`xpI~LdQ&{l6S)trsghoUjp%(u<lYVwpa*o_cVmECk`+6cG
z_>jMcb!kx^G33mf+aYkh4FS73^)Te7f4_eNSw~nhklvFA)WeXGA$Js0w8!o!6`VQ|
z-Cci?a%)mjcN^{z04i<98$*&R*qXKrru%t~EXCchtALdquj+$t!8*vnuK7_oIgI6P
z6q3X17Nm<Uj_S%@?xsZhdLSlLsEUdEeIi?@=pQfi`5@#vpzLx--RqiywY&sK4ZH_u
z{uGE)w%?7`$T9&2_Ds6^97LOelBRZL2oPt+yGo5QSie~iS7qXg7gWYuM@O=&PE<#f
znQL)wWp~j;tRRKVb?M9wuuM^oR0z?3%9gbfrzE(w;fK+|+zrOzU|f2zu^^p7vZx>T
zVSYczH6<0h`xiJICjS~PV{tXD{GU&DfdWWN@3q2gWOP-bxTQxZIc?E|HlQ53t=kW@
zdKMAT_xS|#{FgHM2WPh~s>jl?z8rck`joy%!2L@*!1mK#vHh`EHX^X5riFz0l&!{n
zc=vQPflAj_UCnWbJ*P)EhuOSQ<B&rQdgGG0NzsJ;eX~T~5JkY}t&@$;?S~78qwG|Z
z{TInYb?LQlvJLC=W--zBq5;x?I8cdLLV8;9kFlZ7_LN{|Xnkbhw}G<ojcQy4RF_;U
zy}Z8+Kp4#z;Fav~m3>HbKI@I?{$!-@b}yN)3lo5(+P+zru4;B5tIeMDPKGrUmu05u
z?v>wYTF>%N9A682?I-r|nrtXk%s3lvl8oIIWN0y^r*_*MO-oDmBY<vPe)7Cz&=3nb
zpv*B6HbGQ(ya>cYc}<9iDsm&CE4ti3SdC>Ix1h7I?ntYC%hM~*h#T(zVzbww-nyV)
zbRH&Jb{;M|XWM$+5vOr8#$WJTqT+|B_FPPxaCtwF$~VLw%IGRm-^N9Lm&mNQqG4?O
z?A5?q{p@XEKUp>*MOOynd{H@OY3!h~bSk8YAGP#V`K18;qc|(IQBZX9f~Mk(0#%^v
z85G(wb|dH8oQga9je`a~A&JVO2IFANapIL!T(%$UT@$Jx8>-I6c2S(XN2Dcs7W#+*
z;;8{2a>k`5Np=4CU#AQ>0-3GAAobql_p*LLnX_C*hu#^>+G0q9RQ<W<<lXk?+;;9d
z?I*u;`{W!R&0#zbR7fyAGMKUYaaL7ybF)l~WwR6{J*}R-0BT9Sum9AZdGtKIi2K{H
z=`#A|kr=~g4%(QjzGKoz<^-`u?%yOXvs3h#;7U;JGv`61i0QqL+)nvO>!R?<@a4&-
zw)FeA(xx~wJLG9;N-{K1qPBuLvNXrV8gp?&Ijo^K9bB`T!`0J-7Uw}t5TuKLI;EXj
z_FJuYMD29-nZ-NXVqQRj)yYyoI4bp61Wdx^*hKebE`Jzc{wtLgae$?e4b1ibY!BcD
znF2{i|NrfjF;E{Vo~$>vHEn07#B>+A2>-uMS>=ZsZF-AcsVh`3x=@Lol@w0k)_$VR
z)iRjy%@T*un*1V|@Kd7A1qK!oW5=PE6QOiG%Go;|@I<bxg(*r$T$XA8!Yi4HbS6ZC
z3l|j;l>hAWVB53|?BaiYvJfx~298CW*Ni(mUhUUrV%n#md%OP01yGX*dm>c%w3@Xz
znXhIS(vR2s(90z2nnHlT@cF)rFJCEc!?3CL`!I*4n=vPCOs2~|wx13sfyLmL-WQ@H
z-0zl<CKGL%BPL}}jv0AGiBw>1vBI)4bxiCcQ}w3_<m7Cs#Wo+@#Kg8L<^dt5UXvOR
z9ODBwlxddev~Ih<QnE}kXU7$Wa$xI#JLg|ts=z>dT7;iG9mKB`yCT)um{H&z{D|M-
zOG+7mWP8#I#)yifazW_heY8&&a{EAlY=j{HkBY!!rE0oGIL!KR#zwi_pL2le6{Y-C
z%#Qh5aXF>AwUg0-f2U#3ERqT8sYu4QFb$V|nx5Zk8QovnMFk717M_uAk$xq`rC2|Q
zK%6{F(F0bEZCN$APVS|^0CmCx{|L%9;wq%Ast&q5$wm#(k20OME<HVk-80wGS<I{x
zm`DD0Rm5WvRkhoMw`~bKY2BdRF!#G>w8dCvnTOg&$U<de-teF2mI}bk3#LwoZg)*e
z#Q)JGR4Pew%2t28>L)gR_3k{ny;mBusoMCzyfh26E9hS#7;%E%C=p72iicI^^o~~%
z{<<YnyCHJG12++ICl9Ze-%(;e)P(8I5&A7T(MV5;yR1LlJ-wsn%hf@tm@c6&m-l*K
zKK<Q#f4v+1OhI;s*QYKa;&X)tV^m26Aq42y)D5Z;7iVA8RFL^C@jDsLC09hKSDt8p
zcT3WU)pL={%l5bYo(eLZ8?yL?3e@dcWjss$;6KRy<DnAo5`K;R*zZSV-JS}nowo+0
zl)zs`9boQUH$+6V803MGdzyBU-1>zKho7=+Mi1avU7P^-0;y>i^5gBa-Dkd@8n=V%
zC``5V6}@%cnl+9khAfixT7B~6`W)RF^R<W<rA4?GYrDbb%S2nA`jmNZhM(QdzMJ85
znvge^f3lr!Y6BAqn`YSp<{_kqj_ao9(ral`Z5;<3&>$xxe}e4Y)PjD=`)D!PJGya;
zOiZZ?Z!0_Gp1lbzGHrB^o*JW#uM8yi+=@bYLHW(SyB~o6imSPMBLS$QlGFT=-$4al
z>r?l%vJF$PQu%%fk9LN*x9EQv@;g7N#0+I!{D{@+WI=OH%<Cy=n24i7U;0PX{qr@`
zIMG9GwN=|qL@+jNO*(c|G+Nz(CY^c8f`US0pKxe9XF-6}QJY?xkXI&TN9~-VV6|K9
ztRbJ+vuy&r^ZUa;FoU=mYt;9O<l&Bykw8;gmDy6fQFMzg7TP8XMiZsHK$zGTjcLu_
zFCr@9Bs1e>Hjr*p(nBb-5E0dUX0Qy$LI65r@Spfu)-o^rRpjbWEEla+JA}X9Sw<fe
z0Mp92w$qweizZI~lp)nwiqM5^q2^IG0B|Gi+Q{9b#1<J=L-0vuR$=!p7EX?;T4=|v
zn`7=;@+iJ?E0#?6;?hEJPNdn4p(F_#^L}Avh0dJ`Njwrey7xC>ox5;pukvkPzjE`E
zy_X&P`7z&TS0(Y)rx1go3=ReG@eT-8va+IxR4e=O=f4866AX>Jb{SrRE5I5F(tzB`
zWYSay1g<UQ<yG)-$L|%nI#T6@4GbvP^v0-Gs^7yf#M11-%ob4f*DtEdTX{}88T$GD
zFLyTG`wi?MLcQ!#`Mb5LIn&7RO=S`p-hz-pGkaQc4CL(i@HxyJ;iUjTen=tY$8=Nt
z34ABg8(t=wfW*y}vReClG@fq#8gvfmG6$^GM+gD4^>>5UVGy_3lt#2+Iai}OQmK29
z7!)0<%Hznuk!xlEEGY(Iv2=^3F=jk10XhPGUn)?f_B}qIU6SegR7b`sAGhrQ0Lm#z
zcTP}+blW(ULcjc9f%Y<{LW^Iqik#b_V4t%&sbttv60E*iVh-O}tcq?Pi+Dh~`Tdv>
z1Qz87wuNrJ2kI`2e@ROHgZ@ubpygkHcWQ&cfz;fa#`DMD_3y~5*YF@n9J84znips6
zN6O-mX;y@<-oSL%P6z$zR07R1#vPn3bzwO}1uwn%KL|4R2@Aux=oJ@S(F)51e?9d>
zd$&m0UZnB<`dX}>#+25}+@vShc@4Th4nMgsR_yz(?mrTKc_~D_0-(^j>s=hy%p|~R
z@uT1Sk1dmz9}=a4MI2TE!JKpoxX<^r<16|&&RzlMzpGZimXIBWJmz-2R3~OL0KYj!
zRNR#(cC%A;kG5$|h8P<E&Qg_w1a|6-KvYJ0@G|b51lDrR#Fk;Kmg}X+^wiL~I@-=i
z>0<J1z6s?9p&O<!Tp(CdhqU}=4UI)8D{xG9guSW-e4SjlSJ3@YAEf9!WzC6yXqB?U
zXOf{(gkbVfo=^m3$MgTLf64hl{t~qd*F$fSga2YW3iYJjF^*49oyTleue)@v4xGc^
zy8NG0z|PMm`;KCBRHc(67Dg;y@^aT=6sTe^=m<9n3$dH^UmnNY6z3Yx5?h6#_#Vm6
z5i-En0QbHIsUV$TPQEOlw74>op=-Vphri|fqQq1|H$$q#OO`9X+A=R)ci~bd<Jc$=
z)%5*oBM_BYsH0y3yD#U+i}wq@)w5fn3XJYUngZ1wdY0;mb4W^7(b`p~X3^!He)_U;
z<~?4r6EZnB!E_nFiSI{l(b`{3fv|;Tg@eh)^Gnd4v@5h#OITB?qQs3b78Tk^Hns$q
z2bTDb7Rzo{LctJXlq8?gbh2{>jg@wsIr33$oX(HD^R?;2IOaQ1qoUnA&G?lAol_sK
z6^gYHq?zArT)WMpU4|JimKG<4@A+aZiA4Ldazp0tVV8!3^~HK@%+5jbzYwHU?%X22
z#RDJbUKkJSDtPoN>ycj`wBZ-IxjiZ1-u7{_uFYolE@_)r{yv2AyE&5^b+bfV63izO
z)l_0TQ-dl7FR99vMD`zdygCbxMzn#!H)sq)(^V1lfugdOhXbWbA!3}Ei8-S*C8J^3
z3P039QT~`g?Gwgoa)c8Ln5dcL%bn0&TgQ-oSw&I2CF>m=phrluEH>n?ra8GbeO<8W
zD!Y8pJF>D~S_Hr4b_My}4!vJX$nvWUV{<kGYwg1f70dCz#v>D{lz%dv$iq*IGBSx^
z_w`#U-Xq<&A^KbEdCY)Ef+1Y-CCB|Vx}lWFue)>#CR2fzs*@jC!+iC2{y_A`#s(J6
z^*nh@KioBLI^uNrCkw386n(Slf1(Bgu>`LavDW?d>Q@@K7?exGR+HM7U#_qlsJ^)-
zPqGAFcjycD1lS}*zcn)-dY6ml9vXf-8C0-E^csgwlC!&NLl5Jau5{5%QoyYn5FH4&
zj^t|7kTvG2cJ$Q;IoN%GZ@hb-!DEu1wJEu@HhXPD1v(DKEmw$k2)I`K?ULeV*k&<@
zg@R5z%KoRdIRvbU?xcR&7_DBdB<`Ii+{Hg3%Qi1e{2$qprUD6ZZbb3D!2&2B#!!mz
zRDtDq<nH-Jr?&X5rKvjlW@yN+IMG?0@zirzH&sk^f2ijl(aTDa@dhyMUJ!m5igbuj
z{FTOdibDRRO)gD(N7dUIsu$=LgP8=3-(GEO^zK;Wux<4iLFy~sp6IxhFsuY$P{$#p
zz!kN0l_r0Bisz4dZzg%_alMeWnWOO0eQ*h4?*u%YBw7O&(sd-k2HI~@Qv)*ZoohX^
zo>ZWIJ*C&HlGn+@_jQ`mjv!>3>M=GE@2iSuzOn*r{%>;DK!ZR0nKu;}o6Mx^MNz|R
z?iU0kmcTbk;F7aU=j)1-&S?FUsVe^nA)RkAmQ6c6a3|r?z1i=g4POnKLmlqq9LmX&
zj>%Je#eRa0Ee}uK>y5E<`q*<H9lYiWWjI*k&EvYeDpvhq7BK0x6X4tm197XUj4OT(
zzcQl`1?BkfJ0>WW4R#!7)S1F^s7x$Enib>cR-apmcp48Dp8z&0{-fvN&xG^ea&6sq
zlW2hOUAJ1$xYnasaoYd`H5h&Tu?qal@!6*P7#0;H=m=cJE;5=@Xp3=i`MDp87dVMp
z>>@QY5bRI%4gss<@B2mSlkZ#|XXlKl;{&_zrjJ;P-9e|tStsl!Vj2)_URdjFW^HuM
zbqs57>Dch>NQ_p~`&3{L_p2rF=w4aC+plpSD@)taEbZ_#7ig=p)Box`2kF{1BcYg2
zYicthY+L@oiiQPH42bx`^1!LTEW;w7rNA@1c-!8QM>e>$(T%S@g&M2w|3J9ErH${x
zHHeNaeMBN7jCB77AztR|1c-iUMJAuyLt`U2$^|E<&rzYZ!{YhE?^T7C)=Y>@0S5{V
zN=+3o0!a(ryd}#~RMT?rZAI4#n#=w?E(#{<{gB-ksg@1O1Y!mqq9ukmn_BZ(am=0h
z24vzM;%#@k9tjMq(e5HVZO^6-<ynKo@$1gwQx}oIk1ZQ0qiPj4ig7MhV_uvvH5zm)
ze~~Vf#DkbpV=<j54AM9M2l{5=U&wA&^S+$9+IL3ZStXLFJ=dQn504*{-79A@#XP1u
zwX6sCIvHhGxcs|%>h7ts+roXx6?D^SwRl#q89#YVSWs9!dz2_$I(L~$tuP)G+FW`w
zwFy;=quWU;4wkhzH=DeiPKNb{?({;WZ+?|@hPqpV+WSTuw&6qPtL7vaW7E)v+6Sv&
z6<Y}FiN$`Ut$B!j!^)@Vp1uC+IiA6CLRRLdXOv+(PTlr_T8_qijfP{jL5GswuFz8B
zJF-|rRKelO>r{UtJKw#6L5NRxPdRkXu|^$GeV~|5+FEJ{#~j|lhV4VE`O)#Q3&6kS
zT(<uq+^Vy-6sXkXk~%H7rf{iXf6{6%I6`^egh_cjblmQe+l`n3u&haqt{fznc&Lr?
zJ{G5gN~<~uFqvv6D0JU2XPH17eVxq%0Lh|$(?!KfNBRBUJS<PUywAKSLr_FNw@+;N
zYoyIZov$Hr*-bM!8c0*-20&Z_cW0c(Ouv=AlDqPGW#y@R<e3%7=S8F~1}?bJP-}rn
zpUH!BW*4$tF>}v<mznwbU)%nWd!XGqWd{NX^$q@@*Cxnx8Nbom5%zy+6V-UE;C`X@
zfW4*Hp{TV;%cU}>LF=#+wJqR&vCcWY7aASUyqXO-bw<Dv#HA|tUEa@@_9O)n5lzVz
z^-=9H*&XjmVxVk<9?~aDmhNQA)KJHKqD%9}@2aAqlk@&GsPJnj!|jZggJBw!C<f=g
zpx=~TlGVFa%*zq`l$VE(3#W9yU^mM*UAL{QgH+1JOil}&VvT^ZoC;Ug3a9>2cHKYW
z(_S;WR(|bXfAxO{WwaVPIarh{<P;wwvuAokGjN<fy*snG>Wof39U6in`or8DL)QkA
zS3;021tb#d3rG_=fC+1%C5*{+=BtYf56TRMF;S=p*LEDTxl57aywj<^$-HN1r%jab
z&ffIIqpNH}14%5Ni~`3;JZ$Jn6MGp%+xE?|$ISB4GNK;P6gIi8ifI^R^l5xNL8SL-
zya7hF)&_8&iO4h8FWuvJGDmA?VOH$3+-;{X+d&VyuZ_fC0)N(kuoxb5KQd|`plx8q
z!QzZU@{yZSft-iYfZg35{$>9kieX-0s6@xJ($#E`8U-UKH!9+dZHa$3db;R8!*z0_
z^5GTSVu;}{r52|TVs0;$>ykWgy-u{@8W<>kDWkH@t#EB3Pq=_WclRJ$2Ptb(E&x>I
zZ!UUTgUlhqamcj9DclP%$HS5<Fanvj8SVmgWFWf_F8;42ZyIdssaPg|>sStTlEpxS
z;xbU{>8-F2>aLJg4aax`eLpTwVkMCqgmD1(k~{Vltf#8p<!b<s_lj>3No>_LFkLFu
zv-GDZgOd;bdt{K=cP!`^bY;KNsn|~HMqcMA!}}@Y-N;#t^a~hD)1s?X9q4r)e)NzY
zNI}w@0InP4Pu5WF6IV&R)6(o|uR9v;|2%ON#$cv)CxPqz$2i#UXW}&yVz+nwi<6uH
zb`@Z`6aW4PCwWu=W^t$P28><h3SM5{#TL;Wq-05Yl}=G(oTZ5nvs}h29n)cg1P!Qo
zzPjW_d^;C4CP{)cEn8C5@77u806Zoi-hk6r#n`Z&=;c=jad=f#Vv!+w>R2sB(q_N}
z#N36(s}M@lQlyB?oI$6lh3*>=i+TEUnl-7ObQ)#7<Ltb|Dm*TYg#o6UgnV)NM8S`Z
zF+Tx{yHWCW%_iA6xe7LwOLwPoxzDClW)o8|<Y%_W-r4F(p7;2Br3r+8wPf5FOl)c4
z<`QD&J2@G-!>o1oLpJSUQ+<EAd&8heLD;Y``MSra1oxMhtwS)CNTGy;Z!;Ym7K~d8
z5agX<;o~0i?TP(KYXS?0^P#Q~XqHdMZ_Cv?f@VdboWRyr=z&Ced^W&Zrqf};Qdto+
zRN18oz;aZX%JtE~@r|fAo5P<Dx>|5KByPA~WyNl$7|4j8?P%2d;VBI}9!*FFDW%Uj
zPCV#qD6gF7Q#pOgrFGbqExD@>vJeU7czt5nX=~6jW_#1b!O~*(uy+u!P1<gFtCjFa
zXf-FCI;fO1)YatBG^~J9VD6a6^8WerzC&1oZ-lr~U~WRZdn?$^z7>{pQS5b8E~vdB
zB(W1|gRxn7JnUgD(iig7&UkTRj;u*J4T2R$1BO0$DE!H3uqjp)?$DH!5AbU7u}4@u
zD}_VM&GB;*_4>j1y+~<1u72Mch*P~Z&Lm?x_!CSSQ0P3|=p%EM&*7IW2unAbFLiv%
z_l%D7{EU1|{QiR8T^I#R1ad?3if(*2@ueH~DEQ9WQ$+2KFKWf^&q`}%j$<B{Qbh?S
zA8UX!<(^s12`D`znzi63HI!O0tS}r$@0G!9#ZBTf4+2uG50ji8_OG}%1%h@Rx0gq}
zF(u{K>#u?Zl}u*NGIts&&yDyby^82+!C9s$3#@uJt90PX$J1AE#GUBKP2X_$OlaxR
z{BR$9sn9y{jD{=ieibY4ZxaONW<`g(SY|>Q3-b$d6)WR!@HqIESK4@PE|N_v4mW9!
zdL0)BQ6eB#jYii;y&HW4-;6kBplb=7Jkcsr>J6z$AQ;%Opih0a+pgfzbh&mXzk{|r
zoVx2vgM~0S)tCD{@V~HJ1)Lm2Y!*h0jf4rpzG@8jV{W6q!j^kv$X}=Jf}f*6FtnU%
z>K#@nX&<lC+teQ?InF9f<a3UPm2KC-3&dl*UMY6!d4DsdkT~!sJo<iaJ$}5UriC&(
zhws*GJF!Z4-89f(db9MKYkD>PxQ@i^_GWyBm{oImjK6C4^!{{Xhq_+o_QH;y|GW{z
z`Askgd{j*h@U$fd2j{IaA%0X{^O{k;v~`};6@kT{(pX_7_ry9cpvx)IR(AXL&5R82
zd&9Ukv?x!Fd5KlpZq&zOm*~{&t^ieC{<j`83d<621JeK8GLzA#KWDiX$iZs2b+?*c
zL${x;(zFW2+L%>(TK&-3G5eT71v`&6UBA9yJ|-N8^zo!hf;7ffLcXGwd7QZ-cO3nh
z&(#=m)LIdAWyDvZsVr680f(mjRr!l*UQI>KG25o^r%lt9WddIRGjqSf@lVC@fRZ*e
zYWT3Sm))yU4%cAN)#W9nC93{>ihq2`Rypbqcd&$B3iDFdS_{xxz8>`B3ws%ul99?l
zeNZoE02Ow<uOAm-TQwigQ!LPFP$1v~PJB@k0#{GFys3$~-T`zYG(#s~q6?gP9b%W%
zZO4j`2y3)IPzCRFpbo!q?*dNAp(#iu`~CI9&POfLB}e<eFJNU{?SU%UN?2own-e2`
z&EYT@$Gwy?a!=5xjy`>GMtQlnRQj4<&CKnlnqMDD=PKsOzcjNm6);Ac3Uvz+Pp2{u
zACi#u1<Cnd$f_Y`rXip1GTuM$yJ<Q{E!vD*qsx(vckgazw#tO?A8mORBs$Ar7pS`{
zq6${g6P07cR$JvR$z7&hGB9W!Q*&`~0tU6$p5tC!066fjNrkLRWPWd;dAOn@f=PtF
zJ*8rwyCM@a_Bx&zHa1j0D-w3anuZi*U(ls@$9!bxHHs@)>y@Q+Z7}JUtTJs)3(K<6
zMeQ<EYCuw7Ez)=JIKLk#@6=a*bM6Aa-scUzTJx(^NOb(X9D#a6&07&AuW9h0YV@2<
z35)dReK6wYR!Pu6X0eB4^|C{er^&HK1I1^v-_pXQsNS7{-4+-ff?eOE{Qvd19BQ^T
zM|jNKg$`uEomo#DIPn}U<7AxU->;8Na~>Poy+tb+;*o8RM`$1)+&lzRr8%bX<c2bH
z^PJ-07w|(7L$IWEIHoaJ=z2J%DkFlhG*hB~w6DdFPEGgIX0n1*^gK0LHlW^`s}Y(K
zA^*){*}DhTV;~hf(4b69E0aCQD}O04f(v!&3GLpP<Y68{OY!;W8^UZQg7O0t?m)5-
zP>IditJ4iJx@Z44E^U5?j~1GXd@@1KKu`yXc#eT*gOeTVfpi$~<uBwt>8P_bcIvQ)
zr9+|m0(bWQMlQ{OYl#e~-^7l?@{nT1i2pU=<}<L*cbG5)71bvV5kx!-<34ay+BYHD
zv?qq<uSfKf1`eM%Ri<Y&VM|KNuc`7m&s54tni`6Bwz`y_I8jK^TrZ;}c&KSAT0Bv;
zME)0`s@jGS)lwmHssw%mE``ISO*)cS4AN{MZEj+&K3W|)Ci1hPkN)Z!hhFnAvq-Ef
za`)TsB3$?qPeXJaL$M7|Y%S&V6c9wo3BP1O=hM<i6GDq9^ji*|1+VR*Ph*A-HjNqD
zDFs$jH!DJvAKWCLAD6ExqaZYfml8kFrfK6n5-vIX<AtY#nE@RlPr(V9pGj}lgPlRM
z@tU1SZ<d;!qnK;}Ypm5+l#fG>J9N{c5a0O%rK6911G?~zarcEg*L~qRw3;@q;Zy#f
zffXGB%c)@FzW!_e@$dH~Co#X(rFs>&1<4u0)0#5%ZipBVo%ih1-)d|Uh(bwC%dgy1
z&3XG=b+NHHNaK1uh#HPKK9QONq(AIig2`{6CMptU2Y+ougbJ8DIgpiiKG}>s3EY(z
zBhphp)l~lgu$@1rCIkO8SBd@raHo=zXLrJfHFK5x8PR?{kxvZ4b{{_v{|x-at(-O4
zfvXxH?)~(FX*itliTB|}V+r?e-F95Okl=cRRE16!zdB5ign0vO|NYNcRJOqB0q!D;
zbjaMmkhGd($WY*a!Pu*(HJezL+m!8^EH5)^Fw8YJL)IE+hJc|lpLH+oN^fv*bqXJ(
z7n$?=|2Vq<irD{gc1NJN{OCC-X7F6Aloli4?_feN%CC^fcu0wdq*_}%yVQoYLF>2F
zh(cnBx1p^#Y{JWp8As|x^`Z+o$wm-N9x6WWUbaSgH|YR#+7EDX6Fy!n_-?R+=RfO3
zozyNmt)I`EkDt(7&AZd7H6ylR9<RM$Uw1YZ%B2oxelU!ln&LyC<qFCq1#eUTS*B9^
zoH`F6^->Tk0e4nSM<)_Kg`Lxbip7q}J*D1ab4g|~k->nvd;=nACTZec*f>@e9GBjx
zem&M_#MLxOSb0e6T8#&Qx?^x>=TPXM`~Eyk#!9NiRW<MM6@UZ)oKRzya4f<TS$qPA
zP(*mrjlP=f$G}b%&jOFDu-_k<K(UwASjB8Bf?SIxg53*r08gdRLuP?&bds;iDUPiv
zY>N!W)W5Hp(<&D9F|LPQ%$6DJHMV$sD@xJ%7Z^cUefzSyya@%HO8!W!DdRpX<M@ex
znYG5JOLv|tJz<-@UbS8<(?;)O`+wSXv;Vy7iE=_tYp-1vyfiim_?c<E;YS@e>WS&P
z$N%v!jg7mo%!dWLwcA;}-xWn!o>LKcA$bFxQ`v&%u|ozZVwcCkm4m}2Y<iRN_8CEb
zVj{3N<;}Z16T<z#|FT;$&o2{LoSTL6u)qm{%Hd#Pgigoa^oUEg(S^u3K;w#*1K9=i
z*3aG|^y+~6q>2<FQR5(XRiPCB%*~NXlpeco-Y&C>oU{;zNTr5-9Y*7gW!1M)(uCx+
zJqz$+`DTpw{keYq?@q_Szz)6FeeSM!AmPXMj5TDqp-Y6b3Pk-X#Y{Ts+uUwjE+JA1
zl80xv@=0y2W#O;@M9xR_pNeZvm`{@UM$)B6%664Rmf<Dw5;dDkw2`{qur82&_m%`^
z@Qm?XW=$I=j{j}Zw=y3TMnHI*Xp3sM*C0F0GGJN-Es@6}Hi|7eO-UYkNID`gB2I6U
zsT+ur7PX_HD3CgYJ%He7QI;f@*7=%7f<J-7ux3F*QB@FQS%~5jLVoYExn-mItjF_e
z=4~b9s^Vl7N9K5k+355FM%c+U<j*Gho69y*!>7o|#oaT`zxNZO7&xk_KeNlO5CMaT
zm@uu$Wh66LVCpP62aq2HCU~#)L9?~r8$7Muxme!ZmhR(z;8*SjraJ>aH$QcF#bk&1
zn|a?0SBPE(4t8g4cQ0GogPbRg;seNnO_B0pMJt*oDoP2lDGI?Q>q38sKK?!v%nP(9
z{t4b=nF+Pyh7SkH64EyAQ)1S})?~&xr1cy87?*(r9i7b?)wdq>9MIFcHBU*}G1#<y
z-pWBa-p_13Aa#|njwpfwk~m3bA$|2!K)09npBGYdG)nP^P;igm0>ReSt82KtcM-X_
zCtzNni_d1D_q}`6r(XfQ;2qLy<Tw2>A!GD!`CLR4FCr(<*nfIF`P2Sfuc{q{WxA$C
zZ>#o<Jyj!7G>e}`I{Gd6^wrVsfV++xGQItV=6><aR~AVoxj@&M)8%kcJ|MrmW76)~
z!fjSWgp#;Y3`Kz8O5OSiepS*1>jg?AsYvj<X{@SzOsj4Z7>u)y^XX+hy0Ai0Xv1<0
z^I{G2R>GRr(^a&Z7bB*NpjjN3={DI+PvVJ;|Kj0UB|dH$pH7|X8G0!>d8vbSEr5MH
z!_&u%BVUCYO55v0g48^O$j_B%GL0IbE0|529a(H^P<-JHfA#0m7j_CH27+_UQ5h;J
zFt*xb;^^bo8RT#5oOoeg^{?CVK-ECR#;aQSe`mJ>c3me?FCxmJv=2Ni1;8wK5iNBx
zyd<j1PS@KXGpL-H8|Z)2WF(tyCh1TDu0i5m_&MtwY|X~_^S^sNN9Iv)TnXOeqe6Zm
zuDK4Wk+qUYd7L<=P`Ve#6&}>A#2<0#f3cLU*6uF0j>U)bO?$^RPqbK|763`nE_Y?u
z&{$M#s{5RM>BV!h9zkkOMBv~y3zPZO=@D6E*(hAbH)eb5B`92Lis)!Nl=a9h#u7^%
z3UKE4UrMs%_nS#4K7`iO)=%!r5kUvpEb}{{7Jn(#FiHssW?usxH!eG694r0Is+a4G
zh&cG>-Ee{x>#??1NLp9pnzO`cV}Z-sE&{>@aw2TcdJKlSbfP<>f3vW-pEd3KK$}<+
z*8;}Y$CMRFG*B)OCN!(&`#=xWLQ_VUfY|R*nkTE@Lrl${A~`PAmhvyzt+I?8NvBB(
zUrX3bubHu)6`ASX0a#iO@s9AfRCdH0e7^S&6IZdkL1mo9Dh{7dujK{eX$yyl6B<$~
z5U+LR<TdCp5fh57&PjPj31X-dvi>hgDuKFEYZ;l1Dy4W>C!d)PeTRsW@A?sJWyw|_
zMQ!i@9{{gFP`@-JiCA*tvV<o9nhszuAYdU;jVs@4UbNo;A6e*ekHB&HMe@9x1fo(G
zoRh=;xDU5N+ggvO%nwkUm^2ffq)7`tK7I*#wT9}c)$LUQZgQJtDhp%wm1Vj**so1F
zowAf;-$*;z%5;2sfA6?I?Da;JDh}D&-#Z?Hzjr*`i1n1PaBJ|VBHYpgz>U-$p9OAo
zzkBZlH&Vm2{?~tzQ>a6ag_pTJA&9I^0zbSWQ=Z;%9%4^&T#}^%8_9v#v3wP><=W}i
z|N1Zeq|;P&xy4YgU9Kh<pDV&^9->`%$Ge$iot!F%`dG72-9w;TVcz~f&+uwmWk&Kh
z=f~VYb7ODwg`KJk?PsVoJ{v!X5Y<!y?H0>KX^<@8L_w2axY?+rI_`|ogiv_cEH+Mg
zJSit1TWNPWP>TKQjeq606bm=yAWgX&DiDK$EUYw^_F5KRl;mLEeBV-(VLP#PX`?vo
zLT{My>2N@)l9SsT34p0Ce>j_Lgfc|AT5yFFSc@1M;MU~9&io+du_UJrp+Kf9;(}SA
z?ogc@iaop_?;dLZRv;@tapRs1!YJ89vW|wX%fFeL7LgK=H`I(2B^u<0Pa8RYU=F_b
zlc{ZxddqjZZ;Z|=$)DUHHw)ign0hg6-%M?JdLpb-N;;b9>9`RKSJ1BlAt8yBWLTjB
z-G_LZi_ZI7Yoy9rvw6ERpt9GzJ&|hRZ)rB=8zL$!xk6}vwSy35dcEjR1<FIsB4ULz
zZXb!*9yhyfg^3c2o8P3l@FAMV%;QAf*&uF8{x{KZJmkgUpgVeL6Y4A3NerQEt@@YC
z%d-m=Wd|{3;`LWMFg0h~>#-4&8a3=4+h<U;F@qxS8EscdZISSBM>a$K(XtuTNHI?$
z0d2bSeZZ2jMv~hTx`5Fq_)TkdJ?9fXlTVj|1alB|gCfXx#J>K}Mi$${q^k(vuk6Mn
zM8tZucdAj5CW$S%JL9j2mpWt3OHd7h+c03j=$>{@&OV+qY>!-*QpHDG!;AKY(ArA=
z?DY%yqPM~3DWuT#PIppe5-tml<~&S)5lK2BP6x2!sk458Y6sLAjK}%O`5S)Cg9$(r
z>!bLfqbwC?v6%UG&zwW3KJmodq%{{OfX^_Kn2emxKws%`h{GFbHhF9wh$#y$^WK+`
zTdS&eFQknPB(X4o{>k{9=Ln^Vy5@q%*F64k{>Fsba)i|Wa5!q|3(GfNLP*dRVUm_l
zow1lLC&Z!cYHF8Xb};H1vd?+wbVfh<X{o<r6pM(>Rpb-jMW2!jfGh7Df<M25$gDIp
zn{cw}d-`I}Pv9e^DPKnEId?@EN+nWK%U&O@2uv2NDHzh7I)Ui<;Ve-Fp!uPQCCQD5
zz5MX+estxBW;99cS7x|1(vN$N(_)d|y6&`+h=qwoV}22_utXl;(^Rux0zL>omjWXH
z8Vk099>$Z;W`%BF?k)AIm1uvG(-Zq^<R>E*^Dy0XR=(|~b5k~-vpGMD`ON=RbqNnx
zlKO7G%5PcSqfY)333p?jUK*4@>vrGeufl6T79j$=9vswa>ZOn3c?Nz~VCp70Xg2W#
zg?%sNH`lml927RA(O0(_%{WUD{vz;a++Dc=>U2@elT<|5K|v&GlCpRQ{!(YmoNm{p
zRP9sS2NDqXqTvkhEPP$c^_vC31*|xzV=o^o_J&tkCaZHk_mebU{e`dax_1VD_)OS@
zWv=O5YYy73fhgt|sfa9Z9{<E$>(4>~XKU(*ExU>{2{?~Pubo$e$}e{zznnFOTxdV@
zv@mLfg_e=pOw8e2UA2w^i{@zE_Nl~DCpD0Tl<RSZ#rxCDoAVT6Hz(%kPjGNjV8r29
z%!mp(X^tI4m1?*H&2a1vdwou+;=yfMZ|q3c8#~zcxCq3mw(NVfPp!HV7TjE4u^CR{
z5O5&;8Nj4ib;olI5FWT9<_G!VD_`=}0kUv$Ul@Evo{`R|fWC)C$9b*ei^D;8ko!V9
zgRhBGN5$ORLJGZhkAU;71hNN><;aV}-gs=0uK(4oDrx#EqPdc2n5d+E(TJ#<Q|BvM
zSVK*n%QqL$1=a*%084MN6Xnb6wH?RpQmVFstzBzFKpm4m5Oqwu*7EGt<1D`BXWdb+
zM$#a8ALU^gs2hHBL690OHW0#uB{`Lj&rg!I0wx6*a>GIhIwm|N%;d*eTY`MV9T8bL
z-AaR`b*KhtmIio*VROjIH7$HG?N;4k(sk9}$M&X_X8{|{aU#co$JFYDroeScIYlEA
zA6ha$G#r%Z*8NyRT*P%s<YhB#*t_IORgYnN&+Apy3hp)kU1ak)Pg24{!UAyj0(zRM
z3eXL4o<4WdnRWQ6PpRU_?S0%m^l|r48GEb-VaC;0f09&y`lF@-*cOe`Zm%~~vyVQK
z1H8yj6@`ZT%1?uhx!NN-tXVXvs2?2B{<bvfKSP>0Rr%}Jc`*{urf<`xGNj$xmNva-
zNE<ATxPvx5n>Ll2b9-Cbw4WVqM#?>)XmhsiI3dh*V}WQtU@W(;9h+K}n)Du0YoNl_
zcdVp#PMgY{^5M1>G{fgtLDL=>EeGvXp1aP;HH&@Kmx9gF0epf%v7Azssl@wAsg5a>
zH_3A`zxL(ifAN!4#4Chk14<dEGI+~R7+;F;g73m$>kmhLHl<W4j9aJAftu(jEwSV*
zNB3C%vgkm6mo2AK*O?(ck(go9T27J|fK~^crBI&=VI=ay57t<aEEjX=K9#6S9D8gL
zcw~WemrNXUXj&z;Nccptz`j)E#pw(()DoUHjK%jC<5g52!A~?WzSDk*kE;5(swU--
z903?1yqmw|<b@wfYfXe+@{&yXOxmH=GXOn5;UQKAT%7*=m(w?INaD{S$S^ZP$rBti
z?UF^7LYWp+!0>qKhp<|Ij+x8P)`~U_j^@%2{bjZ!p&^r+m3c(Sxo5B)FqRW%VJKI#
znzx*yS+Ff@CA-+=C&0!72{s0hi&SUe6?EImGR{4f4bC093e3A^k)~2?Zn^mmpXKI@
zq|qA;@aC&!l&(~7heUT@mr^t5nB()4rx%sn={dYJrc}wytwm)Qd|UDd0`KV5{c^}6
z4@Uq!j$@G|@AB@QCibDuzfyT-@)Aw9Lfm7Ws)a!gi|q-uXQ+wUw=B?C72(8eW#ESh
z3MS--Z%E5pcs~?CfbxDP<!Yl&WdiA*uJyKo7Cmy8+;%I1>o&M9w`|z~Y_v0&I_)8)
zYO!w(B7tjM{^;N$&p`rUnOCIJACe@SB5v=&0iYTND+Kc;OrDBZy3ksJf)xNzXLPW5
zwOZZAZdZx(km<tHgokdtigJhQA;P#WSP<}Vu3JPW#GTRmId+-5<SjiKUot<K;Ex{*
z)lkZP8z#s4QI_NOkgy;T5V^I>f4;L2tc#^XS?KXta-2N|l=MXmwT2KJv&to$wD9&N
zi?EfGyj7mJZ-3YuALgjQIk<#6G$Ecp_fr-Km$R_&nx02y8Mwnl$qDUAqMOga63{%j
zx5W&-Ffjw>!+1PktDiu1IbLx0YC^geK1OU-jSYLzBmgr(o#Md}h5z)yG_XFd%G6Tn
z4rv-yeRsQ6`oRsK9^|WXiEWeQYLLqvG0QdQ7$}fb#DLUY0?tM^|LLp@iG)p@;w(&z
zyI<<S3l10RUawXYDCnkY5I?g};f6{%h|0RBFhLOuGzdTgP8w24wVwS0?qG+i#2t0?
zKRXS=Dj-h*x7`)XC04%5TR<OH?W%lW{L-HBwdhCvW~WMZJd4Grm2yoCE!TuIt_r{m
z=wLg_4Cvq)QbvP&U=4=lF@_1-G^uc+59s};yn!a&XGfE6v+Go>7LP}gwL*7Qv^fT}
zYg4Jhtv;ZgZK>3Gj#RQ8egJ)%3QGWskSEwPhI?9GnpUdB6E38QDg`a4Uxn*^ujzNr
zuX&tSo3jJju}M>*;_oX1-r-AL<GPBSY)@AWrt@e^zmNxox?#!2*KH}ZmihF?P`ksX
z!*-8SWfg7j8||QTwDT~7|2Bi3+-}g<zlcF^H1;MrP%hL$GNe<PB>z>c^EI@mRgU(Q
zsPb=(5cu?|^8K0Pw7Zn5mA>@?cd&NeX)AoK`_y2U!LjNO2FI$G!LjPq;8>e5rVxH=
z9b~Fr4Kh`)0-37U>Lm=U%1LyebP_dk2-srESHP{-JvR4MX2yRN+@~Uvx~gyoEml0&
z^&Cd2VzsSnB^?0okv|-#P%3##r6k!{DQU_U?^VeMWsCKSvc=nq#Ws~KZdYdIRHoDK
z^%}liiL~_V%5?g{wvn{KGmNB_*}EcK^rdx3XEyexQ%<Rp1lz;Y3=y7YSfxW=mEUv=
z&GLSsqTT6?mC5{jx~$u#)IrI2n&+re=6Qe@6erlQXJ_SIuGjN=<0++TQE$DOwV||9
z{umbbGE)_v3ReUZl6g@L4=5t6fwfLdYBlaVWg^+d`trLao_P%OJYW@KRS!Fzeyy<j
zDpM)<a`knZPSt*c-sORnm*7;UP!6{ByAPhB-@Vgpui<X^;p@PkFVbTXhUD`2%!Y`B
ze1x1#m4a(O$z%XD?P^UZ=52L#ecLX|kj74@Gow_AtZgOL2%^}duBv_T0|EH42Kv76
zvNO)oEapkARIyseKwx*Gq07p(t5J~6{cvs1zOA+uN;BFBKh*A2!Vg{Qx&tjv$&1V5
zv(|@`Gleggi`mQLGksU60Cy&&+v)YX+L5H*7r!UX`yE4+TJ>C!%uyf+ytO6^;?f3r
zH>Y<ZRT#u8kr5XX0?2}0bHd1nlQXOO2t(J<3z04HrKnxu(JfZ)?w~upy+c%{0q-lD
zJ7q*KK!A*1v!x&SyMT-Cc4jUg%qUf?zIA=mU;s=s7%0Qq6to$&)S(^PrM;Q~v=uXQ
z;fM2pU!=^vYLGLC3Y}yuPzOY;S;HKp$~H$*t<E6TeqxV<3d|d5r8^_1XJn>`s^A(=
z&#rrtiCQ9-zYh?n(Q2rXRCm;HMd<P<O<L;BlBSCH%Qfz0ENB97OzTje$6@o2YP<wZ
zm_y;Ofs}@a<QQ=Wei5<%yO6wpCcGonHHOCuJDbW&3#?O_7ry_jvtThl!?uAYolnO;
zAgRLBAmTen{F-+9z5akw#aLUTrof)mZ&&7llSgam4r}m3V%jg}Rwa;Efss^Fx`4Tb
z9%sl#IeB-XDqtu%0=Q~_Mn0~!!u_a#zrsZG@NtkODUV<KagzScPZz)7Eq9~D*sM^Q
z2ECW8;Hc~b=s;G;08)u_J1CNMhn;b|PpMk{+h;qD8cvtg)z2S)EH->5kJM_JRJK|s
zTeVugt<mzWZI<&E%f-gXn|mo=SM^bTKnLYQGhh{BX?kMG{E$w0%1T{^e-|OQyItMV
z1-ar)i#?3*XeeDTcZMzyVePCY#M+7bki+gRc8~7J59*B!a_DQ>lC>OyEm;+6r9zos
z<P?J_yNehNXS~NcE~QF1ZSQ0op_5JbK`DCK?&}My+u@~pA-q(t3@?2~e5Z6i;i1Pu
z5w4aZOQ5Q-=n$?<``qg#TJ4hC!9K}&Z|aRGRf}_LcS^r8CiPMO@o~MH1Ut>YDTXBs
zFg#vhRa&6vYZ7JS6>+_kZ=nDIW}xcs2LWb|qe^?QTqVUbHn_feHFBf%1C3XssvB}E
zVI?vEv_ZvMimZH5P@79ClkNK3W&rn}TL!SxbUMurWB~t^EhCfOUWk(Rtu)}uOuPQJ
z&<OqK291DpX&2D}H-`QsnZ9JObU5~A9jT8ifwO(E6f5jH>lJqQkCs|-(7W>Rb{Gz=
z%%I!r^=o?@Q$Z5d17+!l=bU*uk&1}WDhhAyu#$er$IfUlrBtortrssiB%MK}2gNRQ
ze})C-^=DFGUMJ=Cq1tg495SAbzF^7`t$sa-NZ!=e9FdQ5Sxo%!pV*@2<;GIR>c`yD
z5y-k~y&sSz0EX2Y`(6qFY{vfD{{#*?3k=w5cpUNAl`7<X7tsga9`yUJREUx3xAvBH
zz;7gf^eaK8AH&VK35>dVUo7hTT=r1J=1OJ%u)4AC`r&T(Kh^bqcw~3nt*;;K^#2oP
z_aWhhe0WNfYs?mWT5tRl>Ci4|S*im06LF|BqMvHTtokBvem$Er^5%w6po(wpARNfu
zp(8a%#hKf~9d;WdQpX>qXrLwMKb)LZihA88>lQh$6v*nPZ&u5<W@%_1rm?SEQR>22
z=6Si5s2?shBub7kpf2}H=7$N6m#!k-Ac@jbi9k%nL=Ubail6^fyubM9yB`YuA-HR|
z)YCnaE)jOLBm<4sZDA&!o=wPs3e_Iqx9lTyWxu!nEmdT9*nzZJ+HN_}m_<MK^sI!}
zuVcXV?P9?7yJEmwL{kS<nQD6}d>n-q0~UW}UUc6={Hx3u?{8an*ne(ihd>tuL$tHi
zv}@_;>@@G{Es3O9>D&g+uFN3cOH#F)PS<jd02G*I-e5;WRh6TR6obSu-9?CU)*kSw
zJD^nUaC?T&wllM}es5f~e|N*MGEe?%VBY(CHp%h%$qwC`-Kjh6_S=*yX5N~IF>l_{
zdGniUK#tE(J_}0hK_1U9hZR<tlE2>z-T(B$jlGw+*dr;=Fi!zhNV&)t&^IlylF@59
zy}lL&XcN77e9YtY!}+O|Wrr;ilgpTe2_~l-a(zW|w4?RKl8`L$EjVW@fEsquvbW!x
z^=F(?B}*SegpN>zV!H2>$k02bV|^D<qxu6Y13z;<b}w~0_&QjpJyt>I*ZwDCYAJL7
zC|n%}J`bT;i(-mYkjpn0*ng!^B-E_}>e^R|b?-9TyB1w4z`FX|mfiKATiG4Z#W5Y6
zD&&gZu|!xDPP>fG^DgTT$CN5zyuAz_p&C0vHMR^E@=%dnze6P7TVPg;%YuBX07u*F
zRhes2TFS8?3eQyKSVH_T7i<>uRx0RwNT!hzYIs(X2j*!}qEhwVGF7qv+)@>h5^cR9
z>I9<mpN@{fnUQxhB#A2`?paO^i&m9-_g>NpE3NZYqxVCYZw>%oMUftLw$u*f2+x)#
z#l{(z$7f)Cd^kBXfhOA{m+*+iEakxtLXE=?Ydf4#s`kUJLyesggc>`ehSQPzV5y5?
zAzrnnuBXtb-)<VV7BQ@LUAlqDJhR8DbSh}<7tZ|o%e4rgJqo&d(IGC<Mb+nd$fGJ;
zq_;g?4k@3g7lH_bmAt{a=JNRLUc=bysbZKNgm=qBZyVmV6XdI`u>BPqT2IMUl;UT~
z0U4@nt^KFVi|E>I;^LNT`{jfroNJeamQGDMUK5(d9`=S7)<=~c_7%{~?lk-o3<>BG
zbd>i?(=CFqs4x63l??ka^n;H(04VKw-R{7pRP9OIZbgG$V@T@o{~v!Wr8iY3YWazJ
zJ>}rCGPph@;O>}-Snky%uQjJvBl-Ct60L~{y9AFRP2~8rb$o(bjOx2d$tx*f53Zdl
zPniQn9P3{~Aug^RCI<(Q_jTl^{xvkf^8=9*KTP>twbjsw9tGi9VdCxYf`=rox8j<U
zGlQ{I*ez2*&V*+R(F)scf9V4@jb5$OY$<IQoUKKX3LCFS$J-KQ{Oss4%xyfm&E_jc
zJ`{oY%*wIIQ)$HPF?lTbHZqIZl4B=hsVGOWSlaBhg8<5acZY38soFEPcHWJ!JYh6w
zIIvp;VxISdMxWYImM%oB(2OU<i$zqt;8=ty57Xu)7%^9zN3~kr?g+h(P-+TP3$Ubp
zU6MKrvQOT0{c5Y6wLKc=*rYbVT)hY|r$CxE0L<yS*;^h2(|VdRSSairK`KvY+*e@B
z>n*tx7H-|6yI$_mZS}v_*h|I!*Xrma^}jYKQHV#S0iX2oe~64M*$T3KbhmyS9b4Ng
z{(}dLkmTVj%k`9FQJogs{xc9M#80uAlE~7;_aNtUB{FH(Lh4*Y-<>6#e7wr0+)V>`
zVsj?q8y0&XiPUc}o0E}*yIE{<(A7GFDVKtWmkVwvWiqSN1@xW-qS^O)>tEnD<S+b`
z1>`U2_Vea~DCYyzm+AskmJ|b5077xEUQB6#s98-NE4GxZcC`|*mwN*C?w)a$zL;Y!
z=F5pxLSaGjghVW6OVT2d?_ODjzEEWkaS@%u`Sg3mcsd)mIipl<8e5lpgP<Dq8siP+
z-s_du4=<;#KV3O>Nz^Dt2FN=72tOn&6d>n}le=Numwt-CL}bbXabs%8!#qNz<_tWj
z(!N=!9q0gLnm0;g$zm#4?3n@-I6o;e*4LwpB4bHq%fuP-<fqh)a+{?RFk(-s(jFFj
z8tD+bqQ-bbr_CN6ZA*>ObEHP!>QE%9p`djD(Z$fCa&_!6J<3H}Eb{rMl!vfR$hCtT
zy`oQbN2|T0&p`P@Bz>feZZ3Jsq#*)S(q83*H-3^Hs45(bN?!|C_46c4lK9eIAn7U+
zPp_U#yKOdOE~QFO*&h0{+Zd8M{`m1n5>J_{%5G0*y3ISb&Q#i%1vA(*(X4Y3Ah@mk
z<tIP%AWH(;)+lsb69FqWb5)HkK`CJ=V%u6RIIWx&<9e+%4HR!Ga?9cj${DiQPgPMF
zJf9_rKM$o9qx2pfn>un`sJ^)NnKfx?t5`)r>P>3(r+eaj!y`#l9=*y9ZS<b;hW=@L
z$$h<MXI#p&z?57T`FgM4K>&iWjyIT6s(5ni00iK*3{=tWS^(k@kr90??#V(wZKga)
zVO6ep+8`0f^`t+>+)o$Tl)7TsidpC`c-(>jm%LTp*^06tXgQsSL^tYB9o?u7V>~p5
zF{aL_I)<^I+@K*MCd7ww{#@GTkgzPC13--DC-ALnIi<c9-KN)UcMO;YEFxo15|1-n
zU&e0_r1@GDnywP5Cj!KaS|oXsWyNwuBb-cEx$$mD_O<LnU6uY0Nz0*CRg;SOJU|z0
zX_f6@Q*ws0;n1N}?M_>7N|2^J7*%dcO6pebAE~(FVcrYv5@~|#=)}-Ng*nupd3&^n
zHJ7l&{;)dlXOEX(p_Tw@2zqo>%jr>>?=#$%9>Zry50$yXS^A<-#Pf2ZnG+z6rH-Vu
zMxKx<OSmWZ#lkH+2uh9yBQ_rODOD`HeMLbZD+>D64R-IB=)bA7;Hm4h)S=Tegat2l
zt~1HhJoK;^Ns;9%)3f$?iOU^FUTVNBnvu3YbyQuh=(E2bTXLXM9o}OiT`ppALwFpE
z7<=dNPtxx2QxY&~{*aW-E%H?A!23y_wodT7;;S1Gd&$cQiTP4obI|CPev+~)ZqcSv
z3EpSg$Sq{SS&%LuK_NL4ar$y%T5U?{B(8ZJ`(SWOMNjuXZk75pWAy#$ca#2rO{e27
zrD|K*9z7PjS$9+u6MHu~BuBGUB{g6l6S80lnQ|UtlM?PVpy*s)fbPCTn(M+K6HiwP
zxKLj4k(mr|lPL0$1b&iY$gn~99G+Tn9UO;*5i>zL^8*h5ll#sOEu28hTZL@tyEGNc
z;GkC5clqJG_!rGPUj1;xrw29lifZr5K>(v{8u)J0<#CGbC#?P~2Q7IxQMoD|*qA$=
zVP%Ul5e6%2x^jsmJw2NcXWXIAU__mEo60q*_Tcxp==jDZC*qWn%Y~m1Kao4>EDNMg
zsC^|S<yj91f{}#=^9wRih)F>KpKQcq$w&#YIU?^pR$`M08MoVQth;{1Oc+wmguw&0
z9#Dz>wWo3lJ2F<O{=-^Mk4m|{CHi^q`Jta1dK`Hmj|(*?k}h_k-IE7sSf@ATLrRrI
z-Z2vLljAp)tBM{0zo~v}QBWkj4KJ|d$s(UEU@GSM+ld=9DbL|0pkL7KI8<lCyX^(!
z>CMPfW9sy)rO$qHTL<$i<}velSpW@cIY}x7P=8yJ^q(zBjxBgRX?}sKu!BD9yv_S;
zOsNt++gD{mpY^Wpv(6OmrXQjrcA8>!UL-$Gf{jM)wj#8qPw}u^yJ_M`cAL9HLii^?
zN&Rqs958<genTmI-~+!E9-okN&b+_He#+m67#U9d-}!_%ozYw0X2f2#J7AAj-OT@_
zvJVUiDvkX;BtfU?Y}ADM7CkCub7xz6be<tSunDy%++;$ebO=)t`e?FxiI)iXil@74
zGT0yVMt$Z{szlV*k_od_RI*A*8_Mm&zuG1nDPXr7BIN0`kiswRHr)z|kO<psUbDCr
zXJHEq9-7i#iBlfueUR?Fat)Y1^wVRkSLU&;YUp%XX}DVGc7!D)S%{kuZDG)6ieuO>
zdAZ=^0PWSLg^+gux9B=)9!mpDw@Q@8*Ggn0&O)@&t!Mj5BB@`Lu9bWG9<$PV-!Yi4
zC0r^4o?Ak8^qwJPhwk62LUWdXUT1=vw1eEQV2AGlwu2sm{kF@d<DN9YK=y1aa)yr7
zg@%r5YN}(NYnlAFHn6W(HgT(Jg^xf^w={8s3)Y&r)vHSh>KjT4>KjW59wP~VyrCid
zUUG%g>~uED3Csxeyc~Ai$c;{wlGfeUVC+6OgR$LoI;w-CN<lw5JJq(MMT`m!ZLf*3
zuCaD4)45Z%&33niMC?8{NJOMZ8y80+f@@9=yX|g6Z3%Ym238@eJVEIG=~&dN5H@>F
zty8JKgFDTxVc22Aw?Uf?JB~-G+HSYcUXY5t)5bD6Xw@{Sk;7V9$1kQPH17k^Z~C#2
zDJR^AD1_BWtw6VWMIV6r6ZQevk<-@Nm@A<O_L5f|1w{bx*TQ>)&fR9whx_!L!kp32
zn++*dEc2uRfxEgbJdrcK92EF0XL_CFpQ&>4Zk64PMean*W`ST3{!uJ}Xk)ogpxR=#
z%D5A%@D>*T14;89zvh8tw4~*UIU4q@Ec8G9h7N?*|CO@o4-1i`Hh)!?b?-HQRcSKa
zT27BjO=e3R)b4Y`K?QoWAtCcZHD@hUrfB^icLoTTgSST*Bn9HKh)w;#PgfT4Duwla
z60fUM+aUEr%*YK(-39k5iWzp%<#I3`^<74(lHXh7007YCNaI{S3f^-mv9i8>n&&-7
zd{C+;x=FKX;3o_2T@)J7t+_vPNm^OXw)bnl?8AO5vM@!wPMthuw!s}V?-_cY(|0IU
z+_1Io;(#+v{y;V;<yMuGs34qrfM*cw6%V~-QLR=lC<oUzxl)1oXIOxFxkk8pHJSCA
zKP0b3jP<Ue7TK7u#sKPR;YSgVv1}Ysa^z9GQ^y%JreuDm@Ny6^2*kW)60+o5zL6J~
zwGs<mMobePU#ne0-k!8-3VbSOoKaN(bgvl)flsp_^`n53({k@$Lzha2+aA)Tt-J(M
zpsaO5e)__O;cU=$+mtHlv8~YPb)?Mbb<j0XGI(?tuE<=NRRCr`+8EOAIeB+MFi)P6
zqbLei#GjFm3+y0$BjPLE2tVGt>2%rZStE6QL(}Q{lXR1|B|xPOvX?8pGtw&^fO|>I
zBOwJps@pm5e=Sx>TXkaqWD35#2E>JB1ijFnn)7=ub7rF%rAh>BtuBC15F8yfQkuGg
zLf3Uh+G9wH+i$H&NXq8wYpZfY90s)n^I4%uro0j}kD@FHH2<H@-ih=q<_RQ_7LtxD
zt6leXUA6Omle#+7<jRvYNR)C$>UKMnC%4l$?+!X0O4Z`qcFlFVprXnjU1vR8|29}b
zvJNY#?g~}f`h;{ly<S&`UoSZ3&ao8q)SQ|ox&C&L!B}LeAI@9(jR-f0x2J(dt*j0*
z1Ehp16_AeykTx+R%tAZ#_{<Msf7AB}-JRj!Kp%2>oT~6mY#;Z;lKJ79B`FV1NC{?>
z6i_>@168P<rPFJuozgV8KbT|vbHN<zhvXGLb|QbbT35(Fi54{KFG7;gzer=>O|`|X
zGKipSI<{gw_M-)lFEStE`uSBeA*L)gBe_|8&9U1$52dlLPe^hc!^wWfSwGkv^=kD}
ziw!ARHKBBbe+ez?mD!|9GaAwkig{_JCi1cwHndoBFkWV{SlT&5!>>q2ItE*em4J>^
z1v1!-A>qp?U7h%`T#lGHLXuR(Y`%kCdOCFaT_%ls6rI~j%zm%ov`Jn57;FWd4;KC1
zATM{o4On1J)!+g3V(L!aO5LeU$k`?%MoIyLZea05Ws~{+=ZUhr1|<$8C#po5^;pj?
zAYYl=>vKvKXKbyuLiW5fY&caRx_i{3JZhk8U6t4(&{Z!c(<Z`YX)}t&r<G~?3W_*k
zLF9+L1s6;l+NOPd0gLByVh7FSpg|6rnf!m|Ma`JI*MJ)i2SWc-GvT3^ib+e&0)HHs
zH?lo`lRTqsJ<-?7*0r4k`Pm9bVnWz8^8*kglKNS~F{!bXz*}6l`3Y#IRGE)l-;|GB
zU(ZLb-!mV1&$5gwYpM2HI-c_=U@j*X1SzaGh3hcoE|V)z%%n7lxm$p#s;slxS8_p!
z^%4<mxlSQaRp`5^w(7HyH{y&^wQp>lU_59HNge*b0k%bQzb^gOEq!WD;CLghRIEcQ
z?UC@PijdrP3GlK-J=1k9Vo9RF!lQr!I=(a&UCg4&)Hx8RQq|?sB4&O}q<X6~-zAH%
zfP5hWFENLq0v`kreP&Ps5T@<Rk1<jhI@^@~TR|(#t(IR*kDy)!kq7Y5cYpjrqSz19
z89DgRq^YhrAXKpeeJ8)qzy9^zg9Bx@VEua3PF0bKihDIwD`2KWbT8!G;~w2XaK!C-
zqrreuB}KM&SB=nJHF6ZV#J>Z8?-Ro5ZUXSFK+~;Pn|ha4n@OggfuI#$g5ohl{8MS0
z#>`D|r<RvkX%I(er>1$SnrY#yG_X1bYhKr$hu|Ha#krLwoqNr>s-7av6U(mAiU0Ij
z58iCpXFW<4vp!N7WB5p6jJ63?AU*CMt*ESn?QUC?(|vA5Io2YQ>d#S}`ZLL=zhqMg
z4<>#p;uXn(?ft+63M=ay_mxDB2E(1k;tJ9dS)3Bz6(PyuASX$s(y+%Q!T#H+P~DnK
znaV_jdK20~_V~aV_GdFnl~CGRU+AE|(7~{3p}%%TJMFS#;q%&Q-vdTwtFF?w1ITRK
zRT=|js|b1;VLc|K$BQ^k^x%L;C2ud4TU3@o?j!HC#|n;CpUu1ZcX!a>amvR1zDKEI
zmuIzOcj&0FW4G_zv9U1+K(Gu{P^B{C2Ug~iefkg@XQe4BTKeHpey|Nn_lJZRqBE47
z0$e<}=ky2D^>%-flO-)Hdzk!*IMf-@Pqlh6##4XF?gSNT`o``AwYrKCRo-MlQa?pZ
zr?O_Vvn}*==ea>o1Ft(K>nh|oh(&8@43+hm`$`Guz2GiH%qL_iuE8{vL=o|vg{uGS
z4jc>PS-<0U$CN5rxV54H1)1>w^%&N_f3QIzy`1v^vO?hSq)IrcCx|RDq{1;;gYmGV
zBQ$r9qi?Pnqy$m3{<e9hs|v48vt%_DpC%6NI%opoX;&<lEc7Pi*MnpM@ikZe-(4()
zN1Er?WYBJ7dTi_aga5Yc*1jU)g=JdGzhIJRB;TSZ*>tgu#ix}#T-Db0={b5h9rl>y
zXvNywho!-{jX%nXZF&j)LuBOQm-ipuoRD|#FYRu^dD!6gZo;}e=<~V>E50mt6PDlM
z?l!`o+k+Sr<O)5AE!lH>4`S<H&qBYo`RZ%g3P;KSI4f0psm!MxWP&;ahdDh;72|B3
z*95Ik`nqDT9GELs&pou8!o92K>ebbAcjR@Nk6;h3KS(NwE20&&anBOW*CVgtb5C-2
zeM_xz2&$Ta^A^L%2$#hq!TiF?m?gP8W|^~2W%292vW}DIR=<@><T1G7Sl$ASTr0@2
z5p}v%!GIl5=Kd&eMapyxWuV6vw}|o_$Ue>H6LP%Z?iH{jNP2W#Sro7EoPVSE!zu2V
z#*KlPlYn3IpcqiJNd9Fs()}a(2phYFDT%q~$J_;t?1oR3B4l@Qdve^MVP`m)4JlQ-
z_0~%5Xaq_v{8+2jkSZBDS1)ZFQb*wa^+UO&8lb4UEF?>Ig@!5%xkar6V$4>~JFP?y
zu?hz&3p3(;9;oK(1D9fwe+{i5RG%ay|3kfH1ZwA~*X!C%B+l}qdPf~?K;`?!Q=iLI
z09GO9b3dFnAX!1qBWE(bhden?&4%Ots7<M2uB{W&pb_n`+vtrRp++BS+UpOiX|H2V
zJ9Z9K+Mzrohjw`!5`N9&Rl2~uFP4%8iy|I^Myap&(}V{z@*+uDoMus@xXm==5Mi1$
zNV3RMPuzs~1rtF;_!7FC%z4OTRUuGReH+++MNUYXoQ$OW6Bvg}mXa5)ST05QvO%U<
zszr-Qehv~rSaM~&%>PWVC`8_=+H0!6l-Z<ioGJBOUcYfdu$zK)3KIU+`T6^EN{#~P
z?IQU{uU5Pi3!_e6{q*7I201%=cY53)ua7Q|-Zb#m2Kn33`8%Y`>ATnORnHf=cY>Ed
znltdcA=9N$R!JEfq1sw0z6Q`#&gv%i)6~E&$hSKNvdZP8Y!&k2_|5B=)OxPGNqrYT
zB>(5){ksNyARuxTb<NGEi03x<uX+AC5|V`qUXObX1^9++43E}nI*?e!nMZH?SY~==
z>G&aGAz{fXbQiG*g*3%jvVg^@1J8_1v)K&dpBMh`ygY5l$yAj^F^@2Wq^kK0U>zu0
z(1S;_1_VK`IFIBUmV7DV6`AsxP;`fcDP14PmwA*l;BLx2BC<5fQc6xkl87ZIE=zdQ
zKzmS4M((Ebn6orkkp&MT-9(6mF3)=h72a(k#g;zv+C+WtCpK`Y0oX?C(1eU}H2l+q
zo$&!^`?|uDg6*KwZa2E^cC*{=9OT!;JdIZ@P5ClP6We@O@ikA$5;^l_l22W3Kb2({
z_nUs;FX0<B(*<wNU^G8;gUpl17Myviyg<I0JZYQ(MS(@~3dAKeP>>%yKLvKaO%t52
zDrih5#ly#e&%^XXA_WOlEyTi%rKYs$vG%18eXM+7^Jvb)bRxG^=BCB-M_IZMu?n)3
z9|iLkVamg_c?la6QlLiWftVJXh!Jc6h9@Y%bA|jyg+dR?=Mx@!EEM5tDY7J!+5~p`
za(b|HI-`DNr>_qQhe}{<e+6lPYt6b;=wiXHx!JI|mv3qzVS2c7qDHyUxIHrLw5|u&
zA4d<qW0l{j2iG_2!CR`jUn&N<f2wY;03`#N3#u+<2c2!&)9$!8rc~*;TSqk^`AH>q
zY)aiA<<yN^lQmGvAfuL%XRY=4r2+x_w;oMmrxzx=Kx$VphEdz|7-N*Gg}L>5ge;#<
zHJB@gbc<z<=CD=hsKAbHfkLW(E)-Jzo=`}ii&Zq*fN}YaF+PJa9Mc<GB<X1+^>)jb
zZTzcGo{7>Ou<5u%sbZGxK?6Go8rad1I7_RF@}R4wWoflQYgy~+0yZgyqgsj4H=dpu
z<?M6@>1<H1VFl8_ellS&LE04lYml3T?=JLsOU}ZC_~~~ERG{%tnlmCKEC?{@4Fx1K
z=5kd=tdF0bB@_bjOSXaly0OLtn)Xs<#4o4R#gKE)u9U#%$%mO-T=OtJ81|j5lUw`F
zD!M&Y6W3e}jK2j~9!Uypz+{%H%+mvabvPf5yOb&!@XYdX`&J$<(Bt0f+qgOywPi=W
z&Yd0g_H20$Rk^!v9hw$%j(1Q_F`P{YgAt`_r9QI->J%1e|3M41Qj6NMKCp9Vec;|L
z&^APNFm<$$V5&CXC>9Zqt&~!z2SO!%2ce!0@3P^LQnipDt(gQ?8GL!Dn#av7u2*Ij
z8|V3xWES5$Blv!q#kV8{8+4fJq+oOUfl0yjYRj{}!Sbx%YI%OXVOR;-`c0yJhD6g2
zlQo_tGyl^Ld?tNw))~8$D&e)Y%)&J0{@s-cJ8B*OU>VrlBm*%lvQa*6!%W}QgU4Ye
zN41pV)wo|e0GbM{rrv={z{cLp8&RtGY-{%FflAPO&i$nx%yApJN&%pL9#;*kofhA?
z>S0_pQ0)p-MGj~)HACWWTEL@_xHGUwZ1en+3#fK~Hs)+fsghJ%3#c&wrs0o&6U3wD
zBj5@#jVn}tULZyK2IDDbRhJt4?JN~?>AEZkZ0NRG76gDmmnv+(f}H)Py*!Q(Fny+S
zHO2E2$ksFUO}mKdcNlNCDOI9jTZzyGm8GizsLQ?8NHs>nl6|_!;yL^YnDLUaa#veU
z4|&F_{;IF_XDcQ*>O8TEda$Ys?^zf1L<o#IlMTM@w2#ANm>d4u|3qTWye9MoZl%kp
zW(fUFnmrDohgzDMJ?iYQ$GRi-i$kYBdbtBQ{m!g6bGwu(skXgK77egL57isFVJ0q<
z5)GhBPgC6BBe?_;Y#<`JUn(_HMW8i(iiZl=shoFxNDRe}1LiMv(;G}feG6%u=bU+e
zi~W?p4^gX0Fh{pDdh6Fz3N17&PzWps2bL_U#2Njz#6M$+qt<?MrdRb2(l^)`Lu6`U
zZ{OLy-EbUIhoAj&{>J0h-CLghO-*{Rp1Rzm=Y~&<Ii^-ZiIrn&j_PUa+V9e2Mq5nf
z3uOvprVZvVJ41B-6w{YWxwiMAgVpQk^9WIHob<TOYI1>93H$g>V10(bYHQ`^?Bpjj
zI&CB}xsrE)1Tk_t)A5K>CCj!iGQ}FxiipF*T!-s>akI)esXqkQ?IB2J_JaSmLqE!b
zZ;!PS8dWU>^5W1LcXptL_Gi5w@4J+$#s3IVwgE)hFz50MgxRE?TFqSbO6ID>{M*D_
zB`$gbK)_Ko_~$ns`wSi%ZFXA$hCd5Ejc%j-m^;vu2h%BYMwBYf+urU&jvMqF9V{Lz
zSaF9$YA&IluA~ka@L5V&qLYwmjTDmibDaIZsf=ClcK^hrMty{3xyK?*V-XNB{U_9R
z1^yK$u?SQ)vixm|UU5jO$pVi|O&i5p9lh@Lb$3?1=!l1@Se|$boFAUE4%SbSyolTO
zb}=^=iRH@2T$^X%^siSr{p*k7sL#FrWk-Gep^p0c6FKVZI;Bw~tFGfZ>t+qr+l25v
zS3YmSL-{;;`eivVv9>$pa&`mo>Nh$2Fge?Ac2qAafH6(7`J5+mB^ci~&0X4R2Smxb
z1C74hpL(+~rAq2<jqTQMj7c5-|KpDp^}u!@z(AY<-AmOpC3ti_gyiVFixNxqAm1fq
z>W3^|!Hq#+b(s^oS#5qK++0|zQ7hGIXclJGas$6rYaXH_!Oh}eMW!(nnxq0Ir6Rx+
z@)59mmB=K`X2R1S4l24M{qRS#dCNLzG@F5#Q-Fr}0T3nrb?~uP-{B0X`soHNNq$hI
zYJyY^Sx`N{$~I8s*Z;0H4^_eUEe|{ZKk8jq-99aZO@T2=(*wLb@+!RcV-d=Uk!u$F
za#@ttR*ra*uPs|Nep5joMKtDsKNcRk7J@c_ma1x`{cm)CJi5R3Kk0_y0A~`hm@NT8
zMGN*_B(kt6?{vF8O4V-k2%8WzPHro-h;Q4_<7`98m)wUQxYLk(?KDkmmq?1+MExl?
z5W>T2n4VRqO?%%Y+V&EySIl*^N;I#r0PN`<g+tdJa)(kS&YoEbT)R*L=R5>rqZ$==
z%U(O3JA3Wy-3sl1OZzxrF+h+h$yMA~0<i;NLvPR>&xRdJ)tY@YtMA)>`)He8HDuNg
zX`Jydv-Pg+{#)+7_04<lWACt))db(<*MsF(*K%X|;WZ0<kIVu#PbhhD=nR}4gyY(L
z$QYkds$|$Bq_~bC#kDfS^;xyihN9I1S3#<&{GZ(Re^8LIEpHXFrSC#E>H#*#K4>=6
zAfbhHHu=YEKaltFI89n`L7d)l#}!|dZ@A*CgW6W@ylp<MbT@zF)6e5mSLqp1EdI&e
zltc?Z5Q&Hu*#CK+`5p)O(%iRF>C^f~{|D3GAgM*MFJeDkK`tlsng8F|B}X0;Vah-4
zAfW2?`>fYylq%V|eVvfg=#skpfdN$=K*h>MU9z5vNCaZO`U_u8$c*_x7W1Yjmdp?7
zl&8$n3FPPaU4*;_d1)7_87K~yih##DKK1K=WAyJ#c$l#dS$dkv6i%r>h#z_=w?Opz
z%Sgm23ti}q1WnON%mYMkP6ZJV&6VTQT7B)asSsTKkX-Oo3wu@Tt-mK6k{`4Vpu}+&
zmM(+<Bz89iX-}MXr-$j65U@nBDS=&7|CuEa6_vxVgv3ImwR&mkK&aAX5u)At2IbX@
zMKmG59=&-3paU^y-up0EoeKd1KUpOyU*`1`aTXpWKgS}ACS=g>cRS|bI}ys8N|$~}
zcx<jLbbz<#H7gF8i}`l7!{eKnd9auPhsT*n5+C7?Ve$B(Cw1To-5Eh<uV2Svxq~Ka
zvr&88;gl-rvo&@;v{xQFDs4(@`9|8H#*uJ0=4lgJE16SQQUIwlSA12g)fE*`o=APg
zAnTv=*#s;TGbEmBE?I=b!u2@X`o;G1>qWB{7{6wv{$dUTMEu1}fqaKtO11A&$OwV&
z;YsfIO|F4SnvzT{H*ZKPDR9>}XU(H<7XoU@O<Yw70O_Hxy|M(7Y$|nGuzh;N9oRlj
zztioGr<5w@+CCK#0U-Mw)#Ig9-cnJDLI^Y<(<n5X8jvf}$XgU5qA93LvZ)*a*E}bG
zMOvcGg!wyQ{-4h5%qzM4F$pQo!o(O?s`Y@pkc8?=t6~`T;V6cN6eJ51cfq|3)(NHw
zc^S8`JcGao_@4&x3(p3ZOM%0_xf33T!(jh9%J(j5NEbTLLq4L;0R1j0q>t{vq3?CZ
zz3Grr#dlj{62lhOaj*ttE!DN6^Whq7mz6zRo$*!FsdcUdBuTu)5i9uhw#TRskw3vS
zfhZ>PPFKZGr;1PT4+RHupZZ~&&%U_>9+A)DDRYS@I5v_8TjM}V!2>Dwi6>leGZk9J
zZ9tIz_5~jL1=>(hI}?Gl`oJeY<w;7SSkBYsJ3t2D1BZ=g9;HgCZC`u{(aGvA=4*27
zki0Wpb71FHo4*xqgmx8C;JYl5VxXyHk`hVzg&XAFKN+9%xG5qYvsA<yp(wABc)5mk
z^cZ7)IpijE#2{Wv#YecUkfLI*X_`&ok+zyUc9qB4yw>&<y?qQfB`<#yUY{qtq;6(^
zHOQ>rr8egDJ;&|zDOI9udoL!~KH~~Fwg)m#{YjYT&ZT~<`ZU~>q55t8KY0Cjs~iEa
zi>uDj!!H&(**!hF&8|~L5B>==uTRf*pv?@tf#-B*(lP^~uze>Cgll$GznDaKgO?VJ
zRpWmlve@P4@G9tj)L6p0zeAfkt!~FUK9t9$Cf#xdP}P;w$;M1>5{GtZm-cEka%d_h
ze-W|&y9iSjoC)tp;gv`=3QEhUywu|OFQu-3iAC5M+7&h6bxmG{*J`zam-opxB<2n~
zZI4p58n;fO>NK1YsrNf7s<xg*wOzhVt$9c;fKn>RlyE3@tPU33nP}5Qs=rc>_@<4i
zeewS7tKa^5bdE=f`al>+Tdtb6m%MNVgbMQu<Y#O?MlR5;lY{RtfsUKaYZf=L@@oB-
z_m{uCI^T37gb%IT>lM$dZ+=?E<-ff?fB*Kk<M;1gpZ@&Y+oLn<c8Fc*z(Zx|q8Ple
zV;5FPL`60vmCMh+cy)aK>T=T~&Bv;GWFZ8yF$8l<XhaLN!6qz)Jr-zkS7o_FRC4I%
zLeE_wjI$~4btqM`Zu@|Pg8>Hz>jNL968lk#V(YgT#nx*i<_YZnmX#m#|H*h_!g++a
zQ8pn5PP@H4u$J)#xPm=i#*2tO{o?G*`kvG6P^wnx_DUe)1UUUhr&HDfAEM<!Ztgub
zxccE?tzJN)t3ca;)Hy#qxBO#xjD50>wbemD>rRwhZmQPt=W6w8k*rtq`i>E0`Jt4>
zbDkbu^O()~htv;DN8myGGsnlS*!O(|ZvF_Pn#&56QF*41q&kWSpnFLTSaXKGK_;zM
z(bo2ao3yfo$4$t9YngG=rb=UM74tr$Yj+1ppSigBQil5%5f?UiwyM=3FAm3p9YoXl
z)a%SVPN@<k&#GR>!3Mcj_0E0kbq3Y>?#{L?|C~Ep{(X@J)c&Gv&jx*WI2iOPRg3AF
zt)ZT^hMWiV<r`GzVmq|A?HcNRTSIF~_ShXV*P&D`rf0T>x`j2=d(axH*vK4u|4+PO
z4RxRG8Y-D@6)_WwP*1<GyurY697@#+dxV(p0AjvX4Qw7E=39S~nC};g&suy?nJ~7e
ze1N#h$0Cloo9gsI0&y*J#aAF_YKAVAd(1x51^C-^xK<)r%m|BPwo1q>7E6O0Ck2R`
zW>5wz&+eeh@VGtgOb3)I$+5LZ+i5smQpX=Z{<y9Gnmn2R`j3A>ZH48|CY2sza;H0+
z+~LmN!kgXXdaC?BldN_$uiuipwNb`nPDxuOm6UxTI(&7Bc+Y1d@ZHr!gAMAd?3mf<
z*@PUZ;MRe@z{Ts~9Gs#31F3av4z^*Y;$sHm3KIJ3(Nr+6{W#z(%%UCCfiOPhGft@z
zE{^~i?eqaN8nFf*n5$81=0a#9R~*#WzvDON!|QyggooZyD8kiJWXXpF8o}bZ`(<L3
z8{ss+Y(E-FyI!|3CiU*9;q)ZwN>#h%@?01Kfz*_f&xD$4wfb6gvaV!!HEzK{`Me}A
z)8x%0c@g8X)~v#c0H}F_So6hhLQjJxQGaqY3G%GaB(~g|<>DH2<;DU3*Y#Oi+upF>
zRBTk`Flwz?ZXWfNRaCfl`PUqdM6sCiq(P=x3JoD7L#nz=KTXt1lb>uQvX}(^l^@Q5
z662nv#8|bNd6Zrc&8nUa^<A`bAcvrpQq#v`OzPOqVw(sFV17(+$DafA$AtXt==_}y
z_kT?u|9*Ajs(n>IOl|y3K22}Wuu@Hk_371;?r1vg47!vm{bcL%RA|LBY&gL4+OKwt
zn@lPLwhLtq@cXk|C_C&RaBoomdQnBI7gV(B#(lPqMmFha<Q5$b#4z;S8IOx%_(^1A
zE(ohWBPvhjUO`3Gr1BfNfyi={Xkx(DQ36#~ALK%%vQ^k#3l-coVT;wpps2R(AeQJ(
zJELxwQYBZmwsJbyFsjp4_3q`;+&hYJC4)Xf1#SH?D`@M7sv!W1t3Nvp!jynY{idDz
z6LVKAmpp`C@S%t37|P+}g9wDdZc7%bS0oF4MiLKvi>}j<7H3yW_liOEU0t|K9l}%x
zIaa^@)<38faZ>7s+S1biyz8`>iP%;6C5rS?LlGp(Qrl=ua4->qE|@6U6>3lu`%1#%
zd@PURji;&AhywKEn*|Sx`Bw51!lTt<P@g=U1-^?mnc68*|46@Po(uv#AiR?-_QUxF
zKHU%Jr}I#l!>>MZH-pR%eOnW&M-3cIo-`s&>(pJm`V`5H1y;R%vWfYIEQ;)-gy=}Y
zgq()OGs@s99&D07{xHoL$bmNSBzqhXO8)gPD~si6ux@f`UYQEH*V25g;6fznZW=Xm
z*YO6<m{KLxw-x3CkmZA}%6YU**X?Xgx$f|hg%*o;!^RJ4KRmPg9qMzrDT;S!W9@{`
zq)9Ag0E!RYU=TzVHjjj%K;@xQyOF1C{e}qR3Vx@oQ>qT2whWzEhr@LXdA;@IrY4eW
zZ}E^Ol7u{JJ4pFXBS>u>^{cG@a!*KnCqQ%J#W%C;`p<L~RQd#RLDH?lhuLdEf(@fV
z=|D?j7vM)-r{5b%2?C;ITM5#GYU`e=wl4Z@tHE^(4%5$egML2b?RE}HLJxKgaQn0l
z(gFj1McDw3VnFUmD_BTrdH(9?<n61Pp~hE~0|3-Gi-nh=(<SE2TjiAaiZnc+#5<8f
z9fpYggcIg2x!i2EsQxo?G-)bJ`S+SMa?esIV@vG1s44NaEfO#TFzW+zJ;*hSpMD2-
zUCu_mKBa0a-+Bk{HJlEq%O9h)J$%c(rT(aSG4)bjOl6Kq{mw*~`W=Zd^{wkV|M-_`
z-%>8?JS3Z|I?Fd$MV)K6t<`kiMv4t}owtNPD{fp1e@gYPR2JF)s`6?PyXsZA0OVc+
zwL69O85`4q<f;jTd*z9nkob|j7VtH8p!tucQ_kCzDgm;s+!%vZIac+OyUfPAHQOr3
zjav)();ENF35I;hTF5tF*k4r|7A|ZIS(t#B)$tB|K>&6@iNAoHDe~}C9*f#RSGHcS
zGjkcGYE5swlsk~QHSSdB4t(A!tu?J+B4kOZ<bgsAQj+j8uWi5xok{1y+we;iZ)2fH
zSmcv*5sPfTAS^Vk31bBJNl7b@bizRLo|e2x`;o9Kuq&-|Xs7+l`wwqU$h-HKa+lNL
zZxNEn7zQ{{9_3BsfkG5jMKqe5xyrCrueyKJUbEFvsqkVZVsiG^WAfr~Jla8J;b_{K
z^}H#iiiI8#o~9C~H}QYx6XJA6Z~gnh_EwZd+z}hISJPMIztF3RdpXh59RC@j6O_C-
z9POfDwZl67es4ypT3_4O^K>!SyQ>gqEK#~yurv>`5yHchwCdX?Y1Mb1q*dS0i>I!7
z<k<ajBm)K4(n<?BW$uzw#fLut*R|l#KNCoXg`g|MwbhG~%QqLK&~2wyFYtK<E&w46
zc;&6|pah?Je~bN;zYno<zAYB&m13b@5(}S?a?#sVF}mM!L6`8D1Z@RHMMRvZW+&1b
z-<<L-#Yb-k;-lYdJELxgQYA;WhO>rpz)ri-=~lJQx=&8L6eJ45<<^||`qSjZ*S|=6
zue(Ib!`ge*AKcz+;~ksYd(~}cRlT~sSAA1^uX<iSfV^Rkph#MEx2is<S5+U>pE&Gg
z3$?G!B89G1g^W+lkybtKi^EZO7ZQuJ>99AYREe&wEl}{KDENJqqFX9s{`{)tM@zY_
zSEt<GFDW)(x?htsr47}!Z~b|!aAY7XeBG4>pWIp{MY>-sBX-XaaXU?C1c6K`{*wjL
z+Fh_1<bq?!{iRaY_K(~EKs@t5O-L#gaVr1fES->Pwv3D_g78TW?SjJ`jI%=BnG|K1
z<v>bV4&awsFUXUhv%Lc`KXu(+XEvf#$@^ypfZ`MYP`Y;lpcJ4out;_5O{P}2rGI^s
z^snDi5>fxGvQ@pGbT=iAIoq<c^R=;ayKmUpQmHDVwNzh-;#ILLt(i|!>5BXINgn)3
zK*HYdix}Ehx;wtn{$aFt6k_N-*})LMQnmO-{09@iSGz@9sLmj<s^tnM;cyr2-+R45
zr`sP>s+5LD>&fO+I<dCT%=yd|m%0IasY-FF-;(08c7v61a(9Z0opJI+JxaTq^7+28
z?}ORbRLXn^{ghlv>%dT7n`DEwG08Th4}K&3=MnxbyW*z6B^RGkmcBR~?4l#=)S2;K
zhf%8J;v*CqIBlpjK!_N-j3s(-l}-I|t8CP8g+l5I42-)AZ0=i1Q{N%HMlKyU_?*8n
z>4TXR9NHH*e(EmBF-XI}4^xQN2;xfF*dO1INpJNc7$-u}hfr`K)DCO6xC{<!MGwKf
z90Udbz?x}aW!V>EZ^a2!22egXe)0vYhBhf|_tV!7YewKbF0Rn_rJjXK&!|uy`M5Qk
z<&w=qb@U%1vvb#Yo-db&YU8w+$Y$rTsnN(OO8OfXrU-E<g^{Eof?sB7;(I`Icz>1j
z*HAZS2`3-rmvhrVKIhZwBZS%&7KzTYQ(v@Z%X!S1AV#UxWHANC@QoFPYMW|NO(|+=
zH(c9I)+<g+8&YXMx_toHcph`#(c6xdg;@zx@+c@J>kzz!VdX4+o)DO}#(H3obfrR%
zYL+lICC4zH96x1#n80vy@(q%xYI=yRNlw;d%f%;e)>$q0%bmU}DRom$Y5{`q?u^t@
zLTc@?(or8P8?~H_TAhnp(+Ojxe6hn?Ij5+YQdG_;Dq&|R=nRmcOTT<ex9S!Jw^2ab
zSi@SVgj#4eo3*1X6>}cSlTx5dp(Irjr9eoUNmYH}C#i^a^2e`oGi&0O5QurM>&*Rh
zkxi*9maU~6HQ`~ac<syDfBbv?(<a2LzaPCld-LjoF1<&8M!OB>4E$`j+ohk~Zl~S-
z52rV1_Xp0PH)#Jy+v)Uro&O;1N1sW>zbr{v{2%SDpH+Ujf0KWQ<WwndEFp}XFuoMw
z1y5@=ttxBf4wNIwCX9SMF>>T1Xh44YT|y#}BtD2pfjhhz>?5e)V4fB=<SRe)Ce}mI
zd@@s#_9F4P2boP?j%d^%H-5T6QNlfP{?pO%E%Q}-LGwmxB=TA{Wu1o>^CXRZH&q)I
zbTZ1HMf17GQ|4*|0nT}abPY3Ym>kPe(NyiAYPG*Dc!+Wt1kEpJN4a#V$e>MGa+S2=
zENrp}%mY9iU6?LZ%}97n-EWGwUe=&Z0cfAvo*=4un(K<#Q^wNq*#`o_#D-MMz6$~p
za(wHAr+LySh{rGs0)MtL<IzpuFgIZ2E!H+sBgLfC(*97fJLG%A8WPj`zF>FTT8C>Z
zG}Y?VtcF?@-L6QX)fHj^<$bgiHV~`}eOBvPR;w#>hE;UI8nyKzIYLcYTWYylAXkmZ
zQq&mb2lLZf4fcDvapAt@366WerMIt-lvf`$K(#aVcCL^bP?*r#<swTO@^+~}#GEX%
zAoZhwlN+`IE00%bF0}Sq#K>QvWWthKgD>W41S;k(e10vLm)3JYnQP8Od?T-)z=E2x
zWKlDwfPMb|_d*|*{0R25v@exvc)+5l1jhvFm1;jbAkC)8(kM%RkcVG_;y(fHAHD;A
z1&~(2t@2f}I51i5P6rzCQU~tIwXv4`ggRwLvPl$+l)J`yCMSjONv16EU2>GAi(2in
znyM(}lrne2R#FiEYGJ44g2EH7jZdt%Zp6cqDv&kLL-T7Bl*+gnX90g%Q%G^1aKWsG
z`x;UhF4;;Y<<7D|t^je(<5-GJu!La@BF6x60oK8)#t5QgK^iYh-9-a(cU_l9sbPMo
ze1kDW3W@6EMeC(}YY}@0gcftpkGY%H(gk121J;XJa_0ePm1R8f5}f!NxFb0v$61n!
zCB6o}D11S{)Wf$#IV8`YXHw7qMI`BqkLokz6>L-?!AX7b<4g6tG+v#71veqT9vB<)
z;J?+wk35gKY68CJ1^kA^JRy@(hf4*$ht$$C$GSm_r)JTKmCsFX8jD&^Nr*74KNq|p
z(-oX9P&!|=FTmpwB;Z9t%N>_;h;Vf`Z1s}X4oT~O{TKNMPhiI}+l|~an9IolD$q-Q
z0B)rlq4|c9DNp5!6CtN^j2i!x#_T;d)j%Q6BHy@HuOa0{=@VE+uXc@;c`Ri`sa{PM
zRo7n2rF&7n052l}<t0*S2<Io(;8`L~QTYJoEq%Qq=ogz1{j#;S>04ZV?XVzPF#CPp
znlJO<cfy%UlUZF1FCpbozLVi=-$fO*eLX<-<y^X1_UTQ}USthaCzm4T#1%`_e-wsf
zAV)*qq2wP$9mX}n!4J_XKrWQW!R)Desz+z1@a!5$G8T~E)Z71Nd0S|$R(gadG6=CR
zxO+9JIn+GB>`U<G;PXm&nnkqMq1N}ad?;EfYOg5yP3_sgStyQ*PZU8@<Dt#5J&ka@
zuf#($zp``zT&pbdsUISV!6SQ6lorN6wY1;L(_he3byR-tXDu{xm*MRk#v*@>tx#SZ
zYd=y=bC$-uG`eA>)?!B+HeILHE{jiby=XCG#rR0mI5ss(-db*?(PKfcEh6>dfU!u0
zD}o8RJU&|&S>Gh?Q%l^nIV)seKb+I6QG!#qCVgtT%kMd3b=LOm<_kkp2!|~#M^p%@
z<(i)4uJMPBVe2p2aA{VP=Er;hSIyogwba@y9+0YA#Y@}znVBi*{pK$$s7&kwO<iMY
z9mC5mVdb91eCB^DoSZWEiih5$aFCQB6RdyLVy5so$);;Z%d8DswdIcxAvyZnMXh#<
zE{`nX<kyg;{xz4!bpiCP4hgUvqcmx$$tTTxG3sNjLw1ui!(iG}BfgYR{)-tb->WPN
ztSvnq+^WFamBR;udCjTv<u_4iguxWw`F%|M8TnPd)SI6mvJi_P;BnQfH4}fHQ03XJ
z96Z0jb={$z7FIOtm$fF|It=)nxvM6`P)u<0CGivOjpEYYeY)3g`cc^lB|`GEl-ozr
zn4DvX=JZT&lxnxj2?JB7b0Ox)7&fJNIQK)YJX2XJVxI*`OXqj^;ap)P17uWFHOuj%
z!z|&yvES4iy|l|dt4NVE^5$@j{>qH}s%juk&*Ymb(YJ%w34c?v>}AzE;0Mu>*E`gY
z#}ena3GuQHfnpeGm%myQ$2(ZAeugur(L1)}2W#?G3Fn{6a;-w5RVy1+5-fxqiQGk2
z@p&2fnWg-Otsee?7viRwiWa&o<+q*VNXbiN1<B-on29VQzg%9PT@W6+@d^U8mgm7J
zSEcALi=s25CgJ^u<QG50Q1s6*JMv}-E1GDwU0*P{-dJ2Q#r2|QPOH|96c>(hs4HsK
z$_r=xqf{&!YxwyUm&3a}PM0i#1#+C18oy=HL4j}81Ob=;(d6b=ycrBtzDHBXYMV<I
zvN^~7TY-A%eOvox<^A3fo>LQ38L#;&J<C^V000X-HlyIH!fMf4Vevy*YO`+6^m)XV
zqk+|RC%JP<MJ(oFdd_ENzU2>B{kbd!r>WJ8e3Ui6Pp!ap6>quzt*@;Y<19!Q$I{lt
zu=)dDP)Q0sFBGn2=eeX@K>@R#I4R4FqH$tE3s`C1iWHK%GH1^DOb;-RMHXrFoJwo2
zQhh3FPrpm0R&J%LKb;m!I%t4T$)!`kSsc=(@5Uk#vlIjr51U!iVsfY!yGmL{`WAM^
zNu`!_pS|&c%7mOpNuAJd(^NEDu5^UtXL&#q=0n2a({*dLpR7oOuaHorddVOG#Ynsa
zW$h9Wgf$<6U-+XDs2^*V<Aq!<_zD6Od8fX_4_!{K9olJw!@-v{OBrF1SC^}qa7mBW
zj_^)w<Go~ZrV$SzD+2s8)*V`7qbg8`al^~wGkDO46QefC<ALP^S&0mW<{?Decuamx
zF+(HCcxC=T{uS(B;rgW28+Ll*L-+&T|7o*78jc6;Vb6JqNeua{X|0@tbuE04<j-%I
z#I%H`<Rk21)X<yC$#p67uBAj*DM}w9kQl0tBbY^*E?9_}OLy&tFrwzWqKn;HI%l!?
zw9>n#{2C|z+)r6R-n*QIwc6SF`@jFgtP-h1v-~d%XN3^ZbOWD<kU$iwT6`<Lv_X>0
zUBKdq{kb1XmNi=qdM`zsD&-?-=oF=yFZE<4S>ZeLxItp3((zbGJU?+6MpXTjuoP}9
z?C-Rah07s_$~>(#4pxXMz*s2{0!=KS6}Z{*tRzUJGo+$-NdQj(`y1}Zk(w|{Gv6!^
z&<AMCphJ^}gxRbZcZcd@^jsz>hOty$m7M1l=Mh|f@}4X}%%c}IA$kKsH|6c=T-AO{
zn2{vTWnM!Kkc(*y`Iw<AmhyWoIP;`10!D(l*eef3mi`!!YX%NcD|REfher1LrSJ&u
zot`B>n3!R!+i5s$>U7!)HuGS^Sc(%rbHqb(6eNP&Ec}!MIt{pIaX%6>^R@tUlO<_`
zs8!-$vy_w5GZUB#in7}ClPF*-Odylzb1i{HYz~8;yx&M46~E=)FF1imA<^d!s^pGF
zISVo=3KW2rimqdU%}fM=xJihVyCTd(=26Vt)Q7A$KgFh7EFqx?F`TLPg_tuBRva9h
z`2kN>Ny?YBl=#8)6mAy2y8zF2qNmfyOD7<k!;=qO18t$T+AlojC>9eRI!@`%Q)tk{
z;>Jt33*iyiob>*n{pWdzLQMu_s*1JnRF21CJQ14F$gc|?SMO*`_9@^opNcG=xAgVR
zsmRbpp}bl6sMa(P)0Q-@Tk0W&Z4jFZ(53fsW41{y0RF1rjB2^siw{X^<%{0R%^B>e
z;&lbIqLw<^)XQUYjD&xRc<e*`JfP|}s@|9`g_i|fnkGMdCY28E@f4jif9+6*jt}e&
zR!c$U;(No>?-KF~%~}YJ&11Di>gby^@RU&&*J`IGrxo|=201!@`>KFyhyBM=5v%YG
z`9Bx$-zhjQ<SO~QTHmR_Rox!6+a%)g(oa->xg}?zAI=*}S}!;eHzC$b;AR{klGiK?
z0^l+1BNzKA*XbsyAbv^<im0X7#gdH^|C$FYT@8YdNEUvCT0lOZyyQ-VfO{xrgfn-c
zFvV!C_QRjak<>E$^cb_2d0YlFLnVxbsDhycg@p7l@!@kIkuEqVzaDnSgG!dtnH_pr
z=v>n{)tX{=Ja~y{L?V{rA!UAGr)ZV1Ma#-Z5km0Or%yHcb<Z{OA>{w^G*P|~WzvPo
z@qz^b59h|yqZQ`~rjO489WhZ4P>_T<W@3$p*EYu<zy9sy-NkQ5XQ#hizW>XscQs?^
zzmCOnV&Z5De%`X{wAHp+t#WS{UrosGzyDs68HEp4@(|#+ZCcAfjfUkwWSS+bsrWPr
z<g!nVIlEjkX-58fkSq=w<e=%w|EEH#oTWGZ{}Xqy6dq|_6S@A&7?S_3of`!~rLB2e
zJn1Hp*1N+Y;QT@dLS#Eej^#IbEx!p##T5^cRW0`Th;h4*n3AqFG4k=kS{@&14Oc5@
z3R2AwGaWMEdBH$(XPOe6hBt2=n!9ijgSi2??o#5&Ge)blq>kF(ELjEfw%+pO-G!WN
znnjaZ?fc@Txg*{W$w&LtM=PBEJvp+LGGtF?VT#87$-4{ke~XaUYTti<k@AQ*-+w>R
zq45GKKb}f1l>>9`VJ1!KiTNIUbaqNE<=0U{p)lz}nwI7Kw63v3G*)+dptBbyZKsvL
zPwQoErt54F?NI9Qury#oYPzvMU&vKxq)D^ctd(NFg}ATn6;gSVwm2~4&3!Cr{k)IZ
z|75&YjO((<Z^E1=<nMp~``WY1?{4OTH2;jbXv0R5Eccs8p{D6A&or;w9m*n~T7r>^
zc;3QfED@s^;!EZS6a4XGInbzd@4xUB63!B5<*7n<4VX(Vl2InWN44E!`AtQ~I*WW*
zSZmKJ3XziJ&i|?Io9b(zoKY*kW3PP6CH&Ebm8eKkxz~rZ#;f?6H-6wr1H7q-+eG5t
z@?GurCRKMg(?AM+F9fHx*&hz9uXmu2eNRhAVLy%yaVtq$Sf4f-yFf;11|!BP<UOf&
zQsvy(IWG#sW>|Dsp3W5eHURTkO6h_qiG&Bb%3LZT;I|S`VrM)iW>!5pE2&8OskQ(w
z-&_#6Daaeh_upIf=HGvhYMLp%%d2ei&z=Se+zok2wr5!VVSVx9mVd`bvuW9vvwju+
zQ>-XC3IY_aAML!dkKmewN!o<8dNqXN2J~0H(w+=?hp|Gf)G!kGS2)(BdUaRjmlWc9
z7&2I2-{p7ItJqE<Rjbj?w}4y<Weh=zs!31fNm`MSigP*70&e?>O3KmSr2w{l@Oc{h
z2Te*<P?bQXM#MvphwjQ0eu|qA4eVO2_S%n=v>_GC?~=UMQ`0_QH>$cr+aRT(so@Mn
zEW~kULeyLjesFgo$U)8A;TLU0J2Y~wzt%wqkT#LcV;+gbPqErSZvpyy<_QDvTFF7}
zfc*K-IB^7E00LcbSA?E^*)$6|Ahqbab67pbEAY$Nk(CVZvXuPkPt8~FU(11QXa}o!
zxK#a6mC;<Nfaum<y?<>~#n@};GH9^;{TX=gMSKO`4QY6~DfcEtQd^%lg97!n!_&+U
zJUnU|E>rUVka^4_(mWzgk2HTGUGj@5WKpuqbgssFMYXgrfxo1O91`qdGm#%#eT3X#
zQcq1<i-^%RrnIQmy6z}`%qMduydzyxQ>946h){re0r@(zww_s#eQKiXN19M<%7es2
zitkMPyDjOj@a*Da2w->8WP#MkGl+0eZx~v|V4Ks`1b8psF6HZA7Q<)-B1TbC%v3lj
z03O~>tkSBKpZ`mjz<t&KH0S)B`5q7akSC8{0eXA=XS+Y_wM+G%-EPPER{yz+e}`tD
zwaTOO#h^S3+76W>8IFTiI5(Gp`seX$9*77WdLUiE;~jbs)WMLQU9Xk{4pXbnP0hf1
zCihf4cINZIBOXuO*oOoi4CJUtsfsaU4YxFiD?MwWh;M}O{@F5@y`;4o0y3~5@Y7XI
zDvzNEn{Mo<zRLmt>CIxEkQcA@Z=p!#D|!s7$5TP%B1)|S1E_D3Z)?FSFEi*MK!kc4
z>Z#R_%1Zz|Kf!AL7wSd1C%=MufQ>N)zC{>SKjYDdZ@?D?e=gIcCx_&PCZV}et_#AZ
z;+iXzD24%+r62lB78GF$aa4f+5i?vb3L^FJkSMB?SE$5VB@Y_0=a4j;Imnbeie+0d
zpZiG)mbw0QBG=UwSe%yUOc6%mtbp<ZGlBxinZPq1ptE?y4LFN~)y5A1lh*XuJbTl~
zWl}rD6qz&@!8_rp13E;^mr=Sp@#E_0>JQy0eCfve><gdQHhMO{#-+fI2HIF7SLvpK
zaIX?HS&d1RS83!fcWHZoXyBi8b0IO)I`9;yX8LX{Ek*B-Kblf0rGLdqDMJ10Uo}Fi
zPf?3}<X;F5(rUTFLtXffKW@7LfppC1JoMxr)~|~4ypo$VA#JXTM3e<k+>!{SQ!0&0
z6)VvA9Mcs>@Kz)X)#uSdGBFtq_gQ1_MA$sm(|WuGhX-xuHiyt%Jt5A|eoh_Ldj*#y
ztU1Lg`67kNa*K$RoTlrm^973_CadH0YTkw_TJFF?e2Jrigh>R6V(uERYc8V1tWrv;
zt0mc`z*3@W##}$}Q;2kx<kZcAhm~{kll&`k4~wIX6gGkv<7R#k<bpS6MOv#}_)9-v
zkTFqSYw~^=Hqis;OgH7gYYMswxD7h38Xn{Ng*6k?TJ4=kx%_T1*9+6kSFxxclC`}9
za<dYy7yCceriMU2(pC>`I#hDZq(X#m09`}-rLY9$pHUVBIydBW_D-Z{F;ArZfyLcH
zA{r`!7$+JHE(<*ksTKQ67O&LtE56F>>SO*tnGY3hIWg4BOl(e4DNu*Ha)gZ9@W&dn
z94aR=WKiW2+?VptW$<BUIS5peP33eHz>nH+8X5%3k9oQ>!O`_S0Hwm;7JjPzuCG3&
zF~bZII0894uv{QciNO%HB>Zqr$*~A^(A&r}cOjOMHONLey+LZm+>(qeMEPQIJZK72
zp5AaCV!%~@AfQFH1Vqq^h(W6m!(JdUU<e2)AwksS{&Dp74LRY7KM$3-Dh~;JygYB1
z3Od=%VxNazumV|SR*Fv4kPC0AQ?N95c_kEPbg-z;>Wa|ITwf|iirs@%LoG(|B_Q|b
zk8njC^CS`>ObgWD#O7y7g7qiJJ(%8UTx<L9&FS&0cNedo#KySY{_6~!ei{GA89M!M
z_TMi4k-PpKMa*4r^2T?0n3O|Ag@4LJB&BwP{2vx(l7&0%c5mZN3T)%%=7utO3<T5y
zd{ok^$r~?Uoxi;xNAFI^@%witr<bSi-(8T`@6XAHi&qVD{_5=f{mF-8dAI>rot$1=
zo}d2oK^}nt9E!M#Al4FEQ?ofxZ*)MC1q%YmMNu3TFEK;Z)xr?%+brP?67w8Vtzjx}
zJh`2xu|Lfar6D&KrYmxR8bU%G1BEg+Xq4K@Eze8DYZG%tw1UvA&XS2?Q%F|;5+P#$
zcX*x}r|J$2G9_dlvs~3wbg(AC=PV$vVCc0;WT8Tpmwzx9M$xkfJ!vnfVK9XlPWfCJ
z3rgi|fEr}V>*S;nHzd}(G-l!D#RKv}4b;L?^*~BqtAw2>izAWnB&VwR;QAXKs8J5!
zRTA>Tf2rU#Z+P4w7{nz2Z-c)>N-*xw=|Zo21H2)xL=URgE+O3*C)O|kp3@c1p265Q
zWo~@AnnX-q`2I^PCrQl6%%7zz67kptME-vJKVK4^>4SvV17)ey^FVt|77X-59MOMC
zraa^`AFvGyqg(ULKlwjIc0gW;7=DWnUfN$B@Dx1%+V?U!R!r>mp_9Eo@!0jjlCu-4
zV4Z0s5kFa9YUs*8knFWAue2!UGakpN(=IXDiT!`<ecN&yN3!5MzM>3A?2y_<^Je+N
zv2=zeWt%ZF$snoKap*XN0=fW{)#$=hRfEEqe%asHhyBI<gpJC~x^$xfQXXICL>LdY
z2-GzzD=Y5_{wZ@+pz#j8$h^N!H7;ua#i+LM3i|Y5j#E$*3z-VYJ=O_^S<}11+Z~}n
z=I?*<hJ#mUTsj76tuLKdEBsCiQ<rc*fGe4c@r+lF4fYpQ^U4J4s{<^2Q--<?oGcwM
zT-My6_Znz!bFAhI37H>ZakR~t2C<p-C!t<rRgo<Wm=C<Wb5TeRGGVgq*Gj)zBMNs)
zzk?M69dei!uYj!lHo^r!(9yQ$yhx)wB9~6cl0k0X%IAP{LS3K>p1M`aN-!EBc|%Ac
zbL+^8weD>RX-M5_X^0)ij*{1u3~?ZZXRb~b3sDvFJ=Xo)jZiof;K?DEf;oVgej5Ya
z9NjRW-P1@21HbSQH|TY}1L{;Qmz28_X_cD_j?3Kz^dOGJKok-~S(z3~Ne-4tJVC}p
z$wx~2zr5R3^ET07?v(?9Dns+@-AtkCkD@7f*>UFU^w`s>N#puwtPMVbp2KE3J2FNB
zV6+Iyml*N<4pSUlU>kFxMY(cf#5(}oNLGL+nD~nh9a6$fAcwV@WXT&DfV#FQP@kzu
zJoQsY%IS^oJn{A&2v;_lF96V2ZKJm|tiuh~I1|8O@<sL_wWL;pUP^CVe3o1a>!?1c
zxjor7^=K|F5f9II0CvI3O`?H<i6|pfi>>gd4A0%x*CJ(9994$t9lnpmjF%IpCYza;
z$G!HfANJ$}{_wpIWLZrZWM$E+lH<&s!iblEM|axwL+w&s`HWk}n>Cq7r2r@gCu`zm
z0r;D2>r<3?kj6Pwm8^-)xhzp3Wvt24Co8Z*X!|uO2}gfp$7;YENiFdBA;TZqdp)m}
z0zFH}NCOKJXgjzS(u`|kyje%ifnE|D`5Gu*e45024}|7kJwA?AWfpQ=tJ;(+Hs|`C
zBYiq@N1o*ZiQFd&a%Tj9?ZiY!toj$qGS1Swn)lbQaEreV+x9o`L6#>4preoT)}*ln
zwH9Lmlzg;m%o8u65&x(~Wx=K}R(hfExpoY1a{Z7H9p>yC$5y#%Ps8>-XT@%6d|Z9~
z?Ji*^xn?O<2E9oFAjsrBS|Jw)e8KmsX54Xj3t?+sdi1+fx-9Ob<25Q(4dCRBT*9B=
zwmx-&lUni8t_Bk=M8>4nVyVWCkgvVwB>z#!3Oa;jjvZWpk8hjOMRJantjm>;V9Me*
z3!(9;HSi5F7OC8pviX4)1GBs~W5;t2v;`07C^?`j4uJ&!{ZD5{yoa2Q+%RMPWu(Xk
z5Qui!0{5Dn-kiS^8EUZ{m**D*a<rOEFfh=Fvdrkea=uX7;=u$uK#VeRg+ONf&QQ1L
z&dARS>2lrE00AWq%8qu?(#9p1b3<*D&5c$#NDAFRH!Cp~#&9j+c22acrXe??^lx8!
z@psHF<E5$uy@+EqAIU0k_0X-|!EeZ?A_WArikQ6S;%JIHcNG4u%h~zFoqv#pjFr~m
zbT||%r<6f*%H7XE<VbMei4Rubt+g^{004u^3>e*ve?t^O$?r@pt=noTruYa@FzoBd
zUqd1P236cf;NVTbg&PvJ<2d7ZI4i#`e;#w-RP9V4E7rtB6A}TSFiJPY3mWl`(Ua%7
zDtsN>6?LcQafQb!F5Cv>3(%#=rvgdACpo(osb(k!<ps*trb1)2ke;_`(4#F}9;VP+
zfy7qN$$yfP5vuSaH^pWjL*GfsvM34xKq6|*g}_tBfJuDcJ?%Q~1-WV$cUl{Z9>;EZ
zC~s&nmJ10U8!77>q(k>v+bD<kp)E=L6`oN)=O~#I6*rNUc5;-Yl6_;YHN;8JW##Y$
zrAL!Y52+bEO1m+AnHV3HW|}jPlbN-!TvnOqn-dWpq=Ra;wz*{DFkwW9%-yi~I%b63
znInsZaC}piFcW~HHeNT{TQsG%*3%}bP0kIerym0rSD<NPA+)8uzj))cjSm+i4!*t7
zCeVsqN3_EEli=r$x_@zbdw%+&&#ZWl(X{T`(HxHDPUcB(S3&|hZps>D;k=Teyy%JH
zyi`kb5e#l!V5Q<EA_YGYHJ}W*5ptY)1YDD0x*^;NS3ovySt+=2;#8`o_twI2TOkJ6
z9Q$Q*zs3mb2%!d6nXPO1Yf8);NS5B~cG~Glq%-cxoW>V$eSD>}btrSs>m^z)k_|eb
zG-=%wU?7%4<6+sE)WyJUauv>|QhM$LX2)0vuEF^2<3r6ln3MAc<^e_Nq~=*7ygCl0
zxg5G%K(SU0-F$d9cu}~2qho!7k;y22=>(z2+=L9FZ)DLx9ZmLpUKFA#>bYlI8yMpW
z3(9}~INLN0lW`<9h`KHl76cjz<O6iw#y<qiCc8x^h@w;hY%3`1kpXBazLKMGgU~+G
zB`eJe>A2Pgm)pU?N7Y`3$q0u@Y(;9)v6?Jin+XVus|}(^s+|j03C43%C)&KYfHiAX
z;}s5EH)dWYJZh+Af~3-t1R4kO6oehJ1fZ-Mxj>V%S5+yDfkPAT7o{9aC;q~SiGd{O
zH&$&fGErtFYOIZ_tH|lQ8QY2+Wc5a=_W46ZGap9pmYE<74uPy|;jNF@|3X>UDOhjd
zeHkef%G|Y`f_Uei5m=h37eX6R2s8w_YmgiXO@!P<aEb^b(NqgWe4nidBr@?{j1v+M
zgf{?0iz(%}S(81;7Vv4#Zao8H$Zg8=(ZNRoSnk9k<SWBaxw#_Ezhx4R#$=&Z82zcV
zFJ(n85`?sV#aYxkk(f%JJctuoaHB8>2plP7yysB(2|T0Fsdz+35rhs%9Msm&`rG8s
zEy)(pdIAtqpXKaK8W5c@wZUty9b8u75`?9WR*dSsxRsXtE|LK_MG#)17A%VgMt9%D
zrS70d?ReG}QPbAan&#m`%2r;n{>cqHzv;8DPHxU`JaAv1-+p`f>XyAexxPNRxIKSy
z!!EB=v;5`P?BwEm_V@FPvy2Ie7U1^_$O|5JB7v?HiJCOtAkdQrkKh%%Lr{T0q}NHT
zny}mR+m|mgc5!(zIKTM%`uyUX7vH_OxXsviFRo9&J-N6&`Re@T`R(_BLSLWXUc9(L
z_kj}{<Lc!4_WbnK%adz%_3HZS^5zA;wrDLZMd@TUvrrXQ3qePBlnR^Z!WRpz7Fs&?
z95y^5-&VlCNO2Q=DQX*ysplZ8cycWbP<ErnGKk4Y)XB~Y+St_4x-QHj?tPxKmjR@%
z(@RMi(Q<a~US1}a4tL!;aEwZ^5|o{GCX`+!supj_vP#=jWl)J}DW{?ui`^_(yR(KW
zH)wty#P=PawW|=N905az#oDwoCfF_fl$P<aHDDd@z8^?E8_$Q*Y~+uul$`2Sxf6$@
z<#Rr5>hN7}?-CH51E_95VttkcWNOI>Q%R>QdFcoB6nZ@44n#sTuF+=hUh(i&o4T}Z
zK^LG|2O3l3H?s2S?IK-GH3mCdZQ_1aZri0ogq<o?+{rT49lm46s>K2l6gi#%>cC96
zENhLg5icio6`31&1Uo!Iz~4`g8}Pu1h1tyj523bcOA$w71Z6remJ*Dl6LQ}$MiLOb
za{~>JH{gpLDlRSH-g(OFW=<+sCYR#%%(3px>)JLJZZ)@gE_6Io3bml1>1-I=LFdXi
zn+TvM85PXo<R4GTH8M~AR)BY6UP&A7W3b+qe(g++O433B-?Hb(4kU5_Yy|&%>*XtH
z8s;96vv1X%fLwP@s0siBcqRkK{eeeIRVLPuz;lyXgk!En_}UTDNJe43!0ALQN~Gvf
zQ<R_q>4crkBqvCp-G#^d4zQU7*c4(Ss)7PlR9SSW&bgigCGyO5fMUGPwbs#EMw(-8
zjDV~sq(sfu^~R$WF&lA15C|P%8kqUJ1RE2!F{}j<_{GJUdsn;M;NbU@tE(3mXXpQU
z?2Zt$1&akGQ);^Ig<`~a!Is1ryM1JbjNB-i+62#5D_IJS!67KkWl@qRe^pV9OGRac
zMw*Y`32RvY%@6%3q$H(ILhv|HRg(G=NjhgcXR7*3@E1t#s2}{JT?W!Rh^f&5Ijn=E
zgXGyxY_smJm{n!@`(Oz5X%6Px=Iph=XoFCviwp){Xmf25ZwyvzL9r`|U2`uunN~+4
zx~yQr1#cR39s3I{L2>P9aNoTZP0J@azkuUEH!|4c33A@<8q_mU$-(t_CYPR4Mq}dP
z{^35Ogh{G49Y6Y5tCxIapfjONkw{QYWXe+aP`2Y51P{#Jzq%p3bmGWDh$;d=5>qcL
z5=wzk2K)*PPoe`*Bha1kh62x{HMbu5A96q?r|7|9z7Jg<!>@1RM92fJm+CAV@bb%(
zrqN&%KmIQ=<DLx%u-ypJSb|6SPz1W<)wJeQ!KP{{bk+9rBi%{l-p%^H9(G0l^YaIM
zy#Ielz4#l<vEBdw;OW89XYKmG2cLfSr~m)&@d@$Yz1|!8R}7p^lGyBG#?iSdgsvd{
zHv`qV@p*@#I$N4Z7Ck$ipaJP2dYBEJ^2{Ll7Ti!M<9TIcrSdc{>qseUtmcbYGSxfI
z9isL#$!F)wsK?4JS&wP}V~xY>P~x_k8R(dOnPjgsY5Ka5sxGZCG1kT2^SswPw|_CL
zQg>^$k8RvRBbm+ei0uGtSy>;khjl`Q<wv`D4?^G}+cU2LbWmUq-2nW)rLWKEy+t92
zF1LJ|vm0UKpTG?=Bj!t?*-TDD4(p?QKVwk&zrQ@n_w)S$%-^RJbl*wJ5Q-80sN-KA
zy5W{b59axEBks-p5PQqRfmMU$(cUg<85UE`QM2eh=_e_)RK-rO&mb4z#~-t+nJkr2
zi`fc8w$fY$AyL3YjcbBLsD&Fck~E#TF{qhxQ8y~<a)TBmIR;CYKh8VHKUPIAWcCdC
zQ;CxYeu^PKWmH*HT&7pr`v=tF#F!i4wN89V=5pmj`^Ku);GGBDD6rXzP3m$YeI_f&
z>3H1h9pvmXEzIhpxc$zXKI;_6x$`ClxdB%y<0<;wF_=Tp!Q!otVtb1fk8qH;VE5kJ
z-R&Lb<QSc#cuHqAY-i}RmZ5Ahn6UZEwSi!};cg>anW_ZvY*3aet$*^vPM#$8G1kyZ
z_Mj0A1*#uRFVQ~GH$WV2>JjYeL-uQ^k9o_h;w{!LF?+k9F>@e)LmuPihn=Kq{%$j+
z(hP;MdTW|2Px~M<CDaKAq}KvCOe3La)<MqRy#E1{V?24XJYvt;QT|1~|KtgK6OvkP
z*dGwTx9+RGk7bw!^2zQVvmqp>AhI%a=jtZ94OJ%bMyBbou!s8w%xpf>-$O~VhPbhW
zQhQ<G26Y|1-dT;Ij+CTV0vQM-FQ`PCw(JnIKpZ|U7{Z85Q1-`MrIgGr_D_pO&``&{
z-aXs&xo53969-RW3J4Ei_w64)9V`#>!-KUS4i8a7Hd0H$?tAxxO`pxbZ2fg>xBK2b
zA>;Ck{BS=%Z0x`xz~<d=_;oYD+>dd-1IWvs?tNRwZS!qeW-{O5;Rnw5p$ozJ0Jq(v
z<*^y;5@`nQF7!URI%iN;C2b9(z;in!*AkW2X6U*O<5N4#Qkp{d8jWgq3dcxBZzKI<
zF}=Bh*01Smn!x|nk-76cJ-%)|naxKQhdf$Gk*z~+LP^AeGhb#ba@CC#df}{mp^9dr
zZw#6Lo~pK>l~VpwPyh>drHTVXd<%z^^XE2H@`p5oZ~VjL-q7@s3Qhuf@6@OJZ#d<E
zzQM7dAtGzRHJ=MBw81bEd;>k-;igX?>LjS1lK8Lh9@v32`hF`o{@?%oKmVIOdGeZr
z-r>m;OjqalQKIbN3aiCjEu&TsUjqMpAmPE+_LXNqd%a6~ub~hLyPI(fb_Vb4=eK$a
zf0t^S?lXKDs};aT-2~tn8lTNxd^9O<;>VzI@p1s7;{RyNH`vVxuE#U%-3E`}OyG;L
zOHE&Hh3bX4V{`ta(ow9S7&{X@d8y0<I_=IE+yYBH(gMRU5l+OZ2e1PD={mJU1hUG4
z;|3lYDKvF>s!{($1SX+EC>gMr>mSKrid#4qkicZgaA%f>pt6M+m2@#6ZB>eus+vML
zTqV%~T+IEwg0u>a)fHl)1!-1=)=ER54l=}$e#JpT2Wivsw?>v2<1yi~1m|wB08gyY
z@yJxNvYh><(pX3JfY%OAc)N}=f+7{^_947@vD~d8UoAxGB4cCZ!QMdsvo=j}gKcHP
zN5a^*q1wtG62G?|gl}Vvm)XtP737x0k`QCA#iT}b!mlf3ljtzgBTy!s2AbyUX_iS~
z8DI+VfpHKY3?@pC#lT50r5szs29f7|T-gTy(^wZ~k8<cXZVlqW!RPsZ{!daX;ISYb
zdehk2ht`as&XDS^IV<4O!Dsn<hfN2c=kI&H8!EH*dHz0Y05IOVxzLV@N$aCQJ{%_;
zt5_v%CoOKZ%Z5~QZ<zNUQylK0;%~h-TdKeP3bl+IrSZ(bt#JTr47IVK{H_D)FRL_n
ztH@Uz!$KjoA;NbgW_&4?&aiNsui=GYMP?AH_(QgJn1LSCf4O{J@3$*o*IO%J*SkbT
z;@%Os=03WVUGH(F?AV4<cEe9TIl_GDFr%aI3oVus0}&B+ep#-C&jgOodID~TdsH?G
z6HH%IfhB*QIO)#N>RJqU9iDcteCW^TomjD9Ba`!x26pcx8#XEe;ijqeGiZ!S!n-f|
zr*z3bOE39ntxFyp!|DoyCNPC@V(@*_tgeH`&sKSgZFf#B9rB60J-Tpsu`pkOYc`*&
zYJjuu?fS%^o<#}ugpl<B)?_}fEyjaOQ5G5LN+}Uil>JAmUb1p`FWftofv)BuqzC;8
z{D%<zv!kc`SW2V$fZiy?DaTRx<V}SDCL7bydlHy2HjG)5hfHZUJmX@nsvBY5weBfh
zV0_$2Fz=*9Ttbc_0(fDRCVY()+RGojLc~u>;_<|PIpnMc+a2&>@fCu#V(K*Np7(ku
zB~<3Kkl8Ww1lg<N_w%ECzxm`w@&Z)Mr?P(O&ep3ihu#&}-$1%EFc7zhet9p}Kvb#j
zvl4e~c#V%+e!=Hrkp2PN8?ptrZsBQdrWM;kW^b1j>aMbKPF9HM3hBgyR(Z`3fF^L!
zai5EX8$pR783&W;I?>_u@`5rGU3^1Q!|jY$?*OB{1iugpO1aIbXcjM_9z-&G@lmh$
zC1*1&CeQjG#t2L`U(Db#dVdwuf8Jy4OF5r1qsMW)w8=our%>6CFBW@XT=)+sjy&5u
zQJ?KS?|r$)pZ{s|{dfQPL;PPSFJFO*;5V3KyZ!f*gTv1b+xFkXqy0bazrV-l<B)T+
z_tBe><Nxq!zMt>M$Iwv#GXqC1_oR<_F%^5%dVq}wjX0<OFm_dnXOoiKf%!+xwb*4J
zy}5<_vg9(;<QY0=aP0?4^T*6_vRK4ARfqY(e*W}<Sz?a?b$D=|UhgEltZ0VaYK89g
zo;>+h&BcOG#qpCT(b${_?9br^`i@Iqr>@t#hbs8&p1qiJS+aZfN|&I#91I2nhX3>b
zfbYdzmSV~4sq6G5{Pj2Z(>)B&**&U03#;a1@uO=}@Jfm@$1naib<;GOmWBAIYv=y|
zx478w`@B@rh*H$rwVKQEOq6-}uB(T8A4(|(GhT|7>qKAV@Wpx$2NVh?JXMA0^%Cf9
ze)OI{u37SAA^5M+vkUUc_Y#Kjm<^vlJID_{&G!fU!z8PyJEXtEMjWoPdv-=LocmXF
z_Var2`?j+CeofciQFWBvW8uAfHhlBLklm-g%RDqfUU9*VLq~2CJKjiET(2N6e3Ynt
z3gP6NifwX&fK+Uv8Vg^wzFBN;T*^I$HG#&pF44gggRR|qNM7>h!=MHp7-66FJ2w36
zr@<ijT_kl&=w{{gfAFsKY{&pIJXO5R27^*f^HMBD`Rwe)SFgVLxj$r0(57W!w?Q|p
z%IK@|633bt+^G^MOfdm9l|u;1!FJDvKmF{6g-AyyTVdLY%BNZLYTAV=C_nUgCW^X*
ztPZK?DmXbn{^^-A_5yVlC?*1=HO6v)jxwsMU{$g1jTac%JsT<Ih>F)G-1~xV8w%pk
zhH|{dX}Qpj&7P*kVs&WP^iF_*K;nCeV&?idCq>cljdtxkyByW4K-FT2<k%rr{oHoS
z<Jf8kykbDI6IRPHQ<F)l$YDhmV$8MK-8>)FBz_pB(tAgNqNoID)+$BAROfbDONfcy
zx}oT&PdsDNK5^eaaxoQppcX=NtF+%Wlhuzt(@SgaqB5s&u3dP5epd@sK>5rC<m?9j
z5%lCAuA%af6_sh#eTT|nuce)Ri>=!$SjTA`>E0LqPIleu3i8ZVU6xoSaqH2ow{4Bp
zJiBcpHCsmL8(}eJq%1`mILRR!Hw0Id>Tc}_-pR`C9t&x@8T(PY;D}#Rq6xxRysDu+
zPPyeCc3==SkISFP(h68Z(rUCKQzo@vTYV`fV!RrcqGRGKRj~Lwr%bx70p_y0c2Y7{
zU32S~6^ya(hPa&xtU6N9Syj(R7=>x5ZK#&*bxUB=z(~)!0#|3U9Y9h654pXwhKm_7
zdKhX0W%s2`u6S#`3ssyv_QJZW(|uFt!p!2eq!8J;urpB`X2zN?WHns__CgigsI8wC
z;J*2I-Omr6tENI<@jMRPEEnMn;K}ppbRs-=FgF6Fa)K8R5d7J*1drEdgABM=T8)J<
zLI2bB%)LUNRVW`G^<b_$T%P8rKL3wY)i;i*xe{8cVhzzg1x!1cW3}K3vvMxjj;uVI
z?Rq3i<OEP?8FXC}?B@KNzn{N+$spTZ>1bncX7u6IW>#C!SRu1tEmIQnQ{U~Sf84*i
zJbQa_^4*Jm)(?fW`^P`^K|gveCgI;#+|K&PeP8D;hyFkR{ByQ8)Xmk&=`R}(VCx3`
z0jcp)YE{7@FS&;3%NFArEufKcrQN!T*NEyb9Fi(WxmW8uzJP!TlMwZWqCN7T-*7AL
z_-Y#uMGuZ=>e7K2b%(Or;NG@26;=6fUd=vD*FT0?e(spY>tT<QLXgmS;}pMi4`GEc
zZgkdMKNu)IL5lt82F`X+!z<kXz_JWJk=_M!m$CB-eOSO<Hgj}z%&TA#!s_N2xEH8Z
zMn0gJL6R3UHBRoZK|}h-PrrD&X7t87N!y)Fsiq26P=$@7PiUun)*lS;*Brb`Dse|=
z)6e2h?$Yy0RjawGO>Ov8^Z{nyz|X$C{3hAXYl{O;0~vMeN|>pxb3LClT1W#7SLWV1
z6HeRLEmOuavWq5E@;1sDbwz>-@Z_+Df+P`?K+4jmA(oAa!B*u{DZm5q{2*hTUOFoW
zL5PxxjfpC90nr=@uqjaGl(cy%CYI9gLq#0`3p&KdnlVjIDXkv^yi&7}nCnJ-YciNG
zC)OM)losn4r%{lsF_QNaYK}$c(J@lmBMf8twAmjzhSF3R7wWxkp&QE3NQ^en8$ge~
zG^Eskw)pMOiM$wV_@1X@x?AHHo=gY<7kR<WY^1m@9xu71{Wow#?c%AZEdVva?zS~-
zmLL2Ut47)85Fi(Z*gkrw+}xlP{)FM`-$0}QhT%fdHBltxrj7R{U!T}(8=(MnM!=w<
zGj=CNS*#Pin>tTrSZ<u^uX$P@rfgYK#ruUaqR83aNB_mnRPr5~3*&;)Y&Z+8tY=S`
z6c31c8ew6iEns_$EYiS<E$nLJ@Vfcd4Xc1!+SfJ6Cdut`yv~&t6Zw8;xEERvciH_t
zYy8F+a=6>~Vh9|P#sb|;yHP=@v+-1M!P}N6i=q^FTyIx8G=@w2L}2mS&O~KN)4mlZ
zw)0qSU)}_zA`Xijl~=ET%V1Osb<8jmytFfTH~&DgkgnokW!Wamkc{GP!KmXDn-l%|
zG$LKX?@cAPZuXD7+37kSbGMxg{rC&q0rCx3xUr7k?-Hle{)*SQluJl@bmcHTr|dAd
zGc61x;0R*!k%wc{!$7K>aSgdtsG|wkO+vHRs`%VVc%is~4j$c_YXE0aUY?1Pud9U)
z*O%edK~}LlE`z^lsOxJ(H9?rXYsy8pYT#i1F|%RyyA&8OkLjAo)Z?)*rUSkQZGBfd
zAaxT-0t0kw0oW#hrG}Hb?3&%mxlpzJB|rrfrAa6ojOaRJY1a-{O-;^WS=)&6ts?oC
zVO!|8HUMTM$uVPSnG>a(tD;2+-U+dQn|~4%d9IN;h6vJ(6<RGarbWTMS!ByBn6_^H
zzFnm0>?l`?RhUa*<DfIa!8EpU>27KN^3we*k6Jo4-n#bEc3X=!nH|;02)!iF+C3a*
z;D+4$IKBX38V_l({58Sx;`;jX8sQP$*jz8jTn-)3_6GLCj9r~voS$aw>yz7)ml=cJ
z8GC(leSukp&M&^c#QmX_$mCJ;nmpyrHBi$&YFL~Q2rno;AXa&9+K&jsSE>*<P#Q$(
z4!AXbmKgg06@>-Jno)B0>7HE&W}pYw(XEWtTvl{i3nw39p=LU?@76HuTJYkvmR4L=
zV*#64@4A(DTWkKXCMs!7oXC~`#xk_Iu~SUZq{Zaer*-M@LxqB#80H%WwF9!r?Xh#~
zOX2!cG1d_$_b4Who<YCSA=Ll|KkSx8w6(_y9XZk)$}R5(--6p&v+dsI#zy|LHSodV
z=ikYsu`14_(KS5jU)9A_*oW1NR|;~(QZF{5ZaCbH;}WG^ovO-;_cosxh&05As4fl5
zWp%BT{Z1NSoBENJl@$9!>J|4qfM+jcO$<fr+>J}K&8Ug5H0={HW3dVAvs2-E@=fd2
zb#;PG68-(tr$^xdJ3sS8Z3?a6*(w`$VqZR5Va@ZpV%%(>@InC;I&=&X7Cy_OPb*53
zkqZFM!Z?)i&<fKe>Fu+=GD1JNOE=6f-efrNM{2AUg%mOFu&gx-<-?TI%JBf?X+ciY
z>|_j43T!DkyH=(6N@DU{rM;av{T7$0t;sz_B?8+)X1-5SPkDD=YV8(41E5}0RV-#x
zZfcoZ4#UKPNJ^5eY75aspe`BXf-?}<Lbe1q!C<2F9oGdog$GcfWERA@O`C(rhj`v!
z9P9_?lNzuXV29OP5Vq?BE;>g_;!6^ZE^foSoI}sxZtXo$(7gd3Ah#54g+A^IqKYqR
z`p-N0PVSK!asXg*B7)D|-LZO#(P<K*+taHc$-yc^vz^=1tG!oeSG&nro)OuOH#gs2
zzIu7aE-r6Vl!;C~|9&Xb+*ccA_CFkD{D6zjk-8fG3a4`?M(ZczNor@i)=ocfug<kx
zw3@7K0UB*xezP&f`8;x^jn=L8e)7rD#tw~Gpe{`9?6pnru=mk_Ic`W&UM67}Mwnxn
zMK7-cVxmi6%eRaB^f1M$;`6niX?O~s^0Fs5{4v)a%gQV<$@?*TAjmc5XbRy)AN%hH
z(Rh{Y_n0v@h;}V#bnv&xFphQ6(c-Yxq6?@k4BB>TzW|SHY4ViQ?6CQ4>{qBcN8@ty
zs5f@lY!=zr#cPf>ElW!UJW9#YNu#6T6}4#uqzkGI=5yo%^T4zyQIZQaYp+z{S(Fa{
z(bMa*98^oET0P(-a)OB2P%lD3I&y?fybooS7)Z&dbB2|1r56RZE#}31VOKXkG1}&}
z!1T7(6??jWgl;i52~QVQL3-e(-_iED-=ov4gT-T);31IqWg)SfY$?RIEnzc)L4<JP
zE7KS<P>OA1ha>6GscOw3D`?UNR8)36gC`lR$if{<7EGA%E2<`wew%TPR{Vz@adZCP
z@R%Q5!3Ur6!w2k#{&zWKs55D1q9EWt_!R3AA8)t1hv^$q)N7IuoutFQg2<B-<QY$?
zG_3cyDdjuCv??ju)%|OPqLE2_%6)nVSd-v|e2f<V;5XFbw-)icsPS8K{)T$|)=a;*
zBEL2LAEL=my!O{^PqXx04T*=az_T#y^y(EL^IXi8UisalixlJ^m2+tuo+p1Xi9!Px
zV48Z8)-42_z0z_iOEDEM%$Q?Ae!7HNf6N!Cke0&qkAFf<`|+Fp$;+4hAAZjI4#t;N
zxw=-$0bT>4{C+J<frXe8ubEp^r8IOrC>&!F4NPryuz&ao%3GM9hEhtq3sd}98>-<z
zDj`q?;ogw^JlcAmHbjS8oJQGMBY{Mq`_a}oE>&GbQXNuVBBQ^%X+3V#M=uFZ@-$43
z1pqb-?3VdK11I}hANT>@H#DQi@%(B7U+o({#^&u8v&G!)bz$9>?l4)Bcm;#!t}*Z2
z)+JJQkOy|`&bcel1B<s2Ml-uwh>R=^SScNmTU1s{5pE(5X)$yz5d_lAG5z)uydJQ5
zami)59|(zuCa314%A^Zb8!8@Qh2~=$)5$07$jQ}t$GngB+;1(n+c!nYV%%xAx23sU
zY?|fv<qh+{avh&>Zro4!3+8WnKyrqk_iSnQKDMP9c=0V!^9=#Pyp?GPSsnh8P$VNl
z9EhsossZej<u+$8(0lec+0`*t>fm*0k0FH~4sy(X`WgN-mAtW9jx9yFxz7T)(i=$4
zbSf7!p>Jvl;hEF~??f`g+OXqVFU3{hZmE$I^-tlKr-uivZ;n3y#2?5F7=yZx1AkjT
z4E!E5m)&BX5r=$}x@;%CagdC@l!>|N0}hdT57OQ#@L@G;pr=2Qpgj*3^!;$GKXiw2
z5gMu#I^2RLRk=-mgZC5-lN8p7Rln&Ee<SS-4LHD~aS6InoMxd)HC^2-+`D=j?3L@2
z`mBj~v9T933rrD~^z)fKR0%nHuR_!%Hsw(Hx}kApe6FggXKM$fMxpg-K1QOo#ireL
zW=+#J4HMN@FgT_hy0MyDF<s?aLH1tEFPP8y`<q%rq<6|QKC0uZDv=)>u~J>#*U9sB
zI$%G>`N@BZR_9~ZXbWYgt20cA<EC0}4wwwT`C|DoP8Q3sk`WM0tKKa<y2#r_Nf)kV
z(Zv`Y4i}6qxYSss9NCsRUts1L$Bvuub#4{q&(7Hi<jApc0iiY(j4X-_!-SE)o5(5U
zMf2+)`6N@W#jqp#d5Ew8J}_fqdfeISm<?Dz4U>k|x&JtTJln&$_elK;8|YIPSxu9F
z=Fyw)*_{|ctaNW{uGY0r@1(XW7U0F;8b~PRgMnzvZy?~lP-9Gxe2^b?CS0nNzEi6B
qaW6CvIqdeR-|nBOW&Zs9`T6tn=jUJg{Qm#|0RR7|@VssS{00DRHG0+n

literal 0
HcmV?d00001

diff --git a/charts/traefik-crd/25.0.3+up25.0.0/Chart.yaml b/charts/traefik-crd/25.0.3+up25.0.0/Chart.yaml
new file mode 100644
index 0000000..24326cf
--- /dev/null
+++ b/charts/traefik-crd/25.0.3+up25.0.0/Chart.yaml
@@ -0,0 +1,8 @@
+annotations:
+  fleet.cattle.io/bundle-id: k3s
+apiVersion: v1
+appVersion: v2.10.5
+description: Installs the CRDs for traefik
+name: traefik-crd
+type: application
+version: 25.0.3+up25.0.0
diff --git a/charts/traefik-crd/25.0.3+up25.0.0/templates/traefik.containo.us_ingressroutes.yaml b/charts/traefik-crd/25.0.3+up25.0.0/templates/traefik.containo.us_ingressroutes.yaml
new file mode 100644
index 0000000..bd137f4
--- /dev/null
+++ b/charts/traefik-crd/25.0.3+up25.0.0/templates/traefik.containo.us_ingressroutes.yaml
@@ -0,0 +1,275 @@
+
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    controller-gen.kubebuilder.io/version: v0.6.2
+  creationTimestamp: null
+  name: ingressroutes.traefik.containo.us
+spec:
+  group: traefik.containo.us
+  names:
+    kind: IngressRoute
+    listKind: IngressRouteList
+    plural: ingressroutes
+    singular: ingressroute
+  scope: Namespaced
+  versions:
+  - name: v1alpha1
+    schema:
+      openAPIV3Schema:
+        description: IngressRoute is the CRD implementation of a Traefik HTTP Router.
+        properties:
+          apiVersion:
+            description: 'APIVersion defines the versioned schema of this representation
+              of an object. Servers should convert recognized schemas to the latest
+              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            type: string
+          kind:
+            description: 'Kind is a string value representing the REST resource this
+              object represents. Servers may infer this from the endpoint the client
+              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            type: string
+          metadata:
+            type: object
+          spec:
+            description: IngressRouteSpec defines the desired state of IngressRoute.
+            properties:
+              entryPoints:
+                description: 'EntryPoints defines the list of entry point names to
+                  bind to. Entry points have to be configured in the static configuration.
+                  More info: https://doc.traefik.io/traefik/v2.10/routing/entrypoints/
+                  Default: all.'
+                items:
+                  type: string
+                type: array
+              routes:
+                description: Routes defines the list of routes.
+                items:
+                  description: Route holds the HTTP route configuration.
+                  properties:
+                    kind:
+                      description: Kind defines the kind of the route. Rule is the
+                        only supported kind.
+                      enum:
+                      - Rule
+                      type: string
+                    match:
+                      description: 'Match defines the router''s rule. More info: https://doc.traefik.io/traefik/v2.10/routing/routers/#rule'
+                      type: string
+                    middlewares:
+                      description: 'Middlewares defines the list of references to
+                        Middleware resources. More info: https://doc.traefik.io/traefik/v2.10/routing/providers/kubernetes-crd/#kind-middleware'
+                      items:
+                        description: MiddlewareRef is a reference to a Middleware
+                          resource.
+                        properties:
+                          name:
+                            description: Name defines the name of the referenced Middleware
+                              resource.
+                            type: string
+                          namespace:
+                            description: Namespace defines the namespace of the referenced
+                              Middleware resource.
+                            type: string
+                        required:
+                        - name
+                        type: object
+                      type: array
+                    priority:
+                      description: 'Priority defines the router''s priority. More
+                        info: https://doc.traefik.io/traefik/v2.10/routing/routers/#priority'
+                      type: integer
+                    services:
+                      description: Services defines the list of Service. It can contain
+                        any combination of TraefikService and/or reference to a Kubernetes
+                        Service.
+                      items:
+                        description: Service defines an upstream HTTP service to proxy
+                          traffic to.
+                        properties:
+                          kind:
+                            description: Kind defines the kind of the Service.
+                            enum:
+                            - Service
+                            - TraefikService
+                            type: string
+                          name:
+                            description: Name defines the name of the referenced Kubernetes
+                              Service or TraefikService. The differentiation between
+                              the two is specified in the Kind field.
+                            type: string
+                          namespace:
+                            description: Namespace defines the namespace of the referenced
+                              Kubernetes Service or TraefikService.
+                            type: string
+                          nativeLB:
+                            description: NativeLB controls, when creating the load-balancer,
+                              whether the LB's children are directly the pods IPs
+                              or if the only child is the Kubernetes Service clusterIP.
+                              The Kubernetes Service itself does load-balance to the
+                              pods. By default, NativeLB is false.
+                            type: boolean
+                          passHostHeader:
+                            description: PassHostHeader defines whether the client
+                              Host header is forwarded to the upstream Kubernetes
+                              Service. By default, passHostHeader is true.
+                            type: boolean
+                          port:
+                            anyOf:
+                            - type: integer
+                            - type: string
+                            description: Port defines the port of a Kubernetes Service.
+                              This can be a reference to a named port.
+                            x-kubernetes-int-or-string: true
+                          responseForwarding:
+                            description: ResponseForwarding defines how Traefik forwards
+                              the response from the upstream Kubernetes Service to
+                              the client.
+                            properties:
+                              flushInterval:
+                                description: 'FlushInterval defines the interval,
+                                  in milliseconds, in between flushes to the client
+                                  while copying the response body. A negative value
+                                  means to flush immediately after each write to the
+                                  client. This configuration is ignored when ReverseProxy
+                                  recognizes a response as a streaming response; for
+                                  such responses, writes are flushed to the client
+                                  immediately. Default: 100ms'
+                                type: string
+                            type: object
+                          scheme:
+                            description: Scheme defines the scheme to use for the
+                              request to the upstream Kubernetes Service. It defaults
+                              to https when Kubernetes Service port is 443, http otherwise.
+                            type: string
+                          serversTransport:
+                            description: ServersTransport defines the name of ServersTransport
+                              resource to use. It allows to configure the transport
+                              between Traefik and your servers. Can only be used on
+                              a Kubernetes Service.
+                            type: string
+                          sticky:
+                            description: 'Sticky defines the sticky sessions configuration.
+                              More info: https://doc.traefik.io/traefik/v2.10/routing/services/#sticky-sessions'
+                            properties:
+                              cookie:
+                                description: Cookie defines the sticky cookie configuration.
+                                properties:
+                                  httpOnly:
+                                    description: HTTPOnly defines whether the cookie
+                                      can be accessed by client-side APIs, such as
+                                      JavaScript.
+                                    type: boolean
+                                  name:
+                                    description: Name defines the Cookie name.
+                                    type: string
+                                  sameSite:
+                                    description: 'SameSite defines the same site policy.
+                                      More info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite'
+                                    type: string
+                                  secure:
+                                    description: Secure defines whether the cookie
+                                      can only be transmitted over an encrypted connection
+                                      (i.e. HTTPS).
+                                    type: boolean
+                                type: object
+                            type: object
+                          strategy:
+                            description: Strategy defines the load balancing strategy
+                              between the servers. RoundRobin is the only supported
+                              value at the moment.
+                            type: string
+                          weight:
+                            description: Weight defines the weight and should only
+                              be specified when Name references a TraefikService object
+                              (and to be precise, one that embeds a Weighted Round
+                              Robin).
+                            type: integer
+                        required:
+                        - name
+                        type: object
+                      type: array
+                  required:
+                  - kind
+                  - match
+                  type: object
+                type: array
+              tls:
+                description: 'TLS defines the TLS configuration. More info: https://doc.traefik.io/traefik/v2.10/routing/routers/#tls'
+                properties:
+                  certResolver:
+                    description: 'CertResolver defines the name of the certificate
+                      resolver to use. Cert resolvers have to be configured in the
+                      static configuration. More info: https://doc.traefik.io/traefik/v2.10/https/acme/#certificate-resolvers'
+                    type: string
+                  domains:
+                    description: 'Domains defines the list of domains that will be
+                      used to issue certificates. More info: https://doc.traefik.io/traefik/v2.10/routing/routers/#domains'
+                    items:
+                      description: Domain holds a domain name with SANs.
+                      properties:
+                        main:
+                          description: Main defines the main domain name.
+                          type: string
+                        sans:
+                          description: SANs defines the subject alternative domain
+                            names.
+                          items:
+                            type: string
+                          type: array
+                      type: object
+                    type: array
+                  options:
+                    description: 'Options defines the reference to a TLSOption, that
+                      specifies the parameters of the TLS connection. If not defined,
+                      the `default` TLSOption is used. More info: https://doc.traefik.io/traefik/v2.10/https/tls/#tls-options'
+                    properties:
+                      name:
+                        description: 'Name defines the name of the referenced TLSOption.
+                          More info: https://doc.traefik.io/traefik/v2.10/routing/providers/kubernetes-crd/#kind-tlsoption'
+                        type: string
+                      namespace:
+                        description: 'Namespace defines the namespace of the referenced
+                          TLSOption. More info: https://doc.traefik.io/traefik/v2.10/routing/providers/kubernetes-crd/#kind-tlsoption'
+                        type: string
+                    required:
+                    - name
+                    type: object
+                  secretName:
+                    description: SecretName is the name of the referenced Kubernetes
+                      Secret to specify the certificate details.
+                    type: string
+                  store:
+                    description: Store defines the reference to the TLSStore, that
+                      will be used to store certificates. Please note that only `default`
+                      TLSStore can be used.
+                    properties:
+                      name:
+                        description: 'Name defines the name of the referenced TLSStore.
+                          More info: https://doc.traefik.io/traefik/v2.10/routing/providers/kubernetes-crd/#kind-tlsstore'
+                        type: string
+                      namespace:
+                        description: 'Namespace defines the namespace of the referenced
+                          TLSStore. More info: https://doc.traefik.io/traefik/v2.10/routing/providers/kubernetes-crd/#kind-tlsstore'
+                        type: string
+                    required:
+                    - name
+                    type: object
+                type: object
+            required:
+            - routes
+            type: object
+        required:
+        - metadata
+        - spec
+        type: object
+    served: true
+    storage: true
+status:
+  acceptedNames:
+    kind: ""
+    plural: ""
+  conditions: []
+  storedVersions: []
diff --git a/charts/traefik-crd/25.0.3+up25.0.0/templates/traefik.containo.us_ingressroutetcps.yaml b/charts/traefik-crd/25.0.3+up25.0.0/templates/traefik.containo.us_ingressroutetcps.yaml
new file mode 100644
index 0000000..589fe31
--- /dev/null
+++ b/charts/traefik-crd/25.0.3+up25.0.0/templates/traefik.containo.us_ingressroutetcps.yaml
@@ -0,0 +1,218 @@
+
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    controller-gen.kubebuilder.io/version: v0.6.2
+  creationTimestamp: null
+  name: ingressroutetcps.traefik.containo.us
+spec:
+  group: traefik.containo.us
+  names:
+    kind: IngressRouteTCP
+    listKind: IngressRouteTCPList
+    plural: ingressroutetcps
+    singular: ingressroutetcp
+  scope: Namespaced
+  versions:
+  - name: v1alpha1
+    schema:
+      openAPIV3Schema:
+        description: IngressRouteTCP is the CRD implementation of a Traefik TCP Router.
+        properties:
+          apiVersion:
+            description: 'APIVersion defines the versioned schema of this representation
+              of an object. Servers should convert recognized schemas to the latest
+              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            type: string
+          kind:
+            description: 'Kind is a string value representing the REST resource this
+              object represents. Servers may infer this from the endpoint the client
+              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            type: string
+          metadata:
+            type: object
+          spec:
+            description: IngressRouteTCPSpec defines the desired state of IngressRouteTCP.
+            properties:
+              entryPoints:
+                description: 'EntryPoints defines the list of entry point names to
+                  bind to. Entry points have to be configured in the static configuration.
+                  More info: https://doc.traefik.io/traefik/v2.10/routing/entrypoints/
+                  Default: all.'
+                items:
+                  type: string
+                type: array
+              routes:
+                description: Routes defines the list of routes.
+                items:
+                  description: RouteTCP holds the TCP route configuration.
+                  properties:
+                    match:
+                      description: 'Match defines the router''s rule. More info: https://doc.traefik.io/traefik/v2.10/routing/routers/#rule_1'
+                      type: string
+                    middlewares:
+                      description: Middlewares defines the list of references to MiddlewareTCP
+                        resources.
+                      items:
+                        description: ObjectReference is a generic reference to a Traefik
+                          resource.
+                        properties:
+                          name:
+                            description: Name defines the name of the referenced Traefik
+                              resource.
+                            type: string
+                          namespace:
+                            description: Namespace defines the namespace of the referenced
+                              Traefik resource.
+                            type: string
+                        required:
+                        - name
+                        type: object
+                      type: array
+                    priority:
+                      description: 'Priority defines the router''s priority. More
+                        info: https://doc.traefik.io/traefik/v2.10/routing/routers/#priority_1'
+                      type: integer
+                    services:
+                      description: Services defines the list of TCP services.
+                      items:
+                        description: ServiceTCP defines an upstream TCP service to
+                          proxy traffic to.
+                        properties:
+                          name:
+                            description: Name defines the name of the referenced Kubernetes
+                              Service.
+                            type: string
+                          namespace:
+                            description: Namespace defines the namespace of the referenced
+                              Kubernetes Service.
+                            type: string
+                          nativeLB:
+                            description: NativeLB controls, when creating the load-balancer,
+                              whether the LB's children are directly the pods IPs
+                              or if the only child is the Kubernetes Service clusterIP.
+                              The Kubernetes Service itself does load-balance to the
+                              pods. By default, NativeLB is false.
+                            type: boolean
+                          port:
+                            anyOf:
+                            - type: integer
+                            - type: string
+                            description: Port defines the port of a Kubernetes Service.
+                              This can be a reference to a named port.
+                            x-kubernetes-int-or-string: true
+                          proxyProtocol:
+                            description: 'ProxyProtocol defines the PROXY protocol
+                              configuration. More info: https://doc.traefik.io/traefik/v2.10/routing/services/#proxy-protocol'
+                            properties:
+                              version:
+                                description: Version defines the PROXY Protocol version
+                                  to use.
+                                type: integer
+                            type: object
+                          terminationDelay:
+                            description: TerminationDelay defines the deadline that
+                              the proxy sets, after one of its connected peers indicates
+                              it has closed the writing capability of its connection,
+                              to close the reading capability as well, hence fully
+                              terminating the connection. It is a duration in milliseconds,
+                              defaulting to 100. A negative value means an infinite
+                              deadline (i.e. the reading capability is never closed).
+                            type: integer
+                          weight:
+                            description: Weight defines the weight used when balancing
+                              requests between multiple Kubernetes Service.
+                            type: integer
+                        required:
+                        - name
+                        - port
+                        type: object
+                      type: array
+                  required:
+                  - match
+                  type: object
+                type: array
+              tls:
+                description: 'TLS defines the TLS configuration on a layer 4 / TCP
+                  Route. More info: https://doc.traefik.io/traefik/v2.10/routing/routers/#tls_1'
+                properties:
+                  certResolver:
+                    description: 'CertResolver defines the name of the certificate
+                      resolver to use. Cert resolvers have to be configured in the
+                      static configuration. More info: https://doc.traefik.io/traefik/v2.10/https/acme/#certificate-resolvers'
+                    type: string
+                  domains:
+                    description: 'Domains defines the list of domains that will be
+                      used to issue certificates. More info: https://doc.traefik.io/traefik/v2.10/routing/routers/#domains'
+                    items:
+                      description: Domain holds a domain name with SANs.
+                      properties:
+                        main:
+                          description: Main defines the main domain name.
+                          type: string
+                        sans:
+                          description: SANs defines the subject alternative domain
+                            names.
+                          items:
+                            type: string
+                          type: array
+                      type: object
+                    type: array
+                  options:
+                    description: 'Options defines the reference to a TLSOption, that
+                      specifies the parameters of the TLS connection. If not defined,
+                      the `default` TLSOption is used. More info: https://doc.traefik.io/traefik/v2.10/https/tls/#tls-options'
+                    properties:
+                      name:
+                        description: Name defines the name of the referenced Traefik
+                          resource.
+                        type: string
+                      namespace:
+                        description: Namespace defines the namespace of the referenced
+                          Traefik resource.
+                        type: string
+                    required:
+                    - name
+                    type: object
+                  passthrough:
+                    description: Passthrough defines whether a TLS router will terminate
+                      the TLS connection.
+                    type: boolean
+                  secretName:
+                    description: SecretName is the name of the referenced Kubernetes
+                      Secret to specify the certificate details.
+                    type: string
+                  store:
+                    description: Store defines the reference to the TLSStore, that
+                      will be used to store certificates. Please note that only `default`
+                      TLSStore can be used.
+                    properties:
+                      name:
+                        description: Name defines the name of the referenced Traefik
+                          resource.
+                        type: string
+                      namespace:
+                        description: Namespace defines the namespace of the referenced
+                          Traefik resource.
+                        type: string
+                    required:
+                    - name
+                    type: object
+                type: object
+            required:
+            - routes
+            type: object
+        required:
+        - metadata
+        - spec
+        type: object
+    served: true
+    storage: true
+status:
+  acceptedNames:
+    kind: ""
+    plural: ""
+  conditions: []
+  storedVersions: []
diff --git a/charts/traefik-crd/25.0.3+up25.0.0/templates/traefik.containo.us_ingressrouteudps.yaml b/charts/traefik-crd/25.0.3+up25.0.0/templates/traefik.containo.us_ingressrouteudps.yaml
new file mode 100644
index 0000000..c35ee4d
--- /dev/null
+++ b/charts/traefik-crd/25.0.3+up25.0.0/templates/traefik.containo.us_ingressrouteudps.yaml
@@ -0,0 +1,105 @@
+
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    controller-gen.kubebuilder.io/version: v0.6.2
+  creationTimestamp: null
+  name: ingressrouteudps.traefik.containo.us
+spec:
+  group: traefik.containo.us
+  names:
+    kind: IngressRouteUDP
+    listKind: IngressRouteUDPList
+    plural: ingressrouteudps
+    singular: ingressrouteudp
+  scope: Namespaced
+  versions:
+  - name: v1alpha1
+    schema:
+      openAPIV3Schema:
+        description: IngressRouteUDP is a CRD implementation of a Traefik UDP Router.
+        properties:
+          apiVersion:
+            description: 'APIVersion defines the versioned schema of this representation
+              of an object. Servers should convert recognized schemas to the latest
+              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            type: string
+          kind:
+            description: 'Kind is a string value representing the REST resource this
+              object represents. Servers may infer this from the endpoint the client
+              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            type: string
+          metadata:
+            type: object
+          spec:
+            description: IngressRouteUDPSpec defines the desired state of a IngressRouteUDP.
+            properties:
+              entryPoints:
+                description: 'EntryPoints defines the list of entry point names to
+                  bind to. Entry points have to be configured in the static configuration.
+                  More info: https://doc.traefik.io/traefik/v2.10/routing/entrypoints/
+                  Default: all.'
+                items:
+                  type: string
+                type: array
+              routes:
+                description: Routes defines the list of routes.
+                items:
+                  description: RouteUDP holds the UDP route configuration.
+                  properties:
+                    services:
+                      description: Services defines the list of UDP services.
+                      items:
+                        description: ServiceUDP defines an upstream UDP service to
+                          proxy traffic to.
+                        properties:
+                          name:
+                            description: Name defines the name of the referenced Kubernetes
+                              Service.
+                            type: string
+                          namespace:
+                            description: Namespace defines the namespace of the referenced
+                              Kubernetes Service.
+                            type: string
+                          nativeLB:
+                            description: NativeLB controls, when creating the load-balancer,
+                              whether the LB's children are directly the pods IPs
+                              or if the only child is the Kubernetes Service clusterIP.
+                              The Kubernetes Service itself does load-balance to the
+                              pods. By default, NativeLB is false.
+                            type: boolean
+                          port:
+                            anyOf:
+                            - type: integer
+                            - type: string
+                            description: Port defines the port of a Kubernetes Service.
+                              This can be a reference to a named port.
+                            x-kubernetes-int-or-string: true
+                          weight:
+                            description: Weight defines the weight used when balancing
+                              requests between multiple Kubernetes Service.
+                            type: integer
+                        required:
+                        - name
+                        - port
+                        type: object
+                      type: array
+                  type: object
+                type: array
+            required:
+            - routes
+            type: object
+        required:
+        - metadata
+        - spec
+        type: object
+    served: true
+    storage: true
+status:
+  acceptedNames:
+    kind: ""
+    plural: ""
+  conditions: []
+  storedVersions: []
diff --git a/charts/traefik-crd/25.0.3+up25.0.0/templates/traefik.containo.us_middlewares.yaml b/charts/traefik-crd/25.0.3+up25.0.0/templates/traefik.containo.us_middlewares.yaml
new file mode 100644
index 0000000..5e14f93
--- /dev/null
+++ b/charts/traefik-crd/25.0.3+up25.0.0/templates/traefik.containo.us_middlewares.yaml
@@ -0,0 +1,924 @@
+
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    controller-gen.kubebuilder.io/version: v0.6.2
+  creationTimestamp: null
+  name: middlewares.traefik.containo.us
+spec:
+  group: traefik.containo.us
+  names:
+    kind: Middleware
+    listKind: MiddlewareList
+    plural: middlewares
+    singular: middleware
+  scope: Namespaced
+  versions:
+  - name: v1alpha1
+    schema:
+      openAPIV3Schema:
+        description: 'Middleware is the CRD implementation of a Traefik Middleware.
+          More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/overview/'
+        properties:
+          apiVersion:
+            description: 'APIVersion defines the versioned schema of this representation
+              of an object. Servers should convert recognized schemas to the latest
+              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            type: string
+          kind:
+            description: 'Kind is a string value representing the REST resource this
+              object represents. Servers may infer this from the endpoint the client
+              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            type: string
+          metadata:
+            type: object
+          spec:
+            description: MiddlewareSpec defines the desired state of a Middleware.
+            properties:
+              addPrefix:
+                description: 'AddPrefix holds the add prefix middleware configuration.
+                  This middleware updates the path of a request before forwarding
+                  it. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/addprefix/'
+                properties:
+                  prefix:
+                    description: Prefix is the string to add before the current path
+                      in the requested URL. It should include a leading slash (/).
+                    type: string
+                type: object
+              basicAuth:
+                description: 'BasicAuth holds the basic auth middleware configuration.
+                  This middleware restricts access to your services to known users.
+                  More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/basicauth/'
+                properties:
+                  headerField:
+                    description: 'HeaderField defines a header field to store the
+                      authenticated user. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/basicauth/#headerfield'
+                    type: string
+                  realm:
+                    description: 'Realm allows the protected resources on a server
+                      to be partitioned into a set of protection spaces, each with
+                      its own authentication scheme. Default: traefik.'
+                    type: string
+                  removeHeader:
+                    description: 'RemoveHeader sets the removeHeader option to true
+                      to remove the authorization header before forwarding the request
+                      to your service. Default: false.'
+                    type: boolean
+                  secret:
+                    description: Secret is the name of the referenced Kubernetes Secret
+                      containing user credentials.
+                    type: string
+                type: object
+              buffering:
+                description: 'Buffering holds the buffering middleware configuration.
+                  This middleware retries or limits the size of requests that can
+                  be forwarded to backends. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/buffering/#maxrequestbodybytes'
+                properties:
+                  maxRequestBodyBytes:
+                    description: 'MaxRequestBodyBytes defines the maximum allowed
+                      body size for the request (in bytes). If the request exceeds
+                      the allowed size, it is not forwarded to the service, and the
+                      client gets a 413 (Request Entity Too Large) response. Default:
+                      0 (no maximum).'
+                    format: int64
+                    type: integer
+                  maxResponseBodyBytes:
+                    description: 'MaxResponseBodyBytes defines the maximum allowed
+                      response size from the service (in bytes). If the response exceeds
+                      the allowed size, it is not forwarded to the client. The client
+                      gets a 500 (Internal Server Error) response instead. Default:
+                      0 (no maximum).'
+                    format: int64
+                    type: integer
+                  memRequestBodyBytes:
+                    description: 'MemRequestBodyBytes defines the threshold (in bytes)
+                      from which the request will be buffered on disk instead of in
+                      memory. Default: 1048576 (1Mi).'
+                    format: int64
+                    type: integer
+                  memResponseBodyBytes:
+                    description: 'MemResponseBodyBytes defines the threshold (in bytes)
+                      from which the response will be buffered on disk instead of
+                      in memory. Default: 1048576 (1Mi).'
+                    format: int64
+                    type: integer
+                  retryExpression:
+                    description: 'RetryExpression defines the retry conditions. It
+                      is a logical combination of functions with operators AND (&&)
+                      and OR (||). More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/buffering/#retryexpression'
+                    type: string
+                type: object
+              chain:
+                description: 'Chain holds the configuration of the chain middleware.
+                  This middleware enables to define reusable combinations of other
+                  pieces of middleware. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/chain/'
+                properties:
+                  middlewares:
+                    description: Middlewares is the list of MiddlewareRef which composes
+                      the chain.
+                    items:
+                      description: MiddlewareRef is a reference to a Middleware resource.
+                      properties:
+                        name:
+                          description: Name defines the name of the referenced Middleware
+                            resource.
+                          type: string
+                        namespace:
+                          description: Namespace defines the namespace of the referenced
+                            Middleware resource.
+                          type: string
+                      required:
+                      - name
+                      type: object
+                    type: array
+                type: object
+              circuitBreaker:
+                description: CircuitBreaker holds the circuit breaker configuration.
+                properties:
+                  checkPeriod:
+                    anyOf:
+                    - type: integer
+                    - type: string
+                    description: CheckPeriod is the interval between successive checks
+                      of the circuit breaker condition (when in standby state).
+                    x-kubernetes-int-or-string: true
+                  expression:
+                    description: Expression is the condition that triggers the tripped
+                      state.
+                    type: string
+                  fallbackDuration:
+                    anyOf:
+                    - type: integer
+                    - type: string
+                    description: FallbackDuration is the duration for which the circuit
+                      breaker will wait before trying to recover (from a tripped state).
+                    x-kubernetes-int-or-string: true
+                  recoveryDuration:
+                    anyOf:
+                    - type: integer
+                    - type: string
+                    description: RecoveryDuration is the duration for which the circuit
+                      breaker will try to recover (as soon as it is in recovering
+                      state).
+                    x-kubernetes-int-or-string: true
+                type: object
+              compress:
+                description: 'Compress holds the compress middleware configuration.
+                  This middleware compresses responses before sending them to the
+                  client, using gzip compression. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/compress/'
+                properties:
+                  excludedContentTypes:
+                    description: ExcludedContentTypes defines the list of content
+                      types to compare the Content-Type header of the incoming requests
+                      and responses before compressing.
+                    items:
+                      type: string
+                    type: array
+                  minResponseBodyBytes:
+                    description: 'MinResponseBodyBytes defines the minimum amount
+                      of bytes a response body must have to be compressed. Default:
+                      1024.'
+                    type: integer
+                type: object
+              contentType:
+                description: ContentType holds the content-type middleware configuration.
+                  This middleware exists to enable the correct behavior until at least
+                  the default one can be changed in a future version.
+                properties:
+                  autoDetect:
+                    description: AutoDetect specifies whether to let the `Content-Type`
+                      header, if it has not been set by the backend, be automatically
+                      set to a value derived from the contents of the response. As
+                      a proxy, the default behavior should be to leave the header
+                      alone, regardless of what the backend did with it. However,
+                      the historic default was to always auto-detect and set the header
+                      if it was nil, and it is going to be kept that way in order
+                      to support users currently relying on it.
+                    type: boolean
+                type: object
+              digestAuth:
+                description: 'DigestAuth holds the digest auth middleware configuration.
+                  This middleware restricts access to your services to known users.
+                  More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/digestauth/'
+                properties:
+                  headerField:
+                    description: 'HeaderField defines a header field to store the
+                      authenticated user. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/basicauth/#headerfield'
+                    type: string
+                  realm:
+                    description: 'Realm allows the protected resources on a server
+                      to be partitioned into a set of protection spaces, each with
+                      its own authentication scheme. Default: traefik.'
+                    type: string
+                  removeHeader:
+                    description: RemoveHeader defines whether to remove the authorization
+                      header before forwarding the request to the backend.
+                    type: boolean
+                  secret:
+                    description: Secret is the name of the referenced Kubernetes Secret
+                      containing user credentials.
+                    type: string
+                type: object
+              errors:
+                description: 'ErrorPage holds the custom error middleware configuration.
+                  This middleware returns a custom page in lieu of the default, according
+                  to configured ranges of HTTP Status codes. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/errorpages/'
+                properties:
+                  query:
+                    description: Query defines the URL for the error page (hosted
+                      by service). The {status} variable can be used in order to insert
+                      the status code in the URL.
+                    type: string
+                  service:
+                    description: 'Service defines the reference to a Kubernetes Service
+                      that will serve the error page. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/errorpages/#service'
+                    properties:
+                      kind:
+                        description: Kind defines the kind of the Service.
+                        enum:
+                        - Service
+                        - TraefikService
+                        type: string
+                      name:
+                        description: Name defines the name of the referenced Kubernetes
+                          Service or TraefikService. The differentiation between the
+                          two is specified in the Kind field.
+                        type: string
+                      namespace:
+                        description: Namespace defines the namespace of the referenced
+                          Kubernetes Service or TraefikService.
+                        type: string
+                      nativeLB:
+                        description: NativeLB controls, when creating the load-balancer,
+                          whether the LB's children are directly the pods IPs or if
+                          the only child is the Kubernetes Service clusterIP. The
+                          Kubernetes Service itself does load-balance to the pods.
+                          By default, NativeLB is false.
+                        type: boolean
+                      passHostHeader:
+                        description: PassHostHeader defines whether the client Host
+                          header is forwarded to the upstream Kubernetes Service.
+                          By default, passHostHeader is true.
+                        type: boolean
+                      port:
+                        anyOf:
+                        - type: integer
+                        - type: string
+                        description: Port defines the port of a Kubernetes Service.
+                          This can be a reference to a named port.
+                        x-kubernetes-int-or-string: true
+                      responseForwarding:
+                        description: ResponseForwarding defines how Traefik forwards
+                          the response from the upstream Kubernetes Service to the
+                          client.
+                        properties:
+                          flushInterval:
+                            description: 'FlushInterval defines the interval, in milliseconds,
+                              in between flushes to the client while copying the response
+                              body. A negative value means to flush immediately after
+                              each write to the client. This configuration is ignored
+                              when ReverseProxy recognizes a response as a streaming
+                              response; for such responses, writes are flushed to
+                              the client immediately. Default: 100ms'
+                            type: string
+                        type: object
+                      scheme:
+                        description: Scheme defines the scheme to use for the request
+                          to the upstream Kubernetes Service. It defaults to https
+                          when Kubernetes Service port is 443, http otherwise.
+                        type: string
+                      serversTransport:
+                        description: ServersTransport defines the name of ServersTransport
+                          resource to use. It allows to configure the transport between
+                          Traefik and your servers. Can only be used on a Kubernetes
+                          Service.
+                        type: string
+                      sticky:
+                        description: 'Sticky defines the sticky sessions configuration.
+                          More info: https://doc.traefik.io/traefik/v2.10/routing/services/#sticky-sessions'
+                        properties:
+                          cookie:
+                            description: Cookie defines the sticky cookie configuration.
+                            properties:
+                              httpOnly:
+                                description: HTTPOnly defines whether the cookie can
+                                  be accessed by client-side APIs, such as JavaScript.
+                                type: boolean
+                              name:
+                                description: Name defines the Cookie name.
+                                type: string
+                              sameSite:
+                                description: 'SameSite defines the same site policy.
+                                  More info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite'
+                                type: string
+                              secure:
+                                description: Secure defines whether the cookie can
+                                  only be transmitted over an encrypted connection
+                                  (i.e. HTTPS).
+                                type: boolean
+                            type: object
+                        type: object
+                      strategy:
+                        description: Strategy defines the load balancing strategy
+                          between the servers. RoundRobin is the only supported value
+                          at the moment.
+                        type: string
+                      weight:
+                        description: Weight defines the weight and should only be
+                          specified when Name references a TraefikService object (and
+                          to be precise, one that embeds a Weighted Round Robin).
+                        type: integer
+                    required:
+                    - name
+                    type: object
+                  status:
+                    description: Status defines which status or range of statuses
+                      should result in an error page. It can be either a status code
+                      as a number (500), as multiple comma-separated numbers (500,502),
+                      as ranges by separating two codes with a dash (500-599), or
+                      a combination of the two (404,418,500-599).
+                    items:
+                      type: string
+                    type: array
+                type: object
+              forwardAuth:
+                description: 'ForwardAuth holds the forward auth middleware configuration.
+                  This middleware delegates the request authentication to a Service.
+                  More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/forwardauth/'
+                properties:
+                  address:
+                    description: Address defines the authentication server address.
+                    type: string
+                  authRequestHeaders:
+                    description: AuthRequestHeaders defines the list of the headers
+                      to copy from the request to the authentication server. If not
+                      set or empty then all request headers are passed.
+                    items:
+                      type: string
+                    type: array
+                  authResponseHeaders:
+                    description: AuthResponseHeaders defines the list of headers to
+                      copy from the authentication server response and set on forwarded
+                      request, replacing any existing conflicting headers.
+                    items:
+                      type: string
+                    type: array
+                  authResponseHeadersRegex:
+                    description: 'AuthResponseHeadersRegex defines the regex to match
+                      headers to copy from the authentication server response and
+                      set on forwarded request, after stripping all headers that match
+                      the regex. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/forwardauth/#authresponseheadersregex'
+                    type: string
+                  tls:
+                    description: TLS defines the configuration used to secure the
+                      connection to the authentication server.
+                    properties:
+                      caOptional:
+                        type: boolean
+                      caSecret:
+                        description: CASecret is the name of the referenced Kubernetes
+                          Secret containing the CA to validate the server certificate.
+                          The CA certificate is extracted from key `tls.ca` or `ca.crt`.
+                        type: string
+                      certSecret:
+                        description: CertSecret is the name of the referenced Kubernetes
+                          Secret containing the client certificate. The client certificate
+                          is extracted from the keys `tls.crt` and `tls.key`.
+                        type: string
+                      insecureSkipVerify:
+                        description: InsecureSkipVerify defines whether the server
+                          certificates should be validated.
+                        type: boolean
+                    type: object
+                  trustForwardHeader:
+                    description: 'TrustForwardHeader defines whether to trust (ie:
+                      forward) all X-Forwarded-* headers.'
+                    type: boolean
+                type: object
+              headers:
+                description: 'Headers holds the headers middleware configuration.
+                  This middleware manages the requests and responses headers. More
+                  info: https://doc.traefik.io/traefik/v2.10/middlewares/http/headers/#customrequestheaders'
+                properties:
+                  accessControlAllowCredentials:
+                    description: AccessControlAllowCredentials defines whether the
+                      request can include user credentials.
+                    type: boolean
+                  accessControlAllowHeaders:
+                    description: AccessControlAllowHeaders defines the Access-Control-Request-Headers
+                      values sent in preflight response.
+                    items:
+                      type: string
+                    type: array
+                  accessControlAllowMethods:
+                    description: AccessControlAllowMethods defines the Access-Control-Request-Method
+                      values sent in preflight response.
+                    items:
+                      type: string
+                    type: array
+                  accessControlAllowOriginList:
+                    description: AccessControlAllowOriginList is a list of allowable
+                      origins. Can also be a wildcard origin "*".
+                    items:
+                      type: string
+                    type: array
+                  accessControlAllowOriginListRegex:
+                    description: AccessControlAllowOriginListRegex is a list of allowable
+                      origins written following the Regular Expression syntax (https://golang.org/pkg/regexp/).
+                    items:
+                      type: string
+                    type: array
+                  accessControlExposeHeaders:
+                    description: AccessControlExposeHeaders defines the Access-Control-Expose-Headers
+                      values sent in preflight response.
+                    items:
+                      type: string
+                    type: array
+                  accessControlMaxAge:
+                    description: AccessControlMaxAge defines the time that a preflight
+                      request may be cached.
+                    format: int64
+                    type: integer
+                  addVaryHeader:
+                    description: AddVaryHeader defines whether the Vary header is
+                      automatically added/updated when the AccessControlAllowOriginList
+                      is set.
+                    type: boolean
+                  allowedHosts:
+                    description: AllowedHosts defines the fully qualified list of
+                      allowed domain names.
+                    items:
+                      type: string
+                    type: array
+                  browserXssFilter:
+                    description: BrowserXSSFilter defines whether to add the X-XSS-Protection
+                      header with the value 1; mode=block.
+                    type: boolean
+                  contentSecurityPolicy:
+                    description: ContentSecurityPolicy defines the Content-Security-Policy
+                      header value.
+                    type: string
+                  contentTypeNosniff:
+                    description: ContentTypeNosniff defines whether to add the X-Content-Type-Options
+                      header with the nosniff value.
+                    type: boolean
+                  customBrowserXSSValue:
+                    description: CustomBrowserXSSValue defines the X-XSS-Protection
+                      header value. This overrides the BrowserXssFilter option.
+                    type: string
+                  customFrameOptionsValue:
+                    description: CustomFrameOptionsValue defines the X-Frame-Options
+                      header value. This overrides the FrameDeny option.
+                    type: string
+                  customRequestHeaders:
+                    additionalProperties:
+                      type: string
+                    description: CustomRequestHeaders defines the header names and
+                      values to apply to the request.
+                    type: object
+                  customResponseHeaders:
+                    additionalProperties:
+                      type: string
+                    description: CustomResponseHeaders defines the header names and
+                      values to apply to the response.
+                    type: object
+                  featurePolicy:
+                    description: 'Deprecated: use PermissionsPolicy instead.'
+                    type: string
+                  forceSTSHeader:
+                    description: ForceSTSHeader defines whether to add the STS header
+                      even when the connection is HTTP.
+                    type: boolean
+                  frameDeny:
+                    description: FrameDeny defines whether to add the X-Frame-Options
+                      header with the DENY value.
+                    type: boolean
+                  hostsProxyHeaders:
+                    description: HostsProxyHeaders defines the header keys that may
+                      hold a proxied hostname value for the request.
+                    items:
+                      type: string
+                    type: array
+                  isDevelopment:
+                    description: IsDevelopment defines whether to mitigate the unwanted
+                      effects of the AllowedHosts, SSL, and STS options when developing.
+                      Usually testing takes place using HTTP, not HTTPS, and on localhost,
+                      not your production domain. If you would like your development
+                      environment to mimic production with complete Host blocking,
+                      SSL redirects, and STS headers, leave this as false.
+                    type: boolean
+                  permissionsPolicy:
+                    description: PermissionsPolicy defines the Permissions-Policy
+                      header value. This allows sites to control browser features.
+                    type: string
+                  publicKey:
+                    description: PublicKey is the public key that implements HPKP
+                      to prevent MITM attacks with forged certificates.
+                    type: string
+                  referrerPolicy:
+                    description: ReferrerPolicy defines the Referrer-Policy header
+                      value. This allows sites to control whether browsers forward
+                      the Referer header to other sites.
+                    type: string
+                  sslForceHost:
+                    description: 'Deprecated: use RedirectRegex instead.'
+                    type: boolean
+                  sslHost:
+                    description: 'Deprecated: use RedirectRegex instead.'
+                    type: string
+                  sslProxyHeaders:
+                    additionalProperties:
+                      type: string
+                    description: 'SSLProxyHeaders defines the header keys with associated
+                      values that would indicate a valid HTTPS request. It can be
+                      useful when using other proxies (example: "X-Forwarded-Proto":
+                      "https").'
+                    type: object
+                  sslRedirect:
+                    description: 'Deprecated: use EntryPoint redirection or RedirectScheme
+                      instead.'
+                    type: boolean
+                  sslTemporaryRedirect:
+                    description: 'Deprecated: use EntryPoint redirection or RedirectScheme
+                      instead.'
+                    type: boolean
+                  stsIncludeSubdomains:
+                    description: STSIncludeSubdomains defines whether the includeSubDomains
+                      directive is appended to the Strict-Transport-Security header.
+                    type: boolean
+                  stsPreload:
+                    description: STSPreload defines whether the preload flag is appended
+                      to the Strict-Transport-Security header.
+                    type: boolean
+                  stsSeconds:
+                    description: STSSeconds defines the max-age of the Strict-Transport-Security
+                      header. If set to 0, the header is not set.
+                    format: int64
+                    type: integer
+                type: object
+              inFlightReq:
+                description: 'InFlightReq holds the in-flight request middleware configuration.
+                  This middleware limits the number of requests being processed and
+                  served concurrently. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/inflightreq/'
+                properties:
+                  amount:
+                    description: Amount defines the maximum amount of allowed simultaneous
+                      in-flight request. The middleware responds with HTTP 429 Too
+                      Many Requests if there are already amount requests in progress
+                      (based on the same sourceCriterion strategy).
+                    format: int64
+                    type: integer
+                  sourceCriterion:
+                    description: 'SourceCriterion defines what criterion is used to
+                      group requests as originating from a common source. If several
+                      strategies are defined at the same time, an error will be raised.
+                      If none are set, the default is to use the requestHost. More
+                      info: https://doc.traefik.io/traefik/v2.10/middlewares/http/inflightreq/#sourcecriterion'
+                    properties:
+                      ipStrategy:
+                        description: 'IPStrategy holds the IP strategy configuration
+                          used by Traefik to determine the client IP. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/ipwhitelist/#ipstrategy'
+                        properties:
+                          depth:
+                            description: Depth tells Traefik to use the X-Forwarded-For
+                              header and take the IP located at the depth position
+                              (starting from the right).
+                            type: integer
+                          excludedIPs:
+                            description: ExcludedIPs configures Traefik to scan the
+                              X-Forwarded-For header and select the first IP not in
+                              the list.
+                            items:
+                              type: string
+                            type: array
+                        type: object
+                      requestHeaderName:
+                        description: RequestHeaderName defines the name of the header
+                          used to group incoming requests.
+                        type: string
+                      requestHost:
+                        description: RequestHost defines whether to consider the request
+                          Host as the source.
+                        type: boolean
+                    type: object
+                type: object
+              ipWhiteList:
+                description: 'IPWhiteList holds the IP whitelist middleware configuration.
+                  This middleware accepts / refuses requests based on the client IP.
+                  More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/ipwhitelist/'
+                properties:
+                  ipStrategy:
+                    description: 'IPStrategy holds the IP strategy configuration used
+                      by Traefik to determine the client IP. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/ipwhitelist/#ipstrategy'
+                    properties:
+                      depth:
+                        description: Depth tells Traefik to use the X-Forwarded-For
+                          header and take the IP located at the depth position (starting
+                          from the right).
+                        type: integer
+                      excludedIPs:
+                        description: ExcludedIPs configures Traefik to scan the X-Forwarded-For
+                          header and select the first IP not in the list.
+                        items:
+                          type: string
+                        type: array
+                    type: object
+                  sourceRange:
+                    description: SourceRange defines the set of allowed IPs (or ranges
+                      of allowed IPs by using CIDR notation).
+                    items:
+                      type: string
+                    type: array
+                type: object
+              passTLSClientCert:
+                description: 'PassTLSClientCert holds the pass TLS client cert middleware
+                  configuration. This middleware adds the selected data from the passed
+                  client TLS certificate to a header. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/passtlsclientcert/'
+                properties:
+                  info:
+                    description: Info selects the specific client certificate details
+                      you want to add to the X-Forwarded-Tls-Client-Cert-Info header.
+                    properties:
+                      issuer:
+                        description: Issuer defines the client certificate issuer
+                          details to add to the X-Forwarded-Tls-Client-Cert-Info header.
+                        properties:
+                          commonName:
+                            description: CommonName defines whether to add the organizationalUnit
+                              information into the issuer.
+                            type: boolean
+                          country:
+                            description: Country defines whether to add the country
+                              information into the issuer.
+                            type: boolean
+                          domainComponent:
+                            description: DomainComponent defines whether to add the
+                              domainComponent information into the issuer.
+                            type: boolean
+                          locality:
+                            description: Locality defines whether to add the locality
+                              information into the issuer.
+                            type: boolean
+                          organization:
+                            description: Organization defines whether to add the organization
+                              information into the issuer.
+                            type: boolean
+                          province:
+                            description: Province defines whether to add the province
+                              information into the issuer.
+                            type: boolean
+                          serialNumber:
+                            description: SerialNumber defines whether to add the serialNumber
+                              information into the issuer.
+                            type: boolean
+                        type: object
+                      notAfter:
+                        description: NotAfter defines whether to add the Not After
+                          information from the Validity part.
+                        type: boolean
+                      notBefore:
+                        description: NotBefore defines whether to add the Not Before
+                          information from the Validity part.
+                        type: boolean
+                      sans:
+                        description: Sans defines whether to add the Subject Alternative
+                          Name information from the Subject Alternative Name part.
+                        type: boolean
+                      serialNumber:
+                        description: SerialNumber defines whether to add the client
+                          serialNumber information.
+                        type: boolean
+                      subject:
+                        description: Subject defines the client certificate subject
+                          details to add to the X-Forwarded-Tls-Client-Cert-Info header.
+                        properties:
+                          commonName:
+                            description: CommonName defines whether to add the organizationalUnit
+                              information into the subject.
+                            type: boolean
+                          country:
+                            description: Country defines whether to add the country
+                              information into the subject.
+                            type: boolean
+                          domainComponent:
+                            description: DomainComponent defines whether to add the
+                              domainComponent information into the subject.
+                            type: boolean
+                          locality:
+                            description: Locality defines whether to add the locality
+                              information into the subject.
+                            type: boolean
+                          organization:
+                            description: Organization defines whether to add the organization
+                              information into the subject.
+                            type: boolean
+                          organizationalUnit:
+                            description: OrganizationalUnit defines whether to add
+                              the organizationalUnit information into the subject.
+                            type: boolean
+                          province:
+                            description: Province defines whether to add the province
+                              information into the subject.
+                            type: boolean
+                          serialNumber:
+                            description: SerialNumber defines whether to add the serialNumber
+                              information into the subject.
+                            type: boolean
+                        type: object
+                    type: object
+                  pem:
+                    description: PEM sets the X-Forwarded-Tls-Client-Cert header with
+                      the certificate.
+                    type: boolean
+                type: object
+              plugin:
+                additionalProperties:
+                  x-kubernetes-preserve-unknown-fields: true
+                description: 'Plugin defines the middleware plugin configuration.
+                  More info: https://doc.traefik.io/traefik/plugins/'
+                type: object
+              rateLimit:
+                description: 'RateLimit holds the rate limit configuration. This middleware
+                  ensures that services will receive a fair amount of requests, and
+                  allows one to define what fair is. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/ratelimit/'
+                properties:
+                  average:
+                    description: Average is the maximum rate, by default in requests/s,
+                      allowed for the given source. It defaults to 0, which means
+                      no rate limiting. The rate is actually defined by dividing Average
+                      by Period. So for a rate below 1req/s, one needs to define a
+                      Period larger than a second.
+                    format: int64
+                    type: integer
+                  burst:
+                    description: Burst is the maximum number of requests allowed to
+                      arrive in the same arbitrarily small period of time. It defaults
+                      to 1.
+                    format: int64
+                    type: integer
+                  period:
+                    anyOf:
+                    - type: integer
+                    - type: string
+                    description: 'Period, in combination with Average, defines the
+                      actual maximum rate, such as: r = Average / Period. It defaults
+                      to a second.'
+                    x-kubernetes-int-or-string: true
+                  sourceCriterion:
+                    description: SourceCriterion defines what criterion is used to
+                      group requests as originating from a common source. If several
+                      strategies are defined at the same time, an error will be raised.
+                      If none are set, the default is to use the request's remote
+                      address field (as an ipStrategy).
+                    properties:
+                      ipStrategy:
+                        description: 'IPStrategy holds the IP strategy configuration
+                          used by Traefik to determine the client IP. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/ipwhitelist/#ipstrategy'
+                        properties:
+                          depth:
+                            description: Depth tells Traefik to use the X-Forwarded-For
+                              header and take the IP located at the depth position
+                              (starting from the right).
+                            type: integer
+                          excludedIPs:
+                            description: ExcludedIPs configures Traefik to scan the
+                              X-Forwarded-For header and select the first IP not in
+                              the list.
+                            items:
+                              type: string
+                            type: array
+                        type: object
+                      requestHeaderName:
+                        description: RequestHeaderName defines the name of the header
+                          used to group incoming requests.
+                        type: string
+                      requestHost:
+                        description: RequestHost defines whether to consider the request
+                          Host as the source.
+                        type: boolean
+                    type: object
+                type: object
+              redirectRegex:
+                description: 'RedirectRegex holds the redirect regex middleware configuration.
+                  This middleware redirects a request using regex matching and replacement.
+                  More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/redirectregex/#regex'
+                properties:
+                  permanent:
+                    description: Permanent defines whether the redirection is permanent
+                      (301).
+                    type: boolean
+                  regex:
+                    description: Regex defines the regex used to match and capture
+                      elements from the request URL.
+                    type: string
+                  replacement:
+                    description: Replacement defines how to modify the URL to have
+                      the new target URL.
+                    type: string
+                type: object
+              redirectScheme:
+                description: 'RedirectScheme holds the redirect scheme middleware
+                  configuration. This middleware redirects requests from a scheme/port
+                  to another. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/redirectscheme/'
+                properties:
+                  permanent:
+                    description: Permanent defines whether the redirection is permanent
+                      (301).
+                    type: boolean
+                  port:
+                    description: Port defines the port of the new URL.
+                    type: string
+                  scheme:
+                    description: Scheme defines the scheme of the new URL.
+                    type: string
+                type: object
+              replacePath:
+                description: 'ReplacePath holds the replace path middleware configuration.
+                  This middleware replaces the path of the request URL and store the
+                  original path in an X-Replaced-Path header. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/replacepath/'
+                properties:
+                  path:
+                    description: Path defines the path to use as replacement in the
+                      request URL.
+                    type: string
+                type: object
+              replacePathRegex:
+                description: 'ReplacePathRegex holds the replace path regex middleware
+                  configuration. This middleware replaces the path of a URL using
+                  regex matching and replacement. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/replacepathregex/'
+                properties:
+                  regex:
+                    description: Regex defines the regular expression used to match
+                      and capture the path from the request URL.
+                    type: string
+                  replacement:
+                    description: Replacement defines the replacement path format,
+                      which can include captured variables.
+                    type: string
+                type: object
+              retry:
+                description: 'Retry holds the retry middleware configuration. This
+                  middleware reissues requests a given number of times to a backend
+                  server if that server does not reply. As soon as the server answers,
+                  the middleware stops retrying, regardless of the response status.
+                  More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/retry/'
+                properties:
+                  attempts:
+                    description: Attempts defines how many times the request should
+                      be retried.
+                    type: integer
+                  initialInterval:
+                    anyOf:
+                    - type: integer
+                    - type: string
+                    description: InitialInterval defines the first wait time in the
+                      exponential backoff series. The maximum interval is calculated
+                      as twice the initialInterval. If unspecified, requests will
+                      be retried immediately. The value of initialInterval should
+                      be provided in seconds or as a valid duration format, see https://pkg.go.dev/time#ParseDuration.
+                    x-kubernetes-int-or-string: true
+                type: object
+              stripPrefix:
+                description: 'StripPrefix holds the strip prefix middleware configuration.
+                  This middleware removes the specified prefixes from the URL path.
+                  More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/stripprefix/'
+                properties:
+                  forceSlash:
+                    description: 'ForceSlash ensures that the resulting stripped path
+                      is not the empty string, by replacing it with / when necessary.
+                      Default: true.'
+                    type: boolean
+                  prefixes:
+                    description: Prefixes defines the prefixes to strip from the request
+                      URL.
+                    items:
+                      type: string
+                    type: array
+                type: object
+              stripPrefixRegex:
+                description: 'StripPrefixRegex holds the strip prefix regex middleware
+                  configuration. This middleware removes the matching prefixes from
+                  the URL path. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/stripprefixregex/'
+                properties:
+                  regex:
+                    description: Regex defines the regular expression to match the
+                      path prefix from the request URL.
+                    items:
+                      type: string
+                    type: array
+                type: object
+            type: object
+        required:
+        - metadata
+        - spec
+        type: object
+    served: true
+    storage: true
+status:
+  acceptedNames:
+    kind: ""
+    plural: ""
+  conditions: []
+  storedVersions: []
diff --git a/charts/traefik-crd/25.0.3+up25.0.0/templates/traefik.containo.us_middlewaretcps.yaml b/charts/traefik-crd/25.0.3+up25.0.0/templates/traefik.containo.us_middlewaretcps.yaml
new file mode 100644
index 0000000..85302fa
--- /dev/null
+++ b/charts/traefik-crd/25.0.3+up25.0.0/templates/traefik.containo.us_middlewaretcps.yaml
@@ -0,0 +1,72 @@
+
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    controller-gen.kubebuilder.io/version: v0.6.2
+  creationTimestamp: null
+  name: middlewaretcps.traefik.containo.us
+spec:
+  group: traefik.containo.us
+  names:
+    kind: MiddlewareTCP
+    listKind: MiddlewareTCPList
+    plural: middlewaretcps
+    singular: middlewaretcp
+  scope: Namespaced
+  versions:
+  - name: v1alpha1
+    schema:
+      openAPIV3Schema:
+        description: 'MiddlewareTCP is the CRD implementation of a Traefik TCP middleware.
+          More info: https://doc.traefik.io/traefik/v2.10/middlewares/overview/'
+        properties:
+          apiVersion:
+            description: 'APIVersion defines the versioned schema of this representation
+              of an object. Servers should convert recognized schemas to the latest
+              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            type: string
+          kind:
+            description: 'Kind is a string value representing the REST resource this
+              object represents. Servers may infer this from the endpoint the client
+              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            type: string
+          metadata:
+            type: object
+          spec:
+            description: MiddlewareTCPSpec defines the desired state of a MiddlewareTCP.
+            properties:
+              inFlightConn:
+                description: InFlightConn defines the InFlightConn middleware configuration.
+                properties:
+                  amount:
+                    description: Amount defines the maximum amount of allowed simultaneous
+                      connections. The middleware closes the connection if there are
+                      already amount connections opened.
+                    format: int64
+                    type: integer
+                type: object
+              ipWhiteList:
+                description: IPWhiteList defines the IPWhiteList middleware configuration.
+                properties:
+                  sourceRange:
+                    description: SourceRange defines the allowed IPs (or ranges of
+                      allowed IPs by using CIDR notation).
+                    items:
+                      type: string
+                    type: array
+                type: object
+            type: object
+        required:
+        - metadata
+        - spec
+        type: object
+    served: true
+    storage: true
+status:
+  acceptedNames:
+    kind: ""
+    plural: ""
+  conditions: []
+  storedVersions: []
diff --git a/charts/traefik-crd/25.0.3+up25.0.0/templates/traefik.containo.us_serverstransports.yaml b/charts/traefik-crd/25.0.3+up25.0.0/templates/traefik.containo.us_serverstransports.yaml
new file mode 100644
index 0000000..d6fc3a9
--- /dev/null
+++ b/charts/traefik-crd/25.0.3+up25.0.0/templates/traefik.containo.us_serverstransports.yaml
@@ -0,0 +1,128 @@
+
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    controller-gen.kubebuilder.io/version: v0.6.2
+  creationTimestamp: null
+  name: serverstransports.traefik.containo.us
+spec:
+  group: traefik.containo.us
+  names:
+    kind: ServersTransport
+    listKind: ServersTransportList
+    plural: serverstransports
+    singular: serverstransport
+  scope: Namespaced
+  versions:
+  - name: v1alpha1
+    schema:
+      openAPIV3Schema:
+        description: 'ServersTransport is the CRD implementation of a ServersTransport.
+          If no serversTransport is specified, the default@internal will be used.
+          The default@internal serversTransport is created from the static configuration.
+          More info: https://doc.traefik.io/traefik/v2.10/routing/services/#serverstransport_1'
+        properties:
+          apiVersion:
+            description: 'APIVersion defines the versioned schema of this representation
+              of an object. Servers should convert recognized schemas to the latest
+              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            type: string
+          kind:
+            description: 'Kind is a string value representing the REST resource this
+              object represents. Servers may infer this from the endpoint the client
+              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            type: string
+          metadata:
+            type: object
+          spec:
+            description: ServersTransportSpec defines the desired state of a ServersTransport.
+            properties:
+              certificatesSecrets:
+                description: CertificatesSecrets defines a list of secret storing
+                  client certificates for mTLS.
+                items:
+                  type: string
+                type: array
+              disableHTTP2:
+                description: DisableHTTP2 disables HTTP/2 for connections with backend
+                  servers.
+                type: boolean
+              forwardingTimeouts:
+                description: ForwardingTimeouts defines the timeouts for requests
+                  forwarded to the backend servers.
+                properties:
+                  dialTimeout:
+                    anyOf:
+                    - type: integer
+                    - type: string
+                    description: DialTimeout is the amount of time to wait until a
+                      connection to a backend server can be established.
+                    x-kubernetes-int-or-string: true
+                  idleConnTimeout:
+                    anyOf:
+                    - type: integer
+                    - type: string
+                    description: IdleConnTimeout is the maximum period for which an
+                      idle HTTP keep-alive connection will remain open before closing
+                      itself.
+                    x-kubernetes-int-or-string: true
+                  pingTimeout:
+                    anyOf:
+                    - type: integer
+                    - type: string
+                    description: PingTimeout is the timeout after which the HTTP/2
+                      connection will be closed if a response to ping is not received.
+                    x-kubernetes-int-or-string: true
+                  readIdleTimeout:
+                    anyOf:
+                    - type: integer
+                    - type: string
+                    description: ReadIdleTimeout is the timeout after which a health
+                      check using ping frame will be carried out if no frame is received
+                      on the HTTP/2 connection.
+                    x-kubernetes-int-or-string: true
+                  responseHeaderTimeout:
+                    anyOf:
+                    - type: integer
+                    - type: string
+                    description: ResponseHeaderTimeout is the amount of time to wait
+                      for a server's response headers after fully writing the request
+                      (including its body, if any).
+                    x-kubernetes-int-or-string: true
+                type: object
+              insecureSkipVerify:
+                description: InsecureSkipVerify disables SSL certificate verification.
+                type: boolean
+              maxIdleConnsPerHost:
+                description: MaxIdleConnsPerHost controls the maximum idle (keep-alive)
+                  to keep per-host.
+                type: integer
+              peerCertURI:
+                description: PeerCertURI defines the peer cert URI used to match against
+                  SAN URI during the peer certificate verification.
+                type: string
+              rootCAsSecrets:
+                description: RootCAsSecrets defines a list of CA secret used to validate
+                  self-signed certificate.
+                items:
+                  type: string
+                type: array
+              serverName:
+                description: ServerName defines the server name used to contact the
+                  server.
+                type: string
+            type: object
+        required:
+        - metadata
+        - spec
+        type: object
+    served: true
+    storage: true
+status:
+  acceptedNames:
+    kind: ""
+    plural: ""
+  conditions: []
+  storedVersions: []
diff --git a/charts/traefik-crd/25.0.3+up25.0.0/templates/traefik.containo.us_tlsoptions.yaml b/charts/traefik-crd/25.0.3+up25.0.0/templates/traefik.containo.us_tlsoptions.yaml
new file mode 100644
index 0000000..7366766
--- /dev/null
+++ b/charts/traefik-crd/25.0.3+up25.0.0/templates/traefik.containo.us_tlsoptions.yaml
@@ -0,0 +1,113 @@
+
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    controller-gen.kubebuilder.io/version: v0.6.2
+  creationTimestamp: null
+  name: tlsoptions.traefik.containo.us
+spec:
+  group: traefik.containo.us
+  names:
+    kind: TLSOption
+    listKind: TLSOptionList
+    plural: tlsoptions
+    singular: tlsoption
+  scope: Namespaced
+  versions:
+  - name: v1alpha1
+    schema:
+      openAPIV3Schema:
+        description: 'TLSOption is the CRD implementation of a Traefik TLS Option,
+          allowing to configure some parameters of the TLS connection. More info:
+          https://doc.traefik.io/traefik/v2.10/https/tls/#tls-options'
+        properties:
+          apiVersion:
+            description: 'APIVersion defines the versioned schema of this representation
+              of an object. Servers should convert recognized schemas to the latest
+              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            type: string
+          kind:
+            description: 'Kind is a string value representing the REST resource this
+              object represents. Servers may infer this from the endpoint the client
+              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            type: string
+          metadata:
+            type: object
+          spec:
+            description: TLSOptionSpec defines the desired state of a TLSOption.
+            properties:
+              alpnProtocols:
+                description: 'ALPNProtocols defines the list of supported application
+                  level protocols for the TLS handshake, in order of preference. More
+                  info: https://doc.traefik.io/traefik/v2.10/https/tls/#alpn-protocols'
+                items:
+                  type: string
+                type: array
+              cipherSuites:
+                description: 'CipherSuites defines the list of supported cipher suites
+                  for TLS versions up to TLS 1.2. More info: https://doc.traefik.io/traefik/v2.10/https/tls/#cipher-suites'
+                items:
+                  type: string
+                type: array
+              clientAuth:
+                description: ClientAuth defines the server's policy for TLS Client
+                  Authentication.
+                properties:
+                  clientAuthType:
+                    description: ClientAuthType defines the client authentication
+                      type to apply.
+                    enum:
+                    - NoClientCert
+                    - RequestClientCert
+                    - RequireAnyClientCert
+                    - VerifyClientCertIfGiven
+                    - RequireAndVerifyClientCert
+                    type: string
+                  secretNames:
+                    description: SecretNames defines the names of the referenced Kubernetes
+                      Secret storing certificate details.
+                    items:
+                      type: string
+                    type: array
+                type: object
+              curvePreferences:
+                description: 'CurvePreferences defines the preferred elliptic curves
+                  in a specific order. More info: https://doc.traefik.io/traefik/v2.10/https/tls/#curve-preferences'
+                items:
+                  type: string
+                type: array
+              maxVersion:
+                description: 'MaxVersion defines the maximum TLS version that Traefik
+                  will accept. Possible values: VersionTLS10, VersionTLS11, VersionTLS12,
+                  VersionTLS13. Default: None.'
+                type: string
+              minVersion:
+                description: 'MinVersion defines the minimum TLS version that Traefik
+                  will accept. Possible values: VersionTLS10, VersionTLS11, VersionTLS12,
+                  VersionTLS13. Default: VersionTLS10.'
+                type: string
+              preferServerCipherSuites:
+                description: 'PreferServerCipherSuites defines whether the server
+                  chooses a cipher suite among his own instead of among the client''s.
+                  It is enabled automatically when minVersion or maxVersion is set.
+                  Deprecated: https://github.com/golang/go/issues/45430'
+                type: boolean
+              sniStrict:
+                description: SniStrict defines whether Traefik allows connections
+                  from clients connections that do not specify a server_name extension.
+                type: boolean
+            type: object
+        required:
+        - metadata
+        - spec
+        type: object
+    served: true
+    storage: true
+status:
+  acceptedNames:
+    kind: ""
+    plural: ""
+  conditions: []
+  storedVersions: []
diff --git a/charts/traefik-crd/25.0.3+up25.0.0/templates/traefik.containo.us_tlsstores.yaml b/charts/traefik-crd/25.0.3+up25.0.0/templates/traefik.containo.us_tlsstores.yaml
new file mode 100644
index 0000000..12f0ad3
--- /dev/null
+++ b/charts/traefik-crd/25.0.3+up25.0.0/templates/traefik.containo.us_tlsstores.yaml
@@ -0,0 +1,99 @@
+
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    controller-gen.kubebuilder.io/version: v0.6.2
+  creationTimestamp: null
+  name: tlsstores.traefik.containo.us
+spec:
+  group: traefik.containo.us
+  names:
+    kind: TLSStore
+    listKind: TLSStoreList
+    plural: tlsstores
+    singular: tlsstore
+  scope: Namespaced
+  versions:
+  - name: v1alpha1
+    schema:
+      openAPIV3Schema:
+        description: 'TLSStore is the CRD implementation of a Traefik TLS Store. For
+          the time being, only the TLSStore named default is supported. This means
+          that you cannot have two stores that are named default in different Kubernetes
+          namespaces. More info: https://doc.traefik.io/traefik/v2.10/https/tls/#certificates-stores'
+        properties:
+          apiVersion:
+            description: 'APIVersion defines the versioned schema of this representation
+              of an object. Servers should convert recognized schemas to the latest
+              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            type: string
+          kind:
+            description: 'Kind is a string value representing the REST resource this
+              object represents. Servers may infer this from the endpoint the client
+              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            type: string
+          metadata:
+            type: object
+          spec:
+            description: TLSStoreSpec defines the desired state of a TLSStore.
+            properties:
+              certificates:
+                description: Certificates is a list of secret names, each secret holding
+                  a key/certificate pair to add to the store.
+                items:
+                  description: Certificate holds a secret name for the TLSStore resource.
+                  properties:
+                    secretName:
+                      description: SecretName is the name of the referenced Kubernetes
+                        Secret to specify the certificate details.
+                      type: string
+                  required:
+                  - secretName
+                  type: object
+                type: array
+              defaultCertificate:
+                description: DefaultCertificate defines the default certificate configuration.
+                properties:
+                  secretName:
+                    description: SecretName is the name of the referenced Kubernetes
+                      Secret to specify the certificate details.
+                    type: string
+                required:
+                - secretName
+                type: object
+              defaultGeneratedCert:
+                description: DefaultGeneratedCert defines the default generated certificate
+                  configuration.
+                properties:
+                  domain:
+                    description: Domain is the domain definition for the DefaultCertificate.
+                    properties:
+                      main:
+                        description: Main defines the main domain name.
+                        type: string
+                      sans:
+                        description: SANs defines the subject alternative domain names.
+                        items:
+                          type: string
+                        type: array
+                    type: object
+                  resolver:
+                    description: Resolver is the name of the resolver that will be
+                      used to issue the DefaultCertificate.
+                    type: string
+                type: object
+            type: object
+        required:
+        - metadata
+        - spec
+        type: object
+    served: true
+    storage: true
+status:
+  acceptedNames:
+    kind: ""
+    plural: ""
+  conditions: []
+  storedVersions: []
diff --git a/charts/traefik-crd/25.0.3+up25.0.0/templates/traefik.containo.us_traefikservices.yaml b/charts/traefik-crd/25.0.3+up25.0.0/templates/traefik.containo.us_traefikservices.yaml
new file mode 100644
index 0000000..0dcf470
--- /dev/null
+++ b/charts/traefik-crd/25.0.3+up25.0.0/templates/traefik.containo.us_traefikservices.yaml
@@ -0,0 +1,402 @@
+
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    controller-gen.kubebuilder.io/version: v0.6.2
+  creationTimestamp: null
+  name: traefikservices.traefik.containo.us
+spec:
+  group: traefik.containo.us
+  names:
+    kind: TraefikService
+    listKind: TraefikServiceList
+    plural: traefikservices
+    singular: traefikservice
+  scope: Namespaced
+  versions:
+  - name: v1alpha1
+    schema:
+      openAPIV3Schema:
+        description: 'TraefikService is the CRD implementation of a Traefik Service.
+          TraefikService object allows to: - Apply weight to Services on load-balancing
+          - Mirror traffic on services More info: https://doc.traefik.io/traefik/v2.10/routing/providers/kubernetes-crd/#kind-traefikservice'
+        properties:
+          apiVersion:
+            description: 'APIVersion defines the versioned schema of this representation
+              of an object. Servers should convert recognized schemas to the latest
+              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            type: string
+          kind:
+            description: 'Kind is a string value representing the REST resource this
+              object represents. Servers may infer this from the endpoint the client
+              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            type: string
+          metadata:
+            type: object
+          spec:
+            description: TraefikServiceSpec defines the desired state of a TraefikService.
+            properties:
+              mirroring:
+                description: Mirroring defines the Mirroring service configuration.
+                properties:
+                  kind:
+                    description: Kind defines the kind of the Service.
+                    enum:
+                    - Service
+                    - TraefikService
+                    type: string
+                  maxBodySize:
+                    description: MaxBodySize defines the maximum size allowed for
+                      the body of the request. If the body is larger, the request
+                      is not mirrored. Default value is -1, which means unlimited
+                      size.
+                    format: int64
+                    type: integer
+                  mirrors:
+                    description: Mirrors defines the list of mirrors where Traefik
+                      will duplicate the traffic.
+                    items:
+                      description: MirrorService holds the mirror configuration.
+                      properties:
+                        kind:
+                          description: Kind defines the kind of the Service.
+                          enum:
+                          - Service
+                          - TraefikService
+                          type: string
+                        name:
+                          description: Name defines the name of the referenced Kubernetes
+                            Service or TraefikService. The differentiation between
+                            the two is specified in the Kind field.
+                          type: string
+                        namespace:
+                          description: Namespace defines the namespace of the referenced
+                            Kubernetes Service or TraefikService.
+                          type: string
+                        nativeLB:
+                          description: NativeLB controls, when creating the load-balancer,
+                            whether the LB's children are directly the pods IPs or
+                            if the only child is the Kubernetes Service clusterIP.
+                            The Kubernetes Service itself does load-balance to the
+                            pods. By default, NativeLB is false.
+                          type: boolean
+                        passHostHeader:
+                          description: PassHostHeader defines whether the client Host
+                            header is forwarded to the upstream Kubernetes Service.
+                            By default, passHostHeader is true.
+                          type: boolean
+                        percent:
+                          description: 'Percent defines the part of the traffic to
+                            mirror. Supported values: 0 to 100.'
+                          type: integer
+                        port:
+                          anyOf:
+                          - type: integer
+                          - type: string
+                          description: Port defines the port of a Kubernetes Service.
+                            This can be a reference to a named port.
+                          x-kubernetes-int-or-string: true
+                        responseForwarding:
+                          description: ResponseForwarding defines how Traefik forwards
+                            the response from the upstream Kubernetes Service to the
+                            client.
+                          properties:
+                            flushInterval:
+                              description: 'FlushInterval defines the interval, in
+                                milliseconds, in between flushes to the client while
+                                copying the response body. A negative value means
+                                to flush immediately after each write to the client.
+                                This configuration is ignored when ReverseProxy recognizes
+                                a response as a streaming response; for such responses,
+                                writes are flushed to the client immediately. Default:
+                                100ms'
+                              type: string
+                          type: object
+                        scheme:
+                          description: Scheme defines the scheme to use for the request
+                            to the upstream Kubernetes Service. It defaults to https
+                            when Kubernetes Service port is 443, http otherwise.
+                          type: string
+                        serversTransport:
+                          description: ServersTransport defines the name of ServersTransport
+                            resource to use. It allows to configure the transport
+                            between Traefik and your servers. Can only be used on
+                            a Kubernetes Service.
+                          type: string
+                        sticky:
+                          description: 'Sticky defines the sticky sessions configuration.
+                            More info: https://doc.traefik.io/traefik/v2.10/routing/services/#sticky-sessions'
+                          properties:
+                            cookie:
+                              description: Cookie defines the sticky cookie configuration.
+                              properties:
+                                httpOnly:
+                                  description: HTTPOnly defines whether the cookie
+                                    can be accessed by client-side APIs, such as JavaScript.
+                                  type: boolean
+                                name:
+                                  description: Name defines the Cookie name.
+                                  type: string
+                                sameSite:
+                                  description: 'SameSite defines the same site policy.
+                                    More info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite'
+                                  type: string
+                                secure:
+                                  description: Secure defines whether the cookie can
+                                    only be transmitted over an encrypted connection
+                                    (i.e. HTTPS).
+                                  type: boolean
+                              type: object
+                          type: object
+                        strategy:
+                          description: Strategy defines the load balancing strategy
+                            between the servers. RoundRobin is the only supported
+                            value at the moment.
+                          type: string
+                        weight:
+                          description: Weight defines the weight and should only be
+                            specified when Name references a TraefikService object
+                            (and to be precise, one that embeds a Weighted Round Robin).
+                          type: integer
+                      required:
+                      - name
+                      type: object
+                    type: array
+                  name:
+                    description: Name defines the name of the referenced Kubernetes
+                      Service or TraefikService. The differentiation between the two
+                      is specified in the Kind field.
+                    type: string
+                  namespace:
+                    description: Namespace defines the namespace of the referenced
+                      Kubernetes Service or TraefikService.
+                    type: string
+                  nativeLB:
+                    description: NativeLB controls, when creating the load-balancer,
+                      whether the LB's children are directly the pods IPs or if the
+                      only child is the Kubernetes Service clusterIP. The Kubernetes
+                      Service itself does load-balance to the pods. By default, NativeLB
+                      is false.
+                    type: boolean
+                  passHostHeader:
+                    description: PassHostHeader defines whether the client Host header
+                      is forwarded to the upstream Kubernetes Service. By default,
+                      passHostHeader is true.
+                    type: boolean
+                  port:
+                    anyOf:
+                    - type: integer
+                    - type: string
+                    description: Port defines the port of a Kubernetes Service. This
+                      can be a reference to a named port.
+                    x-kubernetes-int-or-string: true
+                  responseForwarding:
+                    description: ResponseForwarding defines how Traefik forwards the
+                      response from the upstream Kubernetes Service to the client.
+                    properties:
+                      flushInterval:
+                        description: 'FlushInterval defines the interval, in milliseconds,
+                          in between flushes to the client while copying the response
+                          body. A negative value means to flush immediately after
+                          each write to the client. This configuration is ignored
+                          when ReverseProxy recognizes a response as a streaming response;
+                          for such responses, writes are flushed to the client immediately.
+                          Default: 100ms'
+                        type: string
+                    type: object
+                  scheme:
+                    description: Scheme defines the scheme to use for the request
+                      to the upstream Kubernetes Service. It defaults to https when
+                      Kubernetes Service port is 443, http otherwise.
+                    type: string
+                  serversTransport:
+                    description: ServersTransport defines the name of ServersTransport
+                      resource to use. It allows to configure the transport between
+                      Traefik and your servers. Can only be used on a Kubernetes Service.
+                    type: string
+                  sticky:
+                    description: 'Sticky defines the sticky sessions configuration.
+                      More info: https://doc.traefik.io/traefik/v2.10/routing/services/#sticky-sessions'
+                    properties:
+                      cookie:
+                        description: Cookie defines the sticky cookie configuration.
+                        properties:
+                          httpOnly:
+                            description: HTTPOnly defines whether the cookie can be
+                              accessed by client-side APIs, such as JavaScript.
+                            type: boolean
+                          name:
+                            description: Name defines the Cookie name.
+                            type: string
+                          sameSite:
+                            description: 'SameSite defines the same site policy. More
+                              info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite'
+                            type: string
+                          secure:
+                            description: Secure defines whether the cookie can only
+                              be transmitted over an encrypted connection (i.e. HTTPS).
+                            type: boolean
+                        type: object
+                    type: object
+                  strategy:
+                    description: Strategy defines the load balancing strategy between
+                      the servers. RoundRobin is the only supported value at the moment.
+                    type: string
+                  weight:
+                    description: Weight defines the weight and should only be specified
+                      when Name references a TraefikService object (and to be precise,
+                      one that embeds a Weighted Round Robin).
+                    type: integer
+                required:
+                - name
+                type: object
+              weighted:
+                description: Weighted defines the Weighted Round Robin configuration.
+                properties:
+                  services:
+                    description: Services defines the list of Kubernetes Service and/or
+                      TraefikService to load-balance, with weight.
+                    items:
+                      description: Service defines an upstream HTTP service to proxy
+                        traffic to.
+                      properties:
+                        kind:
+                          description: Kind defines the kind of the Service.
+                          enum:
+                          - Service
+                          - TraefikService
+                          type: string
+                        name:
+                          description: Name defines the name of the referenced Kubernetes
+                            Service or TraefikService. The differentiation between
+                            the two is specified in the Kind field.
+                          type: string
+                        namespace:
+                          description: Namespace defines the namespace of the referenced
+                            Kubernetes Service or TraefikService.
+                          type: string
+                        nativeLB:
+                          description: NativeLB controls, when creating the load-balancer,
+                            whether the LB's children are directly the pods IPs or
+                            if the only child is the Kubernetes Service clusterIP.
+                            The Kubernetes Service itself does load-balance to the
+                            pods. By default, NativeLB is false.
+                          type: boolean
+                        passHostHeader:
+                          description: PassHostHeader defines whether the client Host
+                            header is forwarded to the upstream Kubernetes Service.
+                            By default, passHostHeader is true.
+                          type: boolean
+                        port:
+                          anyOf:
+                          - type: integer
+                          - type: string
+                          description: Port defines the port of a Kubernetes Service.
+                            This can be a reference to a named port.
+                          x-kubernetes-int-or-string: true
+                        responseForwarding:
+                          description: ResponseForwarding defines how Traefik forwards
+                            the response from the upstream Kubernetes Service to the
+                            client.
+                          properties:
+                            flushInterval:
+                              description: 'FlushInterval defines the interval, in
+                                milliseconds, in between flushes to the client while
+                                copying the response body. A negative value means
+                                to flush immediately after each write to the client.
+                                This configuration is ignored when ReverseProxy recognizes
+                                a response as a streaming response; for such responses,
+                                writes are flushed to the client immediately. Default:
+                                100ms'
+                              type: string
+                          type: object
+                        scheme:
+                          description: Scheme defines the scheme to use for the request
+                            to the upstream Kubernetes Service. It defaults to https
+                            when Kubernetes Service port is 443, http otherwise.
+                          type: string
+                        serversTransport:
+                          description: ServersTransport defines the name of ServersTransport
+                            resource to use. It allows to configure the transport
+                            between Traefik and your servers. Can only be used on
+                            a Kubernetes Service.
+                          type: string
+                        sticky:
+                          description: 'Sticky defines the sticky sessions configuration.
+                            More info: https://doc.traefik.io/traefik/v2.10/routing/services/#sticky-sessions'
+                          properties:
+                            cookie:
+                              description: Cookie defines the sticky cookie configuration.
+                              properties:
+                                httpOnly:
+                                  description: HTTPOnly defines whether the cookie
+                                    can be accessed by client-side APIs, such as JavaScript.
+                                  type: boolean
+                                name:
+                                  description: Name defines the Cookie name.
+                                  type: string
+                                sameSite:
+                                  description: 'SameSite defines the same site policy.
+                                    More info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite'
+                                  type: string
+                                secure:
+                                  description: Secure defines whether the cookie can
+                                    only be transmitted over an encrypted connection
+                                    (i.e. HTTPS).
+                                  type: boolean
+                              type: object
+                          type: object
+                        strategy:
+                          description: Strategy defines the load balancing strategy
+                            between the servers. RoundRobin is the only supported
+                            value at the moment.
+                          type: string
+                        weight:
+                          description: Weight defines the weight and should only be
+                            specified when Name references a TraefikService object
+                            (and to be precise, one that embeds a Weighted Round Robin).
+                          type: integer
+                      required:
+                      - name
+                      type: object
+                    type: array
+                  sticky:
+                    description: 'Sticky defines whether sticky sessions are enabled.
+                      More info: https://doc.traefik.io/traefik/v2.10/routing/providers/kubernetes-crd/#stickiness-and-load-balancing'
+                    properties:
+                      cookie:
+                        description: Cookie defines the sticky cookie configuration.
+                        properties:
+                          httpOnly:
+                            description: HTTPOnly defines whether the cookie can be
+                              accessed by client-side APIs, such as JavaScript.
+                            type: boolean
+                          name:
+                            description: Name defines the Cookie name.
+                            type: string
+                          sameSite:
+                            description: 'SameSite defines the same site policy. More
+                              info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite'
+                            type: string
+                          secure:
+                            description: Secure defines whether the cookie can only
+                              be transmitted over an encrypted connection (i.e. HTTPS).
+                            type: boolean
+                        type: object
+                    type: object
+                type: object
+            type: object
+        required:
+        - metadata
+        - spec
+        type: object
+    served: true
+    storage: true
+status:
+  acceptedNames:
+    kind: ""
+    plural: ""
+  conditions: []
+  storedVersions: []
diff --git a/charts/traefik-crd/25.0.3+up25.0.0/templates/traefik.io_ingressroutes.yaml b/charts/traefik-crd/25.0.3+up25.0.0/templates/traefik.io_ingressroutes.yaml
new file mode 100644
index 0000000..89aaee7
--- /dev/null
+++ b/charts/traefik-crd/25.0.3+up25.0.0/templates/traefik.io_ingressroutes.yaml
@@ -0,0 +1,275 @@
+
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    controller-gen.kubebuilder.io/version: v0.6.2
+  creationTimestamp: null
+  name: ingressroutes.traefik.io
+spec:
+  group: traefik.io
+  names:
+    kind: IngressRoute
+    listKind: IngressRouteList
+    plural: ingressroutes
+    singular: ingressroute
+  scope: Namespaced
+  versions:
+  - name: v1alpha1
+    schema:
+      openAPIV3Schema:
+        description: IngressRoute is the CRD implementation of a Traefik HTTP Router.
+        properties:
+          apiVersion:
+            description: 'APIVersion defines the versioned schema of this representation
+              of an object. Servers should convert recognized schemas to the latest
+              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            type: string
+          kind:
+            description: 'Kind is a string value representing the REST resource this
+              object represents. Servers may infer this from the endpoint the client
+              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            type: string
+          metadata:
+            type: object
+          spec:
+            description: IngressRouteSpec defines the desired state of IngressRoute.
+            properties:
+              entryPoints:
+                description: 'EntryPoints defines the list of entry point names to
+                  bind to. Entry points have to be configured in the static configuration.
+                  More info: https://doc.traefik.io/traefik/v2.10/routing/entrypoints/
+                  Default: all.'
+                items:
+                  type: string
+                type: array
+              routes:
+                description: Routes defines the list of routes.
+                items:
+                  description: Route holds the HTTP route configuration.
+                  properties:
+                    kind:
+                      description: Kind defines the kind of the route. Rule is the
+                        only supported kind.
+                      enum:
+                      - Rule
+                      type: string
+                    match:
+                      description: 'Match defines the router''s rule. More info: https://doc.traefik.io/traefik/v2.10/routing/routers/#rule'
+                      type: string
+                    middlewares:
+                      description: 'Middlewares defines the list of references to
+                        Middleware resources. More info: https://doc.traefik.io/traefik/v2.10/routing/providers/kubernetes-crd/#kind-middleware'
+                      items:
+                        description: MiddlewareRef is a reference to a Middleware
+                          resource.
+                        properties:
+                          name:
+                            description: Name defines the name of the referenced Middleware
+                              resource.
+                            type: string
+                          namespace:
+                            description: Namespace defines the namespace of the referenced
+                              Middleware resource.
+                            type: string
+                        required:
+                        - name
+                        type: object
+                      type: array
+                    priority:
+                      description: 'Priority defines the router''s priority. More
+                        info: https://doc.traefik.io/traefik/v2.10/routing/routers/#priority'
+                      type: integer
+                    services:
+                      description: Services defines the list of Service. It can contain
+                        any combination of TraefikService and/or reference to a Kubernetes
+                        Service.
+                      items:
+                        description: Service defines an upstream HTTP service to proxy
+                          traffic to.
+                        properties:
+                          kind:
+                            description: Kind defines the kind of the Service.
+                            enum:
+                            - Service
+                            - TraefikService
+                            type: string
+                          name:
+                            description: Name defines the name of the referenced Kubernetes
+                              Service or TraefikService. The differentiation between
+                              the two is specified in the Kind field.
+                            type: string
+                          namespace:
+                            description: Namespace defines the namespace of the referenced
+                              Kubernetes Service or TraefikService.
+                            type: string
+                          nativeLB:
+                            description: NativeLB controls, when creating the load-balancer,
+                              whether the LB's children are directly the pods IPs
+                              or if the only child is the Kubernetes Service clusterIP.
+                              The Kubernetes Service itself does load-balance to the
+                              pods. By default, NativeLB is false.
+                            type: boolean
+                          passHostHeader:
+                            description: PassHostHeader defines whether the client
+                              Host header is forwarded to the upstream Kubernetes
+                              Service. By default, passHostHeader is true.
+                            type: boolean
+                          port:
+                            anyOf:
+                            - type: integer
+                            - type: string
+                            description: Port defines the port of a Kubernetes Service.
+                              This can be a reference to a named port.
+                            x-kubernetes-int-or-string: true
+                          responseForwarding:
+                            description: ResponseForwarding defines how Traefik forwards
+                              the response from the upstream Kubernetes Service to
+                              the client.
+                            properties:
+                              flushInterval:
+                                description: 'FlushInterval defines the interval,
+                                  in milliseconds, in between flushes to the client
+                                  while copying the response body. A negative value
+                                  means to flush immediately after each write to the
+                                  client. This configuration is ignored when ReverseProxy
+                                  recognizes a response as a streaming response; for
+                                  such responses, writes are flushed to the client
+                                  immediately. Default: 100ms'
+                                type: string
+                            type: object
+                          scheme:
+                            description: Scheme defines the scheme to use for the
+                              request to the upstream Kubernetes Service. It defaults
+                              to https when Kubernetes Service port is 443, http otherwise.
+                            type: string
+                          serversTransport:
+                            description: ServersTransport defines the name of ServersTransport
+                              resource to use. It allows to configure the transport
+                              between Traefik and your servers. Can only be used on
+                              a Kubernetes Service.
+                            type: string
+                          sticky:
+                            description: 'Sticky defines the sticky sessions configuration.
+                              More info: https://doc.traefik.io/traefik/v2.10/routing/services/#sticky-sessions'
+                            properties:
+                              cookie:
+                                description: Cookie defines the sticky cookie configuration.
+                                properties:
+                                  httpOnly:
+                                    description: HTTPOnly defines whether the cookie
+                                      can be accessed by client-side APIs, such as
+                                      JavaScript.
+                                    type: boolean
+                                  name:
+                                    description: Name defines the Cookie name.
+                                    type: string
+                                  sameSite:
+                                    description: 'SameSite defines the same site policy.
+                                      More info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite'
+                                    type: string
+                                  secure:
+                                    description: Secure defines whether the cookie
+                                      can only be transmitted over an encrypted connection
+                                      (i.e. HTTPS).
+                                    type: boolean
+                                type: object
+                            type: object
+                          strategy:
+                            description: Strategy defines the load balancing strategy
+                              between the servers. RoundRobin is the only supported
+                              value at the moment.
+                            type: string
+                          weight:
+                            description: Weight defines the weight and should only
+                              be specified when Name references a TraefikService object
+                              (and to be precise, one that embeds a Weighted Round
+                              Robin).
+                            type: integer
+                        required:
+                        - name
+                        type: object
+                      type: array
+                  required:
+                  - kind
+                  - match
+                  type: object
+                type: array
+              tls:
+                description: 'TLS defines the TLS configuration. More info: https://doc.traefik.io/traefik/v2.10/routing/routers/#tls'
+                properties:
+                  certResolver:
+                    description: 'CertResolver defines the name of the certificate
+                      resolver to use. Cert resolvers have to be configured in the
+                      static configuration. More info: https://doc.traefik.io/traefik/v2.10/https/acme/#certificate-resolvers'
+                    type: string
+                  domains:
+                    description: 'Domains defines the list of domains that will be
+                      used to issue certificates. More info: https://doc.traefik.io/traefik/v2.10/routing/routers/#domains'
+                    items:
+                      description: Domain holds a domain name with SANs.
+                      properties:
+                        main:
+                          description: Main defines the main domain name.
+                          type: string
+                        sans:
+                          description: SANs defines the subject alternative domain
+                            names.
+                          items:
+                            type: string
+                          type: array
+                      type: object
+                    type: array
+                  options:
+                    description: 'Options defines the reference to a TLSOption, that
+                      specifies the parameters of the TLS connection. If not defined,
+                      the `default` TLSOption is used. More info: https://doc.traefik.io/traefik/v2.10/https/tls/#tls-options'
+                    properties:
+                      name:
+                        description: 'Name defines the name of the referenced TLSOption.
+                          More info: https://doc.traefik.io/traefik/v2.10/routing/providers/kubernetes-crd/#kind-tlsoption'
+                        type: string
+                      namespace:
+                        description: 'Namespace defines the namespace of the referenced
+                          TLSOption. More info: https://doc.traefik.io/traefik/v2.10/routing/providers/kubernetes-crd/#kind-tlsoption'
+                        type: string
+                    required:
+                    - name
+                    type: object
+                  secretName:
+                    description: SecretName is the name of the referenced Kubernetes
+                      Secret to specify the certificate details.
+                    type: string
+                  store:
+                    description: Store defines the reference to the TLSStore, that
+                      will be used to store certificates. Please note that only `default`
+                      TLSStore can be used.
+                    properties:
+                      name:
+                        description: 'Name defines the name of the referenced TLSStore.
+                          More info: https://doc.traefik.io/traefik/v2.10/routing/providers/kubernetes-crd/#kind-tlsstore'
+                        type: string
+                      namespace:
+                        description: 'Namespace defines the namespace of the referenced
+                          TLSStore. More info: https://doc.traefik.io/traefik/v2.10/routing/providers/kubernetes-crd/#kind-tlsstore'
+                        type: string
+                    required:
+                    - name
+                    type: object
+                type: object
+            required:
+            - routes
+            type: object
+        required:
+        - metadata
+        - spec
+        type: object
+    served: true
+    storage: true
+status:
+  acceptedNames:
+    kind: ""
+    plural: ""
+  conditions: []
+  storedVersions: []
diff --git a/charts/traefik-crd/25.0.3+up25.0.0/templates/traefik.io_ingressroutetcps.yaml b/charts/traefik-crd/25.0.3+up25.0.0/templates/traefik.io_ingressroutetcps.yaml
new file mode 100644
index 0000000..82f61ac
--- /dev/null
+++ b/charts/traefik-crd/25.0.3+up25.0.0/templates/traefik.io_ingressroutetcps.yaml
@@ -0,0 +1,218 @@
+
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    controller-gen.kubebuilder.io/version: v0.6.2
+  creationTimestamp: null
+  name: ingressroutetcps.traefik.io
+spec:
+  group: traefik.io
+  names:
+    kind: IngressRouteTCP
+    listKind: IngressRouteTCPList
+    plural: ingressroutetcps
+    singular: ingressroutetcp
+  scope: Namespaced
+  versions:
+  - name: v1alpha1
+    schema:
+      openAPIV3Schema:
+        description: IngressRouteTCP is the CRD implementation of a Traefik TCP Router.
+        properties:
+          apiVersion:
+            description: 'APIVersion defines the versioned schema of this representation
+              of an object. Servers should convert recognized schemas to the latest
+              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            type: string
+          kind:
+            description: 'Kind is a string value representing the REST resource this
+              object represents. Servers may infer this from the endpoint the client
+              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            type: string
+          metadata:
+            type: object
+          spec:
+            description: IngressRouteTCPSpec defines the desired state of IngressRouteTCP.
+            properties:
+              entryPoints:
+                description: 'EntryPoints defines the list of entry point names to
+                  bind to. Entry points have to be configured in the static configuration.
+                  More info: https://doc.traefik.io/traefik/v2.10/routing/entrypoints/
+                  Default: all.'
+                items:
+                  type: string
+                type: array
+              routes:
+                description: Routes defines the list of routes.
+                items:
+                  description: RouteTCP holds the TCP route configuration.
+                  properties:
+                    match:
+                      description: 'Match defines the router''s rule. More info: https://doc.traefik.io/traefik/v2.10/routing/routers/#rule_1'
+                      type: string
+                    middlewares:
+                      description: Middlewares defines the list of references to MiddlewareTCP
+                        resources.
+                      items:
+                        description: ObjectReference is a generic reference to a Traefik
+                          resource.
+                        properties:
+                          name:
+                            description: Name defines the name of the referenced Traefik
+                              resource.
+                            type: string
+                          namespace:
+                            description: Namespace defines the namespace of the referenced
+                              Traefik resource.
+                            type: string
+                        required:
+                        - name
+                        type: object
+                      type: array
+                    priority:
+                      description: 'Priority defines the router''s priority. More
+                        info: https://doc.traefik.io/traefik/v2.10/routing/routers/#priority_1'
+                      type: integer
+                    services:
+                      description: Services defines the list of TCP services.
+                      items:
+                        description: ServiceTCP defines an upstream TCP service to
+                          proxy traffic to.
+                        properties:
+                          name:
+                            description: Name defines the name of the referenced Kubernetes
+                              Service.
+                            type: string
+                          namespace:
+                            description: Namespace defines the namespace of the referenced
+                              Kubernetes Service.
+                            type: string
+                          nativeLB:
+                            description: NativeLB controls, when creating the load-balancer,
+                              whether the LB's children are directly the pods IPs
+                              or if the only child is the Kubernetes Service clusterIP.
+                              The Kubernetes Service itself does load-balance to the
+                              pods. By default, NativeLB is false.
+                            type: boolean
+                          port:
+                            anyOf:
+                            - type: integer
+                            - type: string
+                            description: Port defines the port of a Kubernetes Service.
+                              This can be a reference to a named port.
+                            x-kubernetes-int-or-string: true
+                          proxyProtocol:
+                            description: 'ProxyProtocol defines the PROXY protocol
+                              configuration. More info: https://doc.traefik.io/traefik/v2.10/routing/services/#proxy-protocol'
+                            properties:
+                              version:
+                                description: Version defines the PROXY Protocol version
+                                  to use.
+                                type: integer
+                            type: object
+                          terminationDelay:
+                            description: TerminationDelay defines the deadline that
+                              the proxy sets, after one of its connected peers indicates
+                              it has closed the writing capability of its connection,
+                              to close the reading capability as well, hence fully
+                              terminating the connection. It is a duration in milliseconds,
+                              defaulting to 100. A negative value means an infinite
+                              deadline (i.e. the reading capability is never closed).
+                            type: integer
+                          weight:
+                            description: Weight defines the weight used when balancing
+                              requests between multiple Kubernetes Service.
+                            type: integer
+                        required:
+                        - name
+                        - port
+                        type: object
+                      type: array
+                  required:
+                  - match
+                  type: object
+                type: array
+              tls:
+                description: 'TLS defines the TLS configuration on a layer 4 / TCP
+                  Route. More info: https://doc.traefik.io/traefik/v2.10/routing/routers/#tls_1'
+                properties:
+                  certResolver:
+                    description: 'CertResolver defines the name of the certificate
+                      resolver to use. Cert resolvers have to be configured in the
+                      static configuration. More info: https://doc.traefik.io/traefik/v2.10/https/acme/#certificate-resolvers'
+                    type: string
+                  domains:
+                    description: 'Domains defines the list of domains that will be
+                      used to issue certificates. More info: https://doc.traefik.io/traefik/v2.10/routing/routers/#domains'
+                    items:
+                      description: Domain holds a domain name with SANs.
+                      properties:
+                        main:
+                          description: Main defines the main domain name.
+                          type: string
+                        sans:
+                          description: SANs defines the subject alternative domain
+                            names.
+                          items:
+                            type: string
+                          type: array
+                      type: object
+                    type: array
+                  options:
+                    description: 'Options defines the reference to a TLSOption, that
+                      specifies the parameters of the TLS connection. If not defined,
+                      the `default` TLSOption is used. More info: https://doc.traefik.io/traefik/v2.10/https/tls/#tls-options'
+                    properties:
+                      name:
+                        description: Name defines the name of the referenced Traefik
+                          resource.
+                        type: string
+                      namespace:
+                        description: Namespace defines the namespace of the referenced
+                          Traefik resource.
+                        type: string
+                    required:
+                    - name
+                    type: object
+                  passthrough:
+                    description: Passthrough defines whether a TLS router will terminate
+                      the TLS connection.
+                    type: boolean
+                  secretName:
+                    description: SecretName is the name of the referenced Kubernetes
+                      Secret to specify the certificate details.
+                    type: string
+                  store:
+                    description: Store defines the reference to the TLSStore, that
+                      will be used to store certificates. Please note that only `default`
+                      TLSStore can be used.
+                    properties:
+                      name:
+                        description: Name defines the name of the referenced Traefik
+                          resource.
+                        type: string
+                      namespace:
+                        description: Namespace defines the namespace of the referenced
+                          Traefik resource.
+                        type: string
+                    required:
+                    - name
+                    type: object
+                type: object
+            required:
+            - routes
+            type: object
+        required:
+        - metadata
+        - spec
+        type: object
+    served: true
+    storage: true
+status:
+  acceptedNames:
+    kind: ""
+    plural: ""
+  conditions: []
+  storedVersions: []
diff --git a/charts/traefik-crd/25.0.3+up25.0.0/templates/traefik.io_ingressrouteudps.yaml b/charts/traefik-crd/25.0.3+up25.0.0/templates/traefik.io_ingressrouteudps.yaml
new file mode 100644
index 0000000..27c5018
--- /dev/null
+++ b/charts/traefik-crd/25.0.3+up25.0.0/templates/traefik.io_ingressrouteudps.yaml
@@ -0,0 +1,105 @@
+
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    controller-gen.kubebuilder.io/version: v0.6.2
+  creationTimestamp: null
+  name: ingressrouteudps.traefik.io
+spec:
+  group: traefik.io
+  names:
+    kind: IngressRouteUDP
+    listKind: IngressRouteUDPList
+    plural: ingressrouteudps
+    singular: ingressrouteudp
+  scope: Namespaced
+  versions:
+  - name: v1alpha1
+    schema:
+      openAPIV3Schema:
+        description: IngressRouteUDP is a CRD implementation of a Traefik UDP Router.
+        properties:
+          apiVersion:
+            description: 'APIVersion defines the versioned schema of this representation
+              of an object. Servers should convert recognized schemas to the latest
+              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            type: string
+          kind:
+            description: 'Kind is a string value representing the REST resource this
+              object represents. Servers may infer this from the endpoint the client
+              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            type: string
+          metadata:
+            type: object
+          spec:
+            description: IngressRouteUDPSpec defines the desired state of a IngressRouteUDP.
+            properties:
+              entryPoints:
+                description: 'EntryPoints defines the list of entry point names to
+                  bind to. Entry points have to be configured in the static configuration.
+                  More info: https://doc.traefik.io/traefik/v2.10/routing/entrypoints/
+                  Default: all.'
+                items:
+                  type: string
+                type: array
+              routes:
+                description: Routes defines the list of routes.
+                items:
+                  description: RouteUDP holds the UDP route configuration.
+                  properties:
+                    services:
+                      description: Services defines the list of UDP services.
+                      items:
+                        description: ServiceUDP defines an upstream UDP service to
+                          proxy traffic to.
+                        properties:
+                          name:
+                            description: Name defines the name of the referenced Kubernetes
+                              Service.
+                            type: string
+                          namespace:
+                            description: Namespace defines the namespace of the referenced
+                              Kubernetes Service.
+                            type: string
+                          nativeLB:
+                            description: NativeLB controls, when creating the load-balancer,
+                              whether the LB's children are directly the pods IPs
+                              or if the only child is the Kubernetes Service clusterIP.
+                              The Kubernetes Service itself does load-balance to the
+                              pods. By default, NativeLB is false.
+                            type: boolean
+                          port:
+                            anyOf:
+                            - type: integer
+                            - type: string
+                            description: Port defines the port of a Kubernetes Service.
+                              This can be a reference to a named port.
+                            x-kubernetes-int-or-string: true
+                          weight:
+                            description: Weight defines the weight used when balancing
+                              requests between multiple Kubernetes Service.
+                            type: integer
+                        required:
+                        - name
+                        - port
+                        type: object
+                      type: array
+                  type: object
+                type: array
+            required:
+            - routes
+            type: object
+        required:
+        - metadata
+        - spec
+        type: object
+    served: true
+    storage: true
+status:
+  acceptedNames:
+    kind: ""
+    plural: ""
+  conditions: []
+  storedVersions: []
diff --git a/charts/traefik-crd/25.0.3+up25.0.0/templates/traefik.io_middlewares.yaml b/charts/traefik-crd/25.0.3+up25.0.0/templates/traefik.io_middlewares.yaml
new file mode 100644
index 0000000..5a4dc36
--- /dev/null
+++ b/charts/traefik-crd/25.0.3+up25.0.0/templates/traefik.io_middlewares.yaml
@@ -0,0 +1,924 @@
+
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    controller-gen.kubebuilder.io/version: v0.6.2
+  creationTimestamp: null
+  name: middlewares.traefik.io
+spec:
+  group: traefik.io
+  names:
+    kind: Middleware
+    listKind: MiddlewareList
+    plural: middlewares
+    singular: middleware
+  scope: Namespaced
+  versions:
+  - name: v1alpha1
+    schema:
+      openAPIV3Schema:
+        description: 'Middleware is the CRD implementation of a Traefik Middleware.
+          More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/overview/'
+        properties:
+          apiVersion:
+            description: 'APIVersion defines the versioned schema of this representation
+              of an object. Servers should convert recognized schemas to the latest
+              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            type: string
+          kind:
+            description: 'Kind is a string value representing the REST resource this
+              object represents. Servers may infer this from the endpoint the client
+              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            type: string
+          metadata:
+            type: object
+          spec:
+            description: MiddlewareSpec defines the desired state of a Middleware.
+            properties:
+              addPrefix:
+                description: 'AddPrefix holds the add prefix middleware configuration.
+                  This middleware updates the path of a request before forwarding
+                  it. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/addprefix/'
+                properties:
+                  prefix:
+                    description: Prefix is the string to add before the current path
+                      in the requested URL. It should include a leading slash (/).
+                    type: string
+                type: object
+              basicAuth:
+                description: 'BasicAuth holds the basic auth middleware configuration.
+                  This middleware restricts access to your services to known users.
+                  More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/basicauth/'
+                properties:
+                  headerField:
+                    description: 'HeaderField defines a header field to store the
+                      authenticated user. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/basicauth/#headerfield'
+                    type: string
+                  realm:
+                    description: 'Realm allows the protected resources on a server
+                      to be partitioned into a set of protection spaces, each with
+                      its own authentication scheme. Default: traefik.'
+                    type: string
+                  removeHeader:
+                    description: 'RemoveHeader sets the removeHeader option to true
+                      to remove the authorization header before forwarding the request
+                      to your service. Default: false.'
+                    type: boolean
+                  secret:
+                    description: Secret is the name of the referenced Kubernetes Secret
+                      containing user credentials.
+                    type: string
+                type: object
+              buffering:
+                description: 'Buffering holds the buffering middleware configuration.
+                  This middleware retries or limits the size of requests that can
+                  be forwarded to backends. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/buffering/#maxrequestbodybytes'
+                properties:
+                  maxRequestBodyBytes:
+                    description: 'MaxRequestBodyBytes defines the maximum allowed
+                      body size for the request (in bytes). If the request exceeds
+                      the allowed size, it is not forwarded to the service, and the
+                      client gets a 413 (Request Entity Too Large) response. Default:
+                      0 (no maximum).'
+                    format: int64
+                    type: integer
+                  maxResponseBodyBytes:
+                    description: 'MaxResponseBodyBytes defines the maximum allowed
+                      response size from the service (in bytes). If the response exceeds
+                      the allowed size, it is not forwarded to the client. The client
+                      gets a 500 (Internal Server Error) response instead. Default:
+                      0 (no maximum).'
+                    format: int64
+                    type: integer
+                  memRequestBodyBytes:
+                    description: 'MemRequestBodyBytes defines the threshold (in bytes)
+                      from which the request will be buffered on disk instead of in
+                      memory. Default: 1048576 (1Mi).'
+                    format: int64
+                    type: integer
+                  memResponseBodyBytes:
+                    description: 'MemResponseBodyBytes defines the threshold (in bytes)
+                      from which the response will be buffered on disk instead of
+                      in memory. Default: 1048576 (1Mi).'
+                    format: int64
+                    type: integer
+                  retryExpression:
+                    description: 'RetryExpression defines the retry conditions. It
+                      is a logical combination of functions with operators AND (&&)
+                      and OR (||). More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/buffering/#retryexpression'
+                    type: string
+                type: object
+              chain:
+                description: 'Chain holds the configuration of the chain middleware.
+                  This middleware enables to define reusable combinations of other
+                  pieces of middleware. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/chain/'
+                properties:
+                  middlewares:
+                    description: Middlewares is the list of MiddlewareRef which composes
+                      the chain.
+                    items:
+                      description: MiddlewareRef is a reference to a Middleware resource.
+                      properties:
+                        name:
+                          description: Name defines the name of the referenced Middleware
+                            resource.
+                          type: string
+                        namespace:
+                          description: Namespace defines the namespace of the referenced
+                            Middleware resource.
+                          type: string
+                      required:
+                      - name
+                      type: object
+                    type: array
+                type: object
+              circuitBreaker:
+                description: CircuitBreaker holds the circuit breaker configuration.
+                properties:
+                  checkPeriod:
+                    anyOf:
+                    - type: integer
+                    - type: string
+                    description: CheckPeriod is the interval between successive checks
+                      of the circuit breaker condition (when in standby state).
+                    x-kubernetes-int-or-string: true
+                  expression:
+                    description: Expression is the condition that triggers the tripped
+                      state.
+                    type: string
+                  fallbackDuration:
+                    anyOf:
+                    - type: integer
+                    - type: string
+                    description: FallbackDuration is the duration for which the circuit
+                      breaker will wait before trying to recover (from a tripped state).
+                    x-kubernetes-int-or-string: true
+                  recoveryDuration:
+                    anyOf:
+                    - type: integer
+                    - type: string
+                    description: RecoveryDuration is the duration for which the circuit
+                      breaker will try to recover (as soon as it is in recovering
+                      state).
+                    x-kubernetes-int-or-string: true
+                type: object
+              compress:
+                description: 'Compress holds the compress middleware configuration.
+                  This middleware compresses responses before sending them to the
+                  client, using gzip compression. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/compress/'
+                properties:
+                  excludedContentTypes:
+                    description: ExcludedContentTypes defines the list of content
+                      types to compare the Content-Type header of the incoming requests
+                      and responses before compressing.
+                    items:
+                      type: string
+                    type: array
+                  minResponseBodyBytes:
+                    description: 'MinResponseBodyBytes defines the minimum amount
+                      of bytes a response body must have to be compressed. Default:
+                      1024.'
+                    type: integer
+                type: object
+              contentType:
+                description: ContentType holds the content-type middleware configuration.
+                  This middleware exists to enable the correct behavior until at least
+                  the default one can be changed in a future version.
+                properties:
+                  autoDetect:
+                    description: AutoDetect specifies whether to let the `Content-Type`
+                      header, if it has not been set by the backend, be automatically
+                      set to a value derived from the contents of the response. As
+                      a proxy, the default behavior should be to leave the header
+                      alone, regardless of what the backend did with it. However,
+                      the historic default was to always auto-detect and set the header
+                      if it was nil, and it is going to be kept that way in order
+                      to support users currently relying on it.
+                    type: boolean
+                type: object
+              digestAuth:
+                description: 'DigestAuth holds the digest auth middleware configuration.
+                  This middleware restricts access to your services to known users.
+                  More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/digestauth/'
+                properties:
+                  headerField:
+                    description: 'HeaderField defines a header field to store the
+                      authenticated user. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/basicauth/#headerfield'
+                    type: string
+                  realm:
+                    description: 'Realm allows the protected resources on a server
+                      to be partitioned into a set of protection spaces, each with
+                      its own authentication scheme. Default: traefik.'
+                    type: string
+                  removeHeader:
+                    description: RemoveHeader defines whether to remove the authorization
+                      header before forwarding the request to the backend.
+                    type: boolean
+                  secret:
+                    description: Secret is the name of the referenced Kubernetes Secret
+                      containing user credentials.
+                    type: string
+                type: object
+              errors:
+                description: 'ErrorPage holds the custom error middleware configuration.
+                  This middleware returns a custom page in lieu of the default, according
+                  to configured ranges of HTTP Status codes. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/errorpages/'
+                properties:
+                  query:
+                    description: Query defines the URL for the error page (hosted
+                      by service). The {status} variable can be used in order to insert
+                      the status code in the URL.
+                    type: string
+                  service:
+                    description: 'Service defines the reference to a Kubernetes Service
+                      that will serve the error page. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/errorpages/#service'
+                    properties:
+                      kind:
+                        description: Kind defines the kind of the Service.
+                        enum:
+                        - Service
+                        - TraefikService
+                        type: string
+                      name:
+                        description: Name defines the name of the referenced Kubernetes
+                          Service or TraefikService. The differentiation between the
+                          two is specified in the Kind field.
+                        type: string
+                      namespace:
+                        description: Namespace defines the namespace of the referenced
+                          Kubernetes Service or TraefikService.
+                        type: string
+                      nativeLB:
+                        description: NativeLB controls, when creating the load-balancer,
+                          whether the LB's children are directly the pods IPs or if
+                          the only child is the Kubernetes Service clusterIP. The
+                          Kubernetes Service itself does load-balance to the pods.
+                          By default, NativeLB is false.
+                        type: boolean
+                      passHostHeader:
+                        description: PassHostHeader defines whether the client Host
+                          header is forwarded to the upstream Kubernetes Service.
+                          By default, passHostHeader is true.
+                        type: boolean
+                      port:
+                        anyOf:
+                        - type: integer
+                        - type: string
+                        description: Port defines the port of a Kubernetes Service.
+                          This can be a reference to a named port.
+                        x-kubernetes-int-or-string: true
+                      responseForwarding:
+                        description: ResponseForwarding defines how Traefik forwards
+                          the response from the upstream Kubernetes Service to the
+                          client.
+                        properties:
+                          flushInterval:
+                            description: 'FlushInterval defines the interval, in milliseconds,
+                              in between flushes to the client while copying the response
+                              body. A negative value means to flush immediately after
+                              each write to the client. This configuration is ignored
+                              when ReverseProxy recognizes a response as a streaming
+                              response; for such responses, writes are flushed to
+                              the client immediately. Default: 100ms'
+                            type: string
+                        type: object
+                      scheme:
+                        description: Scheme defines the scheme to use for the request
+                          to the upstream Kubernetes Service. It defaults to https
+                          when Kubernetes Service port is 443, http otherwise.
+                        type: string
+                      serversTransport:
+                        description: ServersTransport defines the name of ServersTransport
+                          resource to use. It allows to configure the transport between
+                          Traefik and your servers. Can only be used on a Kubernetes
+                          Service.
+                        type: string
+                      sticky:
+                        description: 'Sticky defines the sticky sessions configuration.
+                          More info: https://doc.traefik.io/traefik/v2.10/routing/services/#sticky-sessions'
+                        properties:
+                          cookie:
+                            description: Cookie defines the sticky cookie configuration.
+                            properties:
+                              httpOnly:
+                                description: HTTPOnly defines whether the cookie can
+                                  be accessed by client-side APIs, such as JavaScript.
+                                type: boolean
+                              name:
+                                description: Name defines the Cookie name.
+                                type: string
+                              sameSite:
+                                description: 'SameSite defines the same site policy.
+                                  More info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite'
+                                type: string
+                              secure:
+                                description: Secure defines whether the cookie can
+                                  only be transmitted over an encrypted connection
+                                  (i.e. HTTPS).
+                                type: boolean
+                            type: object
+                        type: object
+                      strategy:
+                        description: Strategy defines the load balancing strategy
+                          between the servers. RoundRobin is the only supported value
+                          at the moment.
+                        type: string
+                      weight:
+                        description: Weight defines the weight and should only be
+                          specified when Name references a TraefikService object (and
+                          to be precise, one that embeds a Weighted Round Robin).
+                        type: integer
+                    required:
+                    - name
+                    type: object
+                  status:
+                    description: Status defines which status or range of statuses
+                      should result in an error page. It can be either a status code
+                      as a number (500), as multiple comma-separated numbers (500,502),
+                      as ranges by separating two codes with a dash (500-599), or
+                      a combination of the two (404,418,500-599).
+                    items:
+                      type: string
+                    type: array
+                type: object
+              forwardAuth:
+                description: 'ForwardAuth holds the forward auth middleware configuration.
+                  This middleware delegates the request authentication to a Service.
+                  More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/forwardauth/'
+                properties:
+                  address:
+                    description: Address defines the authentication server address.
+                    type: string
+                  authRequestHeaders:
+                    description: AuthRequestHeaders defines the list of the headers
+                      to copy from the request to the authentication server. If not
+                      set or empty then all request headers are passed.
+                    items:
+                      type: string
+                    type: array
+                  authResponseHeaders:
+                    description: AuthResponseHeaders defines the list of headers to
+                      copy from the authentication server response and set on forwarded
+                      request, replacing any existing conflicting headers.
+                    items:
+                      type: string
+                    type: array
+                  authResponseHeadersRegex:
+                    description: 'AuthResponseHeadersRegex defines the regex to match
+                      headers to copy from the authentication server response and
+                      set on forwarded request, after stripping all headers that match
+                      the regex. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/forwardauth/#authresponseheadersregex'
+                    type: string
+                  tls:
+                    description: TLS defines the configuration used to secure the
+                      connection to the authentication server.
+                    properties:
+                      caOptional:
+                        type: boolean
+                      caSecret:
+                        description: CASecret is the name of the referenced Kubernetes
+                          Secret containing the CA to validate the server certificate.
+                          The CA certificate is extracted from key `tls.ca` or `ca.crt`.
+                        type: string
+                      certSecret:
+                        description: CertSecret is the name of the referenced Kubernetes
+                          Secret containing the client certificate. The client certificate
+                          is extracted from the keys `tls.crt` and `tls.key`.
+                        type: string
+                      insecureSkipVerify:
+                        description: InsecureSkipVerify defines whether the server
+                          certificates should be validated.
+                        type: boolean
+                    type: object
+                  trustForwardHeader:
+                    description: 'TrustForwardHeader defines whether to trust (ie:
+                      forward) all X-Forwarded-* headers.'
+                    type: boolean
+                type: object
+              headers:
+                description: 'Headers holds the headers middleware configuration.
+                  This middleware manages the requests and responses headers. More
+                  info: https://doc.traefik.io/traefik/v2.10/middlewares/http/headers/#customrequestheaders'
+                properties:
+                  accessControlAllowCredentials:
+                    description: AccessControlAllowCredentials defines whether the
+                      request can include user credentials.
+                    type: boolean
+                  accessControlAllowHeaders:
+                    description: AccessControlAllowHeaders defines the Access-Control-Request-Headers
+                      values sent in preflight response.
+                    items:
+                      type: string
+                    type: array
+                  accessControlAllowMethods:
+                    description: AccessControlAllowMethods defines the Access-Control-Request-Method
+                      values sent in preflight response.
+                    items:
+                      type: string
+                    type: array
+                  accessControlAllowOriginList:
+                    description: AccessControlAllowOriginList is a list of allowable
+                      origins. Can also be a wildcard origin "*".
+                    items:
+                      type: string
+                    type: array
+                  accessControlAllowOriginListRegex:
+                    description: AccessControlAllowOriginListRegex is a list of allowable
+                      origins written following the Regular Expression syntax (https://golang.org/pkg/regexp/).
+                    items:
+                      type: string
+                    type: array
+                  accessControlExposeHeaders:
+                    description: AccessControlExposeHeaders defines the Access-Control-Expose-Headers
+                      values sent in preflight response.
+                    items:
+                      type: string
+                    type: array
+                  accessControlMaxAge:
+                    description: AccessControlMaxAge defines the time that a preflight
+                      request may be cached.
+                    format: int64
+                    type: integer
+                  addVaryHeader:
+                    description: AddVaryHeader defines whether the Vary header is
+                      automatically added/updated when the AccessControlAllowOriginList
+                      is set.
+                    type: boolean
+                  allowedHosts:
+                    description: AllowedHosts defines the fully qualified list of
+                      allowed domain names.
+                    items:
+                      type: string
+                    type: array
+                  browserXssFilter:
+                    description: BrowserXSSFilter defines whether to add the X-XSS-Protection
+                      header with the value 1; mode=block.
+                    type: boolean
+                  contentSecurityPolicy:
+                    description: ContentSecurityPolicy defines the Content-Security-Policy
+                      header value.
+                    type: string
+                  contentTypeNosniff:
+                    description: ContentTypeNosniff defines whether to add the X-Content-Type-Options
+                      header with the nosniff value.
+                    type: boolean
+                  customBrowserXSSValue:
+                    description: CustomBrowserXSSValue defines the X-XSS-Protection
+                      header value. This overrides the BrowserXssFilter option.
+                    type: string
+                  customFrameOptionsValue:
+                    description: CustomFrameOptionsValue defines the X-Frame-Options
+                      header value. This overrides the FrameDeny option.
+                    type: string
+                  customRequestHeaders:
+                    additionalProperties:
+                      type: string
+                    description: CustomRequestHeaders defines the header names and
+                      values to apply to the request.
+                    type: object
+                  customResponseHeaders:
+                    additionalProperties:
+                      type: string
+                    description: CustomResponseHeaders defines the header names and
+                      values to apply to the response.
+                    type: object
+                  featurePolicy:
+                    description: 'Deprecated: use PermissionsPolicy instead.'
+                    type: string
+                  forceSTSHeader:
+                    description: ForceSTSHeader defines whether to add the STS header
+                      even when the connection is HTTP.
+                    type: boolean
+                  frameDeny:
+                    description: FrameDeny defines whether to add the X-Frame-Options
+                      header with the DENY value.
+                    type: boolean
+                  hostsProxyHeaders:
+                    description: HostsProxyHeaders defines the header keys that may
+                      hold a proxied hostname value for the request.
+                    items:
+                      type: string
+                    type: array
+                  isDevelopment:
+                    description: IsDevelopment defines whether to mitigate the unwanted
+                      effects of the AllowedHosts, SSL, and STS options when developing.
+                      Usually testing takes place using HTTP, not HTTPS, and on localhost,
+                      not your production domain. If you would like your development
+                      environment to mimic production with complete Host blocking,
+                      SSL redirects, and STS headers, leave this as false.
+                    type: boolean
+                  permissionsPolicy:
+                    description: PermissionsPolicy defines the Permissions-Policy
+                      header value. This allows sites to control browser features.
+                    type: string
+                  publicKey:
+                    description: PublicKey is the public key that implements HPKP
+                      to prevent MITM attacks with forged certificates.
+                    type: string
+                  referrerPolicy:
+                    description: ReferrerPolicy defines the Referrer-Policy header
+                      value. This allows sites to control whether browsers forward
+                      the Referer header to other sites.
+                    type: string
+                  sslForceHost:
+                    description: 'Deprecated: use RedirectRegex instead.'
+                    type: boolean
+                  sslHost:
+                    description: 'Deprecated: use RedirectRegex instead.'
+                    type: string
+                  sslProxyHeaders:
+                    additionalProperties:
+                      type: string
+                    description: 'SSLProxyHeaders defines the header keys with associated
+                      values that would indicate a valid HTTPS request. It can be
+                      useful when using other proxies (example: "X-Forwarded-Proto":
+                      "https").'
+                    type: object
+                  sslRedirect:
+                    description: 'Deprecated: use EntryPoint redirection or RedirectScheme
+                      instead.'
+                    type: boolean
+                  sslTemporaryRedirect:
+                    description: 'Deprecated: use EntryPoint redirection or RedirectScheme
+                      instead.'
+                    type: boolean
+                  stsIncludeSubdomains:
+                    description: STSIncludeSubdomains defines whether the includeSubDomains
+                      directive is appended to the Strict-Transport-Security header.
+                    type: boolean
+                  stsPreload:
+                    description: STSPreload defines whether the preload flag is appended
+                      to the Strict-Transport-Security header.
+                    type: boolean
+                  stsSeconds:
+                    description: STSSeconds defines the max-age of the Strict-Transport-Security
+                      header. If set to 0, the header is not set.
+                    format: int64
+                    type: integer
+                type: object
+              inFlightReq:
+                description: 'InFlightReq holds the in-flight request middleware configuration.
+                  This middleware limits the number of requests being processed and
+                  served concurrently. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/inflightreq/'
+                properties:
+                  amount:
+                    description: Amount defines the maximum amount of allowed simultaneous
+                      in-flight request. The middleware responds with HTTP 429 Too
+                      Many Requests if there are already amount requests in progress
+                      (based on the same sourceCriterion strategy).
+                    format: int64
+                    type: integer
+                  sourceCriterion:
+                    description: 'SourceCriterion defines what criterion is used to
+                      group requests as originating from a common source. If several
+                      strategies are defined at the same time, an error will be raised.
+                      If none are set, the default is to use the requestHost. More
+                      info: https://doc.traefik.io/traefik/v2.10/middlewares/http/inflightreq/#sourcecriterion'
+                    properties:
+                      ipStrategy:
+                        description: 'IPStrategy holds the IP strategy configuration
+                          used by Traefik to determine the client IP. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/ipwhitelist/#ipstrategy'
+                        properties:
+                          depth:
+                            description: Depth tells Traefik to use the X-Forwarded-For
+                              header and take the IP located at the depth position
+                              (starting from the right).
+                            type: integer
+                          excludedIPs:
+                            description: ExcludedIPs configures Traefik to scan the
+                              X-Forwarded-For header and select the first IP not in
+                              the list.
+                            items:
+                              type: string
+                            type: array
+                        type: object
+                      requestHeaderName:
+                        description: RequestHeaderName defines the name of the header
+                          used to group incoming requests.
+                        type: string
+                      requestHost:
+                        description: RequestHost defines whether to consider the request
+                          Host as the source.
+                        type: boolean
+                    type: object
+                type: object
+              ipWhiteList:
+                description: 'IPWhiteList holds the IP whitelist middleware configuration.
+                  This middleware accepts / refuses requests based on the client IP.
+                  More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/ipwhitelist/'
+                properties:
+                  ipStrategy:
+                    description: 'IPStrategy holds the IP strategy configuration used
+                      by Traefik to determine the client IP. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/ipwhitelist/#ipstrategy'
+                    properties:
+                      depth:
+                        description: Depth tells Traefik to use the X-Forwarded-For
+                          header and take the IP located at the depth position (starting
+                          from the right).
+                        type: integer
+                      excludedIPs:
+                        description: ExcludedIPs configures Traefik to scan the X-Forwarded-For
+                          header and select the first IP not in the list.
+                        items:
+                          type: string
+                        type: array
+                    type: object
+                  sourceRange:
+                    description: SourceRange defines the set of allowed IPs (or ranges
+                      of allowed IPs by using CIDR notation).
+                    items:
+                      type: string
+                    type: array
+                type: object
+              passTLSClientCert:
+                description: 'PassTLSClientCert holds the pass TLS client cert middleware
+                  configuration. This middleware adds the selected data from the passed
+                  client TLS certificate to a header. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/passtlsclientcert/'
+                properties:
+                  info:
+                    description: Info selects the specific client certificate details
+                      you want to add to the X-Forwarded-Tls-Client-Cert-Info header.
+                    properties:
+                      issuer:
+                        description: Issuer defines the client certificate issuer
+                          details to add to the X-Forwarded-Tls-Client-Cert-Info header.
+                        properties:
+                          commonName:
+                            description: CommonName defines whether to add the organizationalUnit
+                              information into the issuer.
+                            type: boolean
+                          country:
+                            description: Country defines whether to add the country
+                              information into the issuer.
+                            type: boolean
+                          domainComponent:
+                            description: DomainComponent defines whether to add the
+                              domainComponent information into the issuer.
+                            type: boolean
+                          locality:
+                            description: Locality defines whether to add the locality
+                              information into the issuer.
+                            type: boolean
+                          organization:
+                            description: Organization defines whether to add the organization
+                              information into the issuer.
+                            type: boolean
+                          province:
+                            description: Province defines whether to add the province
+                              information into the issuer.
+                            type: boolean
+                          serialNumber:
+                            description: SerialNumber defines whether to add the serialNumber
+                              information into the issuer.
+                            type: boolean
+                        type: object
+                      notAfter:
+                        description: NotAfter defines whether to add the Not After
+                          information from the Validity part.
+                        type: boolean
+                      notBefore:
+                        description: NotBefore defines whether to add the Not Before
+                          information from the Validity part.
+                        type: boolean
+                      sans:
+                        description: Sans defines whether to add the Subject Alternative
+                          Name information from the Subject Alternative Name part.
+                        type: boolean
+                      serialNumber:
+                        description: SerialNumber defines whether to add the client
+                          serialNumber information.
+                        type: boolean
+                      subject:
+                        description: Subject defines the client certificate subject
+                          details to add to the X-Forwarded-Tls-Client-Cert-Info header.
+                        properties:
+                          commonName:
+                            description: CommonName defines whether to add the organizationalUnit
+                              information into the subject.
+                            type: boolean
+                          country:
+                            description: Country defines whether to add the country
+                              information into the subject.
+                            type: boolean
+                          domainComponent:
+                            description: DomainComponent defines whether to add the
+                              domainComponent information into the subject.
+                            type: boolean
+                          locality:
+                            description: Locality defines whether to add the locality
+                              information into the subject.
+                            type: boolean
+                          organization:
+                            description: Organization defines whether to add the organization
+                              information into the subject.
+                            type: boolean
+                          organizationalUnit:
+                            description: OrganizationalUnit defines whether to add
+                              the organizationalUnit information into the subject.
+                            type: boolean
+                          province:
+                            description: Province defines whether to add the province
+                              information into the subject.
+                            type: boolean
+                          serialNumber:
+                            description: SerialNumber defines whether to add the serialNumber
+                              information into the subject.
+                            type: boolean
+                        type: object
+                    type: object
+                  pem:
+                    description: PEM sets the X-Forwarded-Tls-Client-Cert header with
+                      the certificate.
+                    type: boolean
+                type: object
+              plugin:
+                additionalProperties:
+                  x-kubernetes-preserve-unknown-fields: true
+                description: 'Plugin defines the middleware plugin configuration.
+                  More info: https://doc.traefik.io/traefik/plugins/'
+                type: object
+              rateLimit:
+                description: 'RateLimit holds the rate limit configuration. This middleware
+                  ensures that services will receive a fair amount of requests, and
+                  allows one to define what fair is. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/ratelimit/'
+                properties:
+                  average:
+                    description: Average is the maximum rate, by default in requests/s,
+                      allowed for the given source. It defaults to 0, which means
+                      no rate limiting. The rate is actually defined by dividing Average
+                      by Period. So for a rate below 1req/s, one needs to define a
+                      Period larger than a second.
+                    format: int64
+                    type: integer
+                  burst:
+                    description: Burst is the maximum number of requests allowed to
+                      arrive in the same arbitrarily small period of time. It defaults
+                      to 1.
+                    format: int64
+                    type: integer
+                  period:
+                    anyOf:
+                    - type: integer
+                    - type: string
+                    description: 'Period, in combination with Average, defines the
+                      actual maximum rate, such as: r = Average / Period. It defaults
+                      to a second.'
+                    x-kubernetes-int-or-string: true
+                  sourceCriterion:
+                    description: SourceCriterion defines what criterion is used to
+                      group requests as originating from a common source. If several
+                      strategies are defined at the same time, an error will be raised.
+                      If none are set, the default is to use the request's remote
+                      address field (as an ipStrategy).
+                    properties:
+                      ipStrategy:
+                        description: 'IPStrategy holds the IP strategy configuration
+                          used by Traefik to determine the client IP. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/ipwhitelist/#ipstrategy'
+                        properties:
+                          depth:
+                            description: Depth tells Traefik to use the X-Forwarded-For
+                              header and take the IP located at the depth position
+                              (starting from the right).
+                            type: integer
+                          excludedIPs:
+                            description: ExcludedIPs configures Traefik to scan the
+                              X-Forwarded-For header and select the first IP not in
+                              the list.
+                            items:
+                              type: string
+                            type: array
+                        type: object
+                      requestHeaderName:
+                        description: RequestHeaderName defines the name of the header
+                          used to group incoming requests.
+                        type: string
+                      requestHost:
+                        description: RequestHost defines whether to consider the request
+                          Host as the source.
+                        type: boolean
+                    type: object
+                type: object
+              redirectRegex:
+                description: 'RedirectRegex holds the redirect regex middleware configuration.
+                  This middleware redirects a request using regex matching and replacement.
+                  More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/redirectregex/#regex'
+                properties:
+                  permanent:
+                    description: Permanent defines whether the redirection is permanent
+                      (301).
+                    type: boolean
+                  regex:
+                    description: Regex defines the regex used to match and capture
+                      elements from the request URL.
+                    type: string
+                  replacement:
+                    description: Replacement defines how to modify the URL to have
+                      the new target URL.
+                    type: string
+                type: object
+              redirectScheme:
+                description: 'RedirectScheme holds the redirect scheme middleware
+                  configuration. This middleware redirects requests from a scheme/port
+                  to another. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/redirectscheme/'
+                properties:
+                  permanent:
+                    description: Permanent defines whether the redirection is permanent
+                      (301).
+                    type: boolean
+                  port:
+                    description: Port defines the port of the new URL.
+                    type: string
+                  scheme:
+                    description: Scheme defines the scheme of the new URL.
+                    type: string
+                type: object
+              replacePath:
+                description: 'ReplacePath holds the replace path middleware configuration.
+                  This middleware replaces the path of the request URL and store the
+                  original path in an X-Replaced-Path header. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/replacepath/'
+                properties:
+                  path:
+                    description: Path defines the path to use as replacement in the
+                      request URL.
+                    type: string
+                type: object
+              replacePathRegex:
+                description: 'ReplacePathRegex holds the replace path regex middleware
+                  configuration. This middleware replaces the path of a URL using
+                  regex matching and replacement. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/replacepathregex/'
+                properties:
+                  regex:
+                    description: Regex defines the regular expression used to match
+                      and capture the path from the request URL.
+                    type: string
+                  replacement:
+                    description: Replacement defines the replacement path format,
+                      which can include captured variables.
+                    type: string
+                type: object
+              retry:
+                description: 'Retry holds the retry middleware configuration. This
+                  middleware reissues requests a given number of times to a backend
+                  server if that server does not reply. As soon as the server answers,
+                  the middleware stops retrying, regardless of the response status.
+                  More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/retry/'
+                properties:
+                  attempts:
+                    description: Attempts defines how many times the request should
+                      be retried.
+                    type: integer
+                  initialInterval:
+                    anyOf:
+                    - type: integer
+                    - type: string
+                    description: InitialInterval defines the first wait time in the
+                      exponential backoff series. The maximum interval is calculated
+                      as twice the initialInterval. If unspecified, requests will
+                      be retried immediately. The value of initialInterval should
+                      be provided in seconds or as a valid duration format, see https://pkg.go.dev/time#ParseDuration.
+                    x-kubernetes-int-or-string: true
+                type: object
+              stripPrefix:
+                description: 'StripPrefix holds the strip prefix middleware configuration.
+                  This middleware removes the specified prefixes from the URL path.
+                  More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/stripprefix/'
+                properties:
+                  forceSlash:
+                    description: 'ForceSlash ensures that the resulting stripped path
+                      is not the empty string, by replacing it with / when necessary.
+                      Default: true.'
+                    type: boolean
+                  prefixes:
+                    description: Prefixes defines the prefixes to strip from the request
+                      URL.
+                    items:
+                      type: string
+                    type: array
+                type: object
+              stripPrefixRegex:
+                description: 'StripPrefixRegex holds the strip prefix regex middleware
+                  configuration. This middleware removes the matching prefixes from
+                  the URL path. More info: https://doc.traefik.io/traefik/v2.10/middlewares/http/stripprefixregex/'
+                properties:
+                  regex:
+                    description: Regex defines the regular expression to match the
+                      path prefix from the request URL.
+                    items:
+                      type: string
+                    type: array
+                type: object
+            type: object
+        required:
+        - metadata
+        - spec
+        type: object
+    served: true
+    storage: true
+status:
+  acceptedNames:
+    kind: ""
+    plural: ""
+  conditions: []
+  storedVersions: []
diff --git a/charts/traefik-crd/25.0.3+up25.0.0/templates/traefik.io_middlewaretcps.yaml b/charts/traefik-crd/25.0.3+up25.0.0/templates/traefik.io_middlewaretcps.yaml
new file mode 100644
index 0000000..8623568
--- /dev/null
+++ b/charts/traefik-crd/25.0.3+up25.0.0/templates/traefik.io_middlewaretcps.yaml
@@ -0,0 +1,72 @@
+
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    controller-gen.kubebuilder.io/version: v0.6.2
+  creationTimestamp: null
+  name: middlewaretcps.traefik.io
+spec:
+  group: traefik.io
+  names:
+    kind: MiddlewareTCP
+    listKind: MiddlewareTCPList
+    plural: middlewaretcps
+    singular: middlewaretcp
+  scope: Namespaced
+  versions:
+  - name: v1alpha1
+    schema:
+      openAPIV3Schema:
+        description: 'MiddlewareTCP is the CRD implementation of a Traefik TCP middleware.
+          More info: https://doc.traefik.io/traefik/v2.10/middlewares/overview/'
+        properties:
+          apiVersion:
+            description: 'APIVersion defines the versioned schema of this representation
+              of an object. Servers should convert recognized schemas to the latest
+              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            type: string
+          kind:
+            description: 'Kind is a string value representing the REST resource this
+              object represents. Servers may infer this from the endpoint the client
+              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            type: string
+          metadata:
+            type: object
+          spec:
+            description: MiddlewareTCPSpec defines the desired state of a MiddlewareTCP.
+            properties:
+              inFlightConn:
+                description: InFlightConn defines the InFlightConn middleware configuration.
+                properties:
+                  amount:
+                    description: Amount defines the maximum amount of allowed simultaneous
+                      connections. The middleware closes the connection if there are
+                      already amount connections opened.
+                    format: int64
+                    type: integer
+                type: object
+              ipWhiteList:
+                description: IPWhiteList defines the IPWhiteList middleware configuration.
+                properties:
+                  sourceRange:
+                    description: SourceRange defines the allowed IPs (or ranges of
+                      allowed IPs by using CIDR notation).
+                    items:
+                      type: string
+                    type: array
+                type: object
+            type: object
+        required:
+        - metadata
+        - spec
+        type: object
+    served: true
+    storage: true
+status:
+  acceptedNames:
+    kind: ""
+    plural: ""
+  conditions: []
+  storedVersions: []
diff --git a/charts/traefik-crd/25.0.3+up25.0.0/templates/traefik.io_serverstransports.yaml b/charts/traefik-crd/25.0.3+up25.0.0/templates/traefik.io_serverstransports.yaml
new file mode 100644
index 0000000..803b563
--- /dev/null
+++ b/charts/traefik-crd/25.0.3+up25.0.0/templates/traefik.io_serverstransports.yaml
@@ -0,0 +1,128 @@
+
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    controller-gen.kubebuilder.io/version: v0.6.2
+  creationTimestamp: null
+  name: serverstransports.traefik.io
+spec:
+  group: traefik.io
+  names:
+    kind: ServersTransport
+    listKind: ServersTransportList
+    plural: serverstransports
+    singular: serverstransport
+  scope: Namespaced
+  versions:
+  - name: v1alpha1
+    schema:
+      openAPIV3Schema:
+        description: 'ServersTransport is the CRD implementation of a ServersTransport.
+          If no serversTransport is specified, the default@internal will be used.
+          The default@internal serversTransport is created from the static configuration.
+          More info: https://doc.traefik.io/traefik/v2.10/routing/services/#serverstransport_1'
+        properties:
+          apiVersion:
+            description: 'APIVersion defines the versioned schema of this representation
+              of an object. Servers should convert recognized schemas to the latest
+              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            type: string
+          kind:
+            description: 'Kind is a string value representing the REST resource this
+              object represents. Servers may infer this from the endpoint the client
+              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            type: string
+          metadata:
+            type: object
+          spec:
+            description: ServersTransportSpec defines the desired state of a ServersTransport.
+            properties:
+              certificatesSecrets:
+                description: CertificatesSecrets defines a list of secret storing
+                  client certificates for mTLS.
+                items:
+                  type: string
+                type: array
+              disableHTTP2:
+                description: DisableHTTP2 disables HTTP/2 for connections with backend
+                  servers.
+                type: boolean
+              forwardingTimeouts:
+                description: ForwardingTimeouts defines the timeouts for requests
+                  forwarded to the backend servers.
+                properties:
+                  dialTimeout:
+                    anyOf:
+                    - type: integer
+                    - type: string
+                    description: DialTimeout is the amount of time to wait until a
+                      connection to a backend server can be established.
+                    x-kubernetes-int-or-string: true
+                  idleConnTimeout:
+                    anyOf:
+                    - type: integer
+                    - type: string
+                    description: IdleConnTimeout is the maximum period for which an
+                      idle HTTP keep-alive connection will remain open before closing
+                      itself.
+                    x-kubernetes-int-or-string: true
+                  pingTimeout:
+                    anyOf:
+                    - type: integer
+                    - type: string
+                    description: PingTimeout is the timeout after which the HTTP/2
+                      connection will be closed if a response to ping is not received.
+                    x-kubernetes-int-or-string: true
+                  readIdleTimeout:
+                    anyOf:
+                    - type: integer
+                    - type: string
+                    description: ReadIdleTimeout is the timeout after which a health
+                      check using ping frame will be carried out if no frame is received
+                      on the HTTP/2 connection.
+                    x-kubernetes-int-or-string: true
+                  responseHeaderTimeout:
+                    anyOf:
+                    - type: integer
+                    - type: string
+                    description: ResponseHeaderTimeout is the amount of time to wait
+                      for a server's response headers after fully writing the request
+                      (including its body, if any).
+                    x-kubernetes-int-or-string: true
+                type: object
+              insecureSkipVerify:
+                description: InsecureSkipVerify disables SSL certificate verification.
+                type: boolean
+              maxIdleConnsPerHost:
+                description: MaxIdleConnsPerHost controls the maximum idle (keep-alive)
+                  to keep per-host.
+                type: integer
+              peerCertURI:
+                description: PeerCertURI defines the peer cert URI used to match against
+                  SAN URI during the peer certificate verification.
+                type: string
+              rootCAsSecrets:
+                description: RootCAsSecrets defines a list of CA secret used to validate
+                  self-signed certificate.
+                items:
+                  type: string
+                type: array
+              serverName:
+                description: ServerName defines the server name used to contact the
+                  server.
+                type: string
+            type: object
+        required:
+        - metadata
+        - spec
+        type: object
+    served: true
+    storage: true
+status:
+  acceptedNames:
+    kind: ""
+    plural: ""
+  conditions: []
+  storedVersions: []
diff --git a/charts/traefik-crd/25.0.3+up25.0.0/templates/traefik.io_serverstransporttcps.yaml b/charts/traefik-crd/25.0.3+up25.0.0/templates/traefik.io_serverstransporttcps.yaml
new file mode 100644
index 0000000..b43fdcb
--- /dev/null
+++ b/charts/traefik-crd/25.0.3+up25.0.0/templates/traefik.io_serverstransporttcps.yaml
@@ -0,0 +1,122 @@
+
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    controller-gen.kubebuilder.io/version: v0.6.2
+  creationTimestamp: null
+  name: serverstransporttcps.traefik.io
+spec:
+  group: traefik.io
+  names:
+    kind: ServersTransportTCP
+    listKind: ServersTransportTCPList
+    plural: serverstransporttcps
+    singular: serverstransporttcp
+  scope: Namespaced
+  versions:
+  - name: v1alpha1
+    schema:
+      openAPIV3Schema:
+        description: 'ServersTransportTCP is the CRD implementation of a TCPServersTransport.
+          If no tcpServersTransport is specified, a default one named default@internal
+          will be used. The default@internal tcpServersTransport can be configured
+          in the static configuration. More info: https://doc.traefik.io/traefik/v3.0/routing/services/#serverstransport_3'
+        properties:
+          apiVersion:
+            description: 'APIVersion defines the versioned schema of this representation
+              of an object. Servers should convert recognized schemas to the latest
+              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            type: string
+          kind:
+            description: 'Kind is a string value representing the REST resource this
+              object represents. Servers may infer this from the endpoint the client
+              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            type: string
+          metadata:
+            type: object
+          spec:
+            description: ServersTransportTCPSpec defines the desired state of a ServersTransportTCP.
+            properties:
+              dialKeepAlive:
+                anyOf:
+                - type: integer
+                - type: string
+                description: DialKeepAlive is the interval between keep-alive probes
+                  for an active network connection. If zero, keep-alive probes are
+                  sent with a default value (currently 15 seconds), if supported by
+                  the protocol and operating system. Network protocols or operating
+                  systems that do not support keep-alives ignore this field. If negative,
+                  keep-alive probes are disabled.
+                x-kubernetes-int-or-string: true
+              dialTimeout:
+                anyOf:
+                - type: integer
+                - type: string
+                description: DialTimeout is the amount of time to wait until a connection
+                  to a backend server can be established.
+                x-kubernetes-int-or-string: true
+              terminationDelay:
+                anyOf:
+                - type: integer
+                - type: string
+                description: TerminationDelay defines the delay to wait before fully
+                  terminating the connection, after one connected peer has closed
+                  its writing capability.
+                x-kubernetes-int-or-string: true
+              tls:
+                description: TLS defines the TLS configuration
+                properties:
+                  certificatesSecrets:
+                    description: CertificatesSecrets defines a list of secret storing
+                      client certificates for mTLS.
+                    items:
+                      type: string
+                    type: array
+                  insecureSkipVerify:
+                    description: InsecureSkipVerify disables TLS certificate verification.
+                    type: boolean
+                  peerCertURI:
+                    description: MaxIdleConnsPerHost controls the maximum idle (keep-alive)
+                      to keep per-host. PeerCertURI defines the peer cert URI used
+                      to match against SAN URI during the peer certificate verification.
+                    type: string
+                  rootCAsSecrets:
+                    description: RootCAsSecrets defines a list of CA secret used to
+                      validate self-signed certificates.
+                    items:
+                      type: string
+                    type: array
+                  serverName:
+                    description: ServerName defines the server name used to contact
+                      the server.
+                    type: string
+                  spiffe:
+                    description: Spiffe defines the SPIFFE configuration.
+                    properties:
+                      ids:
+                        description: IDs defines the allowed SPIFFE IDs (takes precedence
+                          over the SPIFFE TrustDomain).
+                        items:
+                          type: string
+                        type: array
+                      trustDomain:
+                        description: TrustDomain defines the allowed SPIFFE trust
+                          domain.
+                        type: string
+                    type: object
+                type: object
+            type: object
+        required:
+        - metadata
+        - spec
+        type: object
+    served: true
+    storage: true
+status:
+  acceptedNames:
+    kind: ""
+    plural: ""
+  conditions: []
+  storedVersions: []
diff --git a/charts/traefik-crd/25.0.3+up25.0.0/templates/traefik.io_tlsoptions.yaml b/charts/traefik-crd/25.0.3+up25.0.0/templates/traefik.io_tlsoptions.yaml
new file mode 100644
index 0000000..b86fefe
--- /dev/null
+++ b/charts/traefik-crd/25.0.3+up25.0.0/templates/traefik.io_tlsoptions.yaml
@@ -0,0 +1,113 @@
+
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    controller-gen.kubebuilder.io/version: v0.6.2
+  creationTimestamp: null
+  name: tlsoptions.traefik.io
+spec:
+  group: traefik.io
+  names:
+    kind: TLSOption
+    listKind: TLSOptionList
+    plural: tlsoptions
+    singular: tlsoption
+  scope: Namespaced
+  versions:
+  - name: v1alpha1
+    schema:
+      openAPIV3Schema:
+        description: 'TLSOption is the CRD implementation of a Traefik TLS Option,
+          allowing to configure some parameters of the TLS connection. More info:
+          https://doc.traefik.io/traefik/v2.10/https/tls/#tls-options'
+        properties:
+          apiVersion:
+            description: 'APIVersion defines the versioned schema of this representation
+              of an object. Servers should convert recognized schemas to the latest
+              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            type: string
+          kind:
+            description: 'Kind is a string value representing the REST resource this
+              object represents. Servers may infer this from the endpoint the client
+              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            type: string
+          metadata:
+            type: object
+          spec:
+            description: TLSOptionSpec defines the desired state of a TLSOption.
+            properties:
+              alpnProtocols:
+                description: 'ALPNProtocols defines the list of supported application
+                  level protocols for the TLS handshake, in order of preference. More
+                  info: https://doc.traefik.io/traefik/v2.10/https/tls/#alpn-protocols'
+                items:
+                  type: string
+                type: array
+              cipherSuites:
+                description: 'CipherSuites defines the list of supported cipher suites
+                  for TLS versions up to TLS 1.2. More info: https://doc.traefik.io/traefik/v2.10/https/tls/#cipher-suites'
+                items:
+                  type: string
+                type: array
+              clientAuth:
+                description: ClientAuth defines the server's policy for TLS Client
+                  Authentication.
+                properties:
+                  clientAuthType:
+                    description: ClientAuthType defines the client authentication
+                      type to apply.
+                    enum:
+                    - NoClientCert
+                    - RequestClientCert
+                    - RequireAnyClientCert
+                    - VerifyClientCertIfGiven
+                    - RequireAndVerifyClientCert
+                    type: string
+                  secretNames:
+                    description: SecretNames defines the names of the referenced Kubernetes
+                      Secret storing certificate details.
+                    items:
+                      type: string
+                    type: array
+                type: object
+              curvePreferences:
+                description: 'CurvePreferences defines the preferred elliptic curves
+                  in a specific order. More info: https://doc.traefik.io/traefik/v2.10/https/tls/#curve-preferences'
+                items:
+                  type: string
+                type: array
+              maxVersion:
+                description: 'MaxVersion defines the maximum TLS version that Traefik
+                  will accept. Possible values: VersionTLS10, VersionTLS11, VersionTLS12,
+                  VersionTLS13. Default: None.'
+                type: string
+              minVersion:
+                description: 'MinVersion defines the minimum TLS version that Traefik
+                  will accept. Possible values: VersionTLS10, VersionTLS11, VersionTLS12,
+                  VersionTLS13. Default: VersionTLS10.'
+                type: string
+              preferServerCipherSuites:
+                description: 'PreferServerCipherSuites defines whether the server
+                  chooses a cipher suite among his own instead of among the client''s.
+                  It is enabled automatically when minVersion or maxVersion is set.
+                  Deprecated: https://github.com/golang/go/issues/45430'
+                type: boolean
+              sniStrict:
+                description: SniStrict defines whether Traefik allows connections
+                  from clients connections that do not specify a server_name extension.
+                type: boolean
+            type: object
+        required:
+        - metadata
+        - spec
+        type: object
+    served: true
+    storage: true
+status:
+  acceptedNames:
+    kind: ""
+    plural: ""
+  conditions: []
+  storedVersions: []
diff --git a/charts/traefik-crd/25.0.3+up25.0.0/templates/traefik.io_tlsstores.yaml b/charts/traefik-crd/25.0.3+up25.0.0/templates/traefik.io_tlsstores.yaml
new file mode 100644
index 0000000..47b4685
--- /dev/null
+++ b/charts/traefik-crd/25.0.3+up25.0.0/templates/traefik.io_tlsstores.yaml
@@ -0,0 +1,99 @@
+
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    controller-gen.kubebuilder.io/version: v0.6.2
+  creationTimestamp: null
+  name: tlsstores.traefik.io
+spec:
+  group: traefik.io
+  names:
+    kind: TLSStore
+    listKind: TLSStoreList
+    plural: tlsstores
+    singular: tlsstore
+  scope: Namespaced
+  versions:
+  - name: v1alpha1
+    schema:
+      openAPIV3Schema:
+        description: 'TLSStore is the CRD implementation of a Traefik TLS Store. For
+          the time being, only the TLSStore named default is supported. This means
+          that you cannot have two stores that are named default in different Kubernetes
+          namespaces. More info: https://doc.traefik.io/traefik/v2.10/https/tls/#certificates-stores'
+        properties:
+          apiVersion:
+            description: 'APIVersion defines the versioned schema of this representation
+              of an object. Servers should convert recognized schemas to the latest
+              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            type: string
+          kind:
+            description: 'Kind is a string value representing the REST resource this
+              object represents. Servers may infer this from the endpoint the client
+              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            type: string
+          metadata:
+            type: object
+          spec:
+            description: TLSStoreSpec defines the desired state of a TLSStore.
+            properties:
+              certificates:
+                description: Certificates is a list of secret names, each secret holding
+                  a key/certificate pair to add to the store.
+                items:
+                  description: Certificate holds a secret name for the TLSStore resource.
+                  properties:
+                    secretName:
+                      description: SecretName is the name of the referenced Kubernetes
+                        Secret to specify the certificate details.
+                      type: string
+                  required:
+                  - secretName
+                  type: object
+                type: array
+              defaultCertificate:
+                description: DefaultCertificate defines the default certificate configuration.
+                properties:
+                  secretName:
+                    description: SecretName is the name of the referenced Kubernetes
+                      Secret to specify the certificate details.
+                    type: string
+                required:
+                - secretName
+                type: object
+              defaultGeneratedCert:
+                description: DefaultGeneratedCert defines the default generated certificate
+                  configuration.
+                properties:
+                  domain:
+                    description: Domain is the domain definition for the DefaultCertificate.
+                    properties:
+                      main:
+                        description: Main defines the main domain name.
+                        type: string
+                      sans:
+                        description: SANs defines the subject alternative domain names.
+                        items:
+                          type: string
+                        type: array
+                    type: object
+                  resolver:
+                    description: Resolver is the name of the resolver that will be
+                      used to issue the DefaultCertificate.
+                    type: string
+                type: object
+            type: object
+        required:
+        - metadata
+        - spec
+        type: object
+    served: true
+    storage: true
+status:
+  acceptedNames:
+    kind: ""
+    plural: ""
+  conditions: []
+  storedVersions: []
diff --git a/charts/traefik-crd/25.0.3+up25.0.0/templates/traefik.io_traefikservices.yaml b/charts/traefik-crd/25.0.3+up25.0.0/templates/traefik.io_traefikservices.yaml
new file mode 100644
index 0000000..0f3475b
--- /dev/null
+++ b/charts/traefik-crd/25.0.3+up25.0.0/templates/traefik.io_traefikservices.yaml
@@ -0,0 +1,402 @@
+
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    controller-gen.kubebuilder.io/version: v0.6.2
+  creationTimestamp: null
+  name: traefikservices.traefik.io
+spec:
+  group: traefik.io
+  names:
+    kind: TraefikService
+    listKind: TraefikServiceList
+    plural: traefikservices
+    singular: traefikservice
+  scope: Namespaced
+  versions:
+  - name: v1alpha1
+    schema:
+      openAPIV3Schema:
+        description: 'TraefikService is the CRD implementation of a Traefik Service.
+          TraefikService object allows to: - Apply weight to Services on load-balancing
+          - Mirror traffic on services More info: https://doc.traefik.io/traefik/v2.10/routing/providers/kubernetes-crd/#kind-traefikservice'
+        properties:
+          apiVersion:
+            description: 'APIVersion defines the versioned schema of this representation
+              of an object. Servers should convert recognized schemas to the latest
+              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            type: string
+          kind:
+            description: 'Kind is a string value representing the REST resource this
+              object represents. Servers may infer this from the endpoint the client
+              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            type: string
+          metadata:
+            type: object
+          spec:
+            description: TraefikServiceSpec defines the desired state of a TraefikService.
+            properties:
+              mirroring:
+                description: Mirroring defines the Mirroring service configuration.
+                properties:
+                  kind:
+                    description: Kind defines the kind of the Service.
+                    enum:
+                    - Service
+                    - TraefikService
+                    type: string
+                  maxBodySize:
+                    description: MaxBodySize defines the maximum size allowed for
+                      the body of the request. If the body is larger, the request
+                      is not mirrored. Default value is -1, which means unlimited
+                      size.
+                    format: int64
+                    type: integer
+                  mirrors:
+                    description: Mirrors defines the list of mirrors where Traefik
+                      will duplicate the traffic.
+                    items:
+                      description: MirrorService holds the mirror configuration.
+                      properties:
+                        kind:
+                          description: Kind defines the kind of the Service.
+                          enum:
+                          - Service
+                          - TraefikService
+                          type: string
+                        name:
+                          description: Name defines the name of the referenced Kubernetes
+                            Service or TraefikService. The differentiation between
+                            the two is specified in the Kind field.
+                          type: string
+                        namespace:
+                          description: Namespace defines the namespace of the referenced
+                            Kubernetes Service or TraefikService.
+                          type: string
+                        nativeLB:
+                          description: NativeLB controls, when creating the load-balancer,
+                            whether the LB's children are directly the pods IPs or
+                            if the only child is the Kubernetes Service clusterIP.
+                            The Kubernetes Service itself does load-balance to the
+                            pods. By default, NativeLB is false.
+                          type: boolean
+                        passHostHeader:
+                          description: PassHostHeader defines whether the client Host
+                            header is forwarded to the upstream Kubernetes Service.
+                            By default, passHostHeader is true.
+                          type: boolean
+                        percent:
+                          description: 'Percent defines the part of the traffic to
+                            mirror. Supported values: 0 to 100.'
+                          type: integer
+                        port:
+                          anyOf:
+                          - type: integer
+                          - type: string
+                          description: Port defines the port of a Kubernetes Service.
+                            This can be a reference to a named port.
+                          x-kubernetes-int-or-string: true
+                        responseForwarding:
+                          description: ResponseForwarding defines how Traefik forwards
+                            the response from the upstream Kubernetes Service to the
+                            client.
+                          properties:
+                            flushInterval:
+                              description: 'FlushInterval defines the interval, in
+                                milliseconds, in between flushes to the client while
+                                copying the response body. A negative value means
+                                to flush immediately after each write to the client.
+                                This configuration is ignored when ReverseProxy recognizes
+                                a response as a streaming response; for such responses,
+                                writes are flushed to the client immediately. Default:
+                                100ms'
+                              type: string
+                          type: object
+                        scheme:
+                          description: Scheme defines the scheme to use for the request
+                            to the upstream Kubernetes Service. It defaults to https
+                            when Kubernetes Service port is 443, http otherwise.
+                          type: string
+                        serversTransport:
+                          description: ServersTransport defines the name of ServersTransport
+                            resource to use. It allows to configure the transport
+                            between Traefik and your servers. Can only be used on
+                            a Kubernetes Service.
+                          type: string
+                        sticky:
+                          description: 'Sticky defines the sticky sessions configuration.
+                            More info: https://doc.traefik.io/traefik/v2.10/routing/services/#sticky-sessions'
+                          properties:
+                            cookie:
+                              description: Cookie defines the sticky cookie configuration.
+                              properties:
+                                httpOnly:
+                                  description: HTTPOnly defines whether the cookie
+                                    can be accessed by client-side APIs, such as JavaScript.
+                                  type: boolean
+                                name:
+                                  description: Name defines the Cookie name.
+                                  type: string
+                                sameSite:
+                                  description: 'SameSite defines the same site policy.
+                                    More info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite'
+                                  type: string
+                                secure:
+                                  description: Secure defines whether the cookie can
+                                    only be transmitted over an encrypted connection
+                                    (i.e. HTTPS).
+                                  type: boolean
+                              type: object
+                          type: object
+                        strategy:
+                          description: Strategy defines the load balancing strategy
+                            between the servers. RoundRobin is the only supported
+                            value at the moment.
+                          type: string
+                        weight:
+                          description: Weight defines the weight and should only be
+                            specified when Name references a TraefikService object
+                            (and to be precise, one that embeds a Weighted Round Robin).
+                          type: integer
+                      required:
+                      - name
+                      type: object
+                    type: array
+                  name:
+                    description: Name defines the name of the referenced Kubernetes
+                      Service or TraefikService. The differentiation between the two
+                      is specified in the Kind field.
+                    type: string
+                  namespace:
+                    description: Namespace defines the namespace of the referenced
+                      Kubernetes Service or TraefikService.
+                    type: string
+                  nativeLB:
+                    description: NativeLB controls, when creating the load-balancer,
+                      whether the LB's children are directly the pods IPs or if the
+                      only child is the Kubernetes Service clusterIP. The Kubernetes
+                      Service itself does load-balance to the pods. By default, NativeLB
+                      is false.
+                    type: boolean
+                  passHostHeader:
+                    description: PassHostHeader defines whether the client Host header
+                      is forwarded to the upstream Kubernetes Service. By default,
+                      passHostHeader is true.
+                    type: boolean
+                  port:
+                    anyOf:
+                    - type: integer
+                    - type: string
+                    description: Port defines the port of a Kubernetes Service. This
+                      can be a reference to a named port.
+                    x-kubernetes-int-or-string: true
+                  responseForwarding:
+                    description: ResponseForwarding defines how Traefik forwards the
+                      response from the upstream Kubernetes Service to the client.
+                    properties:
+                      flushInterval:
+                        description: 'FlushInterval defines the interval, in milliseconds,
+                          in between flushes to the client while copying the response
+                          body. A negative value means to flush immediately after
+                          each write to the client. This configuration is ignored
+                          when ReverseProxy recognizes a response as a streaming response;
+                          for such responses, writes are flushed to the client immediately.
+                          Default: 100ms'
+                        type: string
+                    type: object
+                  scheme:
+                    description: Scheme defines the scheme to use for the request
+                      to the upstream Kubernetes Service. It defaults to https when
+                      Kubernetes Service port is 443, http otherwise.
+                    type: string
+                  serversTransport:
+                    description: ServersTransport defines the name of ServersTransport
+                      resource to use. It allows to configure the transport between
+                      Traefik and your servers. Can only be used on a Kubernetes Service.
+                    type: string
+                  sticky:
+                    description: 'Sticky defines the sticky sessions configuration.
+                      More info: https://doc.traefik.io/traefik/v2.10/routing/services/#sticky-sessions'
+                    properties:
+                      cookie:
+                        description: Cookie defines the sticky cookie configuration.
+                        properties:
+                          httpOnly:
+                            description: HTTPOnly defines whether the cookie can be
+                              accessed by client-side APIs, such as JavaScript.
+                            type: boolean
+                          name:
+                            description: Name defines the Cookie name.
+                            type: string
+                          sameSite:
+                            description: 'SameSite defines the same site policy. More
+                              info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite'
+                            type: string
+                          secure:
+                            description: Secure defines whether the cookie can only
+                              be transmitted over an encrypted connection (i.e. HTTPS).
+                            type: boolean
+                        type: object
+                    type: object
+                  strategy:
+                    description: Strategy defines the load balancing strategy between
+                      the servers. RoundRobin is the only supported value at the moment.
+                    type: string
+                  weight:
+                    description: Weight defines the weight and should only be specified
+                      when Name references a TraefikService object (and to be precise,
+                      one that embeds a Weighted Round Robin).
+                    type: integer
+                required:
+                - name
+                type: object
+              weighted:
+                description: Weighted defines the Weighted Round Robin configuration.
+                properties:
+                  services:
+                    description: Services defines the list of Kubernetes Service and/or
+                      TraefikService to load-balance, with weight.
+                    items:
+                      description: Service defines an upstream HTTP service to proxy
+                        traffic to.
+                      properties:
+                        kind:
+                          description: Kind defines the kind of the Service.
+                          enum:
+                          - Service
+                          - TraefikService
+                          type: string
+                        name:
+                          description: Name defines the name of the referenced Kubernetes
+                            Service or TraefikService. The differentiation between
+                            the two is specified in the Kind field.
+                          type: string
+                        namespace:
+                          description: Namespace defines the namespace of the referenced
+                            Kubernetes Service or TraefikService.
+                          type: string
+                        nativeLB:
+                          description: NativeLB controls, when creating the load-balancer,
+                            whether the LB's children are directly the pods IPs or
+                            if the only child is the Kubernetes Service clusterIP.
+                            The Kubernetes Service itself does load-balance to the
+                            pods. By default, NativeLB is false.
+                          type: boolean
+                        passHostHeader:
+                          description: PassHostHeader defines whether the client Host
+                            header is forwarded to the upstream Kubernetes Service.
+                            By default, passHostHeader is true.
+                          type: boolean
+                        port:
+                          anyOf:
+                          - type: integer
+                          - type: string
+                          description: Port defines the port of a Kubernetes Service.
+                            This can be a reference to a named port.
+                          x-kubernetes-int-or-string: true
+                        responseForwarding:
+                          description: ResponseForwarding defines how Traefik forwards
+                            the response from the upstream Kubernetes Service to the
+                            client.
+                          properties:
+                            flushInterval:
+                              description: 'FlushInterval defines the interval, in
+                                milliseconds, in between flushes to the client while
+                                copying the response body. A negative value means
+                                to flush immediately after each write to the client.
+                                This configuration is ignored when ReverseProxy recognizes
+                                a response as a streaming response; for such responses,
+                                writes are flushed to the client immediately. Default:
+                                100ms'
+                              type: string
+                          type: object
+                        scheme:
+                          description: Scheme defines the scheme to use for the request
+                            to the upstream Kubernetes Service. It defaults to https
+                            when Kubernetes Service port is 443, http otherwise.
+                          type: string
+                        serversTransport:
+                          description: ServersTransport defines the name of ServersTransport
+                            resource to use. It allows to configure the transport
+                            between Traefik and your servers. Can only be used on
+                            a Kubernetes Service.
+                          type: string
+                        sticky:
+                          description: 'Sticky defines the sticky sessions configuration.
+                            More info: https://doc.traefik.io/traefik/v2.10/routing/services/#sticky-sessions'
+                          properties:
+                            cookie:
+                              description: Cookie defines the sticky cookie configuration.
+                              properties:
+                                httpOnly:
+                                  description: HTTPOnly defines whether the cookie
+                                    can be accessed by client-side APIs, such as JavaScript.
+                                  type: boolean
+                                name:
+                                  description: Name defines the Cookie name.
+                                  type: string
+                                sameSite:
+                                  description: 'SameSite defines the same site policy.
+                                    More info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite'
+                                  type: string
+                                secure:
+                                  description: Secure defines whether the cookie can
+                                    only be transmitted over an encrypted connection
+                                    (i.e. HTTPS).
+                                  type: boolean
+                              type: object
+                          type: object
+                        strategy:
+                          description: Strategy defines the load balancing strategy
+                            between the servers. RoundRobin is the only supported
+                            value at the moment.
+                          type: string
+                        weight:
+                          description: Weight defines the weight and should only be
+                            specified when Name references a TraefikService object
+                            (and to be precise, one that embeds a Weighted Round Robin).
+                          type: integer
+                      required:
+                      - name
+                      type: object
+                    type: array
+                  sticky:
+                    description: 'Sticky defines whether sticky sessions are enabled.
+                      More info: https://doc.traefik.io/traefik/v2.10/routing/providers/kubernetes-crd/#stickiness-and-load-balancing'
+                    properties:
+                      cookie:
+                        description: Cookie defines the sticky cookie configuration.
+                        properties:
+                          httpOnly:
+                            description: HTTPOnly defines whether the cookie can be
+                              accessed by client-side APIs, such as JavaScript.
+                            type: boolean
+                          name:
+                            description: Name defines the Cookie name.
+                            type: string
+                          sameSite:
+                            description: 'SameSite defines the same site policy. More
+                              info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite'
+                            type: string
+                          secure:
+                            description: Secure defines whether the cookie can only
+                              be transmitted over an encrypted connection (i.e. HTTPS).
+                            type: boolean
+                        type: object
+                    type: object
+                type: object
+            type: object
+        required:
+        - metadata
+        - spec
+        type: object
+    served: true
+    storage: true
+status:
+  acceptedNames:
+    kind: ""
+    plural: ""
+  conditions: []
+  storedVersions: []
diff --git a/charts/traefik/25.0.3+up25.0.0/.helmignore b/charts/traefik/25.0.3+up25.0.0/.helmignore
new file mode 100644
index 0000000..9c42ddd
--- /dev/null
+++ b/charts/traefik/25.0.3+up25.0.0/.helmignore
@@ -0,0 +1,2 @@
+tests/
+crds/kustomization.yaml
diff --git a/charts/traefik/25.0.3+up25.0.0/Changelog.md b/charts/traefik/25.0.3+up25.0.0/Changelog.md
new file mode 100644
index 0000000..62162c6
--- /dev/null
+++ b/charts/traefik/25.0.3+up25.0.0/Changelog.md
@@ -0,0 +1,7450 @@
+# Change Log
+
+## 25.0.0  ![AppVersion: v2.10.5](https://img.shields.io/static/v1?label=AppVersion&message=v2.10.5&color=success&logo=) ![Kubernetes: >=1.16.0-0](https://img.shields.io/static/v1?label=Kubernetes&message=%3E%3D1.16.0-0&color=informational&logo=kubernetes) ![Helm: v3](https://img.shields.io/static/v1?label=Helm&message=v3&color=informational&logo=helm)
+
+**Release date:** 2023-10-16
+
+* revert: "fix: 🐛 remove old CRDs using traefik.containo.us"
+* fix: 🐛 warn user when he's using previous syntax on redirect
+* fix: 🐛 remove old CRDs using traefik.containo.us
+* fix: disable ClusterRole and ClusterRoleBinding when not needed
+* fix: detect correctly v3 version when using sha in `image.tag`
+* fix: allow updateStrategy.rollingUpdate.maxUnavailable to be passed in as an int or string
+* fix: add missing separator in crds
+* fix: add Prometheus scraping annotations only if serviceMonitor not created
+* feat: ✨ add healthcheck ingressRoute
+* feat: :boom: support http redirections and http challenges with cert-manager
+* feat: :boom: rework and allow update of namespace policy for Gateway
+* docs: Fix typo in the default values file
+* chore: remove label whitespace at TLSOption
+* chore(release): 🚀 publish v25.0.0
+* chore(deps): update traefik docker tag to v2.10.5
+* chore(deps): update docker.io/helmunittest/helm-unittest docker tag to v3.12.3
+* chore(ci): 🔧 👷 add e2e test when releasing
+
+### Default value changes
+
+```diff
+diff --git a/traefik/values.yaml b/traefik/values.yaml
+index aeec85c..71e377e 100644
+--- a/traefik/values.yaml
++++ b/traefik/values.yaml
+@@ -45,60 +45,60 @@ deployment:
+   podLabels: {}
+   # -- Additional containers (e.g. for metric offloading sidecars)
+   additionalContainers: []
+-    # https://docs.datadoghq.com/developers/dogstatsd/unix_socket/?tab=host
+-    # - name: socat-proxy
+-    #   image: alpine/socat:1.0.5
+-    #   args: ["-s", "-u", "udp-recv:8125", "unix-sendto:/socket/socket"]
+-    #   volumeMounts:
+-    #     - name: dsdsocket
+-    #       mountPath: /socket
++  # https://docs.datadoghq.com/developers/dogstatsd/unix_socket/?tab=host
++  # - name: socat-proxy
++  #   image: alpine/socat:1.0.5
++  #   args: ["-s", "-u", "udp-recv:8125", "unix-sendto:/socket/socket"]
++  #   volumeMounts:
++  #     - name: dsdsocket
++  #       mountPath: /socket
+   # -- Additional volumes available for use with initContainers and additionalContainers
+   additionalVolumes: []
+-    # - name: dsdsocket
+-    #   hostPath:
+-    #     path: /var/run/statsd-exporter
++  # - name: dsdsocket
++  #   hostPath:
++  #     path: /var/run/statsd-exporter
+   # -- Additional initContainers (e.g. for setting file permission as shown below)
+   initContainers: []
+-    # The "volume-permissions" init container is required if you run into permission issues.
+-    # Related issue: https://github.com/traefik/traefik-helm-chart/issues/396
+-    # - name: volume-permissions
+-    #   image: busybox:latest
+-    #   command: ["sh", "-c", "touch /data/acme.json; chmod -v 600 /data/acme.json"]
+-    #   securityContext:
+-    #     runAsNonRoot: true
+-    #     runAsGroup: 65532
+-    #     runAsUser: 65532
+-    #   volumeMounts:
+-    #     - name: data
+-    #       mountPath: /data
++  # The "volume-permissions" init container is required if you run into permission issues.
++  # Related issue: https://github.com/traefik/traefik-helm-chart/issues/396
++  # - name: volume-permissions
++  #   image: busybox:latest
++  #   command: ["sh", "-c", "touch /data/acme.json; chmod -v 600 /data/acme.json"]
++  #   securityContext:
++  #     runAsNonRoot: true
++  #     runAsGroup: 65532
++  #     runAsUser: 65532
++  #   volumeMounts:
++  #     - name: data
++  #       mountPath: /data
+   # -- Use process namespace sharing
+   shareProcessNamespace: false
+   # -- Custom pod DNS policy. Apply if `hostNetwork: true`
+   # dnsPolicy: ClusterFirstWithHostNet
+   dnsConfig: {}
+-    # nameservers:
+-    #   - 192.0.2.1 # this is an example
+-    # searches:
+-    #   - ns1.svc.cluster-domain.example
+-    #   - my.dns.search.suffix
+-    # options:
+-    #   - name: ndots
+-    #     value: "2"
+-    #   - name: edns0
++  # nameservers:
++  #   - 192.0.2.1 # this is an example
++  # searches:
++  #   - ns1.svc.cluster-domain.example
++  #   - my.dns.search.suffix
++  # options:
++  #   - name: ndots
++  #     value: "2"
++  #   - name: edns0
+   # -- Additional imagePullSecrets
+   imagePullSecrets: []
+-    # - name: myRegistryKeySecretName
++  # - name: myRegistryKeySecretName
+   # -- Pod lifecycle actions
+   lifecycle: {}
+-    # preStop:
+-    #   exec:
+-    #     command: ["/bin/sh", "-c", "sleep 40"]
+-    # postStart:
+-    #   httpGet:
+-    #     path: /ping
+-    #     port: 9000
+-    #     host: localhost
+-    #     scheme: HTTP
++  # preStop:
++  #   exec:
++  #     command: ["/bin/sh", "-c", "sleep 40"]
++  # postStart:
++  #   httpGet:
++  #     path: /ping
++  #     port: 9000
++  #     host: localhost
++  #     scheme: HTTP
+
+ # -- Pod disruption budget
+ podDisruptionBudget:
+@@ -116,9 +116,9 @@ ingressClass:
+
+ # Traefik experimental features
+ experimental:
+-  #This value is no longer used, set the image.tag to a semver higher than 3.0, e.g. "v3.0.0-beta3"
+-  #v3:
+-    # -- Enable traefik version 3
++  # This value is no longer used, set the image.tag to a semver higher than 3.0, e.g. "v3.0.0-beta3"
++  # v3:
++  # -- Enable traefik version 3
+   #  enabled: false
+   plugins:
+     # -- Enable traefik experimental plugins
+@@ -126,9 +126,9 @@ experimental:
+   kubernetesGateway:
+     # -- Enable traefik experimental GatewayClass CRD
+     enabled: false
+-    gateway:
+-      # -- Enable traefik regular kubernetes gateway
+-      enabled: true
++    ## Routes are restricted to namespace of the gateway by default.
++    ## https://gateway-api.sigs.k8s.io/references/spec/#gateway.networking.k8s.io/v1beta1.FromNamespaces
++    # namespacePolicy: All
+     # certificate:
+     #   group: "core"
+     #   kind: "Secret"
+@@ -159,6 +159,22 @@ ingressRoute:
+     middlewares: []
+     # -- TLS options (e.g. secret containing certificate)
+     tls: {}
++  healthcheck:
++    # -- Create an IngressRoute for the healthcheck probe
++    enabled: false
++    # -- Additional ingressRoute annotations (e.g. for kubernetes.io/ingress.class)
++    annotations: {}
++    # -- Additional ingressRoute labels (e.g. for filtering IngressRoute by custom labels)
++    labels: {}
++    # -- The router match rule used for the healthcheck ingressRoute
++    matchRule: PathPrefix(`/ping`)
++    # -- Specify the allowed entrypoints to use for the healthcheck ingress route, (e.g. traefik, web, websecure).
++    # By default, it's using traefik entrypoint, which is not exposed.
++    entryPoints: ["traefik"]
++    # -- Additional ingressRoute middlewares (e.g. for authentication)
++    middlewares: []
++    # -- TLS options (e.g. secret containing certificate)
++    tls: {}
+
+ updateStrategy:
+   # -- Customize updateStrategy: RollingUpdate or OnDelete
+@@ -204,10 +220,10 @@ providers:
+     # labelSelector: environment=production,method=traefik
+     # -- Array of namespaces to watch. If left empty, Traefik watches all namespaces.
+     namespaces: []
+-      # - "default"
++    # - "default"
+
+   kubernetesIngress:
+-    # -- Load Kubernetes IngressRoute provider
++    # -- Load Kubernetes Ingress provider
+     enabled: true
+     # -- Allows to reference ExternalName services in Ingress
+     allowExternalNameServices: false
+@@ -217,7 +233,7 @@ providers:
+     # labelSelector: environment=production,method=traefik
+     # -- Array of namespaces to watch. If left empty, Traefik watches all namespaces.
+     namespaces: []
+-      # - "default"
++    # - "default"
+     # IP used for Kubernetes Ingress endpoints
+     publishedService:
+       enabled: false
+@@ -243,9 +259,9 @@ volumes: []
+
+ # -- Additional volumeMounts to add to the Traefik container
+ additionalVolumeMounts: []
+-  # -- For instance when using a logshipper for access logs
+-  # - name: traefik-logs
+-  #   mountPath: /var/log/traefik
++# -- For instance when using a logshipper for access logs
++# - name: traefik-logs
++#   mountPath: /var/log/traefik
+
+ logs:
+   general:
+@@ -270,26 +286,26 @@ logs:
+     ## Filtering
+     # -- https://docs.traefik.io/observability/access-logs/#filtering
+     filters: {}
+-      # statuscodes: "200,300-302"
+-      # retryattempts: true
+-      # minduration: 10ms
++    # statuscodes: "200,300-302"
++    # retryattempts: true
++    # minduration: 10ms
+     fields:
+       general:
+         # -- Available modes: keep, drop, redact.
+         defaultmode: keep
+         # -- Names of the fields to limit.
+         names: {}
+-          ## Examples:
+-          # ClientUsername: drop
++        ## Examples:
++        # ClientUsername: drop
+       headers:
+         # -- Available modes: keep, drop, redact.
+         defaultmode: drop
+         # -- Names of the headers to limit.
+         names: {}
+-          ## Examples:
+-          # User-Agent: redact
+-          # Authorization: drop
+-          # Content-Type: keep
++        ## Examples:
++        # User-Agent: redact
++        # Authorization: drop
++        # Content-Type: keep
+
+ metrics:
+   ## -- Prometheus is enabled by default.
+@@ -308,118 +324,118 @@ metrics:
+     ## When manualRouting is true, it disables the default internal router in
+     ## order to allow creating a custom router for prometheus@internal service.
+     # manualRouting: true
+-#  datadog:
+-#    ## Address instructs exporter to send metrics to datadog-agent at this address.
+-#    address: "127.0.0.1:8125"
+-#    ## The interval used by the exporter to push metrics to datadog-agent. Default=10s
+-#    # pushInterval: 30s
+-#    ## The prefix to use for metrics collection. Default="traefik"
+-#    # prefix: traefik
+-#    ## Enable metrics on entry points. Default=true
+-#    # addEntryPointsLabels: false
+-#    ## Enable metrics on routers. Default=false
+-#    # addRoutersLabels: true
+-#    ## Enable metrics on services. Default=true
+-#    # addServicesLabels: false
+-#  influxdb:
+-#    ## Address instructs exporter to send metrics to influxdb at this address.
+-#    address: localhost:8089
+-#    ## InfluxDB's address protocol (udp or http). Default="udp"
+-#    protocol: udp
+-#    ## InfluxDB database used when protocol is http. Default=""
+-#    # database: ""
+-#    ## InfluxDB retention policy used when protocol is http. Default=""
+-#    # retentionPolicy: ""
+-#    ## InfluxDB username (only with http). Default=""
+-#    # username: ""
+-#    ## InfluxDB password (only with http). Default=""
+-#    # password: ""
+-#    ## The interval used by the exporter to push metrics to influxdb. Default=10s
+-#    # pushInterval: 30s
+-#    ## Additional labels (influxdb tags) on all metrics.
+-#    # additionalLabels:
+-#    #   env: production
+-#    #   foo: bar
+-#    ## Enable metrics on entry points. Default=true
+-#    # addEntryPointsLabels: false
+-#    ## Enable metrics on routers. Default=false
+-#    # addRoutersLabels: true
+-#    ## Enable metrics on services. Default=true
+-#    # addServicesLabels: false
+-#  influxdb2:
+-#    ## Address instructs exporter to send metrics to influxdb v2 at this address.
+-#    address: localhost:8086
+-#    ## Token with which to connect to InfluxDB v2.
+-#    token: xxx
+-#    ## Organisation where metrics will be stored.
+-#    org: ""
+-#    ## Bucket where metrics will be stored.
+-#    bucket: ""
+-#    ## The interval used by the exporter to push metrics to influxdb. Default=10s
+-#    # pushInterval: 30s
+-#    ## Additional labels (influxdb tags) on all metrics.
+-#    # additionalLabels:
+-#    #   env: production
+-#    #   foo: bar
+-#    ## Enable metrics on entry points. Default=true
+-#    # addEntryPointsLabels: false
+-#    ## Enable metrics on routers. Default=false
+-#    # addRoutersLabels: true
+-#    ## Enable metrics on services. Default=true
+-#    # addServicesLabels: false
+-#  statsd:
+-#    ## Address instructs exporter to send metrics to statsd at this address.
+-#    address: localhost:8125
+-#    ## The interval used by the exporter to push metrics to influxdb. Default=10s
+-#    # pushInterval: 30s
+-#    ## The prefix to use for metrics collection. Default="traefik"
+-#    # prefix: traefik
+-#    ## Enable metrics on entry points. Default=true
+-#    # addEntryPointsLabels: false
+-#    ## Enable metrics on routers. Default=false
+-#    # addRoutersLabels: true
+-#    ## Enable metrics on services. Default=true
+-#    # addServicesLabels: false
+-#  openTelemetry:
+-#    ## Address of the OpenTelemetry Collector to send metrics to.
+-#    address: "localhost:4318"
+-#    ## Enable metrics on entry points.
+-#    addEntryPointsLabels: true
+-#    ## Enable metrics on routers.
+-#    addRoutersLabels: true
+-#    ## Enable metrics on services.
+-#    addServicesLabels: true
+-#    ## Explicit boundaries for Histogram data points.
+-#    explicitBoundaries:
+-#      - "0.1"
+-#      - "0.3"
+-#      - "1.2"
+-#      - "5.0"
+-#    ## Additional headers sent with metrics by the reporter to the OpenTelemetry Collector.
+-#    headers:
+-#      foo: bar
+-#      test: test
+-#    ## Allows reporter to send metrics to the OpenTelemetry Collector without using a secured protocol.
+-#    insecure: true
+-#    ## Interval at which metrics are sent to the OpenTelemetry Collector.
+-#    pushInterval: 10s
+-#    ## Allows to override the default URL path used for sending metrics. This option has no effect when using gRPC transport.
+-#    path: /foo/v1/traces
+-#    ## Defines the TLS configuration used by the reporter to send metrics to the OpenTelemetry Collector.
+-#    tls:
+-#      ## The path to the certificate authority, it defaults to the system bundle.
+-#      ca: path/to/ca.crt
+-#      ## The path to the public certificate. When using this option, setting the key option is required.
+-#      cert: path/to/foo.cert
+-#      ## The path to the private key. When using this option, setting the cert option is required.
+-#      key: path/to/key.key
+-#      ## If set to true, the TLS connection accepts any certificate presented by the server regardless of the hostnames it covers.
+-#      insecureSkipVerify: true
+-#    ## This instructs the reporter to send metrics to the OpenTelemetry Collector using gRPC.
+-#    grpc: true
+-
+-## -- enable optional CRDs for Prometheus Operator
+-##
++  #  datadog:
++  #    ## Address instructs exporter to send metrics to datadog-agent at this address.
++  #    address: "127.0.0.1:8125"
++  #    ## The interval used by the exporter to push metrics to datadog-agent. Default=10s
++  #    # pushInterval: 30s
++  #    ## The prefix to use for metrics collection. Default="traefik"
++  #    # prefix: traefik
++  #    ## Enable metrics on entry points. Default=true
++  #    # addEntryPointsLabels: false
++  #    ## Enable metrics on routers. Default=false
++  #    # addRoutersLabels: true
++  #    ## Enable metrics on services. Default=true
++  #    # addServicesLabels: false
++  #  influxdb:
++  #    ## Address instructs exporter to send metrics to influxdb at this address.
++  #    address: localhost:8089
++  #    ## InfluxDB's address protocol (udp or http). Default="udp"
++  #    protocol: udp
++  #    ## InfluxDB database used when protocol is http. Default=""
++  #    # database: ""
++  #    ## InfluxDB retention policy used when protocol is http. Default=""
++  #    # retentionPolicy: ""
++  #    ## InfluxDB username (only with http). Default=""
++  #    # username: ""
++  #    ## InfluxDB password (only with http). Default=""
++  #    # password: ""
++  #    ## The interval used by the exporter to push metrics to influxdb. Default=10s
++  #    # pushInterval: 30s
++  #    ## Additional labels (influxdb tags) on all metrics.
++  #    # additionalLabels:
++  #    #   env: production
++  #    #   foo: bar
++  #    ## Enable metrics on entry points. Default=true
++  #    # addEntryPointsLabels: false
++  #    ## Enable metrics on routers. Default=false
++  #    # addRoutersLabels: true
++  #    ## Enable metrics on services. Default=true
++  #    # addServicesLabels: false
++  #  influxdb2:
++  #    ## Address instructs exporter to send metrics to influxdb v2 at this address.
++  #    address: localhost:8086
++  #    ## Token with which to connect to InfluxDB v2.
++  #    token: xxx
++  #    ## Organisation where metrics will be stored.
++  #    org: ""
++  #    ## Bucket where metrics will be stored.
++  #    bucket: ""
++  #    ## The interval used by the exporter to push metrics to influxdb. Default=10s
++  #    # pushInterval: 30s
++  #    ## Additional labels (influxdb tags) on all metrics.
++  #    # additionalLabels:
++  #    #   env: production
++  #    #   foo: bar
++  #    ## Enable metrics on entry points. Default=true
++  #    # addEntryPointsLabels: false
++  #    ## Enable metrics on routers. Default=false
++  #    # addRoutersLabels: true
++  #    ## Enable metrics on services. Default=true
++  #    # addServicesLabels: false
++  #  statsd:
++  #    ## Address instructs exporter to send metrics to statsd at this address.
++  #    address: localhost:8125
++  #    ## The interval used by the exporter to push metrics to influxdb. Default=10s
++  #    # pushInterval: 30s
++  #    ## The prefix to use for metrics collection. Default="traefik"
++  #    # prefix: traefik
++  #    ## Enable metrics on entry points. Default=true
++  #    # addEntryPointsLabels: false
++  #    ## Enable metrics on routers. Default=false
++  #    # addRoutersLabels: true
++  #    ## Enable metrics on services. Default=true
++  #    # addServicesLabels: false
++  #  openTelemetry:
++  #    ## Address of the OpenTelemetry Collector to send metrics to.
++  #    address: "localhost:4318"
++  #    ## Enable metrics on entry points.
++  #    addEntryPointsLabels: true
++  #    ## Enable metrics on routers.
++  #    addRoutersLabels: true
++  #    ## Enable metrics on services.
++  #    addServicesLabels: true
++  #    ## Explicit boundaries for Histogram data points.
++  #    explicitBoundaries:
++  #      - "0.1"
++  #      - "0.3"
++  #      - "1.2"
++  #      - "5.0"
++  #    ## Additional headers sent with metrics by the reporter to the OpenTelemetry Collector.
++  #    headers:
++  #      foo: bar
++  #      test: test
++  #    ## Allows reporter to send metrics to the OpenTelemetry Collector without using a secured protocol.
++  #    insecure: true
++  #    ## Interval at which metrics are sent to the OpenTelemetry Collector.
++  #    pushInterval: 10s
++  #    ## Allows to override the default URL path used for sending metrics. This option has no effect when using gRPC transport.
++  #    path: /foo/v1/traces
++  #    ## Defines the TLS configuration used by the reporter to send metrics to the OpenTelemetry Collector.
++  #    tls:
++  #      ## The path to the certificate authority, it defaults to the system bundle.
++  #      ca: path/to/ca.crt
++  #      ## The path to the public certificate. When using this option, setting the key option is required.
++  #      cert: path/to/foo.cert
++  #      ## The path to the private key. When using this option, setting the cert option is required.
++  #      key: path/to/key.key
++  #      ## If set to true, the TLS connection accepts any certificate presented by the server regardless of the hostnames it covers.
++  #      insecureSkipVerify: true
++  #    ## This instructs the reporter to send metrics to the OpenTelemetry Collector using gRPC.
++  #    grpc: true
++
++  ## -- enable optional CRDs for Prometheus Operator
++  ##
+   ## Create a dedicated metrics service for use with ServiceMonitor
+   #  service:
+   #    enabled: false
+@@ -470,55 +486,55 @@ metrics:
+ ## Tracing
+ # -- https://doc.traefik.io/traefik/observability/tracing/overview/
+ tracing: {}
+-  #  openTelemetry: # traefik v3+ only
+-  #    grpc: {}
+-  #    insecure: true
+-  #    address: localhost:4317
+-  # instana:
+-  #   localAgentHost: 127.0.0.1
+-  #   localAgentPort: 42699
+-  #   logLevel: info
+-  #   enableAutoProfile: true
+-  # datadog:
+-  #   localAgentHostPort: 127.0.0.1:8126
+-  #   debug: false
+-  #   globalTag: ""
+-  #   prioritySampling: false
+-  # jaeger:
+-  #   samplingServerURL: http://localhost:5778/sampling
+-  #   samplingType: const
+-  #   samplingParam: 1.0
+-  #   localAgentHostPort: 127.0.0.1:6831
+-  #   gen128Bit: false
+-  #   propagation: jaeger
+-  #   traceContextHeaderName: uber-trace-id
+-  #   disableAttemptReconnecting: true
+-  #   collector:
+-  #      endpoint: ""
+-  #      user: ""
+-  #      password: ""
+-  # zipkin:
+-  #   httpEndpoint: http://localhost:9411/api/v2/spans
+-  #   sameSpan: false
+-  #   id128Bit: true
+-  #   sampleRate: 1.0
+-  # haystack:
+-  #   localAgentHost: 127.0.0.1
+-  #   localAgentPort: 35000
+-  #   globalTag: ""
+-  #   traceIDHeaderName: ""
+-  #   parentIDHeaderName: ""
+-  #   spanIDHeaderName: ""
+-  #   baggagePrefixHeaderName: ""
+-  # elastic:
+-  #   serverURL: http://localhost:8200
+-  #   secretToken: ""
+-  #   serviceEnvironment: ""
++#  openTelemetry: # traefik v3+ only
++#    grpc: {}
++#    insecure: true
++#    address: localhost:4317
++# instana:
++#   localAgentHost: 127.0.0.1
++#   localAgentPort: 42699
++#   logLevel: info
++#   enableAutoProfile: true
++# datadog:
++#   localAgentHostPort: 127.0.0.1:8126
++#   debug: false
++#   globalTag: ""
++#   prioritySampling: false
++# jaeger:
++#   samplingServerURL: http://localhost:5778/sampling
++#   samplingType: const
++#   samplingParam: 1.0
++#   localAgentHostPort: 127.0.0.1:6831
++#   gen128Bit: false
++#   propagation: jaeger
++#   traceContextHeaderName: uber-trace-id
++#   disableAttemptReconnecting: true
++#   collector:
++#      endpoint: ""
++#      user: ""
++#      password: ""
++# zipkin:
++#   httpEndpoint: http://localhost:9411/api/v2/spans
++#   sameSpan: false
++#   id128Bit: true
++#   sampleRate: 1.0
++# haystack:
++#   localAgentHost: 127.0.0.1
++#   localAgentPort: 35000
++#   globalTag: ""
++#   traceIDHeaderName: ""
++#   parentIDHeaderName: ""
++#   spanIDHeaderName: ""
++#   baggagePrefixHeaderName: ""
++# elastic:
++#   serverURL: http://localhost:8200
++#   secretToken: ""
++#   serviceEnvironment: ""
+
+ # -- Global command arguments to be passed to all traefik's pods
+ globalArguments:
+-  - "--global.checknewversion"
+-  - "--global.sendanonymoususage"
++- "--global.checknewversion"
++- "--global.sendanonymoususage"
+
+ #
+ # Configure Traefik static configuration
+@@ -531,14 +547,14 @@ additionalArguments: []
+
+ # -- Environment variables to be passed to Traefik's binary
+ env:
+-  - name: POD_NAME
+-    valueFrom:
+-      fieldRef:
+-        fieldPath: metadata.name
+-  - name: POD_NAMESPACE
+-    valueFrom:
+-      fieldRef:
+-        fieldPath: metadata.namespace
++- name: POD_NAME
++  valueFrom:
++    fieldRef:
++      fieldPath: metadata.name
++- name: POD_NAMESPACE
++  valueFrom:
++    fieldRef:
++      fieldPath: metadata.namespace
+ # - name: SOME_VAR
+ #   value: some-var-value
+ # - name: SOME_VAR_FROM_CONFIG_MAP
+@@ -600,7 +616,10 @@ ports:
+     # Port Redirections
+     # Added in 2.2, you can make permanent redirects via entrypoints.
+     # https://docs.traefik.io/routing/entrypoints/#redirection
+-    # redirectTo: websecure
++    # redirectTo:
++    #   port: websecure
++    #   (Optional)
++    #   priority: 10
+     #
+     # Trust forwarded  headers information (X-Forwarded-*).
+     # forwardedHeaders:
+@@ -638,14 +657,14 @@ ports:
+     # advertisedPort: 4443
+     #
+     ## -- Trust forwarded  headers information (X-Forwarded-*).
+-    #forwardedHeaders:
+-    #  trustedIPs: []
+-    #  insecure: false
++    # forwardedHeaders:
++    #   trustedIPs: []
++    #   insecure: false
+     #
+     ## -- Enable the Proxy Protocol header parsing for the entry point
+-    #proxyProtocol:
+-    #  trustedIPs: []
+-    #  insecure: false
++    # proxyProtocol:
++    #   trustedIPs: []
++    #   insecure: false
+     #
+     ## Set TLS at the entrypoint
+     ## https://doc.traefik.io/traefik/routing/entrypoints/#tls
+@@ -728,16 +747,16 @@ service:
+   # -- Additional entries here will be added to the service spec.
+   # -- Cannot contain type, selector or ports entries.
+   spec: {}
+-    # externalTrafficPolicy: Cluster
+-    # loadBalancerIP: "1.2.3.4"
+-    # clusterIP: "2.3.4.5"
++  # externalTrafficPolicy: Cluster
++  # loadBalancerIP: "1.2.3.4"
++  # clusterIP: "2.3.4.5"
+   loadBalancerSourceRanges: []
+-    # - 192.168.0.1/32
+-    # - 172.16.0.0/16
++  # - 192.168.0.1/32
++  # - 172.16.0.0/16
+   ## -- Class of the load balancer implementation
+   # loadBalancerClass: service.k8s.aws/nlb
+   externalIPs: []
+-    # - 1.2.3.4
++  # - 1.2.3.4
+   ## One of SingleStack, PreferDualStack, or RequireDualStack.
+   # ipFamilyPolicy: SingleStack
+   ## List of IP families (e.g. IPv4 and/or IPv6).
+@@ -789,7 +808,7 @@ persistence:
+   # It can be used to store TLS certificates, see `storage` in certResolvers
+   enabled: false
+   name: data
+-#  existingClaim: ""
++  #  existingClaim: ""
+   accessMode: ReadWriteOnce
+   size: 128Mi
+   # storageClass: ""
+@@ -852,12 +871,12 @@ serviceAccountAnnotations: {}
+
+ # -- The resources parameter defines CPU and memory requirements and limits for Traefik's containers.
+ resources: {}
+-  # requests:
+-  #   cpu: "100m"
+-  #   memory: "50Mi"
+-  # limits:
+-  #   cpu: "300m"
+-  #   memory: "150Mi"
++# requests:
++#   cpu: "100m"
++#   memory: "50Mi"
++# limits:
++#   cpu: "300m"
++#   memory: "150Mi"
+
+ # -- This example pod anti-affinity forces the scheduler to put traefik pods
+ # -- on nodes where no other traefik pods are scheduled.
+```
+
+## 24.0.0  ![AppVersion: v2.10.4](https://img.shields.io/static/v1?label=AppVersion&message=v2.10.4&color=success&logo=) ![Kubernetes: >=1.16.0-0](https://img.shields.io/static/v1?label=Kubernetes&message=%3E%3D1.16.0-0&color=informational&logo=kubernetes) ![Helm: v3](https://img.shields.io/static/v1?label=Helm&message=v3&color=informational&logo=helm)
+
+**Release date:** 2023-08-10
+
+* fix: 💥 BREAKING CHANGE on healthchecks and traefik port
+* fix: tracing.opentelemetry.tls is optional for all values
+* fix: http3 support broken when advertisedPort set
+* feat: multi namespace RBAC manifests
+* chore(tests): 🔧 fix typo on tracing test
+* chore(release): 🚀 publish v24.0.0
+* chore(deps): update docker.io/helmunittest/helm-unittest docker tag to v3.12.2
+
+### Default value changes
+
+```diff
+diff --git a/traefik/values.yaml b/traefik/values.yaml
+index 947ba56..aeec85c 100644
+--- a/traefik/values.yaml
++++ b/traefik/values.yaml
+@@ -28,6 +28,13 @@ deployment:
+   terminationGracePeriodSeconds: 60
+   # -- The minimum number of seconds Traefik needs to be up and running before the DaemonSet/Deployment controller considers it available
+   minReadySeconds: 0
++  ## Override the liveness/readiness port. This is useful to integrate traefik
++  ## with an external Load Balancer that performs healthchecks.
++  ## Default: ports.traefik.port
++  # healthchecksPort: 9000
++  ## Override the liveness/readiness scheme. Useful for getting ping to
++  ## respond on websecure entryPoint.
++  # healthchecksScheme: HTTPS
+   # -- Additional deployment annotations (e.g. for jaeger-operator sidecar injection)
+   annotations: {}
+   # -- Additional deployment labels (e.g. for filtering deployment by custom labels)
+@@ -112,7 +119,7 @@ experimental:
+   #This value is no longer used, set the image.tag to a semver higher than 3.0, e.g. "v3.0.0-beta3"
+   #v3:
+     # -- Enable traefik version 3
+-  #  enabled: false
++  #  enabled: false
+   plugins:
+     # -- Enable traefik experimental plugins
+     enabled: false
+@@ -564,15 +571,6 @@ ports:
+     # only.
+     # hostIP: 192.168.100.10
+
+-    # Override the liveness/readiness port. This is useful to integrate traefik
+-    # with an external Load Balancer that performs healthchecks.
+-    # Default: ports.traefik.port
+-    # healthchecksPort: 9000
+-
+-    # Override the liveness/readiness scheme. Useful for getting ping to
+-    # respond on websecure entryPoint.
+-    # healthchecksScheme: HTTPS
+-
+     # Defines whether the port is exposed if service.type is LoadBalancer or
+     # NodePort.
+     #
+@@ -877,7 +875,7 @@ affinity: {}
+ nodeSelector: {}
+ # -- Tolerations allow the scheduler to schedule pods with matching taints.
+ tolerations: []
+-# -- You can use topology spread constraints to control
++# -- You can use topology spread constraints to control
+ # how Pods are spread across your cluster among failure-domains.
+ topologySpreadConstraints: []
+ # This example topologySpreadConstraints forces the scheduler to put traefik pods
+```
+
+## 23.2.0  ![AppVersion: v2.10.4](https://img.shields.io/static/v1?label=AppVersion&message=v2.10.4&color=success&logo=) ![Kubernetes: >=1.16.0-0](https://img.shields.io/static/v1?label=Kubernetes&message=%3E%3D1.16.0-0&color=informational&logo=kubernetes) ![Helm: v3](https://img.shields.io/static/v1?label=Helm&message=v3&color=informational&logo=helm)
+
+**Release date:** 2023-07-27
+
+* ⬆️ Upgrade traefik Docker tag to v2.10.3
+* release: :rocket: publish v23.2.0
+* fix: 🐛 update traefik.containo.us CRDs to v2.10
+* fix: 🐛 traefik or metrics port can be disabled
+* fix: ingressclass name should be customizable (#864)
+* feat: ✨ add support for traefik v3.0.0-beta3 and openTelemetry
+* feat: disable allowPrivilegeEscalation
+* feat: add pod_name as default in values.yaml
+* chore(tests): 🔧 use more accurate asserts on refactor'd isNull test
+* chore(deps): update traefik docker tag to v2.10.4
+* chore(deps): update docker.io/helmunittest/helm-unittest docker tag to v3.11.3
+
+### Default value changes
+
+```diff
+diff --git a/traefik/values.yaml b/traefik/values.yaml
+index 345bbd8..947ba56 100644
+--- a/traefik/values.yaml
++++ b/traefik/values.yaml
+@@ -105,12 +105,14 @@ podDisruptionBudget:
+ ingressClass:
+   enabled: true
+   isDefaultClass: true
++  # name: my-custom-class
+
+ # Traefik experimental features
+ experimental:
+-  v3:
++  #This value is no longer used, set the image.tag to a semver higher than 3.0, e.g. "v3.0.0-beta3"
++  #v3:
+     # -- Enable traefik version 3
+-    enabled: false
++  #  enabled: false
+   plugins:
+     # -- Enable traefik experimental plugins
+     enabled: false
+@@ -461,6 +463,10 @@ metrics:
+ ## Tracing
+ # -- https://doc.traefik.io/traefik/observability/tracing/overview/
+ tracing: {}
++  #  openTelemetry: # traefik v3+ only
++  #    grpc: {}
++  #    insecure: true
++  #    address: localhost:4317
+   # instana:
+   #   localAgentHost: 127.0.0.1
+   #   localAgentPort: 42699
+@@ -517,7 +523,15 @@ additionalArguments: []
+ #  - "--log.level=DEBUG"
+
+ # -- Environment variables to be passed to Traefik's binary
+-env: []
++env:
++  - name: POD_NAME
++    valueFrom:
++      fieldRef:
++        fieldPath: metadata.name
++  - name: POD_NAMESPACE
++    valueFrom:
++      fieldRef:
++        fieldPath: metadata.namespace
+ # - name: SOME_VAR
+ #   value: some-var-value
+ # - name: SOME_VAR_FROM_CONFIG_MAP
+@@ -563,7 +577,7 @@ ports:
+     # NodePort.
+     #
+     # -- You SHOULD NOT expose the traefik port on production deployments.
+-    # If you want to access it from outside of your cluster,
++    # If you want to access it from outside your cluster,
+     # use `kubectl port-forward` or create a secure ingress
+     expose: false
+     # -- The exposed port for this service
+@@ -571,7 +585,7 @@ ports:
+     # -- The port protocol (TCP/UDP)
+     protocol: TCP
+   web:
+-    ## -- Enable this entrypoint as a default entrypoint. When a service doesn't explicity set an entrypoint it will only use this entrypoint.
++    ## -- Enable this entrypoint as a default entrypoint. When a service doesn't explicitly set an entrypoint it will only use this entrypoint.
+     # asDefault: true
+     port: 8000
+     # hostPort: 8000
+@@ -600,7 +614,7 @@ ports:
+     #   trustedIPs: []
+     #   insecure: false
+   websecure:
+-    ## -- Enable this entrypoint as a default entrypoint. When a service doesn't explicity set an entrypoint it will only use this entrypoint.
++    ## -- Enable this entrypoint as a default entrypoint. When a service doesn't explicitly set an entrypoint it will only use this entrypoint.
+     # asDefault: true
+     port: 8443
+     # hostPort: 8443
+@@ -666,7 +680,7 @@ ports:
+     # NodePort.
+     #
+     # -- You may not want to expose the metrics port on production deployments.
+-    # If you want to access it from outside of your cluster,
++    # If you want to access it from outside your cluster,
+     # use `kubectl port-forward` or create a secure ingress
+     expose: false
+     # -- The exposed port for this service
+@@ -880,14 +894,15 @@ topologySpreadConstraints: []
+ priorityClassName: ""
+
+ # -- Set the container security context
+-# -- To run the container with ports below 1024 this will need to be adjust to run as root
++# -- To run the container with ports below 1024 this will need to be adjusted to run as root
+ securityContext:
+   capabilities:
+     drop: [ALL]
+   readOnlyRootFilesystem: true
++  allowPrivilegeEscalation: false
+
+ podSecurityContext:
+-  # /!\ When setting fsGroup, Kubernetes will recursively changes ownership and
++  # /!\ When setting fsGroup, Kubernetes will recursively change ownership and
+   # permissions for the contents of each volume to match the fsGroup. This can
+   # be an issue when storing sensitive content like TLS Certificates /!\
+   # fsGroup: 65532
+```
+
+## 23.1.0  ![AppVersion: v2.10.1](https://img.shields.io/static/v1?label=AppVersion&message=v2.10.1&color=success&logo=) ![Kubernetes: >=1.16.0-0](https://img.shields.io/static/v1?label=Kubernetes&message=%3E%3D1.16.0-0&color=informational&logo=kubernetes) ![Helm: v3](https://img.shields.io/static/v1?label=Helm&message=v3&color=informational&logo=helm)
+
+**Release date:** 2023-06-06
+
+* release: 🚀 publish v23.1.0
+* fix: 🐛 use k8s version for hpa api version
+* fix: 🐛 http3 support on traefik v3
+* fix: use `targetPort` instead of `port` on ServiceMonitor
+* feat: ➖ remove Traefik Hub v1 integration
+* feat: ✨ add a warning when labelSelector don't match
+* feat: common labels for all resources
+* feat: allow specifying service loadBalancerClass
+* feat: add optional `appProtocol` field on Service ports
+* doc: added values README via helm-docs cli
+
+### Default value changes
+
+```diff
+diff --git a/traefik/values.yaml b/traefik/values.yaml
+index 71273cc..345bbd8 100644
+--- a/traefik/values.yaml
++++ b/traefik/values.yaml
+@@ -1,70 +1,56 @@
+ # Default values for Traefik
+ image:
++  # -- Traefik image host registry
+   registry: docker.io
++  # -- Traefik image repository
+   repository: traefik
+-  # defaults to appVersion
++  # -- defaults to appVersion
+   tag: ""
++  # -- Traefik image pull policy
+   pullPolicy: IfNotPresent
+
+-#
+-# Configure integration with Traefik Hub
+-#
+-hub:
+-  ## Enabling Hub will:
+-  # * enable Traefik Hub integration on Traefik
+-  # * add `traefikhub-tunl` endpoint
+-  # * enable Prometheus metrics with addRoutersLabels
+-  # * enable allowExternalNameServices on KubernetesIngress provider
+-  # * enable allowCrossNamespace on KubernetesCRD provider
+-  # * add an internal (ClusterIP) Service, dedicated for Traefik Hub
+-  enabled: false
+-  ## Default port can be changed
+-  # tunnelPort: 9901
+-  ## TLS is optional. Insecure is mutually exclusive with any other options
+-  # tls:
+-  #   insecure: false
+-  #   ca: "/path/to/ca.pem"
+-  #   cert: "/path/to/cert.pem"
+-  #   key: "/path/to/key.pem"
++# -- Add additional label to all resources
++commonLabels: {}
+
+ #
+ # Configure the deployment
+ #
+ deployment:
++  # -- Enable deployment
+   enabled: true
+-  # Can be either Deployment or DaemonSet
++  # -- Deployment or DaemonSet
+   kind: Deployment
+-  # Number of pods of the deployment (only applies when kind == Deployment)
++  # -- Number of pods of the deployment (only applies when kind == Deployment)
+   replicas: 1
+-  # Number of old history to retain to allow rollback (If not set, default Kubernetes value is set to 10)
++  # -- Number of old history to retain to allow rollback (If not set, default Kubernetes value is set to 10)
+   # revisionHistoryLimit: 1
+-  # Amount of time (in seconds) before Kubernetes will send the SIGKILL signal if Traefik does not shut down
++  # -- Amount of time (in seconds) before Kubernetes will send the SIGKILL signal if Traefik does not shut down
+   terminationGracePeriodSeconds: 60
+-  # The minimum number of seconds Traefik needs to be up and running before the DaemonSet/Deployment controller considers it available
++  # -- The minimum number of seconds Traefik needs to be up and running before the DaemonSet/Deployment controller considers it available
+   minReadySeconds: 0
+-  # Additional deployment annotations (e.g. for jaeger-operator sidecar injection)
++  # -- Additional deployment annotations (e.g. for jaeger-operator sidecar injection)
+   annotations: {}
+-  # Additional deployment labels (e.g. for filtering deployment by custom labels)
++  # -- Additional deployment labels (e.g. for filtering deployment by custom labels)
+   labels: {}
+-  # Additional pod annotations (e.g. for mesh injection or prometheus scraping)
++  # -- Additional pod annotations (e.g. for mesh injection or prometheus scraping)
+   podAnnotations: {}
+-  # Additional Pod labels (e.g. for filtering Pod by custom labels)
++  # -- Additional Pod labels (e.g. for filtering Pod by custom labels)
+   podLabels: {}
+-  # Additional containers (e.g. for metric offloading sidecars)
++  # -- Additional containers (e.g. for metric offloading sidecars)
+   additionalContainers: []
+     # https://docs.datadoghq.com/developers/dogstatsd/unix_socket/?tab=host
+     # - name: socat-proxy
+-    # image: alpine/socat:1.0.5
+-    # args: ["-s", "-u", "udp-recv:8125", "unix-sendto:/socket/socket"]
+-    # volumeMounts:
+-    #   - name: dsdsocket
+-    #     mountPath: /socket
+-  # Additional volumes available for use with initContainers and additionalContainers
++    #   image: alpine/socat:1.0.5
++    #   args: ["-s", "-u", "udp-recv:8125", "unix-sendto:/socket/socket"]
++    #   volumeMounts:
++    #     - name: dsdsocket
++    #       mountPath: /socket
++  # -- Additional volumes available for use with initContainers and additionalContainers
+   additionalVolumes: []
+     # - name: dsdsocket
+     #   hostPath:
+     #     path: /var/run/statsd-exporter
+-  # Additional initContainers (e.g. for setting file permission as shown below)
++  # -- Additional initContainers (e.g. for setting file permission as shown below)
+   initContainers: []
+     # The "volume-permissions" init container is required if you run into permission issues.
+     # Related issue: https://github.com/traefik/traefik-helm-chart/issues/396
+@@ -78,9 +64,9 @@ deployment:
+     #   volumeMounts:
+     #     - name: data
+     #       mountPath: /data
+-  # Use process namespace sharing
++  # -- Use process namespace sharing
+   shareProcessNamespace: false
+-  # Custom pod DNS policy. Apply if `hostNetwork: true`
++  # -- Custom pod DNS policy. Apply if `hostNetwork: true`
+   # dnsPolicy: ClusterFirstWithHostNet
+   dnsConfig: {}
+     # nameservers:
+@@ -92,10 +78,10 @@ deployment:
+     #   - name: ndots
+     #     value: "2"
+     #   - name: edns0
+-  # Additional imagePullSecrets
++  # -- Additional imagePullSecrets
+   imagePullSecrets: []
+     # - name: myRegistryKeySecretName
+-  # Pod lifecycle actions
++  # -- Pod lifecycle actions
+   lifecycle: {}
+     # preStop:
+     #   exec:
+@@ -107,7 +93,7 @@ deployment:
+     #     host: localhost
+     #     scheme: HTTP
+
+-# Pod disruption budget
++# -- Pod disruption budget
+ podDisruptionBudget:
+   enabled: false
+   # maxUnavailable: 1
+@@ -115,93 +101,112 @@ podDisruptionBudget:
+   # minAvailable: 0
+   # minAvailable: 25%
+
+-# Create a default IngressClass for Traefik
++# -- Create a default IngressClass for Traefik
+ ingressClass:
+   enabled: true
+   isDefaultClass: true
+
+-# Enable experimental features
++# Traefik experimental features
+ experimental:
+   v3:
++    # -- Enable traefik version 3
+     enabled: false
+   plugins:
++    # -- Enable traefik experimental plugins
+     enabled: false
+   kubernetesGateway:
++    # -- Enable traefik experimental GatewayClass CRD
+     enabled: false
+     gateway:
++      # -- Enable traefik regular kubernetes gateway
+       enabled: true
+     # certificate:
+     #   group: "core"
+     #   kind: "Secret"
+     #   name: "mysecret"
+-    # By default, Gateway would be created to the Namespace you are deploying Traefik to.
++    # -- By default, Gateway would be created to the Namespace you are deploying Traefik to.
+     # You may create that Gateway in another namespace, setting its name below:
+     # namespace: default
+     # Additional gateway annotations (e.g. for cert-manager.io/issuer)
+     # annotations:
+     #   cert-manager.io/issuer: letsencrypt
+
+-# Create an IngressRoute for the dashboard
++## Create an IngressRoute for the dashboard
+ ingressRoute:
+   dashboard:
++    # -- Create an IngressRoute for the dashboard
+     enabled: true
+-    # Additional ingressRoute annotations (e.g. for kubernetes.io/ingress.class)
++    # -- Additional ingressRoute annotations (e.g. for kubernetes.io/ingress.class)
+     annotations: {}
+-    # Additional ingressRoute labels (e.g. for filtering IngressRoute by custom labels)
++    # -- Additional ingressRoute labels (e.g. for filtering IngressRoute by custom labels)
+     labels: {}
+-    # The router match rule used for the dashboard ingressRoute
++    # -- The router match rule used for the dashboard ingressRoute
+     matchRule: PathPrefix(`/dashboard`) || PathPrefix(`/api`)
+-    # Specify the allowed entrypoints to use for the dashboard ingress route, (e.g. traefik, web, websecure).
++    # -- Specify the allowed entrypoints to use for the dashboard ingress route, (e.g. traefik, web, websecure).
+     # By default, it's using traefik entrypoint, which is not exposed.
+     # /!\ Do not expose your dashboard without any protection over the internet /!\
+     entryPoints: ["traefik"]
+-    # Additional ingressRoute middlewares (e.g. for authentication)
++    # -- Additional ingressRoute middlewares (e.g. for authentication)
+     middlewares: []
+-    # TLS options (e.g. secret containing certificate)
++    # -- TLS options (e.g. secret containing certificate)
+     tls: {}
+
+-# Customize updateStrategy of traefik pods
+ updateStrategy:
++  # -- Customize updateStrategy: RollingUpdate or OnDelete
+   type: RollingUpdate
+   rollingUpdate:
+     maxUnavailable: 0
+     maxSurge: 1
+
+-# Customize liveness and readiness probe values.
+ readinessProbe:
++  # -- The number of consecutive failures allowed before considering the probe as failed.
+   failureThreshold: 1
++  # -- The number of seconds to wait before starting the first probe.
+   initialDelaySeconds: 2
++  # -- The number of seconds to wait between consecutive probes.
+   periodSeconds: 10
++  # -- The minimum consecutive successes required to consider the probe successful.
+   successThreshold: 1
++  # -- The number of seconds to wait for a probe response before considering it as failed.
+   timeoutSeconds: 2
+-
+ livenessProbe:
++  # -- The number of consecutive failures allowed before considering the probe as failed.
+   failureThreshold: 3
++  # -- The number of seconds to wait before starting the first probe.
+   initialDelaySeconds: 2
++  # -- The number of seconds to wait between consecutive probes.
+   periodSeconds: 10
++  # -- The minimum consecutive successes required to consider the probe successful.
+   successThreshold: 1
++  # -- The number of seconds to wait for a probe response before considering it as failed.
+   timeoutSeconds: 2
+
+-#
+-# Configure providers
+-#
+ providers:
+   kubernetesCRD:
++    # -- Load Kubernetes IngressRoute provider
+     enabled: true
++    # -- Allows IngressRoute to reference resources in namespace other than theirs
+     allowCrossNamespace: false
++    # -- Allows to reference ExternalName services in IngressRoute
+     allowExternalNameServices: false
++    # -- Allows to return 503 when there is no endpoints available
+     allowEmptyServices: false
+     # ingressClass: traefik-internal
+     # labelSelector: environment=production,method=traefik
++    # -- Array of namespaces to watch. If left empty, Traefik watches all namespaces.
+     namespaces: []
+       # - "default"
+
+   kubernetesIngress:
++    # -- Load Kubernetes IngressRoute provider
+     enabled: true
++    # -- Allows to reference ExternalName services in Ingress
+     allowExternalNameServices: false
++    # -- Allows to return 503 when there is no endpoints available
+     allowEmptyServices: false
+     # ingressClass: traefik-internal
+     # labelSelector: environment=production,method=traefik
++    # -- Array of namespaces to watch. If left empty, Traefik watches all namespaces.
+     namespaces: []
+       # - "default"
+     # IP used for Kubernetes Ingress endpoints
+@@ -212,13 +217,13 @@ providers:
+       # pathOverride: ""
+
+ #
+-# Add volumes to the traefik pod. The volume name will be passed to tpl.
++# -- Add volumes to the traefik pod. The volume name will be passed to tpl.
+ # This can be used to mount a cert pair or a configmap that holds a config.toml file.
+ # After the volume has been mounted, add the configs into traefik by using the `additionalArguments` list below, eg:
+-# additionalArguments:
++# `additionalArguments:
+ # - "--providers.file.filename=/config/dynamic.toml"
+ # - "--ping"
+-# - "--ping.entrypoint=web"
++# - "--ping.entrypoint=web"`
+ volumes: []
+ # - name: public-cert
+ #   mountPath: "/certs"
+@@ -227,25 +232,22 @@ volumes: []
+ #   mountPath: "/config"
+ #   type: configMap
+
+-# Additional volumeMounts to add to the Traefik container
++# -- Additional volumeMounts to add to the Traefik container
+ additionalVolumeMounts: []
+-  # For instance when using a logshipper for access logs
++  # -- For instance when using a logshipper for access logs
+   # - name: traefik-logs
+   #   mountPath: /var/log/traefik
+
+-## Logs
+-## https://docs.traefik.io/observability/logs/
+ logs:
+-  ## Traefik logs concern everything that happens to Traefik itself (startup, configuration, events, shutdown, and so on).
+   general:
+-    # By default, the logs use a text format (common), but you can
++    # -- By default, the logs use a text format (common), but you can
+     # also ask for the json format in the format option
+     # format: json
+     # By default, the level is set to ERROR.
+-    # Alternative logging levels are DEBUG, PANIC, FATAL, ERROR, WARN, and INFO.
++    # -- Alternative logging levels are DEBUG, PANIC, FATAL, ERROR, WARN, and INFO.
+     level: ERROR
+   access:
+-    # To enable access logs
++    # -- To enable access logs
+     enabled: false
+     ## By default, logs are written using the Common Log Format (CLF) on stdout.
+     ## To write logs in JSON, use json in the format option.
+@@ -256,21 +258,24 @@ logs:
+     ## This option represents the number of log lines Traefik will keep in memory before writing
+     ## them to the selected output. In some cases, this option can greatly help performances.
+     # bufferingSize: 100
+-    ## Filtering https://docs.traefik.io/observability/access-logs/#filtering
++    ## Filtering
++    # -- https://docs.traefik.io/observability/access-logs/#filtering
+     filters: {}
+       # statuscodes: "200,300-302"
+       # retryattempts: true
+       # minduration: 10ms
+-    ## Fields
+-    ## https://docs.traefik.io/observability/access-logs/#limiting-the-fieldsincluding-headers
+     fields:
+       general:
++        # -- Available modes: keep, drop, redact.
+         defaultmode: keep
++        # -- Names of the fields to limit.
+         names: {}
+           ## Examples:
+           # ClientUsername: drop
+       headers:
++        # -- Available modes: keep, drop, redact.
+         defaultmode: drop
++        # -- Names of the headers to limit.
+         names: {}
+           ## Examples:
+           # User-Agent: redact
+@@ -278,10 +283,10 @@ logs:
+           # Content-Type: keep
+
+ metrics:
+-  ## Prometheus is enabled by default.
+-  ## It can be disabled by setting "prometheus: null"
++  ## -- Prometheus is enabled by default.
++  ## -- It can be disabled by setting "prometheus: null"
+   prometheus:
+-    ## Entry point used to expose metrics.
++    # -- Entry point used to expose metrics.
+     entryPoint: metrics
+     ## Enable metrics on entry points. Default=true
+     # addEntryPointsLabels: false
+@@ -404,11 +409,9 @@ metrics:
+ #    ## This instructs the reporter to send metrics to the OpenTelemetry Collector using gRPC.
+ #    grpc: true
+
+-##
+-##  enable optional CRDs for Prometheus Operator
++## -- enable optional CRDs for Prometheus Operator
+ ##
+   ## Create a dedicated metrics service for use with ServiceMonitor
+-  ## When hub.enabled is set to true, it's not needed: it will use hub service.
+   #  service:
+   #    enabled: false
+   #    labels: {}
+@@ -455,6 +458,8 @@ metrics:
+   #          summary: "Traefik Down"
+   #          description: "{{ $labels.pod }} on {{ $labels.nodename }} is down"
+
++## Tracing
++# -- https://doc.traefik.io/traefik/observability/tracing/overview/
+ tracing: {}
+   # instana:
+   #   localAgentHost: 127.0.0.1
+@@ -497,20 +502,21 @@ tracing: {}
+   #   secretToken: ""
+   #   serviceEnvironment: ""
+
++# -- Global command arguments to be passed to all traefik's pods
+ globalArguments:
+   - "--global.checknewversion"
+   - "--global.sendanonymoususage"
+
+ #
+ # Configure Traefik static configuration
+-# Additional arguments to be passed at Traefik's binary
++# -- Additional arguments to be passed at Traefik's binary
+ # All available options available on https://docs.traefik.io/reference/static-configuration/cli/
+ ## Use curly braces to pass values: `helm install --set="additionalArguments={--providers.kubernetesingress.ingressclass=traefik-internal,--log.level=DEBUG}"`
+ additionalArguments: []
+ #  - "--providers.kubernetesingress.ingressclass=traefik-internal"
+ #  - "--log.level=DEBUG"
+
+-# Environment variables to be passed to Traefik's binary
++# -- Environment variables to be passed to Traefik's binary
+ env: []
+ # - name: SOME_VAR
+ #   value: some-var-value
+@@ -525,22 +531,20 @@ env: []
+ #       name: secret-name
+ #       key: secret-key
+
++# -- Environment variables to be passed to Traefik's binary from configMaps or secrets
+ envFrom: []
+ # - configMapRef:
+ #     name: config-map-name
+ # - secretRef:
+ #     name: secret-name
+
+-# Configure ports
+ ports:
+-  # The name of this one can't be changed as it is used for the readiness and
+-  # liveness probes, but you can adjust its config to your liking
+   traefik:
+     port: 9000
+-    # Use hostPort if set.
++    # -- Use hostPort if set.
+     # hostPort: 9000
+     #
+-    # Use hostIP if set. If not set, Kubernetes will default to 0.0.0.0, which
++    # -- Use hostIP if set. If not set, Kubernetes will default to 0.0.0.0, which
+     # means it's listening on all your interfaces and all your IPs. You may want
+     # to set this value if you need traefik to listen on specific interface
+     # only.
+@@ -558,27 +562,27 @@ ports:
+     # Defines whether the port is exposed if service.type is LoadBalancer or
+     # NodePort.
+     #
+-    # You SHOULD NOT expose the traefik port on production deployments.
++    # -- You SHOULD NOT expose the traefik port on production deployments.
+     # If you want to access it from outside of your cluster,
+     # use `kubectl port-forward` or create a secure ingress
+     expose: false
+-    # The exposed port for this service
++    # -- The exposed port for this service
+     exposedPort: 9000
+-    # The port protocol (TCP/UDP)
++    # -- The port protocol (TCP/UDP)
+     protocol: TCP
+   web:
+-    ## Enable this entrypoint as a default entrypoint. When a service doesn't explicity set an entrypoint it will only use this entrypoint.
++    ## -- Enable this entrypoint as a default entrypoint. When a service doesn't explicity set an entrypoint it will only use this entrypoint.
+     # asDefault: true
+     port: 8000
+     # hostPort: 8000
+     # containerPort: 8000
+     expose: true
+     exposedPort: 80
+-    ## Different target traefik port on the cluster, useful for IP type LB
++    ## -- Different target traefik port on the cluster, useful for IP type LB
+     # targetPort: 80
+     # The port protocol (TCP/UDP)
+     protocol: TCP
+-    # Use nodeport if set. This is useful if you have configured Traefik in a
++    # -- Use nodeport if set. This is useful if you have configured Traefik in a
+     # LoadBalancer.
+     # nodePort: 32080
+     # Port Redirections
+@@ -596,20 +600,22 @@ ports:
+     #   trustedIPs: []
+     #   insecure: false
+   websecure:
+-    ## Enable this entrypoint as a default entrypoint. When a service doesn't explicity set an entrypoint it will only use this entrypoint.
++    ## -- Enable this entrypoint as a default entrypoint. When a service doesn't explicity set an entrypoint it will only use this entrypoint.
+     # asDefault: true
+     port: 8443
+     # hostPort: 8443
+     # containerPort: 8443
+     expose: true
+     exposedPort: 443
+-    ## Different target traefik port on the cluster, useful for IP type LB
++    ## -- Different target traefik port on the cluster, useful for IP type LB
+     # targetPort: 80
+-    ## The port protocol (TCP/UDP)
++    ## -- The port protocol (TCP/UDP)
+     protocol: TCP
+     # nodePort: 32443
++    ## -- Specify an application protocol. This may be used as a hint for a Layer 7 load balancer.
++    # appProtocol: https
+     #
+-    ## Enable HTTP/3 on the entrypoint
++    ## -- Enable HTTP/3 on the entrypoint
+     ## Enabling it will also enable http3 experimental feature
+     ## https://doc.traefik.io/traefik/routing/entrypoints/#http3
+     ## There are known limitations when trying to listen on same ports for
+@@ -619,12 +625,12 @@ ports:
+       enabled: false
+     # advertisedPort: 4443
+     #
+-    ## Trust forwarded  headers information (X-Forwarded-*).
++    ## -- Trust forwarded  headers information (X-Forwarded-*).
+     #forwardedHeaders:
+     #  trustedIPs: []
+     #  insecure: false
+     #
+-    ## Enable the Proxy Protocol header parsing for the entry point
++    ## -- Enable the Proxy Protocol header parsing for the entry point
+     #proxyProtocol:
+     #  trustedIPs: []
+     #  insecure: false
+@@ -642,33 +648,33 @@ ports:
+       #     - foo.example.com
+       #     - bar.example.com
+     #
+-    # One can apply Middlewares on an entrypoint
++    # -- One can apply Middlewares on an entrypoint
+     # https://doc.traefik.io/traefik/middlewares/overview/
+     # https://doc.traefik.io/traefik/routing/entrypoints/#middlewares
+-    # /!\ It introduces here a link between your static configuration and your dynamic configuration /!\
++    # -- /!\ It introduces here a link between your static configuration and your dynamic configuration /!\
+     # It follows the provider naming convention: https://doc.traefik.io/traefik/providers/overview/#provider-namespace
+     # middlewares:
+     #   - namespace-name1@kubernetescrd
+     #   - namespace-name2@kubernetescrd
+     middlewares: []
+   metrics:
+-    # When using hostNetwork, use another port to avoid conflict with node exporter:
++    # -- When using hostNetwork, use another port to avoid conflict with node exporter:
+     # https://github.com/prometheus/prometheus/wiki/Default-port-allocations
+     port: 9100
+     # hostPort: 9100
+     # Defines whether the port is exposed if service.type is LoadBalancer or
+     # NodePort.
+     #
+-    # You may not want to expose the metrics port on production deployments.
++    # -- You may not want to expose the metrics port on production deployments.
+     # If you want to access it from outside of your cluster,
+     # use `kubectl port-forward` or create a secure ingress
+     expose: false
+-    # The exposed port for this service
++    # -- The exposed port for this service
+     exposedPort: 9100
+-    # The port protocol (TCP/UDP)
++    # -- The port protocol (TCP/UDP)
+     protocol: TCP
+
+-# TLS Options are created as TLSOption CRDs
++# -- TLS Options are created as TLSOption CRDs
+ # https://doc.traefik.io/traefik/https/tls/#tls-options
+ # When using `labelSelector`, you'll need to set labels on tlsOption accordingly.
+ # Example:
+@@ -684,7 +690,7 @@ ports:
+ #       - CurveP384
+ tlsOptions: {}
+
+-# TLS Store are created as TLSStore CRDs. This is useful if you want to set a default certificate
++# -- TLS Store are created as TLSStore CRDs. This is useful if you want to set a default certificate
+ # https://doc.traefik.io/traefik/https/tls/#default-certificate
+ # Example:
+ # tlsStore:
+@@ -693,24 +699,22 @@ tlsOptions: {}
+ #       secretName: tls-cert
+ tlsStore: {}
+
+-# Options for the main traefik service, where the entrypoints traffic comes
+-# from.
+ service:
+   enabled: true
+-  ## Single service is using `MixedProtocolLBService` feature gate.
+-  ## When set to false, it will create two Service, one for TCP and one for UDP.
++  ## -- Single service is using `MixedProtocolLBService` feature gate.
++  ## -- When set to false, it will create two Service, one for TCP and one for UDP.
+   single: true
+   type: LoadBalancer
+-  # Additional annotations applied to both TCP and UDP services (e.g. for cloud provider specific config)
++  # -- Additional annotations applied to both TCP and UDP services (e.g. for cloud provider specific config)
+   annotations: {}
+-  # Additional annotations for TCP service only
++  # -- Additional annotations for TCP service only
+   annotationsTCP: {}
+-  # Additional annotations for UDP service only
++  # -- Additional annotations for UDP service only
+   annotationsUDP: {}
+-  # Additional service labels (e.g. for filtering Service by custom labels)
++  # -- Additional service labels (e.g. for filtering Service by custom labels)
+   labels: {}
+-  # Additional entries here will be added to the service spec.
+-  # Cannot contain type, selector or ports entries.
++  # -- Additional entries here will be added to the service spec.
++  # -- Cannot contain type, selector or ports entries.
+   spec: {}
+     # externalTrafficPolicy: Cluster
+     # loadBalancerIP: "1.2.3.4"
+@@ -718,6 +722,8 @@ service:
+   loadBalancerSourceRanges: []
+     # - 192.168.0.1/32
+     # - 172.16.0.0/16
++  ## -- Class of the load balancer implementation
++  # loadBalancerClass: service.k8s.aws/nlb
+   externalIPs: []
+     # - 1.2.3.4
+   ## One of SingleStack, PreferDualStack, or RequireDualStack.
+@@ -728,7 +734,7 @@ service:
+   #   - IPv4
+   #   - IPv6
+   ##
+-  ## An additionnal and optional internal Service.
++  ## -- An additionnal and optional internal Service.
+   ## Same parameters as external Service
+   # internal:
+   #   type: ClusterIP
+@@ -739,9 +745,8 @@ service:
+   #   # externalIPs: []
+   #   # ipFamilies: [ "IPv4","IPv6" ]
+
+-## Create HorizontalPodAutoscaler object.
+-##
+ autoscaling:
++  # -- Create HorizontalPodAutoscaler object.
+   enabled: false
+ #   minReplicas: 1
+ #   maxReplicas: 10
+@@ -766,10 +771,10 @@ autoscaling:
+ #         value: 1
+ #         periodSeconds: 60
+
+-# Enable persistence using Persistent Volume Claims
+-# ref: http://kubernetes.io/docs/user-guide/persistent-volumes/
+-# It can be used to store TLS certificates, see `storage` in certResolvers
+ persistence:
++  # -- Enable persistence using Persistent Volume Claims
++  # ref: http://kubernetes.io/docs/user-guide/persistent-volumes/
++  # It can be used to store TLS certificates, see `storage` in certResolvers
+   enabled: false
+   name: data
+ #  existingClaim: ""
+@@ -779,8 +784,10 @@ persistence:
+   # volumeName: ""
+   path: /data
+   annotations: {}
+-  # subPath: "" # only mount a subpath of the Volume into the pod
++  # -- Only mount a subpath of the Volume into the pod
++  # subPath: ""
+
++# -- Certificates resolvers configuration
+ certResolvers: {}
+ #   letsencrypt:
+ #     # for challenge options cf. https://doc.traefik.io/traefik/https/acme/
+@@ -802,13 +809,13 @@ certResolvers: {}
+ #     # It has to match the path with a persistent volume
+ #     storage: /data/acme.json
+
+-# If hostNetwork is true, runs traefik in the host network namespace
++# -- If hostNetwork is true, runs traefik in the host network namespace
+ # To prevent unschedulabel pods due to port collisions, if hostNetwork=true
+ # and replicas>1, a pod anti-affinity is recommended and will be set if the
+ # affinity is left as default.
+ hostNetwork: false
+
+-# Whether Role Based Access Control objects like roles and rolebindings should be created
++# -- Whether Role Based Access Control objects like roles and rolebindings should be created
+ rbac:
+   enabled: true
+   # If set to false, installs ClusterRole and ClusterRoleBinding so Traefik can be used across namespaces.
+@@ -818,19 +825,20 @@ rbac:
+   # https://kubernetes.io/docs/reference/access-authn-authz/rbac/#user-facing-roles
+   # aggregateTo: [ "admin" ]
+
+-# Enable to create a PodSecurityPolicy and assign it to the Service Account via RoleBinding or ClusterRoleBinding
++# -- Enable to create a PodSecurityPolicy and assign it to the Service Account via RoleBinding or ClusterRoleBinding
+ podSecurityPolicy:
+   enabled: false
+
+-# The service account the pods will use to interact with the Kubernetes API
++# -- The service account the pods will use to interact with the Kubernetes API
+ serviceAccount:
+   # If set, an existing service account is used
+   # If not set, a service account is created automatically using the fullname template
+   name: ""
+
+-# Additional serviceAccount annotations (e.g. for oidc authentication)
++# -- Additional serviceAccount annotations (e.g. for oidc authentication)
+ serviceAccountAnnotations: {}
+
++# -- The resources parameter defines CPU and memory requirements and limits for Traefik's containers.
+ resources: {}
+   # requests:
+   #   cpu: "100m"
+@@ -839,8 +847,8 @@ resources: {}
+   #   cpu: "300m"
+   #   memory: "150Mi"
+
+-# This example pod anti-affinity forces the scheduler to put traefik pods
+-# on nodes where no other traefik pods are scheduled.
++# -- This example pod anti-affinity forces the scheduler to put traefik pods
++# -- on nodes where no other traefik pods are scheduled.
+ # It should be used when hostNetwork: true to prevent port conflicts
+ affinity: {}
+ #  podAntiAffinity:
+@@ -851,11 +859,15 @@ affinity: {}
+ #            app.kubernetes.io/instance: '{{ .Release.Name }}-{{ .Release.Namespace }}'
+ #        topologyKey: kubernetes.io/hostname
+
++# -- nodeSelector is the simplest recommended form of node selection constraint.
+ nodeSelector: {}
++# -- Tolerations allow the scheduler to schedule pods with matching taints.
+ tolerations: []
++# -- You can use topology spread constraints to control
++# how Pods are spread across your cluster among failure-domains.
+ topologySpreadConstraints: []
+-# # This example topologySpreadConstraints forces the scheduler to put traefik pods
+-# # on nodes where no other traefik pods are scheduled.
++# This example topologySpreadConstraints forces the scheduler to put traefik pods
++# on nodes where no other traefik pods are scheduled.
+ #  - labelSelector:
+ #      matchLabels:
+ #        app: '{{ template "traefik.name" . }}'
+@@ -863,29 +875,33 @@ topologySpreadConstraints: []
+ #    topologyKey: kubernetes.io/hostname
+ #    whenUnsatisfiable: DoNotSchedule
+
+-# Pods can have priority.
+-# Priority indicates the importance of a Pod relative to other Pods.
++# -- Pods can have priority.
++# -- Priority indicates the importance of a Pod relative to other Pods.
+ priorityClassName: ""
+
+-# Set the container security context
+-# To run the container with ports below 1024 this will need to be adjust to run as root
++# -- Set the container security context
++# -- To run the container with ports below 1024 this will need to be adjust to run as root
+ securityContext:
+   capabilities:
+     drop: [ALL]
+   readOnlyRootFilesystem: true
+
+ podSecurityContext:
+-#  # /!\ When setting fsGroup, Kubernetes will recursively changes ownership and
+-#  # permissions for the contents of each volume to match the fsGroup. This can
+-#  # be an issue when storing sensitive content like TLS Certificates /!\
+-#  fsGroup: 65532
++  # /!\ When setting fsGroup, Kubernetes will recursively changes ownership and
++  # permissions for the contents of each volume to match the fsGroup. This can
++  # be an issue when storing sensitive content like TLS Certificates /!\
++  # fsGroup: 65532
++  # -- Specifies the policy for changing ownership and permissions of volume contents to match the fsGroup.
+   fsGroupChangePolicy: "OnRootMismatch"
++  # -- The ID of the group for all containers in the pod to run as.
+   runAsGroup: 65532
++  # -- Specifies whether the containers should run as a non-root user.
+   runAsNonRoot: true
++  # -- The ID of the user for all containers in the pod to run as.
+   runAsUser: 65532
+
+ #
+-# Extra objects to deploy (value evaluated as a template)
++# -- Extra objects to deploy (value evaluated as a template)
+ #
+ # In some cases, it can avoid the need for additional, extended or adhoc deployments.
+ # See #595 for more details and traefik/tests/values/extra.yaml for example.
+@@ -895,5 +911,5 @@ extraObjects: []
+ # It will not affect optional CRDs such as `ServiceMonitor` and `PrometheusRules`
+ # namespaceOverride: traefik
+ #
+-## This will override the default app.kubernetes.io/instance label for all Objects.
++## -- This will override the default app.kubernetes.io/instance label for all Objects.
+ # instanceLabelOverride: traefik
+```
+
+## 23.0.1  ![AppVersion: v2.10.1](https://img.shields.io/static/v1?label=AppVersion&message=v2.10.1&color=success&logo=) ![Kubernetes: >=1.16.0-0](https://img.shields.io/static/v1?label=Kubernetes&message=%3E%3D1.16.0-0&color=informational&logo=kubernetes) ![Helm: v3](https://img.shields.io/static/v1?label=Helm&message=v3&color=informational&logo=helm)
+
+**Release date:** 2023-04-28
+
+* fix: ⬆️ Upgrade traefik Docker tag to v2.10.1
+
+
+## 23.0.0  ![AppVersion: v2.10.0](https://img.shields.io/static/v1?label=AppVersion&message=v2.10.0&color=success&logo=) ![Kubernetes: >=1.16.0-0](https://img.shields.io/static/v1?label=Kubernetes&message=%3E%3D1.16.0-0&color=informational&logo=kubernetes) ![Helm: v3](https://img.shields.io/static/v1?label=Helm&message=v3&color=informational&logo=helm)
+
+**Release date:** 2023-04-26
+
+* BREAKING CHANGE: Traefik 2.10 comes with CRDs update on API Group
+
+
+## 22.3.0  ![AppVersion: v2.10.0](https://img.shields.io/static/v1?label=AppVersion&message=v2.10.0&color=success&logo=) ![Kubernetes: >=1.16.0-0](https://img.shields.io/static/v1?label=Kubernetes&message=%3E%3D1.16.0-0&color=informational&logo=kubernetes) ![Helm: v3](https://img.shields.io/static/v1?label=Helm&message=v3&color=informational&logo=helm)
+
+**Release date:** 2023-04-25
+
+* ⬆️ Upgrade traefik Docker tag to v2.10.0
+* fix: 🐛 update rbac for both traefik.io and containo.us apigroups (#836)
+* breaking: 💥 update CRDs needed for Traefik v2.10
+
+
+## 22.2.0  ![AppVersion: v2.9.10](https://img.shields.io/static/v1?label=AppVersion&message=v2.9.10&color=success&logo=) ![Kubernetes: >=1.16.0-0](https://img.shields.io/static/v1?label=Kubernetes&message=%3E%3D1.16.0-0&color=informational&logo=kubernetes) ![Helm: v3](https://img.shields.io/static/v1?label=Helm&message=v3&color=informational&logo=helm)
+
+**Release date:** 2023-04-24
+
+* test: 👷 Update unit tests tooling
+* fix: 🐛 annotations leaking between aliased subcharts
+* fix: indentation on `TLSOption`
+* feat: override container port
+* feat: allow to set dnsConfig on pod template
+* chore: 🔧 new release
+* added targetPort support
+
+### Default value changes
+
+```diff
+diff --git a/traefik/values.yaml b/traefik/values.yaml
+index 9ece303..71273cc 100644
+--- a/traefik/values.yaml
++++ b/traefik/values.yaml
+@@ -82,6 +82,16 @@ deployment:
+   shareProcessNamespace: false
+   # Custom pod DNS policy. Apply if `hostNetwork: true`
+   # dnsPolicy: ClusterFirstWithHostNet
++  dnsConfig: {}
++    # nameservers:
++    #   - 192.0.2.1 # this is an example
++    # searches:
++    #   - ns1.svc.cluster-domain.example
++    #   - my.dns.search.suffix
++    # options:
++    #   - name: ndots
++    #     value: "2"
++    #   - name: edns0
+   # Additional imagePullSecrets
+   imagePullSecrets: []
+     # - name: myRegistryKeySecretName
+@@ -561,8 +571,11 @@ ports:
+     # asDefault: true
+     port: 8000
+     # hostPort: 8000
++    # containerPort: 8000
+     expose: true
+     exposedPort: 80
++    ## Different target traefik port on the cluster, useful for IP type LB
++    # targetPort: 80
+     # The port protocol (TCP/UDP)
+     protocol: TCP
+     # Use nodeport if set. This is useful if you have configured Traefik in a
+@@ -587,8 +600,11 @@ ports:
+     # asDefault: true
+     port: 8443
+     # hostPort: 8443
++    # containerPort: 8443
+     expose: true
+     exposedPort: 443
++    ## Different target traefik port on the cluster, useful for IP type LB
++    # targetPort: 80
+     ## The port protocol (TCP/UDP)
+     protocol: TCP
+     # nodePort: 32443
+```
+
+## 22.1.0  ![AppVersion: v2.9.10](https://img.shields.io/static/v1?label=AppVersion&message=v2.9.10&color=success&logo=) ![Kubernetes: >=1.16.0-0](https://img.shields.io/static/v1?label=Kubernetes&message=%3E%3D1.16.0-0&color=informational&logo=kubernetes) ![Helm: v3](https://img.shields.io/static/v1?label=Helm&message=v3&color=informational&logo=helm)
+
+**Release date:** 2023-04-07
+
+* ⬆️ Upgrade traefik Docker tag to v2.9.10
+* feat: add additional labels to tlsoption
+
+### Default value changes
+
+```diff
+diff --git a/traefik/values.yaml b/traefik/values.yaml
+index 4762b77..9ece303 100644
+--- a/traefik/values.yaml
++++ b/traefik/values.yaml
+@@ -654,12 +654,15 @@ ports:
+
+ # TLS Options are created as TLSOption CRDs
+ # https://doc.traefik.io/traefik/https/tls/#tls-options
++# When using `labelSelector`, you'll need to set labels on tlsOption accordingly.
+ # Example:
+ # tlsOptions:
+ #   default:
++#     labels: {}
+ #     sniStrict: true
+ #     preferServerCipherSuites: true
+-#   foobar:
++#   customOptions:
++#     labels: {}
+ #     curvePreferences:
+ #       - CurveP521
+ #       - CurveP384
+```
+
+## 22.0.0  ![AppVersion: v2.9.9](https://img.shields.io/static/v1?label=AppVersion&message=v2.9.9&color=success&logo=) ![Kubernetes: >=1.16.0-0](https://img.shields.io/static/v1?label=Kubernetes&message=%3E%3D1.16.0-0&color=informational&logo=kubernetes) ![Helm: v3](https://img.shields.io/static/v1?label=Helm&message=v3&color=informational&logo=helm)
+
+**Release date:** 2023-03-29
+
+* BREAKING CHANGE: `image.repository` introduction may break during the upgrade. See PR #802.
+
+
+## 21.2.1  ![AppVersion: v2.9.9](https://img.shields.io/static/v1?label=AppVersion&message=v2.9.9&color=success&logo=) ![Kubernetes: >=1.16.0-0](https://img.shields.io/static/v1?label=Kubernetes&message=%3E%3D1.16.0-0&color=informational&logo=kubernetes) ![Helm: v3](https://img.shields.io/static/v1?label=Helm&message=v3&color=informational&logo=helm)
+
+**Release date:** 2023-03-28
+
+* 🎨 Introduce `image.registry` and add explicit default (it may impact custom `image.repository`)
+* ⬆️ Upgrade traefik Docker tag to v2.9.9
+* :memo: Clarify the need of an initContainer when enabling persistence for TLS Certificates
+
+### Default value changes
+
+```diff
+diff --git a/traefik/values.yaml b/traefik/values.yaml
+index cadc7a6..4762b77 100644
+--- a/traefik/values.yaml
++++ b/traefik/values.yaml
+@@ -1,5 +1,6 @@
+ # Default values for Traefik
+ image:
++  registry: docker.io
+   repository: traefik
+   # defaults to appVersion
+   tag: ""
+@@ -66,10 +67,14 @@ deployment:
+   # Additional initContainers (e.g. for setting file permission as shown below)
+   initContainers: []
+     # The "volume-permissions" init container is required if you run into permission issues.
+-    # Related issue: https://github.com/traefik/traefik/issues/6825
++    # Related issue: https://github.com/traefik/traefik-helm-chart/issues/396
+     # - name: volume-permissions
+-    #   image: busybox:1.35
+-    #   command: ["sh", "-c", "touch /data/acme.json && chmod -Rv 600 /data/* && chown 65532:65532 /data/acme.json"]
++    #   image: busybox:latest
++    #   command: ["sh", "-c", "touch /data/acme.json; chmod -v 600 /data/acme.json"]
++    #   securityContext:
++    #     runAsNonRoot: true
++    #     runAsGroup: 65532
++    #     runAsUser: 65532
+     #   volumeMounts:
+     #     - name: data
+     #       mountPath: /data
+@@ -849,13 +854,17 @@ securityContext:
+   capabilities:
+     drop: [ALL]
+   readOnlyRootFilesystem: true
++
++podSecurityContext:
++#  # /!\ When setting fsGroup, Kubernetes will recursively changes ownership and
++#  # permissions for the contents of each volume to match the fsGroup. This can
++#  # be an issue when storing sensitive content like TLS Certificates /!\
++#  fsGroup: 65532
++  fsGroupChangePolicy: "OnRootMismatch"
+   runAsGroup: 65532
+   runAsNonRoot: true
+   runAsUser: 65532
+
+-podSecurityContext:
+-  fsGroup: 65532
+-
+ #
+ # Extra objects to deploy (value evaluated as a template)
+ #
+```
+
+## 21.2.0  ![AppVersion: v2.9.8](https://img.shields.io/static/v1?label=AppVersion&message=v2.9.8&color=success&logo=) ![Kubernetes: >=1.16.0-0](https://img.shields.io/static/v1?label=Kubernetes&message=%3E%3D1.16.0-0&color=informational&logo=kubernetes) ![Helm: v3](https://img.shields.io/static/v1?label=Helm&message=v3&color=informational&logo=helm)
+
+**Release date:** 2023-03-08
+
+* 🚨 Fail when enabling PSP on Kubernetes v1.25+ (#801)
+* ⬆️ Upgrade traefik Docker tag to v2.9.8
+* Separate UDP hostPort for HTTP/3
+* :sparkles: release 21.2.0 (#805)
+
+
+## 21.1.0  ![AppVersion: v2.9.7](https://img.shields.io/static/v1?label=AppVersion&message=v2.9.7&color=success&logo=) ![Kubernetes: >=1.16.0-0](https://img.shields.io/static/v1?label=Kubernetes&message=%3E%3D1.16.0-0&color=informational&logo=kubernetes) ![Helm: v3](https://img.shields.io/static/v1?label=Helm&message=v3&color=informational&logo=helm)
+
+**Release date:** 2023-02-15
+
+* ⬆️ Upgrade traefik Docker tag to v2.9.7
+* ✨ release 21.1.0
+* fix: traefik image name for renovate
+* feat: Add volumeName to PersistentVolumeClaim (#792)
+* Allow setting TLS options on dashboard IngressRoute
+
+### Default value changes
+
+```diff
+diff --git a/traefik/values.yaml b/traefik/values.yaml
+index 780b04b..cadc7a6 100644
+--- a/traefik/values.yaml
++++ b/traefik/values.yaml
+@@ -142,6 +142,8 @@ ingressRoute:
+     entryPoints: ["traefik"]
+     # Additional ingressRoute middlewares (e.g. for authentication)
+     middlewares: []
++    # TLS options (e.g. secret containing certificate)
++    tls: {}
+
+ # Customize updateStrategy of traefik pods
+ updateStrategy:
+@@ -750,6 +752,7 @@ persistence:
+   accessMode: ReadWriteOnce
+   size: 128Mi
+   # storageClass: ""
++  # volumeName: ""
+   path: /data
+   annotations: {}
+   # subPath: "" # only mount a subpath of the Volume into the pod
+```
+
+## 21.0.0  ![AppVersion: v2.9.6](https://img.shields.io/static/v1?label=AppVersion&message=v2.9.6&color=success&logo=) ![Kubernetes: >=1.16.0-0](https://img.shields.io/static/v1?label=Kubernetes&message=%3E%3D1.16.0-0&color=informational&logo=kubernetes) ![Helm: v3](https://img.shields.io/static/v1?label=Helm&message=v3&color=informational&logo=helm)
+
+**Release date:** 2023-02-10
+
+* 🙈 Add a setting disable API check on Prometheus Operator (#769)
+* 📝 Improve documentation on entrypoint options
+* 💥 New release with BREAKING changes (#786)
+* ✨ Chart.yaml - add kubeVersion: ">=1.16.0-0"
+* fix: allowExternalNameServices for kubernetes ingress when hub enabled (#772)
+* fix(service-metrics): invert prometheus svc & fullname length checking
+* Configure Renovate (#783)
+* :necktie: Improve labels settings behavior on metrics providers (#774)
+* :bug: Disabling dashboard ingressroute should delete it (#785)
+* :boom: Rename image.name => image.repository (#784)
+
+### Default value changes
+
+```diff
+diff --git a/traefik/values.yaml b/traefik/values.yaml
+index 42a27f9..780b04b 100644
+--- a/traefik/values.yaml
++++ b/traefik/values.yaml
+@@ -1,6 +1,6 @@
+ # Default values for Traefik
+ image:
+-  name: traefik
++  repository: traefik
+   # defaults to appVersion
+   tag: ""
+   pullPolicy: IfNotPresent
+@@ -396,6 +396,8 @@ metrics:
+   #    enabled: false
+   #    labels: {}
+   #    annotations: {}
++  ## When set to true, it won't check if Prometheus Operator CRDs are deployed
++  #  disableAPICheck: false
+   #  serviceMonitor:
+   #    metricRelabelings: []
+   #      - sourceLabels: [__name__]
+@@ -580,7 +582,7 @@ ports:
+     # hostPort: 8443
+     expose: true
+     exposedPort: 443
+-    # The port protocol (TCP/UDP)
++    ## The port protocol (TCP/UDP)
+     protocol: TCP
+     # nodePort: 32443
+     #
+@@ -594,6 +596,16 @@ ports:
+       enabled: false
+     # advertisedPort: 4443
+     #
++    ## Trust forwarded  headers information (X-Forwarded-*).
++    #forwardedHeaders:
++    #  trustedIPs: []
++    #  insecure: false
++    #
++    ## Enable the Proxy Protocol header parsing for the entry point
++    #proxyProtocol:
++    #  trustedIPs: []
++    #  insecure: false
++    #
+     ## Set TLS at the entrypoint
+     ## https://doc.traefik.io/traefik/routing/entrypoints/#tls
+     tls:
+@@ -607,16 +619,6 @@ ports:
+       #     - foo.example.com
+       #     - bar.example.com
+     #
+-    # Trust forwarded  headers information (X-Forwarded-*).
+-    # forwardedHeaders:
+-    #   trustedIPs: []
+-    #   insecure: false
+-    #
+-    # Enable the Proxy Protocol header parsing for the entry point
+-    # proxyProtocol:
+-    #   trustedIPs: []
+-    #   insecure: false
+-    #
+     # One can apply Middlewares on an entrypoint
+     # https://doc.traefik.io/traefik/middlewares/overview/
+     # https://doc.traefik.io/traefik/routing/entrypoints/#middlewares
+```
+
+## 20.8.0  ![AppVersion: v2.9.6](https://img.shields.io/static/v1?label=AppVersion&message=v2.9.6&color=success&logo=) ![Helm: v3](https://img.shields.io/static/v1?label=Helm&message=v3&color=informational&logo=helm)
+
+**Release date:** 2022-12-09
+
+* ✨ update chart to version 20.8.0
+* ✨ add support for default entrypoints
+* ✨ add support for OpenTelemetry and Traefik v3
+
+### Default value changes
+
+```diff
+diff --git a/traefik/values.yaml b/traefik/values.yaml
+index b77539d..42a27f9 100644
+--- a/traefik/values.yaml
++++ b/traefik/values.yaml
+@@ -107,6 +107,8 @@ ingressClass:
+
+ # Enable experimental features
+ experimental:
++  v3:
++    enabled: false
+   plugins:
+     enabled: false
+   kubernetesGateway:
+@@ -347,7 +349,43 @@ metrics:
+ #    # addRoutersLabels: true
+ #    ## Enable metrics on services. Default=true
+ #    # addServicesLabels: false
+-
++#  openTelemetry:
++#    ## Address of the OpenTelemetry Collector to send metrics to.
++#    address: "localhost:4318"
++#    ## Enable metrics on entry points.
++#    addEntryPointsLabels: true
++#    ## Enable metrics on routers.
++#    addRoutersLabels: true
++#    ## Enable metrics on services.
++#    addServicesLabels: true
++#    ## Explicit boundaries for Histogram data points.
++#    explicitBoundaries:
++#      - "0.1"
++#      - "0.3"
++#      - "1.2"
++#      - "5.0"
++#    ## Additional headers sent with metrics by the reporter to the OpenTelemetry Collector.
++#    headers:
++#      foo: bar
++#      test: test
++#    ## Allows reporter to send metrics to the OpenTelemetry Collector without using a secured protocol.
++#    insecure: true
++#    ## Interval at which metrics are sent to the OpenTelemetry Collector.
++#    pushInterval: 10s
++#    ## Allows to override the default URL path used for sending metrics. This option has no effect when using gRPC transport.
++#    path: /foo/v1/traces
++#    ## Defines the TLS configuration used by the reporter to send metrics to the OpenTelemetry Collector.
++#    tls:
++#      ## The path to the certificate authority, it defaults to the system bundle.
++#      ca: path/to/ca.crt
++#      ## The path to the public certificate. When using this option, setting the key option is required.
++#      cert: path/to/foo.cert
++#      ## The path to the private key. When using this option, setting the cert option is required.
++#      key: path/to/key.key
++#      ## If set to true, the TLS connection accepts any certificate presented by the server regardless of the hostnames it covers.
++#      insecureSkipVerify: true
++#    ## This instructs the reporter to send metrics to the OpenTelemetry Collector using gRPC.
++#    grpc: true
+
+ ##
+ ##  enable optional CRDs for Prometheus Operator
+@@ -510,6 +548,8 @@ ports:
+     # The port protocol (TCP/UDP)
+     protocol: TCP
+   web:
++    ## Enable this entrypoint as a default entrypoint. When a service doesn't explicity set an entrypoint it will only use this entrypoint.
++    # asDefault: true
+     port: 8000
+     # hostPort: 8000
+     expose: true
+@@ -534,6 +574,8 @@ ports:
+     #   trustedIPs: []
+     #   insecure: false
+   websecure:
++    ## Enable this entrypoint as a default entrypoint. When a service doesn't explicity set an entrypoint it will only use this entrypoint.
++    # asDefault: true
+     port: 8443
+     # hostPort: 8443
+     expose: true
+```
+
+## 20.7.0  ![AppVersion: v2.9.6](https://img.shields.io/static/v1?label=AppVersion&message=v2.9.6&color=success&logo=) ![Helm: v3](https://img.shields.io/static/v1?label=Helm&message=v3&color=informational&logo=helm)
+
+**Release date:** 2022-12-08
+
+* 🐛 Don't fail when prometheus is disabled (#756)
+* ⬆️  Update default Traefik release to v2.9.6 (#758)
+* ✨ support for Gateway annotations
+* add keywords [networking], for artifacthub category quering
+* :bug: Fix typo on bufferingSize for access logs (#753)
+* :adhesive_bandage: Add quotes for artifacthub changelog parsing (#748)
+
+### Default value changes
+
+```diff
+diff --git a/traefik/values.yaml b/traefik/values.yaml
+index 4f2fb2a..b77539d 100644
+--- a/traefik/values.yaml
++++ b/traefik/values.yaml
+@@ -120,6 +120,9 @@ experimental:
+     # By default, Gateway would be created to the Namespace you are deploying Traefik to.
+     # You may create that Gateway in another namespace, setting its name below:
+     # namespace: default
++    # Additional gateway annotations (e.g. for cert-manager.io/issuer)
++    # annotations:
++    #   cert-manager.io/issuer: letsencrypt
+
+ # Create an IngressRoute for the dashboard
+ ingressRoute:
+@@ -219,7 +222,8 @@ logs:
+     # By default, the logs use a text format (common), but you can
+     # also ask for the json format in the format option
+     # format: json
+-    # By default, the level is set to ERROR. Alternative logging levels are DEBUG, PANIC, FATAL, ERROR, WARN, and INFO.
++    # By default, the level is set to ERROR.
++    # Alternative logging levels are DEBUG, PANIC, FATAL, ERROR, WARN, and INFO.
+     level: ERROR
+   access:
+     # To enable access logs
+```
+
+## 20.6.0  ![AppVersion: v2.9.5](https://img.shields.io/static/v1?label=AppVersion&message=v2.9.5&color=success&logo=) ![Helm: v3](https://img.shields.io/static/v1?label=Helm&message=v3&color=informational&logo=helm)
+
+**Release date:** 2022-11-30
+
+* 🔍️ Add filePath support on access logs (#747)
+* :memo: Improve documentation on using PVC with TLS certificates
+* :bug: Add missing scheme in help on Traefik Hub integration (#746)
+
+### Default value changes
+
+```diff
+diff --git a/traefik/values.yaml b/traefik/values.yaml
+index 15f1682..4f2fb2a 100644
+--- a/traefik/values.yaml
++++ b/traefik/values.yaml
+@@ -211,10 +211,10 @@ additionalVolumeMounts: []
+   # - name: traefik-logs
+   #   mountPath: /var/log/traefik
+
+-# Logs
+-# https://docs.traefik.io/observability/logs/
++## Logs
++## https://docs.traefik.io/observability/logs/
+ logs:
+-  # Traefik logs concern everything that happens to Traefik itself (startup, configuration, events, shutdown, and so on).
++  ## Traefik logs concern everything that happens to Traefik itself (startup, configuration, events, shutdown, and so on).
+   general:
+     # By default, the logs use a text format (common), but you can
+     # also ask for the json format in the format option
+@@ -224,31 +224,32 @@ logs:
+   access:
+     # To enable access logs
+     enabled: false
+-    # By default, logs are written using the Common Log Format (CLF).
+-    # To write logs in JSON, use json in the format option.
+-    # If the given format is unsupported, the default (CLF) is used instead.
++    ## By default, logs are written using the Common Log Format (CLF) on stdout.
++    ## To write logs in JSON, use json in the format option.
++    ## If the given format is unsupported, the default (CLF) is used instead.
+     # format: json
+-    # To write the logs in an asynchronous fashion, specify a bufferingSize option.
+-    # This option represents the number of log lines Traefik will keep in memory before writing
+-    # them to the selected output. In some cases, this option can greatly help performances.
++    # filePath: "/var/log/traefik/access.log
++    ## To write the logs in an asynchronous fashion, specify a bufferingSize option.
++    ## This option represents the number of log lines Traefik will keep in memory before writing
++    ## them to the selected output. In some cases, this option can greatly help performances.
+     # bufferingSize: 100
+-    # Filtering https://docs.traefik.io/observability/access-logs/#filtering
++    ## Filtering https://docs.traefik.io/observability/access-logs/#filtering
+     filters: {}
+       # statuscodes: "200,300-302"
+       # retryattempts: true
+       # minduration: 10ms
+-    # Fields
+-    # https://docs.traefik.io/observability/access-logs/#limiting-the-fieldsincluding-headers
++    ## Fields
++    ## https://docs.traefik.io/observability/access-logs/#limiting-the-fieldsincluding-headers
+     fields:
+       general:
+         defaultmode: keep
+         names: {}
+-          # Examples:
++          ## Examples:
+           # ClientUsername: drop
+       headers:
+         defaultmode: drop
+         names: {}
+-          # Examples:
++          ## Examples:
+           # User-Agent: redact
+           # Authorization: drop
+           # Content-Type: keep
+@@ -693,10 +694,7 @@ autoscaling:
+
+ # Enable persistence using Persistent Volume Claims
+ # ref: http://kubernetes.io/docs/user-guide/persistent-volumes/
+-# After the pvc has been mounted, add the configs into traefik by using the `additionalArguments` list below, eg:
+-# additionalArguments:
+-# - "--certificatesresolvers.le.acme.storage=/data/acme.json"
+-# It will persist TLS certificates.
++# It can be used to store TLS certificates, see `storage` in certResolvers
+ persistence:
+   enabled: false
+   name: data
+@@ -726,7 +724,7 @@ certResolvers: {}
+ #     tlsChallenge: true
+ #     httpChallenge:
+ #       entryPoint: "web"
+-#     # match the path to persistence
++#     # It has to match the path with a persistent volume
+ #     storage: /data/acme.json
+
+ # If hostNetwork is true, runs traefik in the host network namespace
+```
+
+## 20.5.3  ![AppVersion: v2.9.5](https://img.shields.io/static/v1?label=AppVersion&message=v2.9.5&color=success&logo=) ![Helm: v3](https://img.shields.io/static/v1?label=Helm&message=v3&color=informational&logo=helm)
+
+**Release date:** 2022-11-25
+
+* 🐛 Fix template issue with obsolete helm version + add helm version requirement (#743)
+
+
+## 20.5.2  ![AppVersion: v2.9.5](https://img.shields.io/static/v1?label=AppVersion&message=v2.9.5&color=success&logo=) ![Helm: v3](https://img.shields.io/static/v1?label=Helm&message=v3&color=informational&logo=helm)
+
+**Release date:** 2022-11-24
+
+* ⬆️Update Traefik to v2.9.5 (#740)
+
+
+## 20.5.1  ![AppVersion: v2.9.4](https://img.shields.io/static/v1?label=AppVersion&message=v2.9.4&color=success&logo=) ![Helm: v3](https://img.shields.io/static/v1?label=Helm&message=v3&color=informational&logo=helm)
+
+**Release date:** 2022-11-23
+
+* 🐛 Fix namespaceSelector on ServiceMonitor (#737)
+
+
+## 20.5.0  ![AppVersion: v2.9.4](https://img.shields.io/static/v1?label=AppVersion&message=v2.9.4&color=success&logo=) ![Helm: v3](https://img.shields.io/static/v1?label=Helm&message=v3&color=informational&logo=helm)
+
+**Release date:** 2022-11-23
+
+* 🚀 Add complete support on metrics options (#735)
+* 🐛 make tests use fixed version
+
+### Default value changes
+
+```diff
+diff --git a/traefik/values.yaml b/traefik/values.yaml
+index e49d02d..15f1682 100644
+--- a/traefik/values.yaml
++++ b/traefik/values.yaml
+@@ -12,7 +12,7 @@ hub:
+   ## Enabling Hub will:
+   # * enable Traefik Hub integration on Traefik
+   # * add `traefikhub-tunl` endpoint
+-  # * enable addRoutersLabels on prometheus metrics
++  # * enable Prometheus metrics with addRoutersLabels
+   # * enable allowExternalNameServices on KubernetesIngress provider
+   # * enable allowCrossNamespace on KubernetesCRD provider
+   # * add an internal (ClusterIP) Service, dedicated for Traefik Hub
+@@ -254,16 +254,96 @@ logs:
+           # Content-Type: keep
+
+ metrics:
+-  # datadog:
+-  #   address: 127.0.0.1:8125
+-  # influxdb:
+-  #   address: localhost:8089
+-  #   protocol: udp
++  ## Prometheus is enabled by default.
++  ## It can be disabled by setting "prometheus: null"
+   prometheus:
++    ## Entry point used to expose metrics.
+     entryPoint: metrics
+-  #  addRoutersLabels: true
+-  #  statsd:
+-  #    address: localhost:8125
++    ## Enable metrics on entry points. Default=true
++    # addEntryPointsLabels: false
++    ## Enable metrics on routers. Default=false
++    # addRoutersLabels: true
++    ## Enable metrics on services. Default=true
++    # addServicesLabels: false
++    ## Buckets for latency metrics. Default="0.1,0.3,1.2,5.0"
++    # buckets: "0.5,1.0,2.5"
++    ## When manualRouting is true, it disables the default internal router in
++    ## order to allow creating a custom router for prometheus@internal service.
++    # manualRouting: true
++#  datadog:
++#    ## Address instructs exporter to send metrics to datadog-agent at this address.
++#    address: "127.0.0.1:8125"
++#    ## The interval used by the exporter to push metrics to datadog-agent. Default=10s
++#    # pushInterval: 30s
++#    ## The prefix to use for metrics collection. Default="traefik"
++#    # prefix: traefik
++#    ## Enable metrics on entry points. Default=true
++#    # addEntryPointsLabels: false
++#    ## Enable metrics on routers. Default=false
++#    # addRoutersLabels: true
++#    ## Enable metrics on services. Default=true
++#    # addServicesLabels: false
++#  influxdb:
++#    ## Address instructs exporter to send metrics to influxdb at this address.
++#    address: localhost:8089
++#    ## InfluxDB's address protocol (udp or http). Default="udp"
++#    protocol: udp
++#    ## InfluxDB database used when protocol is http. Default=""
++#    # database: ""
++#    ## InfluxDB retention policy used when protocol is http. Default=""
++#    # retentionPolicy: ""
++#    ## InfluxDB username (only with http). Default=""
++#    # username: ""
++#    ## InfluxDB password (only with http). Default=""
++#    # password: ""
++#    ## The interval used by the exporter to push metrics to influxdb. Default=10s
++#    # pushInterval: 30s
++#    ## Additional labels (influxdb tags) on all metrics.
++#    # additionalLabels:
++#    #   env: production
++#    #   foo: bar
++#    ## Enable metrics on entry points. Default=true
++#    # addEntryPointsLabels: false
++#    ## Enable metrics on routers. Default=false
++#    # addRoutersLabels: true
++#    ## Enable metrics on services. Default=true
++#    # addServicesLabels: false
++#  influxdb2:
++#    ## Address instructs exporter to send metrics to influxdb v2 at this address.
++#    address: localhost:8086
++#    ## Token with which to connect to InfluxDB v2.
++#    token: xxx
++#    ## Organisation where metrics will be stored.
++#    org: ""
++#    ## Bucket where metrics will be stored.
++#    bucket: ""
++#    ## The interval used by the exporter to push metrics to influxdb. Default=10s
++#    # pushInterval: 30s
++#    ## Additional labels (influxdb tags) on all metrics.
++#    # additionalLabels:
++#    #   env: production
++#    #   foo: bar
++#    ## Enable metrics on entry points. Default=true
++#    # addEntryPointsLabels: false
++#    ## Enable metrics on routers. Default=false
++#    # addRoutersLabels: true
++#    ## Enable metrics on services. Default=true
++#    # addServicesLabels: false
++#  statsd:
++#    ## Address instructs exporter to send metrics to statsd at this address.
++#    address: localhost:8125
++#    ## The interval used by the exporter to push metrics to influxdb. Default=10s
++#    # pushInterval: 30s
++#    ## The prefix to use for metrics collection. Default="traefik"
++#    # prefix: traefik
++#    ## Enable metrics on entry points. Default=true
++#    # addEntryPointsLabels: false
++#    ## Enable metrics on routers. Default=false
++#    # addRoutersLabels: true
++#    ## Enable metrics on services. Default=true
++#    # addServicesLabels: false
++
++
+ ##
+ ##  enable optional CRDs for Prometheus Operator
+ ##
+```
+
+## 20.4.1  ![AppVersion: v2.9.4](https://img.shields.io/static/v1?label=AppVersion&message=v2.9.4&color=success&logo=) ![Helm: v3](https://img.shields.io/static/v1?label=Helm&message=v3&color=informational&logo=helm)
+
+**Release date:** 2022-11-21
+
+* 🐛 fix namespace references to support namespaceOverride
+
+
+## 20.4.0  ![AppVersion: v2.9.4](https://img.shields.io/static/v1?label=AppVersion&message=v2.9.4&color=success&logo=) ![Helm: v3](https://img.shields.io/static/v1?label=Helm&message=v3&color=informational&logo=helm)
+
+**Release date:** 2022-11-21
+
+* Add (optional) dedicated metrics service (#727)
+
+### Default value changes
+
+```diff
+diff --git a/traefik/values.yaml b/traefik/values.yaml
+index ca15f6a..e49d02d 100644
+--- a/traefik/values.yaml
++++ b/traefik/values.yaml
+@@ -267,6 +267,12 @@ metrics:
+ ##
+ ##  enable optional CRDs for Prometheus Operator
+ ##
++  ## Create a dedicated metrics service for use with ServiceMonitor
++  ## When hub.enabled is set to true, it's not needed: it will use hub service.
++  #  service:
++  #    enabled: false
++  #    labels: {}
++  #    annotations: {}
+   #  serviceMonitor:
+   #    metricRelabelings: []
+   #      - sourceLabels: [__name__]
+```
+
+## 20.3.1  ![AppVersion: v2.9.4](https://img.shields.io/static/v1?label=AppVersion&message=v2.9.4&color=success&logo=) ![Helm: v3](https://img.shields.io/static/v1?label=Helm&message=v3&color=informational&logo=helm)
+
+**Release date:** 2022-11-21
+
+* 🐛 Fix namespace override which was missing on `ServiceAccount` (#731)
+
+
+## 20.3.0  ![AppVersion: v2.9.4](https://img.shields.io/static/v1?label=AppVersion&message=v2.9.4&color=success&logo=) ![Helm: v3](https://img.shields.io/static/v1?label=Helm&message=v3&color=informational&logo=helm)
+
+**Release date:** 2022-11-17
+
+* Add overwrite option for instance label value (#725)
+
+### Default value changes
+
+```diff
+diff --git a/traefik/values.yaml b/traefik/values.yaml
+index c7f84a7..ca15f6a 100644
+--- a/traefik/values.yaml
++++ b/traefik/values.yaml
+@@ -731,3 +731,6 @@ extraObjects: []
+ # This will override the default Release Namespace for Helm.
+ # It will not affect optional CRDs such as `ServiceMonitor` and `PrometheusRules`
+ # namespaceOverride: traefik
++#
++## This will override the default app.kubernetes.io/instance label for all Objects.
++# instanceLabelOverride: traefik
+```
+
+## 20.2.1  ![AppVersion: v2.9.4](https://img.shields.io/static/v1?label=AppVersion&message=v2.9.4&color=success&logo=) ![Helm: v3](https://img.shields.io/static/v1?label=Helm&message=v3&color=informational&logo=helm)
+
+**Release date:** 2022-11-17
+
+* 🙈 do not namespace ingress class (#723)
+* ✨ copy LICENSE and README.md on release
+
+
+## 20.2.0  ![AppVersion: v2.9.4](https://img.shields.io/static/v1?label=AppVersion&message=v2.9.4&color=success&logo=) ![Helm: v3](https://img.shields.io/static/v1?label=Helm&message=v3&color=informational&logo=helm)
+
+**Release date:** 2022-11-15
+
+* ✨ add support for namespace overrides (#718)
+* Document recent changes in the README (#717)
+
+### Default value changes
+
+```diff
+diff --git a/traefik/values.yaml b/traefik/values.yaml
+index 97a1b71..c7f84a7 100644
+--- a/traefik/values.yaml
++++ b/traefik/values.yaml
+@@ -725,5 +725,9 @@ podSecurityContext:
+ # Extra objects to deploy (value evaluated as a template)
+ #
+ # In some cases, it can avoid the need for additional, extended or adhoc deployments.
+-# See #595 for more details and traefik/tests/extra.yaml for example.
++# See #595 for more details and traefik/tests/values/extra.yaml for example.
+ extraObjects: []
++
++# This will override the default Release Namespace for Helm.
++# It will not affect optional CRDs such as `ServiceMonitor` and `PrometheusRules`
++# namespaceOverride: traefik
+```
+
+## 20.1.1  ![AppVersion: v2.9.4](https://img.shields.io/static/v1?label=AppVersion&message=v2.9.4&color=success&logo=) ![Helm: v3](https://img.shields.io/static/v1?label=Helm&message=v3&color=informational&logo=helm)
+
+**Release date:** 2022-11-10
+
+* fix: use consistent appVersion with Traefik Proxy
+
+
+## 20.1.0  ![AppVersion: 2.9.4](https://img.shields.io/static/v1?label=AppVersion&message=2.9.4&color=success&logo=) ![Helm: v3](https://img.shields.io/static/v1?label=Helm&message=v3&color=informational&logo=helm)
+
+**Release date:** 2022-11-09
+
+* 🔧 Adds more settings for dashboard ingressRoute (#710)
+* 🐛 fix chart releases
+
+### Default value changes
+
+```diff
+diff --git a/traefik/values.yaml b/traefik/values.yaml
+index 2ec3736..97a1b71 100644
+--- a/traefik/values.yaml
++++ b/traefik/values.yaml
+@@ -129,10 +129,14 @@ ingressRoute:
+     annotations: {}
+     # Additional ingressRoute labels (e.g. for filtering IngressRoute by custom labels)
+     labels: {}
++    # The router match rule used for the dashboard ingressRoute
++    matchRule: PathPrefix(`/dashboard`) || PathPrefix(`/api`)
+     # Specify the allowed entrypoints to use for the dashboard ingress route, (e.g. traefik, web, websecure).
+     # By default, it's using traefik entrypoint, which is not exposed.
+     # /!\ Do not expose your dashboard without any protection over the internet /!\
+     entryPoints: ["traefik"]
++    # Additional ingressRoute middlewares (e.g. for authentication)
++    middlewares: []
+
+ # Customize updateStrategy of traefik pods
+ updateStrategy:
+```
+
+## 20.0.0  ![AppVersion: 2.9.4](https://img.shields.io/static/v1?label=AppVersion&message=2.9.4&color=success&logo=) ![Helm: v3](https://img.shields.io/static/v1?label=Helm&message=v3&color=informational&logo=helm)
+
+**Release date:** 2022-11-08
+
+* 🐛 remove old deployment workflow
+* ✨ migrate to centralised helm repository
+* Allow updateStrategy to be configurable
+
+### Default value changes
+
+```diff
+diff --git a/traefik/values.yaml b/traefik/values.yaml
+index 413aa88..2ec3736 100644
+--- a/traefik/values.yaml
++++ b/traefik/values.yaml
+@@ -134,9 +134,12 @@ ingressRoute:
+     # /!\ Do not expose your dashboard without any protection over the internet /!\
+     entryPoints: ["traefik"]
+
+-rollingUpdate:
+-  maxUnavailable: 0
+-  maxSurge: 1
++# Customize updateStrategy of traefik pods
++updateStrategy:
++  type: RollingUpdate
++  rollingUpdate:
++    maxUnavailable: 0
++    maxSurge: 1
+
+ # Customize liveness and readiness probe values.
+ readinessProbe:
+```
+
+## 19.0.4  ![AppVersion: 2.9.4](https://img.shields.io/static/v1?label=AppVersion&message=2.9.4&color=success&logo=) ![Helm: v3](https://img.shields.io/static/v1?label=Helm&message=v3&color=informational&logo=helm)
+
+**Release date:** 2022-11-08
+
+* 🔧 Adds more settings & rename (wrong) scrapeInterval to (valid) interval on ServiceMonitor (#703)
+
+### Default value changes
+
+```diff
+diff --git a/traefik/values.yaml b/traefik/values.yaml
+index b24c1cb..413aa88 100644
+--- a/traefik/values.yaml
++++ b/traefik/values.yaml
+@@ -261,10 +261,6 @@ metrics:
+ ##  enable optional CRDs for Prometheus Operator
+ ##
+   #  serviceMonitor:
+-  #    additionalLabels:
+-  #      foo: bar
+-  #    namespace: "another-namespace"
+-  #    namespaceSelector: {}
+   #    metricRelabelings: []
+   #      - sourceLabels: [__name__]
+   #        separator: ;
+@@ -279,9 +275,17 @@ metrics:
+   #        replacement: $1
+   #        action: replace
+   #    jobLabel: traefik
+-  #    scrapeInterval: 30s
+-  #    scrapeTimeout: 5s
++  #    interval: 30s
+   #    honorLabels: true
++  #    # (Optional)
++  #    # scrapeTimeout: 5s
++  #    # honorTimestamps: true
++  #    # enableHttp2: true
++  #    # followRedirects: true
++  #    # additionalLabels:
++  #    #   foo: bar
++  #    # namespace: "another-namespace"
++  #    # namespaceSelector: {}
+   #  prometheusRule:
+   #    additionalLabels: {}
+   #    namespace: "another-namespace"
+```
+
+## 19.0.3  ![AppVersion: 2.9.4](https://img.shields.io/static/v1?label=AppVersion&message=2.9.4&color=success&logo=) ![Helm: v3](https://img.shields.io/static/v1?label=Helm&message=v3&color=informational&logo=helm)
+
+**Release date:** 2022-11-03
+
+* 🎨 Don't require exposed Ports when enabling Hub (#700)
+
+
+## 19.0.2  ![AppVersion: 2.9.4](https://img.shields.io/static/v1?label=AppVersion&message=2.9.4&color=success&logo=) ![Helm: v3](https://img.shields.io/static/v1?label=Helm&message=v3&color=informational&logo=helm)
+
+**Release date:** 2022-11-03
+
+* :speech_balloon: Support volume secrets with '.' in name (#695)
+
+
+## 19.0.1  ![AppVersion: 2.9.4](https://img.shields.io/static/v1?label=AppVersion&message=2.9.4&color=success&logo=) ![Helm: v3](https://img.shields.io/static/v1?label=Helm&message=v3&color=informational&logo=helm)
+
+**Release date:** 2022-11-03
+
+* 🐛 Fix IngressClass install on EKS (#699)
+
+
+## 19.0.0  ![AppVersion: 2.9.4](https://img.shields.io/static/v1?label=AppVersion&message=2.9.4&color=success&logo=) ![Helm: v3](https://img.shields.io/static/v1?label=Helm&message=v3&color=informational&logo=helm)
+
+**Release date:** 2022-11-02
+
+* ✨ Provides Default IngressClass for Traefik by default (#693)
+
+### Default value changes
+
+```diff
+diff --git a/traefik/values.yaml b/traefik/values.yaml
+index 69190f1..b24c1cb 100644
+--- a/traefik/values.yaml
++++ b/traefik/values.yaml
+@@ -100,11 +100,10 @@ podDisruptionBudget:
+   # minAvailable: 0
+   # minAvailable: 25%
+
+-# Use ingressClass. Ignored if Traefik version < 2.3 / kubernetes < 1.18.x
++# Create a default IngressClass for Traefik
+ ingressClass:
+-  # true is not unit-testable yet, pending https://github.com/rancher/helm-unittest/pull/12
+-  enabled: false
+-  isDefaultClass: false
++  enabled: true
++  isDefaultClass: true
+
+ # Enable experimental features
+ experimental:
+```
+
+## 18.3.0  ![AppVersion: 2.9.4](https://img.shields.io/static/v1?label=AppVersion&message=2.9.4&color=success&logo=) ![Helm: v3](https://img.shields.io/static/v1?label=Helm&message=v3&color=informational&logo=helm)
+
+**Release date:** 2022-10-31
+
+* ⬆️  Update Traefik appVersion to 2.9.4 (#696)
+
+
+## 18.2.0  ![AppVersion: 2.9.1](https://img.shields.io/static/v1?label=AppVersion&message=2.9.1&color=success&logo=) ![Helm: v3](https://img.shields.io/static/v1?label=Helm&message=v3&color=informational&logo=helm)
+
+**Release date:** 2022-10-31
+
+* 🚩 Add an optional "internal" service (#683)
+
+### Default value changes
+
+```diff
+diff --git a/traefik/values.yaml b/traefik/values.yaml
+index 8033a87..69190f1 100644
+--- a/traefik/values.yaml
++++ b/traefik/values.yaml
+@@ -416,7 +416,7 @@ ports:
+     # The port protocol (TCP/UDP)
+     protocol: TCP
+     # Use nodeport if set. This is useful if you have configured Traefik in a
+-    # LoadBalancer
++    # LoadBalancer.
+     # nodePort: 32080
+     # Port Redirections
+     # Added in 2.2, you can make permanent redirects via entrypoints.
+@@ -549,13 +549,24 @@ service:
+     # - 172.16.0.0/16
+   externalIPs: []
+     # - 1.2.3.4
+-  # One of SingleStack, PreferDualStack, or RequireDualStack.
++  ## One of SingleStack, PreferDualStack, or RequireDualStack.
+   # ipFamilyPolicy: SingleStack
+-  # List of IP families (e.g. IPv4 and/or IPv6).
+-  # ref: https://kubernetes.io/docs/concepts/services-networking/dual-stack/#services
++  ## List of IP families (e.g. IPv4 and/or IPv6).
++  ## ref: https://kubernetes.io/docs/concepts/services-networking/dual-stack/#services
+   # ipFamilies:
+   #   - IPv4
+   #   - IPv6
++  ##
++  ## An additionnal and optional internal Service.
++  ## Same parameters as external Service
++  # internal:
++  #   type: ClusterIP
++  #   # labels: {}
++  #   # annotations: {}
++  #   # spec: {}
++  #   # loadBalancerSourceRanges: []
++  #   # externalIPs: []
++  #   # ipFamilies: [ "IPv4","IPv6" ]
+
+ ## Create HorizontalPodAutoscaler object.
+ ##
+```
+
+## 18.1.0  ![AppVersion: 2.9.1](https://img.shields.io/static/v1?label=AppVersion&message=2.9.1&color=success&logo=) ![Helm: v3](https://img.shields.io/static/v1?label=Helm&message=v3&color=informational&logo=helm)
+
+**Release date:** 2022-10-27
+
+* 🚀 Add native support for Traefik Hub (#676)
+
+### Default value changes
+
+```diff
+diff --git a/traefik/values.yaml b/traefik/values.yaml
+index acce704..8033a87 100644
+--- a/traefik/values.yaml
++++ b/traefik/values.yaml
+@@ -5,6 +5,27 @@ image:
+   tag: ""
+   pullPolicy: IfNotPresent
+
++#
++# Configure integration with Traefik Hub
++#
++hub:
++  ## Enabling Hub will:
++  # * enable Traefik Hub integration on Traefik
++  # * add `traefikhub-tunl` endpoint
++  # * enable addRoutersLabels on prometheus metrics
++  # * enable allowExternalNameServices on KubernetesIngress provider
++  # * enable allowCrossNamespace on KubernetesCRD provider
++  # * add an internal (ClusterIP) Service, dedicated for Traefik Hub
++  enabled: false
++  ## Default port can be changed
++  # tunnelPort: 9901
++  ## TLS is optional. Insecure is mutually exclusive with any other options
++  # tls:
++  #   insecure: false
++  #   ca: "/path/to/ca.pem"
++  #   cert: "/path/to/cert.pem"
++  #   key: "/path/to/key.pem"
++
+ #
+ # Configure the deployment
+ #
+@@ -505,6 +526,8 @@ tlsStore: {}
+ # from.
+ service:
+   enabled: true
++  ## Single service is using `MixedProtocolLBService` feature gate.
++  ## When set to false, it will create two Service, one for TCP and one for UDP.
+   single: true
+   type: LoadBalancer
+   # Additional annotations applied to both TCP and UDP services (e.g. for cloud provider specific config)
+```
+
+## 18.0.0  ![AppVersion: 2.9.1](https://img.shields.io/static/v1?label=AppVersion&message=2.9.1&color=success&logo=) ![Helm: v3](https://img.shields.io/static/v1?label=Helm&message=v3&color=informational&logo=helm)
+
+**Release date:** 2022-10-26
+
+* Refactor http3 and merge TCP with UDP ports into a single service (#656)
+
+### Default value changes
+
+```diff
+diff --git a/traefik/values.yaml b/traefik/values.yaml
+index 807bd09..acce704 100644
+--- a/traefik/values.yaml
++++ b/traefik/values.yaml
+@@ -87,8 +87,6 @@ ingressClass:
+
+ # Enable experimental features
+ experimental:
+-  http3:
+-    enabled: false
+   plugins:
+     enabled: false
+   kubernetesGateway:
+@@ -421,12 +419,19 @@ ports:
+     # The port protocol (TCP/UDP)
+     protocol: TCP
+     # nodePort: 32443
+-    # Enable HTTP/3.
+-    # Requires enabling experimental http3 feature and tls.
+-    # Note that you cannot have a UDP entrypoint with the same port.
+-    # http3: true
+-    # Set TLS at the entrypoint
+-    # https://doc.traefik.io/traefik/routing/entrypoints/#tls
++    #
++    ## Enable HTTP/3 on the entrypoint
++    ## Enabling it will also enable http3 experimental feature
++    ## https://doc.traefik.io/traefik/routing/entrypoints/#http3
++    ## There are known limitations when trying to listen on same ports for
++    ## TCP & UDP (Http3). There is a workaround in this chart using dual Service.
++    ## https://github.com/kubernetes/kubernetes/issues/47249#issuecomment-587960741
++    http3:
++      enabled: false
++    # advertisedPort: 4443
++    #
++    ## Set TLS at the entrypoint
++    ## https://doc.traefik.io/traefik/routing/entrypoints/#tls
+     tls:
+       enabled: true
+       # this is the name of a TLSOption definition
+@@ -500,6 +505,7 @@ tlsStore: {}
+ # from.
+ service:
+   enabled: true
++  single: true
+   type: LoadBalancer
+   # Additional annotations applied to both TCP and UDP services (e.g. for cloud provider specific config)
+   annotations: {}
+```
+
+## 17.0.5  ![AppVersion: 2.9.1](https://img.shields.io/static/v1?label=AppVersion&message=2.9.1&color=success&logo=) ![Helm: v3](https://img.shields.io/static/v1?label=Helm&message=v3&color=informational&logo=helm)
+
+**Release date:** 2022-10-21
+
+* 📝 Add annotations changelog for artifacthub.io & update Maintainers
+
+
+## 17.0.4  ![AppVersion: 2.9.1](https://img.shields.io/static/v1?label=AppVersion&message=2.9.1&color=success&logo=) ![Helm: v3](https://img.shields.io/static/v1?label=Helm&message=v3&color=informational&logo=helm)
+
+**Release date:** 2022-10-21
+
+* :art: Add helper function for label selector
+
+
+## 17.0.3  ![AppVersion: 2.9.1](https://img.shields.io/static/v1?label=AppVersion&message=2.9.1&color=success&logo=) ![Helm: v3](https://img.shields.io/static/v1?label=Helm&message=v3&color=informational&logo=helm)
+
+**Release date:** 2022-10-20
+
+* 🐛 fix changing label selectors
+
+
+## 17.0.2  ![AppVersion: 2.9.1](https://img.shields.io/static/v1?label=AppVersion&message=2.9.1&color=success&logo=) ![Helm: v3](https://img.shields.io/static/v1?label=Helm&message=v3&color=informational&logo=helm)
+
+**Release date:** 2022-10-20
+
+* fix: setting ports.web.proxyProtocol.insecure=true
+
+
+## 17.0.1  ![AppVersion: 2.9.1](https://img.shields.io/static/v1?label=AppVersion&message=2.9.1&color=success&logo=) ![Helm: v3](https://img.shields.io/static/v1?label=Helm&message=v3&color=informational&logo=helm)
+
+**Release date:** 2022-10-20
+
+* :bug: Unify all labels selector with traefik chart labels (#681)
+
+### Default value changes
+
+```diff
+diff --git a/traefik/values.yaml b/traefik/values.yaml
+index 6a90bc6..807bd09 100644
+--- a/traefik/values.yaml
++++ b/traefik/values.yaml
+@@ -639,7 +639,7 @@ affinity: {}
+ #      - labelSelector:
+ #          matchLabels:
+ #            app.kubernetes.io/name: '{{ template "traefik.name" . }}'
+-#            app.kubernetes.io/instance: '{{ .Release.Name }}'
++#            app.kubernetes.io/instance: '{{ .Release.Name }}-{{ .Release.Namespace }}'
+ #        topologyKey: kubernetes.io/hostname
+
+ nodeSelector: {}
+```
+
+## 17.0.0  ![AppVersion: 2.9.1](https://img.shields.io/static/v1?label=AppVersion&message=2.9.1&color=success&logo=) ![Helm: v3](https://img.shields.io/static/v1?label=Helm&message=v3&color=informational&logo=helm)
+
+**Release date:** 2022-10-20
+
+* :bug: Fix `ClusterRole`, `ClusterRoleBinding` names and `app.kubernetes.io/instance` label (#662)
+
+
+## 16.2.0  ![AppVersion: 2.9.1](https://img.shields.io/static/v1?label=AppVersion&message=2.9.1&color=success&logo=) ![Helm: v3](https://img.shields.io/static/v1?label=Helm&message=v3&color=informational&logo=helm)
+
+**Release date:** 2022-10-20
+
+* Add forwardedHeaders and proxyProtocol config (#673)
+
+### Default value changes
+
+```diff
+diff --git a/traefik/values.yaml b/traefik/values.yaml
+index 9b5afc4..6a90bc6 100644
+--- a/traefik/values.yaml
++++ b/traefik/values.yaml
+@@ -403,6 +403,16 @@ ports:
+     # Added in 2.2, you can make permanent redirects via entrypoints.
+     # https://docs.traefik.io/routing/entrypoints/#redirection
+     # redirectTo: websecure
++    #
++    # Trust forwarded  headers information (X-Forwarded-*).
++    # forwardedHeaders:
++    #   trustedIPs: []
++    #   insecure: false
++    #
++    # Enable the Proxy Protocol header parsing for the entry point
++    # proxyProtocol:
++    #   trustedIPs: []
++    #   insecure: false
+   websecure:
+     port: 8443
+     # hostPort: 8443
+@@ -428,6 +438,16 @@ ports:
+       #     - foo.example.com
+       #     - bar.example.com
+     #
++    # Trust forwarded  headers information (X-Forwarded-*).
++    # forwardedHeaders:
++    #   trustedIPs: []
++    #   insecure: false
++    #
++    # Enable the Proxy Protocol header parsing for the entry point
++    # proxyProtocol:
++    #   trustedIPs: []
++    #   insecure: false
++    #
+     # One can apply Middlewares on an entrypoint
+     # https://doc.traefik.io/traefik/middlewares/overview/
+     # https://doc.traefik.io/traefik/routing/entrypoints/#middlewares
+```
+
+## 16.1.0  ![AppVersion: 2.9.1](https://img.shields.io/static/v1?label=AppVersion&message=2.9.1&color=success&logo=) ![Helm: v3](https://img.shields.io/static/v1?label=Helm&message=v3&color=informational&logo=helm)
+
+**Release date:** 2022-10-19
+
+* ✨ add optional ServiceMonitor & PrometheusRules CRDs (#425)
+
+### Default value changes
+
+```diff
+diff --git a/traefik/values.yaml b/traefik/values.yaml
+index 7e335b5..9b5afc4 100644
+--- a/traefik/values.yaml
++++ b/traefik/values.yaml
+@@ -237,8 +237,46 @@ metrics:
+   prometheus:
+     entryPoint: metrics
+   #  addRoutersLabels: true
+-  # statsd:
+-  #   address: localhost:8125
++  #  statsd:
++  #    address: localhost:8125
++##
++##  enable optional CRDs for Prometheus Operator
++##
++  #  serviceMonitor:
++  #    additionalLabels:
++  #      foo: bar
++  #    namespace: "another-namespace"
++  #    namespaceSelector: {}
++  #    metricRelabelings: []
++  #      - sourceLabels: [__name__]
++  #        separator: ;
++  #        regex: ^fluentd_output_status_buffer_(oldest|newest)_.+
++  #        replacement: $1
++  #        action: drop
++  #    relabelings: []
++  #      - sourceLabels: [__meta_kubernetes_pod_node_name]
++  #        separator: ;
++  #        regex: ^(.*)$
++  #        targetLabel: nodename
++  #        replacement: $1
++  #        action: replace
++  #    jobLabel: traefik
++  #    scrapeInterval: 30s
++  #    scrapeTimeout: 5s
++  #    honorLabels: true
++  #  prometheusRule:
++  #    additionalLabels: {}
++  #    namespace: "another-namespace"
++  #    rules:
++  #      - alert: TraefikDown
++  #        expr: up{job="traefik"} == 0
++  #        for: 5m
++  #        labels:
++  #          context: traefik
++  #          severity: warning
++  #        annotations:
++  #          summary: "Traefik Down"
++  #          description: "{{ $labels.pod }} on {{ $labels.nodename }} is down"
+
+ tracing: {}
+   # instana:
+```
+
+## 16.0.0  ![AppVersion: 2.9.1](https://img.shields.io/static/v1?label=AppVersion&message=2.9.1&color=success&logo=) ![Helm: v3](https://img.shields.io/static/v1?label=Helm&message=v3&color=informational&logo=helm)
+
+**Release date:** 2022-10-19
+
+* :fire: Remove `Pilot` and `fallbackApiVersion` (#665)
+
+### Default value changes
+
+```diff
+diff --git a/traefik/values.yaml b/traefik/values.yaml
+index 03fdaed..7e335b5 100644
+--- a/traefik/values.yaml
++++ b/traefik/values.yaml
+@@ -84,15 +84,6 @@ ingressClass:
+   # true is not unit-testable yet, pending https://github.com/rancher/helm-unittest/pull/12
+   enabled: false
+   isDefaultClass: false
+-  # Use to force a networking.k8s.io API Version for certain CI/CD applications. E.g. "v1beta1"
+-  fallbackApiVersion: ""
+-
+-# Activate Pilot integration
+-pilot:
+-  enabled: false
+-  token: ""
+-  # Toggle Pilot Dashboard
+-  # dashboard: false
+
+ # Enable experimental features
+ experimental:
+```
+
+## 15.3.1  ![AppVersion: 2.9.1](https://img.shields.io/static/v1?label=AppVersion&message=2.9.1&color=success&logo=) ![Helm: v3](https://img.shields.io/static/v1?label=Helm&message=v3&color=informational&logo=helm)
+
+**Release date:** 2022-10-18
+
+* :art: Improve `IngressRoute` structure (#674)
+
+
+## 15.3.0  ![AppVersion: 2.9.1](https://img.shields.io/static/v1?label=AppVersion&message=2.9.1&color=success&logo=) ![Helm: v3](https://img.shields.io/static/v1?label=Helm&message=v3&color=informational&logo=helm)
+
+**Release date:** 2022-10-18
+
+* 📌 Add capacity to enable User-facing role
+
+### Default value changes
+
+```diff
+diff --git a/traefik/values.yaml b/traefik/values.yaml
+index 76aac93..03fdaed 100644
+--- a/traefik/values.yaml
++++ b/traefik/values.yaml
+@@ -553,10 +553,12 @@ hostNetwork: false
+ # Whether Role Based Access Control objects like roles and rolebindings should be created
+ rbac:
+   enabled: true
+-
+   # If set to false, installs ClusterRole and ClusterRoleBinding so Traefik can be used across namespaces.
+   # If set to true, installs Role and RoleBinding. Providers will only watch target namespace.
+   namespaced: false
++  # Enable user-facing roles
++  # https://kubernetes.io/docs/reference/access-authn-authz/rbac/#user-facing-roles
++  # aggregateTo: [ "admin" ]
+
+ # Enable to create a PodSecurityPolicy and assign it to the Service Account via RoleBinding or ClusterRoleBinding
+ podSecurityPolicy:
+```
+
+## 15.2.2  ![AppVersion: 2.9.1](https://img.shields.io/static/v1?label=AppVersion&message=2.9.1&color=success&logo=) ![Helm: v3](https://img.shields.io/static/v1?label=Helm&message=v3&color=informational&logo=helm)
+
+**Release date:** 2022-10-17
+
+* Fix provider namespace changes
+
+
+## 15.2.1  ![AppVersion: 2.9.1](https://img.shields.io/static/v1?label=AppVersion&message=2.9.1&color=success&logo=) ![Helm: v3](https://img.shields.io/static/v1?label=Helm&message=v3&color=informational&logo=helm)
+
+**Release date:** 2022-10-17
+
+* 🐛 fix provider namespace changes
+
+
+## 15.2.0  ![AppVersion: 2.9.1](https://img.shields.io/static/v1?label=AppVersion&message=2.9.1&color=success&logo=) ![Helm: v3](https://img.shields.io/static/v1?label=Helm&message=v3&color=informational&logo=helm)
+
+**Release date:** 2022-10-17
+
+* :bug: Allow to watch on specific namespaces without using rbac.namespaced (#666)
+
+### Default value changes
+
+```diff
+diff --git a/traefik/values.yaml b/traefik/values.yaml
+index 781ac15..76aac93 100644
+--- a/traefik/values.yaml
++++ b/traefik/values.yaml
+@@ -555,7 +555,7 @@ rbac:
+   enabled: true
+
+   # If set to false, installs ClusterRole and ClusterRoleBinding so Traefik can be used across namespaces.
+-  # If set to true, installs namespace-specific Role and RoleBinding and requires provider configuration be set to that same namespace
++  # If set to true, installs Role and RoleBinding. Providers will only watch target namespace.
+   namespaced: false
+
+ # Enable to create a PodSecurityPolicy and assign it to the Service Account via RoleBinding or ClusterRoleBinding
+```
+
+## 15.1.1  ![AppVersion: 2.9.1](https://img.shields.io/static/v1?label=AppVersion&message=2.9.1&color=success&logo=) ![Helm: v3](https://img.shields.io/static/v1?label=Helm&message=v3&color=informational&logo=helm)
+
+**Release date:** 2022-10-17
+
+* :goal_net: Fail gracefully when http3 is not enabled correctly (#667)
+
+
+## 15.1.0  ![AppVersion: 2.9.1](https://img.shields.io/static/v1?label=AppVersion&message=2.9.1&color=success&logo=) ![Helm: v3](https://img.shields.io/static/v1?label=Helm&message=v3&color=informational&logo=helm)
+
+**Release date:** 2022-10-14
+
+* :sparkles: add optional topologySpreadConstraints (#663)
+
+### Default value changes
+
+```diff
+diff --git a/traefik/values.yaml b/traefik/values.yaml
+index fc2c371..781ac15 100644
+--- a/traefik/values.yaml
++++ b/traefik/values.yaml
+@@ -593,6 +593,15 @@ affinity: {}
+
+ nodeSelector: {}
+ tolerations: []
++topologySpreadConstraints: []
++# # This example topologySpreadConstraints forces the scheduler to put traefik pods
++# # on nodes where no other traefik pods are scheduled.
++#  - labelSelector:
++#      matchLabels:
++#        app: '{{ template "traefik.name" . }}'
++#    maxSkew: 1
++#    topologyKey: kubernetes.io/hostname
++#    whenUnsatisfiable: DoNotSchedule
+
+ # Pods can have priority.
+ # Priority indicates the importance of a Pod relative to other Pods.
+```
+
+## 15.0.0  ![AppVersion: 2.9.1](https://img.shields.io/static/v1?label=AppVersion&message=2.9.1&color=success&logo=) ![Helm: v3](https://img.shields.io/static/v1?label=Helm&message=v3&color=informational&logo=helm)
+
+**Release date:** 2022-10-13
+
+* :rocket: Enable TLS by default on `websecure` port (#657)
+
+### Default value changes
+
+```diff
+diff --git a/traefik/values.yaml b/traefik/values.yaml
+index 400a29a..fc2c371 100644
+--- a/traefik/values.yaml
++++ b/traefik/values.yaml
+@@ -389,7 +389,7 @@ ports:
+     # Set TLS at the entrypoint
+     # https://doc.traefik.io/traefik/routing/entrypoints/#tls
+     tls:
+-      enabled: false
++      enabled: true
+       # this is the name of a TLSOption definition
+       options: ""
+       certResolver: ""
+```
+
+## 14.0.2  ![AppVersion: 2.9.1](https://img.shields.io/static/v1?label=AppVersion&message=2.9.1&color=success&logo=) ![Helm: v3](https://img.shields.io/static/v1?label=Helm&message=v3&color=informational&logo=helm)
+
+**Release date:** 2022-10-13
+
+* :memo: Add Changelog (#661)
+
+
+## 14.0.1  ![AppVersion: 2.9.1](https://img.shields.io/static/v1?label=AppVersion&message=2.9.1&color=success&logo=) ![Helm: v3](https://img.shields.io/static/v1?label=Helm&message=v3&color=informational&logo=helm)
+
+**Release date:** 2022-10-11
+
+* :memo: Update workaround for permissions 660 on acme.json
+
+### Default value changes
+
+```diff
+diff --git a/traefik/values.yaml b/traefik/values.yaml
+index a4e4ff2..400a29a 100644
+--- a/traefik/values.yaml
++++ b/traefik/values.yaml
+@@ -45,10 +45,10 @@ deployment:
+   # Additional initContainers (e.g. for setting file permission as shown below)
+   initContainers: []
+     # The "volume-permissions" init container is required if you run into permission issues.
+-    # Related issue: https://github.com/traefik/traefik/issues/6972
++    # Related issue: https://github.com/traefik/traefik/issues/6825
+     # - name: volume-permissions
+-    #   image: busybox:1.31.1
+-    #   command: ["sh", "-c", "chmod -Rv 600 /data/*"]
++    #   image: busybox:1.35
++    #   command: ["sh", "-c", "touch /data/acme.json && chmod -Rv 600 /data/* && chown 65532:65532 /data/acme.json"]
+     #   volumeMounts:
+     #     - name: data
+     #       mountPath: /data
+```
+
+## 14.0.0  ![AppVersion: 2.9.1](https://img.shields.io/static/v1?label=AppVersion&message=2.9.1&color=success&logo=) ![Helm: v3](https://img.shields.io/static/v1?label=Helm&message=v3&color=informational&logo=helm)
+
+**Release date:** 2022-10-11
+
+* Limit rbac to only required resources for Ingress and CRD providers
+
+
+## 13.0.1  ![AppVersion: 2.9.1](https://img.shields.io/static/v1?label=AppVersion&message=2.9.1&color=success&logo=) ![Helm: v3](https://img.shields.io/static/v1?label=Helm&message=v3&color=informational&logo=helm)
+
+**Release date:** 2022-10-11
+
+* Add helper function for common labels
+
+
+## 13.0.0  ![AppVersion: 2.9.1](https://img.shields.io/static/v1?label=AppVersion&message=2.9.1&color=success&logo=) ![Helm: v3](https://img.shields.io/static/v1?label=Helm&message=v3&color=informational&logo=helm)
+
+**Release date:** 2022-10-11
+
+* Moved list object to individual objects
+
+
+## 12.0.7  ![AppVersion: 2.9.1](https://img.shields.io/static/v1?label=AppVersion&message=2.9.1&color=success&logo=) ![Helm: v3](https://img.shields.io/static/v1?label=Helm&message=v3&color=informational&logo=helm)
+
+**Release date:** 2022-10-10
+
+* :lipstick: Affinity templating and example (#557)
+
+### Default value changes
+
+```diff
+diff --git a/traefik/values.yaml b/traefik/values.yaml
+index 4431c36..a4e4ff2 100644
+--- a/traefik/values.yaml
++++ b/traefik/values.yaml
+@@ -578,19 +578,19 @@ resources: {}
+   # limits:
+   #   cpu: "300m"
+   #   memory: "150Mi"
++
++# This example pod anti-affinity forces the scheduler to put traefik pods
++# on nodes where no other traefik pods are scheduled.
++# It should be used when hostNetwork: true to prevent port conflicts
+ affinity: {}
+-# # This example pod anti-affinity forces the scheduler to put traefik pods
+-# # on nodes where no other traefik pods are scheduled.
+-# # It should be used when hostNetwork: true to prevent port conflicts
+-#   podAntiAffinity:
+-#     requiredDuringSchedulingIgnoredDuringExecution:
+-#       - labelSelector:
+-#           matchExpressions:
+-#             - key: app.kubernetes.io/name
+-#               operator: In
+-#               values:
+-#                 - {{ template "traefik.name" . }}
+-#         topologyKey: kubernetes.io/hostname
++#  podAntiAffinity:
++#    requiredDuringSchedulingIgnoredDuringExecution:
++#      - labelSelector:
++#          matchLabels:
++#            app.kubernetes.io/name: '{{ template "traefik.name" . }}'
++#            app.kubernetes.io/instance: '{{ .Release.Name }}'
++#        topologyKey: kubernetes.io/hostname
++
+ nodeSelector: {}
+ tolerations: []
+
+```
+
+## 12.0.6  ![AppVersion: 2.9.1](https://img.shields.io/static/v1?label=AppVersion&message=2.9.1&color=success&logo=) ![Helm: v3](https://img.shields.io/static/v1?label=Helm&message=v3&color=informational&logo=helm)
+
+**Release date:** 2022-10-10
+
+* :bug: Ignore kustomization file used for CRDs update (#653)
+
+
+## 12.0.5  ![AppVersion: 2.9.1](https://img.shields.io/static/v1?label=AppVersion&message=2.9.1&color=success&logo=) ![Helm: v3](https://img.shields.io/static/v1?label=Helm&message=v3&color=informational&logo=helm)
+
+**Release date:** 2022-10-10
+
+* :memo: Establish Traefik & CRD update process
+
+### Default value changes
+
+```diff
+diff --git a/traefik/values.yaml b/traefik/values.yaml
+index 3526729..4431c36 100644
+--- a/traefik/values.yaml
++++ b/traefik/values.yaml
+@@ -342,6 +342,7 @@ ports:
+
+     # Override the liveness/readiness port. This is useful to integrate traefik
+     # with an external Load Balancer that performs healthchecks.
++    # Default: ports.traefik.port
+     # healthchecksPort: 9000
+
+     # Override the liveness/readiness scheme. Useful for getting ping to
+```
+
+## 12.0.4  ![AppVersion: 2.9.1](https://img.shields.io/static/v1?label=AppVersion&message=2.9.1&color=success&logo=) ![Helm: v3](https://img.shields.io/static/v1?label=Helm&message=v3&color=informational&logo=helm)
+
+**Release date:** 2022-10-10
+
+* Allows ingressClass to be used without semver-compatible image tag
+
+
+## 12.0.3  ![AppVersion: 2.9.1](https://img.shields.io/static/v1?label=AppVersion&message=2.9.1&color=success&logo=) ![Helm: v3](https://img.shields.io/static/v1?label=Helm&message=v3&color=informational&logo=helm)
+
+**Release date:** 2022-10-10
+
+* :bug: Should check hostNetwork when hostPort != containerPort
+
+
+## 12.0.2  ![AppVersion: 2.9.1](https://img.shields.io/static/v1?label=AppVersion&message=2.9.1&color=success&logo=) ![Helm: v3](https://img.shields.io/static/v1?label=Helm&message=v3&color=informational&logo=helm)
+
+**Release date:** 2022-10-07
+
+* :goal_net: Fail gracefully when hostNetwork is enabled and hostPort != containerPort
+
+
+## 12.0.1  ![AppVersion: 2.9.1](https://img.shields.io/static/v1?label=AppVersion&message=2.9.1&color=success&logo=) ![Helm: v3](https://img.shields.io/static/v1?label=Helm&message=v3&color=informational&logo=helm)
+
+**Release date:** 2022-10-07
+
+* :bug: Fix a typo on `behavior` for HPA v2
+
+
+## 12.0.0  ![AppVersion: 2.9.1](https://img.shields.io/static/v1?label=AppVersion&message=2.9.1&color=success&logo=) ![Helm: v3](https://img.shields.io/static/v1?label=Helm&message=v3&color=informational&logo=helm)
+
+**Release date:** 2022-10-06
+
+* Update default HPA API Version to `v2` and add support for behavior (#518)
+
+### Default value changes
+
+```diff
+diff --git a/traefik/values.yaml b/traefik/values.yaml
+index 2bd51f8..3526729 100644
+--- a/traefik/values.yaml
++++ b/traefik/values.yaml
+@@ -488,11 +488,22 @@ autoscaling:
+ #   - type: Resource
+ #     resource:
+ #       name: cpu
+-#       targetAverageUtilization: 60
++#       target:
++#         type: Utilization
++#         averageUtilization: 60
+ #   - type: Resource
+ #     resource:
+ #       name: memory
+-#       targetAverageUtilization: 60
++#       target:
++#         type: Utilization
++#         averageUtilization: 60
++#   behavior:
++#     scaleDown:
++#       stabilizationWindowSeconds: 300
++#       policies:
++#       - type: Pods
++#         value: 1
++#         periodSeconds: 60
+
+ # Enable persistence using Persistent Volume Claims
+ # ref: http://kubernetes.io/docs/user-guide/persistent-volumes/
+```
+
+## 11.1.1  ![AppVersion: 2.9.1](https://img.shields.io/static/v1?label=AppVersion&message=2.9.1&color=success&logo=) ![Helm: v3](https://img.shields.io/static/v1?label=Helm&message=v3&color=informational&logo=helm)
+
+**Release date:** 2022-10-05
+
+* 🔊 add failure message when using maxUnavailable 0 and hostNetwork
+
+
+## 11.1.0  ![AppVersion: 2.9.1](https://img.shields.io/static/v1?label=AppVersion&message=2.9.1&color=success&logo=) ![Helm: v3](https://img.shields.io/static/v1?label=Helm&message=v3&color=informational&logo=helm)
+
+**Release date:** 2022-10-04
+
+* Update Traefik to v2.9.1
+
+
+## 11.0.0  ![AppVersion: 2.8.7](https://img.shields.io/static/v1?label=AppVersion&message=2.8.7&color=success&logo=) ![Helm: v3](https://img.shields.io/static/v1?label=Helm&message=v3&color=informational&logo=helm)
+
+**Release date:** 2022-10-04
+
+* tweak default values to avoid downtime when updating
+
+### Default value changes
+
+```diff
+diff --git a/traefik/values.yaml b/traefik/values.yaml
+index 844cadc..2bd51f8 100644
+--- a/traefik/values.yaml
++++ b/traefik/values.yaml
+@@ -126,20 +126,20 @@ ingressRoute:
+     entryPoints: ["traefik"]
+
+ rollingUpdate:
+-  maxUnavailable: 1
++  maxUnavailable: 0
+   maxSurge: 1
+
+ # Customize liveness and readiness probe values.
+ readinessProbe:
+   failureThreshold: 1
+-  initialDelaySeconds: 10
++  initialDelaySeconds: 2
+   periodSeconds: 10
+   successThreshold: 1
+   timeoutSeconds: 2
+
+ livenessProbe:
+   failureThreshold: 3
+-  initialDelaySeconds: 10
++  initialDelaySeconds: 2
+   periodSeconds: 10
+   successThreshold: 1
+   timeoutSeconds: 2
+```
+
+## 10.33.0  ![AppVersion: 2.8.7](https://img.shields.io/static/v1?label=AppVersion&message=2.8.7&color=success&logo=) ![Helm: v3](https://img.shields.io/static/v1?label=Helm&message=v3&color=informational&logo=helm)
+
+**Release date:** 2022-10-04
+
+* :rocket: Add `extraObjects` value that allows creating adhoc resources
+
+### Default value changes
+
+```diff
+diff --git a/traefik/values.yaml b/traefik/values.yaml
+index c926bd9..844cadc 100644
+--- a/traefik/values.yaml
++++ b/traefik/values.yaml
+@@ -598,3 +598,10 @@ securityContext:
+
+ podSecurityContext:
+   fsGroup: 65532
++
++#
++# Extra objects to deploy (value evaluated as a template)
++#
++# In some cases, it can avoid the need for additional, extended or adhoc deployments.
++# See #595 for more details and traefik/tests/extra.yaml for example.
++extraObjects: []
+```
+
+## 10.32.0  ![AppVersion: 2.8.7](https://img.shields.io/static/v1?label=AppVersion&message=2.8.7&color=success&logo=) ![Helm: v3](https://img.shields.io/static/v1?label=Helm&message=v3&color=informational&logo=helm)
+
+**Release date:** 2022-10-03
+
+* Add support setting middleware on entrypoint
+
+### Default value changes
+
+```diff
+diff --git a/traefik/values.yaml b/traefik/values.yaml
+index 3957448..c926bd9 100644
+--- a/traefik/values.yaml
++++ b/traefik/values.yaml
+@@ -397,6 +397,16 @@ ports:
+       #   sans:
+       #     - foo.example.com
+       #     - bar.example.com
++    #
++    # One can apply Middlewares on an entrypoint
++    # https://doc.traefik.io/traefik/middlewares/overview/
++    # https://doc.traefik.io/traefik/routing/entrypoints/#middlewares
++    # /!\ It introduces here a link between your static configuration and your dynamic configuration /!\
++    # It follows the provider naming convention: https://doc.traefik.io/traefik/providers/overview/#provider-namespace
++    # middlewares:
++    #   - namespace-name1@kubernetescrd
++    #   - namespace-name2@kubernetescrd
++    middlewares: []
+   metrics:
+     # When using hostNetwork, use another port to avoid conflict with node exporter:
+     # https://github.com/prometheus/prometheus/wiki/Default-port-allocations
+```
+
+## 10.31.0  ![AppVersion: 2.8.7](https://img.shields.io/static/v1?label=AppVersion&message=2.8.7&color=success&logo=) ![Helm: v3](https://img.shields.io/static/v1?label=Helm&message=v3&color=informational&logo=helm)
+
+**Release date:** 2022-10-03
+
+* Support setting dashboard entryPoints for ingressRoute resource
+
+### Default value changes
+
+```diff
+diff --git a/traefik/values.yaml b/traefik/values.yaml
+index c9feb76..3957448 100644
+--- a/traefik/values.yaml
++++ b/traefik/values.yaml
+@@ -120,6 +120,10 @@ ingressRoute:
+     annotations: {}
+     # Additional ingressRoute labels (e.g. for filtering IngressRoute by custom labels)
+     labels: {}
++    # Specify the allowed entrypoints to use for the dashboard ingress route, (e.g. traefik, web, websecure).
++    # By default, it's using traefik entrypoint, which is not exposed.
++    # /!\ Do not expose your dashboard without any protection over the internet /!\
++    entryPoints: ["traefik"]
+
+ rollingUpdate:
+   maxUnavailable: 1
+```
+
+## 10.30.2  ![AppVersion: 2.8.7](https://img.shields.io/static/v1?label=AppVersion&message=2.8.7&color=success&logo=) ![Helm: v3](https://img.shields.io/static/v1?label=Helm&message=v3&color=informational&logo=helm)
+
+**Release date:** 2022-10-03
+
+* :test_tube: Fail gracefully when asked to provide a service without ports
+
+
+## 10.30.1  ![AppVersion: 2.8.7](https://img.shields.io/static/v1?label=AppVersion&message=2.8.7&color=success&logo=) ![Helm: v3](https://img.shields.io/static/v1?label=Helm&message=v3&color=informational&logo=helm)
+
+**Release date:** 2022-09-30
+
+* :arrow_up: Upgrade helm, ct & unittest (#638)
+
+
+## 10.30.0  ![AppVersion: 2.8.7](https://img.shields.io/static/v1?label=AppVersion&message=2.8.7&color=success&logo=) ![Helm: v3](https://img.shields.io/static/v1?label=Helm&message=v3&color=informational&logo=helm)
+
+**Release date:** 2022-09-30
+
+* Add support HTTPS scheme for healthcheks
+
+### Default value changes
+
+```diff
+diff --git a/traefik/values.yaml b/traefik/values.yaml
+index fed4a8a..c9feb76 100644
+--- a/traefik/values.yaml
++++ b/traefik/values.yaml
+@@ -340,6 +340,10 @@ ports:
+     # with an external Load Balancer that performs healthchecks.
+     # healthchecksPort: 9000
+
++    # Override the liveness/readiness scheme. Useful for getting ping to
++    # respond on websecure entryPoint.
++    # healthchecksScheme: HTTPS
++
+     # Defines whether the port is exposed if service.type is LoadBalancer or
+     # NodePort.
+     #
+```
+
+## 10.29.0  ![AppVersion: 2.8.7](https://img.shields.io/static/v1?label=AppVersion&message=2.8.7&color=success&logo=) ![Helm: v3](https://img.shields.io/static/v1?label=Helm&message=v3&color=informational&logo=helm)
+
+**Release date:** 2022-09-29
+
+* Add missing tracing options
+
+### Default value changes
+
+```diff
+diff --git a/traefik/values.yaml b/traefik/values.yaml
+index d1708cc..fed4a8a 100644
+--- a/traefik/values.yaml
++++ b/traefik/values.yaml
+@@ -247,12 +247,45 @@ metrics:
+
+ tracing: {}
+   # instana:
+-  #   enabled: true
++  #   localAgentHost: 127.0.0.1
++  #   localAgentPort: 42699
++  #   logLevel: info
++  #   enableAutoProfile: true
+   # datadog:
+   #   localAgentHostPort: 127.0.0.1:8126
+   #   debug: false
+   #   globalTag: ""
+   #   prioritySampling: false
++  # jaeger:
++  #   samplingServerURL: http://localhost:5778/sampling
++  #   samplingType: const
++  #   samplingParam: 1.0
++  #   localAgentHostPort: 127.0.0.1:6831
++  #   gen128Bit: false
++  #   propagation: jaeger
++  #   traceContextHeaderName: uber-trace-id
++  #   disableAttemptReconnecting: true
++  #   collector:
++  #      endpoint: ""
++  #      user: ""
++  #      password: ""
++  # zipkin:
++  #   httpEndpoint: http://localhost:9411/api/v2/spans
++  #   sameSpan: false
++  #   id128Bit: true
++  #   sampleRate: 1.0
++  # haystack:
++  #   localAgentHost: 127.0.0.1
++  #   localAgentPort: 35000
++  #   globalTag: ""
++  #   traceIDHeaderName: ""
++  #   parentIDHeaderName: ""
++  #   spanIDHeaderName: ""
++  #   baggagePrefixHeaderName: ""
++  # elastic:
++  #   serverURL: http://localhost:8200
++  #   secretToken: ""
++  #   serviceEnvironment: ""
+
+ globalArguments:
+   - "--global.checknewversion"
+```
+
+## 10.28.0  ![AppVersion: 2.8.7](https://img.shields.io/static/v1?label=AppVersion&message=2.8.7&color=success&logo=) ![Helm: v3](https://img.shields.io/static/v1?label=Helm&message=v3&color=informational&logo=helm)
+
+**Release date:** 2022-09-29
+
+* feat: add lifecycle for prestop and poststart
+
+### Default value changes
+
+```diff
+diff --git a/traefik/values.yaml b/traefik/values.yaml
+index 19a133c..d1708cc 100644
+--- a/traefik/values.yaml
++++ b/traefik/values.yaml
+@@ -59,6 +59,17 @@ deployment:
+   # Additional imagePullSecrets
+   imagePullSecrets: []
+     # - name: myRegistryKeySecretName
++  # Pod lifecycle actions
++  lifecycle: {}
++    # preStop:
++    #   exec:
++    #     command: ["/bin/sh", "-c", "sleep 40"]
++    # postStart:
++    #   httpGet:
++    #     path: /ping
++    #     port: 9000
++    #     host: localhost
++    #     scheme: HTTP
+
+ # Pod disruption budget
+ podDisruptionBudget:
+```
+
+## 10.27.0  ![AppVersion: 2.8.7](https://img.shields.io/static/v1?label=AppVersion&message=2.8.7&color=success&logo=) ![Helm: v3](https://img.shields.io/static/v1?label=Helm&message=v3&color=informational&logo=helm)
+
+**Release date:** 2022-09-29
+
+* feat: add create gateway option
+
+### Default value changes
+
+```diff
+diff --git a/traefik/values.yaml b/traefik/values.yaml
+index d9c745e..19a133c 100644
+--- a/traefik/values.yaml
++++ b/traefik/values.yaml
+@@ -91,6 +91,8 @@ experimental:
+     enabled: false
+   kubernetesGateway:
+     enabled: false
++    gateway:
++      enabled: true
+     # certificate:
+     #   group: "core"
+     #   kind: "Secret"
+```
+
+## 10.26.1  ![AppVersion: 2.8.7](https://img.shields.io/static/v1?label=AppVersion&message=2.8.7&color=success&logo=) ![Helm: v3](https://img.shields.io/static/v1?label=Helm&message=v3&color=informational&logo=helm)
+
+**Release date:** 2022-09-28
+
+* 🐛 fix rbac templating (#636)
+
+
+## 10.26.0  ![AppVersion: 2.8.7](https://img.shields.io/static/v1?label=AppVersion&message=2.8.7&color=success&logo=) ![Helm: v3](https://img.shields.io/static/v1?label=Helm&message=v3&color=informational&logo=helm)
+
+**Release date:** 2022-09-28
+
+* :bug: Fix ingressClass support when rbac.namespaced=true (#499)
+
+
+## 10.25.1  ![AppVersion: 2.8.7](https://img.shields.io/static/v1?label=AppVersion&message=2.8.7&color=success&logo=) ![Helm: v3](https://img.shields.io/static/v1?label=Helm&message=v3&color=informational&logo=helm)
+
+**Release date:** 2022-09-28
+
+* Add ingressclasses to traefik role
+
+
+## 10.25.0  ![AppVersion: 2.8.7](https://img.shields.io/static/v1?label=AppVersion&message=2.8.7&color=success&logo=) ![Helm: v3](https://img.shields.io/static/v1?label=Helm&message=v3&color=informational&logo=helm)
+
+**Release date:** 2022-09-27
+
+* Add TLSStore resource to chart
+
+### Default value changes
+
+```diff
+diff --git a/traefik/values.yaml b/traefik/values.yaml
+index d4011c3..d9c745e 100644
+--- a/traefik/values.yaml
++++ b/traefik/values.yaml
+@@ -373,6 +373,15 @@ ports:
+ #       - CurveP384
+ tlsOptions: {}
+
++# TLS Store are created as TLSStore CRDs. This is useful if you want to set a default certificate
++# https://doc.traefik.io/traefik/https/tls/#default-certificate
++# Example:
++# tlsStore:
++#   default:
++#     defaultCertificate:
++#       secretName: tls-cert
++tlsStore: {}
++
+ # Options for the main traefik service, where the entrypoints traffic comes
+ # from.
+ service:
+```
+
+## 10.24.5  ![AppVersion: 2.8.7](https://img.shields.io/static/v1?label=AppVersion&message=2.8.7&color=success&logo=) ![Helm: v3](https://img.shields.io/static/v1?label=Helm&message=v3&color=informational&logo=helm)
+
+**Release date:** 2022-09-27
+
+* Suggest an alternative port for metrics
+
+### Default value changes
+
+```diff
+diff --git a/traefik/values.yaml b/traefik/values.yaml
+index 81f2e85..d4011c3 100644
+--- a/traefik/values.yaml
++++ b/traefik/values.yaml
+@@ -344,6 +344,8 @@ ports:
+       #     - foo.example.com
+       #     - bar.example.com
+   metrics:
++    # When using hostNetwork, use another port to avoid conflict with node exporter:
++    # https://github.com/prometheus/prometheus/wiki/Default-port-allocations
+     port: 9100
+     # hostPort: 9100
+     # Defines whether the port is exposed if service.type is LoadBalancer or
+```
+
+## 10.24.4  ![AppVersion: 2.8.7](https://img.shields.io/static/v1?label=AppVersion&message=2.8.7&color=success&logo=) ![Helm: v3](https://img.shields.io/static/v1?label=Helm&message=v3&color=informational&logo=helm)
+
+**Release date:** 2022-09-26
+
+* Update Traefik to v2.8.7
+
+
+## 10.24.3  ![AppVersion: 2.8.5](https://img.shields.io/static/v1?label=AppVersion&message=2.8.5&color=success&logo=) ![Helm: v3](https://img.shields.io/static/v1?label=Helm&message=v3&color=informational&logo=helm)
+
+**Release date:** 2022-09-14
+
+* Update Traefik version to v2.8.5
+
+
+## 10.24.2  ![AppVersion: 2.8.4](https://img.shields.io/static/v1?label=AppVersion&message=2.8.4&color=success&logo=) ![Helm: v3](https://img.shields.io/static/v1?label=Helm&message=v3&color=informational&logo=helm)
+
+**Release date:** 2022-09-05
+
+* Update Traefik version to v2.8.4
+
+
+## 10.24.1  ![AppVersion: 2.8.0](https://img.shields.io/static/v1?label=AppVersion&message=2.8.0&color=success&logo=) ![Helm: v3](https://img.shields.io/static/v1?label=Helm&message=v3&color=informational&logo=helm)
+
+**Release date:** 2022-08-29
+
+* Update PodDisruptionBudget apiVersion to policy/v1
+
+
+## 10.24.0  ![AppVersion: 2.8.0](https://img.shields.io/static/v1?label=AppVersion&message=2.8.0&color=success&logo=) ![Helm: v3](https://img.shields.io/static/v1?label=Helm&message=v3&color=informational&logo=helm)
+
+**Release date:** 2022-06-30
+
+* Update Traefik version to v2.8.0
+
+
+## 10.23.0  ![AppVersion: 2.7.1](https://img.shields.io/static/v1?label=AppVersion&message=2.7.1&color=success&logo=) ![Helm: v3](https://img.shields.io/static/v1?label=Helm&message=v3&color=informational&logo=helm)
+
+**Release date:** 2022-06-27
+
+* Support environment variable usage for Datadog
+
+
+## 10.22.0  ![AppVersion: 2.7.1](https://img.shields.io/static/v1?label=AppVersion&message=2.7.1&color=success&logo=) ![Helm: v3](https://img.shields.io/static/v1?label=Helm&message=v3&color=informational&logo=helm)
+
+**Release date:** 2022-06-22
+
+* Allow setting revisionHistoryLimit for Deployment and DaemonSet
+
+### Default value changes
+
+```diff
+diff --git a/traefik/values.yaml b/traefik/values.yaml
+index d5785ab..81f2e85 100644
+--- a/traefik/values.yaml
++++ b/traefik/values.yaml
+@@ -14,6 +14,8 @@ deployment:
+   kind: Deployment
+   # Number of pods of the deployment (only applies when kind == Deployment)
+   replicas: 1
++  # Number of old history to retain to allow rollback (If not set, default Kubernetes value is set to 10)
++  # revisionHistoryLimit: 1
+   # Amount of time (in seconds) before Kubernetes will send the SIGKILL signal if Traefik does not shut down
+   terminationGracePeriodSeconds: 60
+   # The minimum number of seconds Traefik needs to be up and running before the DaemonSet/Deployment controller considers it available
+```
+
+## 10.21.1  ![AppVersion: 2.7.1](https://img.shields.io/static/v1?label=AppVersion&message=2.7.1&color=success&logo=) ![Helm: v3](https://img.shields.io/static/v1?label=Helm&message=v3&color=informational&logo=helm)
+
+**Release date:** 2022-06-15
+
+* Update Traefik version to 2.7.1
+
+
+## 10.21.0  ![AppVersion: 2.7.0](https://img.shields.io/static/v1?label=AppVersion&message=2.7.0&color=success&logo=) ![Helm: v3](https://img.shields.io/static/v1?label=Helm&message=v3&color=informational&logo=helm)
+
+**Release date:** 2022-06-15
+
+* Support allowEmptyServices config for KubernetesCRD
+
+### Default value changes
+
+```diff
+diff --git a/traefik/values.yaml b/traefik/values.yaml
+index e141e29..d5785ab 100644
+--- a/traefik/values.yaml
++++ b/traefik/values.yaml
+@@ -133,6 +133,7 @@ providers:
+     enabled: true
+     allowCrossNamespace: false
+     allowExternalNameServices: false
++    allowEmptyServices: false
+     # ingressClass: traefik-internal
+     # labelSelector: environment=production,method=traefik
+     namespaces: []
+```
+
+## 10.20.1  ![AppVersion: 2.7.0](https://img.shields.io/static/v1?label=AppVersion&message=2.7.0&color=success&logo=) ![Helm: v3](https://img.shields.io/static/v1?label=Helm&message=v3&color=informational&logo=helm)
+
+**Release date:** 2022-06-01
+
+* Add Acme certificate resolver configuration
+
+### Default value changes
+
+```diff
+diff --git a/traefik/values.yaml b/traefik/values.yaml
+index a16b107..e141e29 100644
+--- a/traefik/values.yaml
++++ b/traefik/values.yaml
+@@ -433,6 +433,27 @@ persistence:
+   annotations: {}
+   # subPath: "" # only mount a subpath of the Volume into the pod
+
++certResolvers: {}
++#   letsencrypt:
++#     # for challenge options cf. https://doc.traefik.io/traefik/https/acme/
++#     email: email@example.com
++#     dnsChallenge:
++#       # also add the provider's required configuration under env
++#       # or expand then from secrets/configmaps with envfrom
++#       # cf. https://doc.traefik.io/traefik/https/acme/#providers
++#       provider: digitalocean
++#       # add futher options for the dns challenge as needed
++#       # cf. https://doc.traefik.io/traefik/https/acme/#dnschallenge
++#       delayBeforeCheck: 30
++#       resolvers:
++#         - 1.1.1.1
++#         - 8.8.8.8
++#     tlsChallenge: true
++#     httpChallenge:
++#       entryPoint: "web"
++#     # match the path to persistence
++#     storage: /data/acme.json
++
+ # If hostNetwork is true, runs traefik in the host network namespace
+ # To prevent unschedulabel pods due to port collisions, if hostNetwork=true
+ # and replicas>1, a pod anti-affinity is recommended and will be set if the
+```
+
+## 10.20.0  ![AppVersion: 2.7.0](https://img.shields.io/static/v1?label=AppVersion&message=2.7.0&color=success&logo=) ![Helm: v3](https://img.shields.io/static/v1?label=Helm&message=v3&color=informational&logo=helm)
+
+**Release date:** 2022-05-25
+
+* Update Traefik Proxy to v2.7.0
+
+
+## 10.19.5  ![AppVersion: 2.6.6](https://img.shields.io/static/v1?label=AppVersion&message=2.6.6&color=success&logo=) ![Helm: v3](https://img.shields.io/static/v1?label=Helm&message=v3&color=informational&logo=helm)
+
+**Release date:** 2022-05-04
+
+* Upgrade Traefik to 2.6.6
+
+
+## 10.19.4  ![AppVersion: 2.6.3](https://img.shields.io/static/v1?label=AppVersion&message=2.6.3&color=success&logo=) ![Helm: v3](https://img.shields.io/static/v1?label=Helm&message=v3&color=informational&logo=helm)
+
+**Release date:** 2022-03-31
+
+* Update Traefik dependency version to 2.6.3
+
+
+## 10.19.3  ![AppVersion: 2.6.2](https://img.shields.io/static/v1?label=AppVersion&message=2.6.2&color=success&logo=) ![Helm: v3](https://img.shields.io/static/v1?label=Helm&message=v3&color=informational&logo=helm)
+
+**Release date:** 2022-03-30
+
+* Update CRDs to match the ones defined in the reference documentation
+
+
+## 10.19.2  ![AppVersion: 2.6.2](https://img.shields.io/static/v1?label=AppVersion&message=2.6.2&color=success&logo=) ![Helm: v3](https://img.shields.io/static/v1?label=Helm&message=v3&color=informational&logo=helm)
+
+**Release date:** 2022-03-30
+
+* Revert Traefik version to 2.6.2
+
+
+## 10.19.1  ![AppVersion: 2.6.3](https://img.shields.io/static/v1?label=AppVersion&message=2.6.3&color=success&logo=) ![Helm: v3](https://img.shields.io/static/v1?label=Helm&message=v3&color=informational&logo=helm)
+
+**Release date:** 2022-03-30
+
+* Update Traefik version to 2.6.3
+
+
+## 10.19.0  ![AppVersion: 2.6.2](https://img.shields.io/static/v1?label=AppVersion&message=2.6.2&color=success&logo=) ![Helm: v3](https://img.shields.io/static/v1?label=Helm&message=v3&color=informational&logo=helm)
+
+**Release date:** 2022-03-28
+
+* Support ingressClass option for KubernetesIngress provider
+
+### Default value changes
+
+```diff
+diff --git a/traefik/values.yaml b/traefik/values.yaml
+index 02ab704..a16b107 100644
+--- a/traefik/values.yaml
++++ b/traefik/values.yaml
+@@ -142,6 +142,7 @@ providers:
+     enabled: true
+     allowExternalNameServices: false
+     allowEmptyServices: false
++    # ingressClass: traefik-internal
+     # labelSelector: environment=production,method=traefik
+     namespaces: []
+       # - "default"
+```
+
+## 10.18.0  ![AppVersion: 2.6.2](https://img.shields.io/static/v1?label=AppVersion&message=2.6.2&color=success&logo=) ![Helm: v3](https://img.shields.io/static/v1?label=Helm&message=v3&color=informational&logo=helm)
+
+**Release date:** 2022-03-28
+
+* Support liveness and readyness probes customization
+
+### Default value changes
+
+```diff
+diff --git a/traefik/values.yaml b/traefik/values.yaml
+index 15f1103..02ab704 100644
+--- a/traefik/values.yaml
++++ b/traefik/values.yaml
+@@ -110,6 +110,20 @@ rollingUpdate:
+   maxUnavailable: 1
+   maxSurge: 1
+
++# Customize liveness and readiness probe values.
++readinessProbe:
++  failureThreshold: 1
++  initialDelaySeconds: 10
++  periodSeconds: 10
++  successThreshold: 1
++  timeoutSeconds: 2
++
++livenessProbe:
++  failureThreshold: 3
++  initialDelaySeconds: 10
++  periodSeconds: 10
++  successThreshold: 1
++  timeoutSeconds: 2
+
+ #
+ # Configure providers
+```
+
+## 10.17.0  ![AppVersion: 2.6.2](https://img.shields.io/static/v1?label=AppVersion&message=2.6.2&color=success&logo=) ![Helm: v3](https://img.shields.io/static/v1?label=Helm&message=v3&color=informational&logo=helm)
+
+**Release date:** 2022-03-28
+
+* Support Datadog tracing
+
+### Default value changes
+
+```diff
+diff --git a/traefik/values.yaml b/traefik/values.yaml
+index 4dccd1a..15f1103 100644
+--- a/traefik/values.yaml
++++ b/traefik/values.yaml
+@@ -217,6 +217,11 @@ metrics:
+ tracing: {}
+   # instana:
+   #   enabled: true
++  # datadog:
++  #   localAgentHostPort: 127.0.0.1:8126
++  #   debug: false
++  #   globalTag: ""
++  #   prioritySampling: false
+
+ globalArguments:
+   - "--global.checknewversion"
+```
+
+## 10.16.1  ![AppVersion: 2.6.2](https://img.shields.io/static/v1?label=AppVersion&message=2.6.2&color=success&logo=) ![Helm: v3](https://img.shields.io/static/v1?label=Helm&message=v3&color=informational&logo=helm)
+
+**Release date:** 2022-03-28
+
+* Update Traefik version to 2.6.2
+
+
+## 10.16.0  ![AppVersion: 2.6.1](https://img.shields.io/static/v1?label=AppVersion&message=2.6.1&color=success&logo=) ![Helm: v3](https://img.shields.io/static/v1?label=Helm&message=v3&color=informational&logo=helm)
+
+**Release date:** 2022-03-28
+
+* Support allowEmptyServices for KubernetesIngress provider
+
+### Default value changes
+
+```diff
+diff --git a/traefik/values.yaml b/traefik/values.yaml
+index 1f9dbbe..4dccd1a 100644
+--- a/traefik/values.yaml
++++ b/traefik/values.yaml
+@@ -127,6 +127,7 @@ providers:
+   kubernetesIngress:
+     enabled: true
+     allowExternalNameServices: false
++    allowEmptyServices: false
+     # labelSelector: environment=production,method=traefik
+     namespaces: []
+       # - "default"
+```
+
+## 10.15.0  ![AppVersion: 2.6.1](https://img.shields.io/static/v1?label=AppVersion&message=2.6.1&color=success&logo=) ![Helm: v3](https://img.shields.io/static/v1?label=Helm&message=v3&color=informational&logo=helm)
+
+**Release date:** 2022-03-08
+
+* Add metrics.prometheus.addRoutersLabels option
+
+### Default value changes
+
+```diff
+diff --git a/traefik/values.yaml b/traefik/values.yaml
+index cd4d49b..1f9dbbe 100644
+--- a/traefik/values.yaml
++++ b/traefik/values.yaml
+@@ -209,6 +209,7 @@ metrics:
+   #   protocol: udp
+   prometheus:
+     entryPoint: metrics
++  #  addRoutersLabels: true
+   # statsd:
+   #   address: localhost:8125
+
+```
+
+## 10.14.2  ![AppVersion: 2.6.1](https://img.shields.io/static/v1?label=AppVersion&message=2.6.1&color=success&logo=) ![Helm: v3](https://img.shields.io/static/v1?label=Helm&message=v3&color=informational&logo=helm)
+
+**Release date:** 2022-02-18
+
+* Update Traefik to v2.6.1
+
+
+## 10.14.1  ![AppVersion: 2.6.0](https://img.shields.io/static/v1?label=AppVersion&message=2.6.0&color=success&logo=) ![Helm: v3](https://img.shields.io/static/v1?label=Helm&message=v3&color=informational&logo=helm)
+
+**Release date:** 2022-02-09
+
+* Add missing inFlightConn TCP middleware CRD
+
+
+## 10.14.0  ![AppVersion: 2.6.0](https://img.shields.io/static/v1?label=AppVersion&message=2.6.0&color=success&logo=) ![Helm: v3](https://img.shields.io/static/v1?label=Helm&message=v3&color=informational&logo=helm)
+
+**Release date:** 2022-02-03
+
+* Add experimental HTTP/3 support
+
+### Default value changes
+
+```diff
+diff --git a/traefik/values.yaml b/traefik/values.yaml
+index d49122f..cd4d49b 100644
+--- a/traefik/values.yaml
++++ b/traefik/values.yaml
+@@ -83,6 +83,8 @@ pilot:
+
+ # Enable experimental features
+ experimental:
++  http3:
++    enabled: false
+   plugins:
+     enabled: false
+   kubernetesGateway:
+@@ -300,6 +302,10 @@ ports:
+     # The port protocol (TCP/UDP)
+     protocol: TCP
+     # nodePort: 32443
++    # Enable HTTP/3.
++    # Requires enabling experimental http3 feature and tls.
++    # Note that you cannot have a UDP entrypoint with the same port.
++    # http3: true
+     # Set TLS at the entrypoint
+     # https://doc.traefik.io/traefik/routing/entrypoints/#tls
+     tls:
+```
+
+## 10.13.0  ![AppVersion: 2.6.0](https://img.shields.io/static/v1?label=AppVersion&message=2.6.0&color=success&logo=) ![Helm: v3](https://img.shields.io/static/v1?label=Helm&message=v3&color=informational&logo=helm)
+
+**Release date:** 2022-02-01
+
+* Add support for ipFamilies
+
+### Default value changes
+
+```diff
+diff --git a/traefik/values.yaml b/traefik/values.yaml
+index 32fce6f..d49122f 100644
+--- a/traefik/values.yaml
++++ b/traefik/values.yaml
+@@ -366,6 +366,11 @@ service:
+     # - 1.2.3.4
+   # One of SingleStack, PreferDualStack, or RequireDualStack.
+   # ipFamilyPolicy: SingleStack
++  # List of IP families (e.g. IPv4 and/or IPv6).
++  # ref: https://kubernetes.io/docs/concepts/services-networking/dual-stack/#services
++  # ipFamilies:
++  #   - IPv4
++  #   - IPv6
+
+ ## Create HorizontalPodAutoscaler object.
+ ##
+```
+
+## 10.12.0  ![AppVersion: 2.6.0](https://img.shields.io/static/v1?label=AppVersion&message=2.6.0&color=success&logo=) ![Helm: v3](https://img.shields.io/static/v1?label=Helm&message=v3&color=informational&logo=helm)
+
+**Release date:** 2022-02-01
+
+* Add shareProcessNamespace option to podtemplate
+
+### Default value changes
+
+```diff
+diff --git a/traefik/values.yaml b/traefik/values.yaml
+index ab25456..32fce6f 100644
+--- a/traefik/values.yaml
++++ b/traefik/values.yaml
+@@ -50,6 +50,8 @@ deployment:
+     #   volumeMounts:
+     #     - name: data
+     #       mountPath: /data
++  # Use process namespace sharing
++  shareProcessNamespace: false
+   # Custom pod DNS policy. Apply if `hostNetwork: true`
+   # dnsPolicy: ClusterFirstWithHostNet
+   # Additional imagePullSecrets
+```
+
+## 10.11.1  ![AppVersion: 2.6.0](https://img.shields.io/static/v1?label=AppVersion&message=2.6.0&color=success&logo=) ![Helm: v3](https://img.shields.io/static/v1?label=Helm&message=v3&color=informational&logo=helm)
+
+**Release date:** 2022-01-31
+
+* Fix anti-affinity example
+
+### Default value changes
+
+```diff
+diff --git a/traefik/values.yaml b/traefik/values.yaml
+index 8c72905..ab25456 100644
+--- a/traefik/values.yaml
++++ b/traefik/values.yaml
+@@ -438,13 +438,13 @@ affinity: {}
+ # # It should be used when hostNetwork: true to prevent port conflicts
+ #   podAntiAffinity:
+ #     requiredDuringSchedulingIgnoredDuringExecution:
+-#     - labelSelector:
+-#         matchExpressions:
+-#         - key: app
+-#           operator: In
+-#           values:
+-#           - {{ template "traefik.name" . }}
+-#       topologyKey: failure-domain.beta.kubernetes.io/zone
++#       - labelSelector:
++#           matchExpressions:
++#             - key: app.kubernetes.io/name
++#               operator: In
++#               values:
++#                 - {{ template "traefik.name" . }}
++#         topologyKey: kubernetes.io/hostname
+ nodeSelector: {}
+ tolerations: []
+
+```
+
+## 10.11.0  ![AppVersion: 2.6.0](https://img.shields.io/static/v1?label=AppVersion&message=2.6.0&color=success&logo=) ![Helm: v3](https://img.shields.io/static/v1?label=Helm&message=v3&color=informational&logo=helm)
+
+**Release date:** 2022-01-31
+
+* Add setting to enable Instana tracing
+
+### Default value changes
+
+```diff
+diff --git a/traefik/values.yaml b/traefik/values.yaml
+index 7fe4a2c..8c72905 100644
+--- a/traefik/values.yaml
++++ b/traefik/values.yaml
+@@ -208,6 +208,10 @@ metrics:
+   # statsd:
+   #   address: localhost:8125
+
++tracing: {}
++  # instana:
++  #   enabled: true
++
+ globalArguments:
+   - "--global.checknewversion"
+   - "--global.sendanonymoususage"
+```
+
+## 10.10.0  ![AppVersion: 2.6.0](https://img.shields.io/static/v1?label=AppVersion&message=2.6.0&color=success&logo=) ![Helm: v3](https://img.shields.io/static/v1?label=Helm&message=v3&color=informational&logo=helm)
+
+**Release date:** 2022-01-31
+
+* Update Traefik to v2.6
+
+### Default value changes
+
+```diff
+diff --git a/traefik/values.yaml b/traefik/values.yaml
+index 8ae4bd8..7fe4a2c 100644
+--- a/traefik/values.yaml
++++ b/traefik/values.yaml
+@@ -85,9 +85,8 @@ experimental:
+     enabled: false
+   kubernetesGateway:
+     enabled: false
+-    appLabelSelector: "traefik"
+-    certificates: []
+-    # - group: "core"
++    # certificate:
++    #   group: "core"
+     #   kind: "Secret"
+     #   name: "mysecret"
+     # By default, Gateway would be created to the Namespace you are deploying Traefik to.
+```
+
+## 10.9.1  ![AppVersion: 2.5.6](https://img.shields.io/static/v1?label=AppVersion&message=2.5.6&color=success&logo=) ![Helm: v3](https://img.shields.io/static/v1?label=Helm&message=v3&color=informational&logo=helm)
+
+**Release date:** 2021-12-24
+
+* Bump traefik version to 2.5.6
+
+
+## 10.9.0  ![AppVersion: 2.5.4](https://img.shields.io/static/v1?label=AppVersion&message=2.5.4&color=success&logo=) ![Helm: v3](https://img.shields.io/static/v1?label=Helm&message=v3&color=informational&logo=helm)
+
+**Release date:** 2021-12-20
+
+* feat: add allowExternalNameServices to KubernetesIngress provider
+
+### Default value changes
+
+```diff
+diff --git a/traefik/values.yaml b/traefik/values.yaml
+index 79df205..8ae4bd8 100644
+--- a/traefik/values.yaml
++++ b/traefik/values.yaml
+@@ -123,6 +123,7 @@ providers:
+
+   kubernetesIngress:
+     enabled: true
++    allowExternalNameServices: false
+     # labelSelector: environment=production,method=traefik
+     namespaces: []
+       # - "default"
+```
+
+## 10.8.0  ![AppVersion: 2.5.4](https://img.shields.io/static/v1?label=AppVersion&message=2.5.4&color=success&logo=) ![Helm: v3](https://img.shields.io/static/v1?label=Helm&message=v3&color=informational&logo=helm)
+
+**Release date:** 2021-12-20
+
+* Add support to specify minReadySeconds on Deployment/DaemonSet
+
+### Default value changes
+
+```diff
+diff --git a/traefik/values.yaml b/traefik/values.yaml
+index 7e9186b..79df205 100644
+--- a/traefik/values.yaml
++++ b/traefik/values.yaml
+@@ -16,6 +16,8 @@ deployment:
+   replicas: 1
+   # Amount of time (in seconds) before Kubernetes will send the SIGKILL signal if Traefik does not shut down
+   terminationGracePeriodSeconds: 60
++  # The minimum number of seconds Traefik needs to be up and running before the DaemonSet/Deployment controller considers it available
++  minReadySeconds: 0
+   # Additional deployment annotations (e.g. for jaeger-operator sidecar injection)
+   annotations: {}
+   # Additional deployment labels (e.g. for filtering deployment by custom labels)
+```
+
+## 10.7.1  ![AppVersion: 2.5.4](https://img.shields.io/static/v1?label=AppVersion&message=2.5.4&color=success&logo=) ![Helm: v3](https://img.shields.io/static/v1?label=Helm&message=v3&color=informational&logo=helm)
+
+**Release date:** 2021-12-06
+
+* Fix pod disruption when using percentages
+
+### Default value changes
+
+```diff
+diff --git a/traefik/values.yaml b/traefik/values.yaml
+index e0655c8..7e9186b 100644
+--- a/traefik/values.yaml
++++ b/traefik/values.yaml
+@@ -52,13 +52,15 @@ deployment:
+   # dnsPolicy: ClusterFirstWithHostNet
+   # Additional imagePullSecrets
+   imagePullSecrets: []
+-   # - name: myRegistryKeySecretName
++    # - name: myRegistryKeySecretName
+
+ # Pod disruption budget
+ podDisruptionBudget:
+   enabled: false
+   # maxUnavailable: 1
++  # maxUnavailable: 33%
+   # minAvailable: 0
++  # minAvailable: 25%
+
+ # Use ingressClass. Ignored if Traefik version < 2.3 / kubernetes < 1.18.x
+ ingressClass:
+```
+
+## 10.7.0  ![AppVersion: 2.5.4](https://img.shields.io/static/v1?label=AppVersion&message=2.5.4&color=success&logo=) ![Helm: v3](https://img.shields.io/static/v1?label=Helm&message=v3&color=informational&logo=helm)
+
+**Release date:** 2021-12-06
+
+* Add support for ipFamilyPolicy
+
+### Default value changes
+
+```diff
+diff --git a/traefik/values.yaml b/traefik/values.yaml
+index 3ec7105..e0655c8 100644
+--- a/traefik/values.yaml
++++ b/traefik/values.yaml
+@@ -343,8 +343,8 @@ service:
+   annotationsUDP: {}
+   # Additional service labels (e.g. for filtering Service by custom labels)
+   labels: {}
+-  # Additional entries here will be added to the service spec. Cannot contains
+-  # type, selector or ports entries.
++  # Additional entries here will be added to the service spec.
++  # Cannot contain type, selector or ports entries.
+   spec: {}
+     # externalTrafficPolicy: Cluster
+     # loadBalancerIP: "1.2.3.4"
+@@ -354,6 +354,8 @@ service:
+     # - 172.16.0.0/16
+   externalIPs: []
+     # - 1.2.3.4
++  # One of SingleStack, PreferDualStack, or RequireDualStack.
++  # ipFamilyPolicy: SingleStack
+
+ ## Create HorizontalPodAutoscaler object.
+ ##
+```
+
+## 10.6.2  ![AppVersion: 2.5.4](https://img.shields.io/static/v1?label=AppVersion&message=2.5.4&color=success&logo=) ![Helm: v3](https://img.shields.io/static/v1?label=Helm&message=v3&color=informational&logo=helm)
+
+**Release date:** 2021-11-15
+
+* Bump Traefik version to 2.5.4
+
+
+## 10.6.1  ![AppVersion: 2.5.3](https://img.shields.io/static/v1?label=AppVersion&message=2.5.3&color=success&logo=) ![Helm: v3](https://img.shields.io/static/v1?label=Helm&message=v3&color=informational&logo=helm)
+
+**Release date:** 2021-11-05
+
+* Add missing Gateway API resources to ClusterRole
+
+
+## 10.6.0  ![AppVersion: 2.5.3](https://img.shields.io/static/v1?label=AppVersion&message=2.5.3&color=success&logo=) ![Helm: v3](https://img.shields.io/static/v1?label=Helm&message=v3&color=informational&logo=helm)
+
+**Release date:** 2021-10-13
+
+* feat: allow termination grace period to be configurable
+
+### Default value changes
+
+```diff
+diff --git a/traefik/values.yaml b/traefik/values.yaml
+index f06ebc6..3ec7105 100644
+--- a/traefik/values.yaml
++++ b/traefik/values.yaml
+@@ -14,6 +14,8 @@ deployment:
+   kind: Deployment
+   # Number of pods of the deployment (only applies when kind == Deployment)
+   replicas: 1
++  # Amount of time (in seconds) before Kubernetes will send the SIGKILL signal if Traefik does not shut down
++  terminationGracePeriodSeconds: 60
+   # Additional deployment annotations (e.g. for jaeger-operator sidecar injection)
+   annotations: {}
+   # Additional deployment labels (e.g. for filtering deployment by custom labels)
+```
+
+## 10.5.0  ![AppVersion: 2.5.3](https://img.shields.io/static/v1?label=AppVersion&message=2.5.3&color=success&logo=) ![Helm: v3](https://img.shields.io/static/v1?label=Helm&message=v3&color=informational&logo=helm)
+
+**Release date:** 2021-10-13
+
+* feat: add allowExternalNameServices to Kubernetes CRD provider
+
+### Default value changes
+
+```diff
+diff --git a/traefik/values.yaml b/traefik/values.yaml
+index 3bcb350..f06ebc6 100644
+--- a/traefik/values.yaml
++++ b/traefik/values.yaml
+@@ -109,6 +109,7 @@ providers:
+   kubernetesCRD:
+     enabled: true
+     allowCrossNamespace: false
++    allowExternalNameServices: false
+     # ingressClass: traefik-internal
+     # labelSelector: environment=production,method=traefik
+     namespaces: []
+```
+
+## 10.4.2  ![AppVersion: 2.5.3](https://img.shields.io/static/v1?label=AppVersion&message=2.5.3&color=success&logo=) ![Helm: v3](https://img.shields.io/static/v1?label=Helm&message=v3&color=informational&logo=helm)
+
+**Release date:** 2021-10-13
+
+* fix(crd): add permissionsPolicy to headers middleware
+
+
+## 10.4.1  ![AppVersion: 2.5.3](https://img.shields.io/static/v1?label=AppVersion&message=2.5.3&color=success&logo=) ![Helm: v3](https://img.shields.io/static/v1?label=Helm&message=v3&color=informational&logo=helm)
+
+**Release date:** 2021-10-13
+
+* fix(crd): add peerCertURI option to ServersTransport
+
+
+## 10.4.0  ![AppVersion: 2.5.3](https://img.shields.io/static/v1?label=AppVersion&message=2.5.3&color=success&logo=) ![Helm: v3](https://img.shields.io/static/v1?label=Helm&message=v3&color=informational&logo=helm)
+
+**Release date:** 2021-10-12
+
+* Add Kubernetes CRD labelSelector and ingressClass options
+
+### Default value changes
+
+```diff
+diff --git a/traefik/values.yaml b/traefik/values.yaml
+index f54f5fe..3bcb350 100644
+--- a/traefik/values.yaml
++++ b/traefik/values.yaml
+@@ -109,8 +109,11 @@ providers:
+   kubernetesCRD:
+     enabled: true
+     allowCrossNamespace: false
++    # ingressClass: traefik-internal
++    # labelSelector: environment=production,method=traefik
+     namespaces: []
+       # - "default"
++
+   kubernetesIngress:
+     enabled: true
+     # labelSelector: environment=production,method=traefik
+```
+
+## 10.3.6  ![AppVersion: 2.5.3](https://img.shields.io/static/v1?label=AppVersion&message=2.5.3&color=success&logo=) ![Helm: v3](https://img.shields.io/static/v1?label=Helm&message=v3&color=informational&logo=helm)
+
+**Release date:** 2021-09-24
+
+* Fix missing RequireAnyClientCert value to TLSOption CRD
+
+
+## 10.3.5  ![AppVersion: 2.5.3](https://img.shields.io/static/v1?label=AppVersion&message=2.5.3&color=success&logo=) ![Helm: v3](https://img.shields.io/static/v1?label=Helm&message=v3&color=informational&logo=helm)
+
+**Release date:** 2021-09-23
+
+* Bump Traefik version to 2.5.3
+
+
+## 10.3.4  ![AppVersion: 2.5.1](https://img.shields.io/static/v1?label=AppVersion&message=2.5.1&color=success&logo=) ![Helm: v3](https://img.shields.io/static/v1?label=Helm&message=v3&color=informational&logo=helm)
+
+**Release date:** 2021-09-17
+
+* Add allowCrossNamespace option on kubernetesCRD provider
+
+### Default value changes
+
+```diff
+diff --git a/traefik/values.yaml b/traefik/values.yaml
+index 7e3a579..f54f5fe 100644
+--- a/traefik/values.yaml
++++ b/traefik/values.yaml
+@@ -108,6 +108,7 @@ rollingUpdate:
+ providers:
+   kubernetesCRD:
+     enabled: true
++    allowCrossNamespace: false
+     namespaces: []
+       # - "default"
+   kubernetesIngress:
+```
+
+## 10.3.3  ![AppVersion: 2.5.1](https://img.shields.io/static/v1?label=AppVersion&message=2.5.1&color=success&logo=) ![Helm: v3](https://img.shields.io/static/v1?label=Helm&message=v3&color=informational&logo=helm)
+
+**Release date:** 2021-09-17
+
+* fix(crd): missing alpnProtocols in TLSOption
+
+
+## 10.3.2  ![AppVersion: 2.5.1](https://img.shields.io/static/v1?label=AppVersion&message=2.5.1&color=success&logo=) ![Helm: v3](https://img.shields.io/static/v1?label=Helm&message=v3&color=informational&logo=helm)
+
+**Release date:** 2021-08-23
+
+* Releasing 2.5.1
+
+
+## 10.3.1  ![AppVersion: 2.5.0](https://img.shields.io/static/v1?label=AppVersion&message=2.5.0&color=success&logo=) ![Helm: v3](https://img.shields.io/static/v1?label=Helm&message=v3&color=informational&logo=helm)
+
+**Release date:** 2021-08-20
+
+* Fix Ingress RBAC for namespaced scoped deployment
+
+
+## 10.3.0  ![AppVersion: 2.5.0](https://img.shields.io/static/v1?label=AppVersion&message=2.5.0&color=success&logo=) ![Helm: v3](https://img.shields.io/static/v1?label=Helm&message=v3&color=informational&logo=helm)
+
+**Release date:** 2021-08-18
+
+* Releasing Traefik 2.5.0
+
+
+## 10.2.0  ![AppVersion: 2.4.13](https://img.shields.io/static/v1?label=AppVersion&message=2.4.13&color=success&logo=) ![Helm: v3](https://img.shields.io/static/v1?label=Helm&message=v3&color=informational&logo=helm)
+
+**Release date:** 2021-08-18
+
+* Allow setting TCP and UDP service annotations separately
+
+### Default value changes
+
+```diff
+diff --git a/traefik/values.yaml b/traefik/values.yaml
+index 72a01ea..7e3a579 100644
+--- a/traefik/values.yaml
++++ b/traefik/values.yaml
+@@ -328,8 +328,12 @@ tlsOptions: {}
+ service:
+   enabled: true
+   type: LoadBalancer
+-  # Additional annotations (e.g. for cloud provider specific config)
++  # Additional annotations applied to both TCP and UDP services (e.g. for cloud provider specific config)
+   annotations: {}
++  # Additional annotations for TCP service only
++  annotationsTCP: {}
++  # Additional annotations for UDP service only
++  annotationsUDP: {}
+   # Additional service labels (e.g. for filtering Service by custom labels)
+   labels: {}
+   # Additional entries here will be added to the service spec. Cannot contains
+```
+
+## 10.1.6  ![AppVersion: 2.4.13](https://img.shields.io/static/v1?label=AppVersion&message=2.4.13&color=success&logo=) ![Helm: v3](https://img.shields.io/static/v1?label=Helm&message=v3&color=informational&logo=helm)
+
+**Release date:** 2021-08-17
+
+* fix: missing service labels
+
+
+## 10.1.5  ![AppVersion: 2.4.13](https://img.shields.io/static/v1?label=AppVersion&message=2.4.13&color=success&logo=) ![Helm: v3](https://img.shields.io/static/v1?label=Helm&message=v3&color=informational&logo=helm)
+
+**Release date:** 2021-08-17
+
+* fix(pvc-annotaions): see traefik/traefik-helm-chart#471
+
+
+## 10.1.4  ![AppVersion: 2.4.13](https://img.shields.io/static/v1?label=AppVersion&message=2.4.13&color=success&logo=) ![Helm: v3](https://img.shields.io/static/v1?label=Helm&message=v3&color=informational&logo=helm)
+
+**Release date:** 2021-08-17
+
+* fix(ingressclass): fallbackApiVersion default shouldn't be `nil`
+
+### Default value changes
+
+```diff
+diff --git a/traefik/values.yaml b/traefik/values.yaml
+index 04d336c..72a01ea 100644
+--- a/traefik/values.yaml
++++ b/traefik/values.yaml
+@@ -64,7 +64,7 @@ ingressClass:
+   enabled: false
+   isDefaultClass: false
+   # Use to force a networking.k8s.io API Version for certain CI/CD applications. E.g. "v1beta1"
+-  fallbackApiVersion:
++  fallbackApiVersion: ""
+
+ # Activate Pilot integration
+ pilot:
+```
+
+## 10.1.3  ![AppVersion: 2.4.13](https://img.shields.io/static/v1?label=AppVersion&message=2.4.13&color=success&logo=) ![Helm: v3](https://img.shields.io/static/v1?label=Helm&message=v3&color=informational&logo=helm)
+
+**Release date:** 2021-08-16
+
+* Move Prometheus annotations to Pods
+
+
+## 10.1.2  ![AppVersion: 2.4.13](https://img.shields.io/static/v1?label=AppVersion&message=2.4.13&color=success&logo=) ![Helm: v3](https://img.shields.io/static/v1?label=Helm&message=v3&color=informational&logo=helm)
+
+**Release date:** 2021-08-10
+
+* Version bumped 2.4.13
+
+
+## 10.1.1  ![AppVersion: 2.4.9](https://img.shields.io/static/v1?label=AppVersion&message=2.4.9&color=success&logo=) ![Helm: v3](https://img.shields.io/static/v1?label=Helm&message=v3&color=informational&logo=helm)
+
+**Release date:** 2021-07-20
+
+* Fixing Prometheus.io/port annotation
+
+
+## 10.1.0  ![AppVersion: 2.4.9](https://img.shields.io/static/v1?label=AppVersion&message=2.4.9&color=success&logo=) ![Helm: v3](https://img.shields.io/static/v1?label=Helm&message=v3&color=informational&logo=helm)
+
+**Release date:** 2021-07-20
+
+* Add metrics framework, and prom annotations
+
+### Default value changes
+
+```diff
+diff --git a/traefik/values.yaml b/traefik/values.yaml
+index f6e370a..04d336c 100644
+--- a/traefik/values.yaml
++++ b/traefik/values.yaml
+@@ -186,6 +186,17 @@ logs:
+           # Authorization: drop
+           # Content-Type: keep
+
++metrics:
++  # datadog:
++  #   address: 127.0.0.1:8125
++  # influxdb:
++  #   address: localhost:8089
++  #   protocol: udp
++  prometheus:
++    entryPoint: metrics
++  # statsd:
++  #   address: localhost:8125
++
+ globalArguments:
+   - "--global.checknewversion"
+   - "--global.sendanonymoususage"
+@@ -284,6 +295,20 @@ ports:
+       #   sans:
+       #     - foo.example.com
+       #     - bar.example.com
++  metrics:
++    port: 9100
++    # hostPort: 9100
++    # Defines whether the port is exposed if service.type is LoadBalancer or
++    # NodePort.
++    #
++    # You may not want to expose the metrics port on production deployments.
++    # If you want to access it from outside of your cluster,
++    # use `kubectl port-forward` or create a secure ingress
++    expose: false
++    # The exposed port for this service
++    exposedPort: 9100
++    # The port protocol (TCP/UDP)
++    protocol: TCP
+
+ # TLS Options are created as TLSOption CRDs
+ # https://doc.traefik.io/traefik/https/tls/#tls-options
+```
+
+## 10.0.2  ![AppVersion: 2.4.9](https://img.shields.io/static/v1?label=AppVersion&message=2.4.9&color=success&logo=) ![Helm: v3](https://img.shields.io/static/v1?label=Helm&message=v3&color=informational&logo=helm)
+
+**Release date:** 2021-07-14
+
+* feat(gateway): introduces param / pick Namespace installing Gateway
+
+### Default value changes
+
+```diff
+diff --git a/traefik/values.yaml b/traefik/values.yaml
+index 9bf90ea..f6e370a 100644
+--- a/traefik/values.yaml
++++ b/traefik/values.yaml
+@@ -84,6 +84,9 @@ experimental:
+     # - group: "core"
+     #   kind: "Secret"
+     #   name: "mysecret"
++    # By default, Gateway would be created to the Namespace you are deploying Traefik to.
++    # You may create that Gateway in another namespace, setting its name below:
++    # namespace: default
+
+ # Create an IngressRoute for the dashboard
+ ingressRoute:
+```
+
+## 10.0.1  ![AppVersion: 2.4.9](https://img.shields.io/static/v1?label=AppVersion&message=2.4.9&color=success&logo=) ![Helm: v3](https://img.shields.io/static/v1?label=Helm&message=v3&color=informational&logo=helm)
+
+**Release date:** 2021-07-14
+
+* Add RBAC for middlewaretcps
+
+
+## 10.0.0  ![AppVersion: 2.4.9](https://img.shields.io/static/v1?label=AppVersion&message=2.4.9&color=success&logo=) ![Helm: v3](https://img.shields.io/static/v1?label=Helm&message=v3&color=informational&logo=helm)
+
+**Release date:** 2021-07-07
+
+* Update CRD versions
+
+
+## 9.20.1  ![AppVersion: 2.4.8](https://img.shields.io/static/v1?label=AppVersion&message=2.4.8&color=success&logo=) ![Helm: v3](https://img.shields.io/static/v1?label=Helm&message=v3&color=informational&logo=helm)
+
+**Release date:** 2021-07-05
+
+* Revert CRD templating
+
+
+## 9.20.0  ![AppVersion: 2.4.8](https://img.shields.io/static/v1?label=AppVersion&message=2.4.8&color=success&logo=) ![Helm: v3](https://img.shields.io/static/v1?label=Helm&message=v3&color=informational&logo=helm)
+
+**Release date:** 2021-07-05
+
+* Add support for apiextensions v1 CRDs
+
+
+## 9.19.2  ![AppVersion: 2.4.8](https://img.shields.io/static/v1?label=AppVersion&message=2.4.8&color=success&logo=) ![Helm: v3](https://img.shields.io/static/v1?label=Helm&message=v3&color=informational&logo=helm)
+
+**Release date:** 2021-06-16
+
+* Add name-metadata for service "List" object
+
+
+## 9.19.1  ![AppVersion: 2.4.8](https://img.shields.io/static/v1?label=AppVersion&message=2.4.8&color=success&logo=) ![Helm: v3](https://img.shields.io/static/v1?label=Helm&message=v3&color=informational&logo=helm)
+
+**Release date:** 2021-05-13
+
+* fix simple typo
+
+### Default value changes
+
+```diff
+diff --git a/traefik/values.yaml b/traefik/values.yaml
+index b30afac..9bf90ea 100644
+--- a/traefik/values.yaml
++++ b/traefik/values.yaml
+@@ -363,7 +363,7 @@ rbac:
+   # If set to true, installs namespace-specific Role and RoleBinding and requires provider configuration be set to that same namespace
+   namespaced: false
+
+-# Enable to create a PodSecurityPolicy and assign it to the Service Account via RoleBindin or ClusterRoleBinding
++# Enable to create a PodSecurityPolicy and assign it to the Service Account via RoleBinding or ClusterRoleBinding
+ podSecurityPolicy:
+   enabled: false
+
+```
+
+## 9.19.0  ![AppVersion: 2.4.8](https://img.shields.io/static/v1?label=AppVersion&message=2.4.8&color=success&logo=) ![Helm: v3](https://img.shields.io/static/v1?label=Helm&message=v3&color=informational&logo=helm)
+
+**Release date:** 2021-04-29
+
+* Fix IngressClass api version
+
+### Default value changes
+
+```diff
+diff --git a/traefik/values.yaml b/traefik/values.yaml
+index 0aa2d6b..b30afac 100644
+--- a/traefik/values.yaml
++++ b/traefik/values.yaml
+@@ -63,6 +63,8 @@ ingressClass:
+   # true is not unit-testable yet, pending https://github.com/rancher/helm-unittest/pull/12
+   enabled: false
+   isDefaultClass: false
++  # Use to force a networking.k8s.io API Version for certain CI/CD applications. E.g. "v1beta1"
++  fallbackApiVersion:
+
+ # Activate Pilot integration
+ pilot:
+```
+
+## 9.18.3  ![AppVersion: 2.4.8](https://img.shields.io/static/v1?label=AppVersion&message=2.4.8&color=success&logo=) ![Helm: v3](https://img.shields.io/static/v1?label=Helm&message=v3&color=informational&logo=helm)
+
+**Release date:** 2021-04-26
+
+* Fix: ignore provider namespace args on disabled
+
+
+## 9.18.2  ![AppVersion: 2.4.8](https://img.shields.io/static/v1?label=AppVersion&message=2.4.8&color=success&logo=) ![Helm: v3](https://img.shields.io/static/v1?label=Helm&message=v3&color=informational&logo=helm)
+
+**Release date:** 2021-04-02
+
+* Fix pilot dashboard deactivation
+
+
+## 9.18.1  ![AppVersion: 2.4.8](https://img.shields.io/static/v1?label=AppVersion&message=2.4.8&color=success&logo=) ![Helm: v3](https://img.shields.io/static/v1?label=Helm&message=v3&color=informational&logo=helm)
+
+**Release date:** 2021-03-29
+
+* Do not disable Traefik Pilot in the dashboard by default
+
+
+## 9.18.0  ![AppVersion: 2.4.8](https://img.shields.io/static/v1?label=AppVersion&message=2.4.8&color=success&logo=) ![Helm: v3](https://img.shields.io/static/v1?label=Helm&message=v3&color=informational&logo=helm)
+
+**Release date:** 2021-03-24
+
+* Add an option to toggle the pilot dashboard
+
+### Default value changes
+
+```diff
+diff --git a/traefik/values.yaml b/traefik/values.yaml
+index 017f771..0aa2d6b 100644
+--- a/traefik/values.yaml
++++ b/traefik/values.yaml
+@@ -68,6 +68,8 @@ ingressClass:
+ pilot:
+   enabled: false
+   token: ""
++  # Toggle Pilot Dashboard
++  # dashboard: false
+
+ # Enable experimental features
+ experimental:
+```
+
+## 9.17.6  ![AppVersion: 2.4.8](https://img.shields.io/static/v1?label=AppVersion&message=2.4.8&color=success&logo=) ![Helm: v3](https://img.shields.io/static/v1?label=Helm&message=v3&color=informational&logo=helm)
+
+**Release date:** 2021-03-24
+
+* Bump Traefik to 2.4.8
+
+
+## 9.17.5  ![AppVersion: 2.4.7](https://img.shields.io/static/v1?label=AppVersion&message=2.4.7&color=success&logo=) ![Helm: v3](https://img.shields.io/static/v1?label=Helm&message=v3&color=informational&logo=helm)
+
+**Release date:** 2021-03-17
+
+* feat(labelSelector): option matching Ingresses based on labelSelectors
+
+### Default value changes
+
+```diff
+diff --git a/traefik/values.yaml b/traefik/values.yaml
+index 868a985..017f771 100644
+--- a/traefik/values.yaml
++++ b/traefik/values.yaml
+@@ -105,6 +105,7 @@ providers:
+       # - "default"
+   kubernetesIngress:
+     enabled: true
++    # labelSelector: environment=production,method=traefik
+     namespaces: []
+       # - "default"
+     # IP used for Kubernetes Ingress endpoints
+```
+
+## 9.17.4  ![AppVersion: 2.4.7](https://img.shields.io/static/v1?label=AppVersion&message=2.4.7&color=success&logo=) ![Helm: v3](https://img.shields.io/static/v1?label=Helm&message=v3&color=informational&logo=helm)
+
+**Release date:** 2021-03-17
+
+* Add helm resource-policy annotation on PVC
+
+
+## 9.17.3  ![AppVersion: 2.4.7](https://img.shields.io/static/v1?label=AppVersion&message=2.4.7&color=success&logo=) ![Helm: v3](https://img.shields.io/static/v1?label=Helm&message=v3&color=informational&logo=helm)
+
+**Release date:** 2021-03-17
+
+* Throw error with explicit latest tag
+
+
+## 9.17.2  ![AppVersion: 2.4.7](https://img.shields.io/static/v1?label=AppVersion&message=2.4.7&color=success&logo=) ![Helm: v3](https://img.shields.io/static/v1?label=Helm&message=v3&color=informational&logo=helm)
+
+**Release date:** 2021-03-10
+
+* fix(keywords): removed by mistake
+
+
+## 9.17.1  ![AppVersion: 2.4.7](https://img.shields.io/static/v1?label=AppVersion&message=2.4.7&color=success&logo=) ![Helm: v3](https://img.shields.io/static/v1?label=Helm&message=v3&color=informational&logo=helm)
+
+**Release date:** 2021-03-10
+
+* feat(healthchecksPort): Support for overriding the liveness/readiness probes port
+
+### Default value changes
+
+```diff
+diff --git a/traefik/values.yaml b/traefik/values.yaml
+index 56abb93..868a985 100644
+--- a/traefik/values.yaml
++++ b/traefik/values.yaml
+@@ -120,6 +120,8 @@ providers:
+ # After the volume has been mounted, add the configs into traefik by using the `additionalArguments` list below, eg:
+ # additionalArguments:
+ # - "--providers.file.filename=/config/dynamic.toml"
++# - "--ping"
++# - "--ping.entrypoint=web"
+ volumes: []
+ # - name: public-cert
+ #   mountPath: "/certs"
+@@ -225,6 +227,10 @@ ports:
+     # only.
+     # hostIP: 192.168.100.10
+
++    # Override the liveness/readiness port. This is useful to integrate traefik
++    # with an external Load Balancer that performs healthchecks.
++    # healthchecksPort: 9000
++
+     # Defines whether the port is exposed if service.type is LoadBalancer or
+     # NodePort.
+     #
+```
+
+## 9.16.2  ![AppVersion: 2.4.7](https://img.shields.io/static/v1?label=AppVersion&message=2.4.7&color=success&logo=) ![Helm: v3](https://img.shields.io/static/v1?label=Helm&message=v3&color=informational&logo=helm)
+
+**Release date:** 2021-03-09
+
+* Bump Traefik to 2.4.7
+
+
+## 9.16.1  ![AppVersion: 2.4.6](https://img.shields.io/static/v1?label=AppVersion&message=2.4.6&color=success&logo=) ![Helm: v3](https://img.shields.io/static/v1?label=Helm&message=v3&color=informational&logo=helm)
+
+**Release date:** 2021-03-09
+
+* Adding custom labels to deployment
+
+### Default value changes
+
+```diff
+diff --git a/traefik/values.yaml b/traefik/values.yaml
+index ba24be7..56abb93 100644
+--- a/traefik/values.yaml
++++ b/traefik/values.yaml
+@@ -16,6 +16,8 @@ deployment:
+   replicas: 1
+   # Additional deployment annotations (e.g. for jaeger-operator sidecar injection)
+   annotations: {}
++  # Additional deployment labels (e.g. for filtering deployment by custom labels)
++  labels: {}
+   # Additional pod annotations (e.g. for mesh injection or prometheus scraping)
+   podAnnotations: {}
+   # Additional Pod labels (e.g. for filtering Pod by custom labels)
+```
+
+## 9.15.2  ![AppVersion: 2.4.6](https://img.shields.io/static/v1?label=AppVersion&message=2.4.6&color=success&logo=) ![Helm: v3](https://img.shields.io/static/v1?label=Helm&message=v3&color=informational&logo=helm)
+
+**Release date:** 2021-03-02
+
+* Upgrade Traefik to 2.4.6
+
+
+## 9.15.1  ![AppVersion: 2.4.5](https://img.shields.io/static/v1?label=AppVersion&message=2.4.5&color=success&logo=) ![Helm: v3](https://img.shields.io/static/v1?label=Helm&message=v3&color=informational&logo=helm)
+
+**Release date:** 2021-03-02
+
+* Configurable PVC name
+
+### Default value changes
+
+```diff
+diff --git a/traefik/values.yaml b/traefik/values.yaml
+index 1e0e5a9..ba24be7 100644
+--- a/traefik/values.yaml
++++ b/traefik/values.yaml
+@@ -327,6 +327,7 @@ autoscaling:
+ # It will persist TLS certificates.
+ persistence:
+   enabled: false
++  name: data
+ #  existingClaim: ""
+   accessMode: ReadWriteOnce
+   size: 128Mi
+```
+
+## 9.14.4  ![AppVersion: 2.4.5](https://img.shields.io/static/v1?label=AppVersion&message=2.4.5&color=success&logo=) ![Helm: v3](https://img.shields.io/static/v1?label=Helm&message=v3&color=informational&logo=helm)
+
+**Release date:** 2021-03-02
+
+* fix typo
+
+
+## 9.14.3  ![AppVersion: 2.4.5](https://img.shields.io/static/v1?label=AppVersion&message=2.4.5&color=success&logo=) ![Helm: v3](https://img.shields.io/static/v1?label=Helm&message=v3&color=informational&logo=helm)
+
+**Release date:** 2021-02-19
+
+* Bump Traefik to 2.4.5
+
+
+## 9.14.2  ![AppVersion: 2.4.2](https://img.shields.io/static/v1?label=AppVersion&message=2.4.2&color=success&logo=) ![Helm: v3](https://img.shields.io/static/v1?label=Helm&message=v3&color=informational&logo=helm)
+
+**Release date:** 2021-02-03
+
+* docs: indent nit for dsdsocket example
+
+### Default value changes
+
+```diff
+diff --git a/traefik/values.yaml b/traefik/values.yaml
+index 56485ad..1e0e5a9 100644
+--- a/traefik/values.yaml
++++ b/traefik/values.yaml
+@@ -33,7 +33,7 @@ deployment:
+   additionalVolumes: []
+     # - name: dsdsocket
+     #   hostPath:
+-    #   path: /var/run/statsd-exporter
++    #     path: /var/run/statsd-exporter
+   # Additional initContainers (e.g. for setting file permission as shown below)
+   initContainers: []
+     # The "volume-permissions" init container is required if you run into permission issues.
+```
+
+## 9.14.1  ![AppVersion: 2.4.2](https://img.shields.io/static/v1?label=AppVersion&message=2.4.2&color=success&logo=) ![Helm: v3](https://img.shields.io/static/v1?label=Helm&message=v3&color=informational&logo=helm)
+
+**Release date:** 2021-02-03
+
+* Update Traefik to 2.4.2
+
+
+## 9.14.0  ![AppVersion: 2.4.0](https://img.shields.io/static/v1?label=AppVersion&message=2.4.0&color=success&logo=) ![Helm: v3](https://img.shields.io/static/v1?label=Helm&message=v3&color=informational&logo=helm)
+
+**Release date:** 2021-02-01
+
+* Enable Kubernetes Gateway provider with an experimental flag
+
+### Default value changes
+
+```diff
+diff --git a/traefik/values.yaml b/traefik/values.yaml
+index 50cab94..56485ad 100644
+--- a/traefik/values.yaml
++++ b/traefik/values.yaml
+@@ -71,6 +71,13 @@ pilot:
+ experimental:
+   plugins:
+     enabled: false
++  kubernetesGateway:
++    enabled: false
++    appLabelSelector: "traefik"
++    certificates: []
++    # - group: "core"
++    #   kind: "Secret"
++    #   name: "mysecret"
+
+ # Create an IngressRoute for the dashboard
+ ingressRoute:
+```
+
+## 9.13.0  ![AppVersion: 2.4.0](https://img.shields.io/static/v1?label=AppVersion&message=2.4.0&color=success&logo=) ![Helm: v3](https://img.shields.io/static/v1?label=Helm&message=v3&color=informational&logo=helm)
+
+**Release date:** 2021-01-22
+
+* Update Traefik to 2.4 and add resources
+
+
+## 9.12.3  ![AppVersion: 2.3.6](https://img.shields.io/static/v1?label=AppVersion&message=2.3.6&color=success&logo=) ![Helm: v3](https://img.shields.io/static/v1?label=Helm&message=v3&color=informational&logo=helm)
+
+**Release date:** 2020-12-31
+
+* Revert API Upgrade
+
+
+## 9.12.2  ![AppVersion: 2.3.6](https://img.shields.io/static/v1?label=AppVersion&message=2.3.6&color=success&logo=) ![Helm: v3](https://img.shields.io/static/v1?label=Helm&message=v3&color=informational&logo=helm)
+
+**Release date:** 2020-12-31
+
+* Bump Traefik to 2.3.6
+
+
+## 9.12.1  ![AppVersion: 2.3.3](https://img.shields.io/static/v1?label=AppVersion&message=2.3.3&color=success&logo=) ![Helm: v3](https://img.shields.io/static/v1?label=Helm&message=v3&color=informational&logo=helm)
+
+**Release date:** 2020-12-30
+
+* Resolve #303, change CRD version from v1beta1 to v1
+
+
+## 9.12.0  ![AppVersion: 2.3.3](https://img.shields.io/static/v1?label=AppVersion&message=2.3.3&color=success&logo=) ![Helm: v3](https://img.shields.io/static/v1?label=Helm&message=v3&color=informational&logo=helm)
+
+**Release date:** 2020-12-30
+
+* Implement support for DaemonSet
+
+### Default value changes
+
+```diff
+diff --git a/traefik/values.yaml b/traefik/values.yaml
+index 60a721d..50cab94 100644
+--- a/traefik/values.yaml
++++ b/traefik/values.yaml
+@@ -10,7 +10,9 @@ image:
+ #
+ deployment:
+   enabled: true
+-  # Number of pods of the deployment
++  # Can be either Deployment or DaemonSet
++  kind: Deployment
++  # Number of pods of the deployment (only applies when kind == Deployment)
+   replicas: 1
+   # Additional deployment annotations (e.g. for jaeger-operator sidecar injection)
+   annotations: {}
+```
+
+## 9.11.0  ![AppVersion: 2.3.3](https://img.shields.io/static/v1?label=AppVersion&message=2.3.3&color=success&logo=) ![Helm: v3](https://img.shields.io/static/v1?label=Helm&message=v3&color=informational&logo=helm)
+
+**Release date:** 2020-11-20
+
+* add podLabels - custom labels
+
+### Default value changes
+
+```diff
+diff --git a/traefik/values.yaml b/traefik/values.yaml
+index a187df7..60a721d 100644
+--- a/traefik/values.yaml
++++ b/traefik/values.yaml
+@@ -16,6 +16,8 @@ deployment:
+   annotations: {}
+   # Additional pod annotations (e.g. for mesh injection or prometheus scraping)
+   podAnnotations: {}
++  # Additional Pod labels (e.g. for filtering Pod by custom labels)
++  podLabels: {}
+   # Additional containers (e.g. for metric offloading sidecars)
+   additionalContainers: []
+     # https://docs.datadoghq.com/developers/dogstatsd/unix_socket/?tab=host
+```
+
+## 9.10.2  ![AppVersion: 2.3.3](https://img.shields.io/static/v1?label=AppVersion&message=2.3.3&color=success&logo=) ![Helm: v3](https://img.shields.io/static/v1?label=Helm&message=v3&color=informational&logo=helm)
+
+**Release date:** 2020-11-20
+
+* Bump Traefik to 2.3.3
+
+
+## 9.10.1  ![AppVersion: 2.3.1](https://img.shields.io/static/v1?label=AppVersion&message=2.3.1&color=success&logo=) ![Helm: v3](https://img.shields.io/static/v1?label=Helm&message=v3&color=informational&logo=helm)
+
+**Release date:** 2020-11-04
+
+* Specify IngressClass resource when checking for cluster capability
+
+
+## 9.10.0  ![AppVersion: 2.3.1](https://img.shields.io/static/v1?label=AppVersion&message=2.3.1&color=success&logo=) ![Helm: v3](https://img.shields.io/static/v1?label=Helm&message=v3&color=informational&logo=helm)
+
+**Release date:** 2020-11-03
+
+* Add list of watched provider namespaces
+
+### Default value changes
+
+```diff
+diff --git a/traefik/values.yaml b/traefik/values.yaml
+index e6b85ca..a187df7 100644
+--- a/traefik/values.yaml
++++ b/traefik/values.yaml
+@@ -88,8 +88,12 @@ rollingUpdate:
+ providers:
+   kubernetesCRD:
+     enabled: true
++    namespaces: []
++      # - "default"
+   kubernetesIngress:
+     enabled: true
++    namespaces: []
++      # - "default"
+     # IP used for Kubernetes Ingress endpoints
+     publishedService:
+       enabled: false
+```
+
+## 9.9.0  ![AppVersion: 2.3.1](https://img.shields.io/static/v1?label=AppVersion&message=2.3.1&color=success&logo=) ![Helm: v3](https://img.shields.io/static/v1?label=Helm&message=v3&color=informational&logo=helm)
+
+**Release date:** 2020-11-03
+
+* Add additionalVolumeMounts for traefik container
+
+### Default value changes
+
+```diff
+diff --git a/traefik/values.yaml b/traefik/values.yaml
+index 37dd151..e6b85ca 100644
+--- a/traefik/values.yaml
++++ b/traefik/values.yaml
+@@ -111,6 +111,12 @@ volumes: []
+ #   mountPath: "/config"
+ #   type: configMap
+
++# Additional volumeMounts to add to the Traefik container
++additionalVolumeMounts: []
++  # For instance when using a logshipper for access logs
++  # - name: traefik-logs
++  #   mountPath: /var/log/traefik
++
+ # Logs
+ # https://docs.traefik.io/observability/logs/
+ logs:
+```
+
+## 9.8.4  ![AppVersion: 2.3.1](https://img.shields.io/static/v1?label=AppVersion&message=2.3.1&color=success&logo=) ![Helm: v3](https://img.shields.io/static/v1?label=Helm&message=v3&color=informational&logo=helm)
+
+**Release date:** 2020-11-03
+
+* fix: multiple ImagePullSecrets
+
+
+## 9.8.3  ![AppVersion: 2.3.1](https://img.shields.io/static/v1?label=AppVersion&message=2.3.1&color=success&logo=) ![Helm: v3](https://img.shields.io/static/v1?label=Helm&message=v3&color=informational&logo=helm)
+
+**Release date:** 2020-10-30
+
+* Add imagePullSecrets
+
+### Default value changes
+
+```diff
+diff --git a/traefik/values.yaml b/traefik/values.yaml
+index 87f60c0..37dd151 100644
+--- a/traefik/values.yaml
++++ b/traefik/values.yaml
+@@ -42,6 +42,9 @@ deployment:
+     #       mountPath: /data
+   # Custom pod DNS policy. Apply if `hostNetwork: true`
+   # dnsPolicy: ClusterFirstWithHostNet
++  # Additional imagePullSecrets
++  imagePullSecrets: []
++   # - name: myRegistryKeySecretName
+
+ # Pod disruption budget
+ podDisruptionBudget:
+```
+
+## 9.8.2  ![AppVersion: 2.3.1](https://img.shields.io/static/v1?label=AppVersion&message=2.3.1&color=success&logo=) ![Helm: v3](https://img.shields.io/static/v1?label=Helm&message=v3&color=informational&logo=helm)
+
+**Release date:** 2020-10-28
+
+* Add chart repo to source
+
+
+## 9.8.1  ![AppVersion: 2.3.1](https://img.shields.io/static/v1?label=AppVersion&message=2.3.1&color=success&logo=) ![Helm: v3](https://img.shields.io/static/v1?label=Helm&message=v3&color=informational&logo=helm)
+
+**Release date:** 2020-10-23
+
+* fix semver compare
+
+### Default value changes
+
+```diff
+diff --git a/traefik/values.yaml b/traefik/values.yaml
+index 4ca1f8f..87f60c0 100644
+--- a/traefik/values.yaml
++++ b/traefik/values.yaml
+@@ -1,7 +1,8 @@
+ # Default values for Traefik
+ image:
+   name: traefik
+-  tag: 2.3.1
++  # defaults to appVersion
++  tag: ""
+   pullPolicy: IfNotPresent
+
+ #
+```
+
+## 9.8.0  ![AppVersion: 2.3.1](https://img.shields.io/static/v1?label=AppVersion&message=2.3.1&color=success&logo=) ![Helm: v3](https://img.shields.io/static/v1?label=Helm&message=v3&color=informational&logo=helm)
+
+**Release date:** 2020-10-20
+
+* feat: Enable entrypoint tls config + TLSOption
+
+### Default value changes
+
+```diff
+diff --git a/traefik/values.yaml b/traefik/values.yaml
+index eee3622..4ca1f8f 100644
+--- a/traefik/values.yaml
++++ b/traefik/values.yaml
+@@ -231,6 +231,31 @@ ports:
+     # The port protocol (TCP/UDP)
+     protocol: TCP
+     # nodePort: 32443
++    # Set TLS at the entrypoint
++    # https://doc.traefik.io/traefik/routing/entrypoints/#tls
++    tls:
++      enabled: false
++      # this is the name of a TLSOption definition
++      options: ""
++      certResolver: ""
++      domains: []
++      # - main: example.com
++      #   sans:
++      #     - foo.example.com
++      #     - bar.example.com
++
++# TLS Options are created as TLSOption CRDs
++# https://doc.traefik.io/traefik/https/tls/#tls-options
++# Example:
++# tlsOptions:
++#   default:
++#     sniStrict: true
++#     preferServerCipherSuites: true
++#   foobar:
++#     curvePreferences:
++#       - CurveP521
++#       - CurveP384
++tlsOptions: {}
+
+ # Options for the main traefik service, where the entrypoints traffic comes
+ # from.
+```
+
+## 9.7.0  ![AppVersion: 2.3.1](https://img.shields.io/static/v1?label=AppVersion&message=2.3.1&color=success&logo=) ![Helm: v3](https://img.shields.io/static/v1?label=Helm&message=v3&color=informational&logo=helm)
+
+**Release date:** 2020-10-15
+
+* Add a configuration option for an emptyDir as plugin storage
+
+### Default value changes
+
+```diff
+diff --git a/traefik/values.yaml b/traefik/values.yaml
+index b7153a1..eee3622 100644
+--- a/traefik/values.yaml
++++ b/traefik/values.yaml
+@@ -54,10 +54,16 @@ ingressClass:
+   enabled: false
+   isDefaultClass: false
+
++# Activate Pilot integration
+ pilot:
+   enabled: false
+   token: ""
+
++# Enable experimental features
++experimental:
++  plugins:
++    enabled: false
++
+ # Create an IngressRoute for the dashboard
+ ingressRoute:
+   dashboard:
+```
+
+## 9.6.0  ![AppVersion: 2.3.1](https://img.shields.io/static/v1?label=AppVersion&message=2.3.1&color=success&logo=) ![Helm: v3](https://img.shields.io/static/v1?label=Helm&message=v3&color=informational&logo=helm)
+
+**Release date:** 2020-10-15
+
+* Add additional volumes for init and additional containers
+
+### Default value changes
+
+```diff
+diff --git a/traefik/values.yaml b/traefik/values.yaml
+index 9bac45e..b7153a1 100644
+--- a/traefik/values.yaml
++++ b/traefik/values.yaml
+@@ -17,6 +17,18 @@ deployment:
+   podAnnotations: {}
+   # Additional containers (e.g. for metric offloading sidecars)
+   additionalContainers: []
++    # https://docs.datadoghq.com/developers/dogstatsd/unix_socket/?tab=host
++    # - name: socat-proxy
++    # image: alpine/socat:1.0.5
++    # args: ["-s", "-u", "udp-recv:8125", "unix-sendto:/socket/socket"]
++    # volumeMounts:
++    #   - name: dsdsocket
++    #     mountPath: /socket
++  # Additional volumes available for use with initContainers and additionalContainers
++  additionalVolumes: []
++    # - name: dsdsocket
++    #   hostPath:
++    #   path: /var/run/statsd-exporter
+   # Additional initContainers (e.g. for setting file permission as shown below)
+   initContainers: []
+     # The "volume-permissions" init container is required if you run into permission issues.
+```
+
+## 9.5.2  ![AppVersion: 2.3.1](https://img.shields.io/static/v1?label=AppVersion&message=2.3.1&color=success&logo=) ![Helm: v3](https://img.shields.io/static/v1?label=Helm&message=v3&color=informational&logo=helm)
+
+**Release date:** 2020-10-15
+
+* Replace extensions with policy because of deprecation
+
+
+## 9.5.1  ![AppVersion: 2.3.1](https://img.shields.io/static/v1?label=AppVersion&message=2.3.1&color=success&logo=) ![Helm: v3](https://img.shields.io/static/v1?label=Helm&message=v3&color=informational&logo=helm)
+
+**Release date:** 2020-10-14
+
+* Template custom volume name
+
+### Default value changes
+
+```diff
+diff --git a/traefik/values.yaml b/traefik/values.yaml
+index 5a8d8ea..9bac45e 100644
+--- a/traefik/values.yaml
++++ b/traefik/values.yaml
+@@ -76,7 +76,7 @@ providers:
+       # pathOverride: ""
+
+ #
+-# Add volumes to the traefik pod.
++# Add volumes to the traefik pod. The volume name will be passed to tpl.
+ # This can be used to mount a cert pair or a configmap that holds a config.toml file.
+ # After the volume has been mounted, add the configs into traefik by using the `additionalArguments` list below, eg:
+ # additionalArguments:
+@@ -85,7 +85,7 @@ volumes: []
+ # - name: public-cert
+ #   mountPath: "/certs"
+ #   type: secret
+-# - name: configs
++# - name: '{{ printf "%s-configs" .Release.Name }}'
+ #   mountPath: "/config"
+ #   type: configMap
+
+```
+
+## 9.5.0  ![AppVersion: 2.3.1](https://img.shields.io/static/v1?label=AppVersion&message=2.3.1&color=success&logo=) ![Helm: v3](https://img.shields.io/static/v1?label=Helm&message=v3&color=informational&logo=helm)
+
+**Release date:** 2020-10-02
+
+* Create PodSecurityPolicy and RBAC when needed.
+
+### Default value changes
+
+```diff
+diff --git a/traefik/values.yaml b/traefik/values.yaml
+index 8c4d866..5a8d8ea 100644
+--- a/traefik/values.yaml
++++ b/traefik/values.yaml
+@@ -281,6 +281,10 @@ rbac:
+   # If set to true, installs namespace-specific Role and RoleBinding and requires provider configuration be set to that same namespace
+   namespaced: false
+
++# Enable to create a PodSecurityPolicy and assign it to the Service Account via RoleBindin or ClusterRoleBinding
++podSecurityPolicy:
++  enabled: false
++
+ # The service account the pods will use to interact with the Kubernetes API
+ serviceAccount:
+   # If set, an existing service account is used
+```
+
+## 9.4.3  ![AppVersion: 2.3.1](https://img.shields.io/static/v1?label=AppVersion&message=2.3.1&color=success&logo=) ![Helm: v3](https://img.shields.io/static/v1?label=Helm&message=v3&color=informational&logo=helm)
+
+**Release date:** 2020-10-02
+
+* Update traefik to v2.3.1
+
+### Default value changes
+
+```diff
+diff --git a/traefik/values.yaml b/traefik/values.yaml
+index 3df75a4..8c4d866 100644
+--- a/traefik/values.yaml
++++ b/traefik/values.yaml
+@@ -1,7 +1,7 @@
+ # Default values for Traefik
+ image:
+   name: traefik
+-  tag: 2.3.0
++  tag: 2.3.1
+   pullPolicy: IfNotPresent
+
+ #
+```
+
+## 9.4.2  ![AppVersion: 2.3.0](https://img.shields.io/static/v1?label=AppVersion&message=2.3.0&color=success&logo=) ![Helm: v3](https://img.shields.io/static/v1?label=Helm&message=v3&color=informational&logo=helm)
+
+**Release date:** 2020-10-02
+
+* Add Artifact Hub repository metadata file
+
+
+## 9.4.1  ![AppVersion: 2.3.0](https://img.shields.io/static/v1?label=AppVersion&message=2.3.0&color=success&logo=) ![Helm: v3](https://img.shields.io/static/v1?label=Helm&message=v3&color=informational&logo=helm)
+
+**Release date:** 2020-10-01
+
+* Fix broken chart icon url
+
+
+## 9.4.0  ![AppVersion: 2.3.0](https://img.shields.io/static/v1?label=AppVersion&message=2.3.0&color=success&logo=) ![Helm: v3](https://img.shields.io/static/v1?label=Helm&message=v3&color=informational&logo=helm)
+
+**Release date:** 2020-10-01
+
+* Allow to specify custom labels on Service
+
+### Default value changes
+
+```diff
+diff --git a/traefik/values.yaml b/traefik/values.yaml
+index a6175ff..3df75a4 100644
+--- a/traefik/values.yaml
++++ b/traefik/values.yaml
+@@ -221,6 +221,8 @@ service:
+   type: LoadBalancer
+   # Additional annotations (e.g. for cloud provider specific config)
+   annotations: {}
++  # Additional service labels (e.g. for filtering Service by custom labels)
++  labels: {}
+   # Additional entries here will be added to the service spec. Cannot contains
+   # type, selector or ports entries.
+   spec: {}
+```
+
+## 9.3.0  ![AppVersion: 2.3.0](https://img.shields.io/static/v1?label=AppVersion&message=2.3.0&color=success&logo=) ![Helm: v3](https://img.shields.io/static/v1?label=Helm&message=v3&color=informational&logo=helm)
+
+**Release date:** 2020-09-24
+
+* Release Traefik 2.3
+
+### Default value changes
+
+```diff
+diff --git a/traefik/values.yaml b/traefik/values.yaml
+index fba955d..a6175ff 100644
+--- a/traefik/values.yaml
++++ b/traefik/values.yaml
+@@ -1,7 +1,7 @@
+ # Default values for Traefik
+ image:
+   name: traefik
+-  tag: 2.2.8
++  tag: 2.3.0
+   pullPolicy: IfNotPresent
+
+ #
+@@ -36,6 +36,16 @@ podDisruptionBudget:
+   # maxUnavailable: 1
+   # minAvailable: 0
+
++# Use ingressClass. Ignored if Traefik version < 2.3 / kubernetes < 1.18.x
++ingressClass:
++  # true is not unit-testable yet, pending https://github.com/rancher/helm-unittest/pull/12
++  enabled: false
++  isDefaultClass: false
++
++pilot:
++  enabled: false
++  token: ""
++
+ # Create an IngressRoute for the dashboard
+ ingressRoute:
+   dashboard:
+```
+
+## 9.2.1  ![AppVersion: 2.2.8](https://img.shields.io/static/v1?label=AppVersion&message=2.2.8&color=success&logo=) ![Helm: v3](https://img.shields.io/static/v1?label=Helm&message=v3&color=informational&logo=helm)
+
+**Release date:** 2020-09-18
+
+* Add new helm url
+
+
+## 9.2.0  ![AppVersion: 2.2.8](https://img.shields.io/static/v1?label=AppVersion&message=2.2.8&color=success&logo=) ![Helm: v3](https://img.shields.io/static/v1?label=Helm&message=v3&color=informational&logo=helm)
+
+**Release date:** 2020-09-16
+
+* chore: move to new organization.
+
+### Default value changes
+
+```diff
+diff --git a/traefik/values.yaml b/traefik/values.yaml
+index 9f52c39..fba955d 100644
+--- a/traefik/values.yaml
++++ b/traefik/values.yaml
+@@ -20,7 +20,7 @@ deployment:
+   # Additional initContainers (e.g. for setting file permission as shown below)
+   initContainers: []
+     # The "volume-permissions" init container is required if you run into permission issues.
+-    # Related issue: https://github.com/containous/traefik/issues/6972
++    # Related issue: https://github.com/traefik/traefik/issues/6972
+     # - name: volume-permissions
+     #   image: busybox:1.31.1
+     #   command: ["sh", "-c", "chmod -Rv 600 /data/*"]
+```
+
+## 9.1.1  ![AppVersion: 2.2.8](https://img.shields.io/static/v1?label=AppVersion&message=2.2.8&color=success&logo=) ![Helm: v3](https://img.shields.io/static/v1?label=Helm&message=v3&color=informational&logo=helm)
+
+**Release date:** 2020-09-04
+
+* Update reference to using kubectl proxy to kubectl port-forward
+
+### Default value changes
+
+```diff
+diff --git a/traefik/values.yaml b/traefik/values.yaml
+index 7b74a39..9f52c39 100644
+--- a/traefik/values.yaml
++++ b/traefik/values.yaml
+@@ -175,7 +175,7 @@ ports:
+     #
+     # You SHOULD NOT expose the traefik port on production deployments.
+     # If you want to access it from outside of your cluster,
+-    # use `kubectl proxy` or create a secure ingress
++    # use `kubectl port-forward` or create a secure ingress
+     expose: false
+     # The exposed port for this service
+     exposedPort: 9000
+```
+
+## 9.1.0  ![AppVersion: 2.2.8](https://img.shields.io/static/v1?label=AppVersion&message=2.2.8&color=success&logo=) ![Helm: v3](https://img.shields.io/static/v1?label=Helm&message=v3&color=informational&logo=helm)
+
+**Release date:** 2020-08-24
+
+* PublishedService option
+
+### Default value changes
+
+```diff
+diff --git a/traefik/values.yaml b/traefik/values.yaml
+index e161a14..7b74a39 100644
+--- a/traefik/values.yaml
++++ b/traefik/values.yaml
+@@ -58,6 +58,12 @@ providers:
+     enabled: true
+   kubernetesIngress:
+     enabled: true
++    # IP used for Kubernetes Ingress endpoints
++    publishedService:
++      enabled: false
++      # Published Kubernetes Service to copy status from. Format: namespace/servicename
++      # By default this Traefik service
++      # pathOverride: ""
+
+ #
+ # Add volumes to the traefik pod.
+```
+
+## 9.0.0  ![AppVersion: 2.2.8](https://img.shields.io/static/v1?label=AppVersion&message=2.2.8&color=success&logo=) ![Helm: v3](https://img.shields.io/static/v1?label=Helm&message=v3&color=informational&logo=helm)
+
+**Release date:** 2020-08-21
+
+* feat: Move Chart apiVersion: v2
+
+
+## 8.13.3  ![AppVersion: 2.2.8](https://img.shields.io/static/v1?label=AppVersion&message=2.2.8&color=success&logo=) ![Helm: v2](https://img.shields.io/static/v1?label=Helm&message=v2&color=inactive&logo=helm) ![Helm: v3](https://img.shields.io/static/v1?label=Helm&message=v3&color=informational&logo=helm)
+
+**Release date:** 2020-08-21
+
+* bug: Check for port config
+
+
+## 8.13.2  ![AppVersion: 2.2.8](https://img.shields.io/static/v1?label=AppVersion&message=2.2.8&color=success&logo=) ![Helm: v2](https://img.shields.io/static/v1?label=Helm&message=v2&color=inactive&logo=helm) ![Helm: v3](https://img.shields.io/static/v1?label=Helm&message=v3&color=informational&logo=helm)
+
+**Release date:** 2020-08-19
+
+* Fix log level configuration
+
+
+## 8.13.1  ![AppVersion: 2.2.8](https://img.shields.io/static/v1?label=AppVersion&message=2.2.8&color=success&logo=) ![Helm: v2](https://img.shields.io/static/v1?label=Helm&message=v2&color=inactive&logo=helm) ![Helm: v3](https://img.shields.io/static/v1?label=Helm&message=v3&color=informational&logo=helm)
+
+**Release date:** 2020-08-18
+
+* Dont redirect to websecure by default
+
+### Default value changes
+
+```diff
+diff --git a/traefik/values.yaml b/traefik/values.yaml
+index 67276f7..e161a14 100644
+--- a/traefik/values.yaml
++++ b/traefik/values.yaml
+@@ -188,7 +188,7 @@ ports:
+     # Port Redirections
+     # Added in 2.2, you can make permanent redirects via entrypoints.
+     # https://docs.traefik.io/routing/entrypoints/#redirection
+-    redirectTo: websecure
++    # redirectTo: websecure
+   websecure:
+     port: 8443
+     # hostPort: 8443
+```
+
+## 8.13.0  ![AppVersion: 2.2.8](https://img.shields.io/static/v1?label=AppVersion&message=2.2.8&color=success&logo=) ![Helm: v2](https://img.shields.io/static/v1?label=Helm&message=v2&color=inactive&logo=helm) ![Helm: v3](https://img.shields.io/static/v1?label=Helm&message=v3&color=informational&logo=helm)
+
+**Release date:** 2020-08-18
+
+* Add logging, and http redirect config
+
+### Default value changes
+
+```diff
+diff --git a/traefik/values.yaml b/traefik/values.yaml
+index 6f79580..67276f7 100644
+--- a/traefik/values.yaml
++++ b/traefik/values.yaml
+@@ -73,6 +73,48 @@ volumes: []
+ #   mountPath: "/config"
+ #   type: configMap
+
++# Logs
++# https://docs.traefik.io/observability/logs/
++logs:
++  # Traefik logs concern everything that happens to Traefik itself (startup, configuration, events, shutdown, and so on).
++  general:
++    # By default, the logs use a text format (common), but you can
++    # also ask for the json format in the format option
++    # format: json
++    # By default, the level is set to ERROR. Alternative logging levels are DEBUG, PANIC, FATAL, ERROR, WARN, and INFO.
++    level: ERROR
++  access:
++    # To enable access logs
++    enabled: false
++    # By default, logs are written using the Common Log Format (CLF).
++    # To write logs in JSON, use json in the format option.
++    # If the given format is unsupported, the default (CLF) is used instead.
++    # format: json
++    # To write the logs in an asynchronous fashion, specify a bufferingSize option.
++    # This option represents the number of log lines Traefik will keep in memory before writing
++    # them to the selected output. In some cases, this option can greatly help performances.
++    # bufferingSize: 100
++    # Filtering https://docs.traefik.io/observability/access-logs/#filtering
++    filters: {}
++      # statuscodes: "200,300-302"
++      # retryattempts: true
++      # minduration: 10ms
++    # Fields
++    # https://docs.traefik.io/observability/access-logs/#limiting-the-fieldsincluding-headers
++    fields:
++      general:
++        defaultmode: keep
++        names: {}
++          # Examples:
++          # ClientUsername: drop
++      headers:
++        defaultmode: drop
++        names: {}
++          # Examples:
++          # User-Agent: redact
++          # Authorization: drop
++          # Content-Type: keep
++
+ globalArguments:
+   - "--global.checknewversion"
+   - "--global.sendanonymoususage"
+@@ -143,6 +185,10 @@ ports:
+     # Use nodeport if set. This is useful if you have configured Traefik in a
+     # LoadBalancer
+     # nodePort: 32080
++    # Port Redirections
++    # Added in 2.2, you can make permanent redirects via entrypoints.
++    # https://docs.traefik.io/routing/entrypoints/#redirection
++    redirectTo: websecure
+   websecure:
+     port: 8443
+     # hostPort: 8443
+```
+
+## 8.12.0  ![AppVersion: 2.2.8](https://img.shields.io/static/v1?label=AppVersion&message=2.2.8&color=success&logo=) ![Helm: v2](https://img.shields.io/static/v1?label=Helm&message=v2&color=inactive&logo=helm) ![Helm: v3](https://img.shields.io/static/v1?label=Helm&message=v3&color=informational&logo=helm)
+
+**Release date:** 2020-08-14
+
+* Add image pull policy
+
+### Default value changes
+
+```diff
+diff --git a/traefik/values.yaml b/traefik/values.yaml
+index 10b3949..6f79580 100644
+--- a/traefik/values.yaml
++++ b/traefik/values.yaml
+@@ -2,6 +2,7 @@
+ image:
+   name: traefik
+   tag: 2.2.8
++  pullPolicy: IfNotPresent
+
+ #
+ # Configure the deployment
+```
+
+## 8.11.0  ![AppVersion: 2.2.8](https://img.shields.io/static/v1?label=AppVersion&message=2.2.8&color=success&logo=) ![Helm: v2](https://img.shields.io/static/v1?label=Helm&message=v2&color=inactive&logo=helm) ![Helm: v3](https://img.shields.io/static/v1?label=Helm&message=v3&color=informational&logo=helm)
+
+**Release date:** 2020-08-12
+
+* Add dns policy option
+
+### Default value changes
+
+```diff
+diff --git a/traefik/values.yaml b/traefik/values.yaml
+index 80ddaaa..10b3949 100644
+--- a/traefik/values.yaml
++++ b/traefik/values.yaml
+@@ -26,6 +26,8 @@ deployment:
+     #   volumeMounts:
+     #     - name: data
+     #       mountPath: /data
++  # Custom pod DNS policy. Apply if `hostNetwork: true`
++  # dnsPolicy: ClusterFirstWithHostNet
+
+ # Pod disruption budget
+ podDisruptionBudget:
+```
+
+## 8.10.0  ![AppVersion: 2.2.8](https://img.shields.io/static/v1?label=AppVersion&message=2.2.8&color=success&logo=) ![Helm: v2](https://img.shields.io/static/v1?label=Helm&message=v2&color=inactive&logo=helm) ![Helm: v3](https://img.shields.io/static/v1?label=Helm&message=v3&color=informational&logo=helm)
+
+**Release date:** 2020-08-11
+
+* Add hostIp to port configuration
+
+### Default value changes
+
+```diff
+diff --git a/traefik/values.yaml b/traefik/values.yaml
+index 936ab92..80ddaaa 100644
+--- a/traefik/values.yaml
++++ b/traefik/values.yaml
+@@ -112,6 +112,12 @@ ports:
+     port: 9000
+     # Use hostPort if set.
+     # hostPort: 9000
++    #
++    # Use hostIP if set. If not set, Kubernetes will default to 0.0.0.0, which
++    # means it's listening on all your interfaces and all your IPs. You may want
++    # to set this value if you need traefik to listen on specific interface
++    # only.
++    # hostIP: 192.168.100.10
+
+     # Defines whether the port is exposed if service.type is LoadBalancer or
+     # NodePort.
+```
+
+## 8.9.2  ![AppVersion: 2.2.8](https://img.shields.io/static/v1?label=AppVersion&message=2.2.8&color=success&logo=) ![Helm: v2](https://img.shields.io/static/v1?label=Helm&message=v2&color=inactive&logo=helm) ![Helm: v3](https://img.shields.io/static/v1?label=Helm&message=v3&color=informational&logo=helm)
+
+**Release date:** 2020-08-10
+
+* Bump Traefik to 2.2.8
+
+### Default value changes
+
+```diff
+diff --git a/traefik/values.yaml b/traefik/values.yaml
+index 42ee893..936ab92 100644
+--- a/traefik/values.yaml
++++ b/traefik/values.yaml
+@@ -1,7 +1,7 @@
+ # Default values for Traefik
+ image:
+   name: traefik
+-  tag: 2.2.5
++  tag: 2.2.8
+
+ #
+ # Configure the deployment
+```
+
+## 8.9.1  ![AppVersion: 2.2.5](https://img.shields.io/static/v1?label=AppVersion&message=2.2.5&color=success&logo=) ![Helm: v2](https://img.shields.io/static/v1?label=Helm&message=v2&color=inactive&logo=helm) ![Helm: v3](https://img.shields.io/static/v1?label=Helm&message=v3&color=informational&logo=helm)
+
+**Release date:** 2020-07-15
+
+* Upgrade traefik version
+
+### Default value changes
+
+```diff
+diff --git a/traefik/values.yaml b/traefik/values.yaml
+index a7fb668..42ee893 100644
+--- a/traefik/values.yaml
++++ b/traefik/values.yaml
+@@ -1,7 +1,7 @@
+ # Default values for Traefik
+ image:
+   name: traefik
+-  tag: 2.2.1
++  tag: 2.2.5
+
+ #
+ # Configure the deployment
+```
+
+## 8.9.0  ![AppVersion: 2.2.1](https://img.shields.io/static/v1?label=AppVersion&message=2.2.1&color=success&logo=) ![Helm: v2](https://img.shields.io/static/v1?label=Helm&message=v2&color=inactive&logo=helm) ![Helm: v3](https://img.shields.io/static/v1?label=Helm&message=v3&color=informational&logo=helm)
+
+**Release date:** 2020-07-08
+
+* run init container to set proper permissions on volume
+
+### Default value changes
+
+```diff
+diff --git a/traefik/values.yaml b/traefik/values.yaml
+index 62e3a77..a7fb668 100644
+--- a/traefik/values.yaml
++++ b/traefik/values.yaml
+@@ -16,6 +16,16 @@ deployment:
+   podAnnotations: {}
+   # Additional containers (e.g. for metric offloading sidecars)
+   additionalContainers: []
++  # Additional initContainers (e.g. for setting file permission as shown below)
++  initContainers: []
++    # The "volume-permissions" init container is required if you run into permission issues.
++    # Related issue: https://github.com/containous/traefik/issues/6972
++    # - name: volume-permissions
++    #   image: busybox:1.31.1
++    #   command: ["sh", "-c", "chmod -Rv 600 /data/*"]
++    #   volumeMounts:
++    #     - name: data
++    #       mountPath: /data
+
+ # Pod disruption budget
+ podDisruptionBudget:
+```
+
+## 8.8.1  ![AppVersion: 2.2.1](https://img.shields.io/static/v1?label=AppVersion&message=2.2.1&color=success&logo=) ![Helm: v2](https://img.shields.io/static/v1?label=Helm&message=v2&color=inactive&logo=helm) ![Helm: v3](https://img.shields.io/static/v1?label=Helm&message=v3&color=informational&logo=helm)
+
+**Release date:** 2020-07-02
+
+* Additional container fix
+
+### Default value changes
+
+```diff
+diff --git a/traefik/values.yaml b/traefik/values.yaml
+index 85df29c..62e3a77 100644
+--- a/traefik/values.yaml
++++ b/traefik/values.yaml
+@@ -15,7 +15,7 @@ deployment:
+   # Additional pod annotations (e.g. for mesh injection or prometheus scraping)
+   podAnnotations: {}
+   # Additional containers (e.g. for metric offloading sidecars)
+-  additionalContainers: {}
++  additionalContainers: []
+
+ # Pod disruption budget
+ podDisruptionBudget:
+```
+
+## 8.8.0  ![AppVersion: 2.2.1](https://img.shields.io/static/v1?label=AppVersion&message=2.2.1&color=success&logo=) ![Helm: v2](https://img.shields.io/static/v1?label=Helm&message=v2&color=inactive&logo=helm) ![Helm: v3](https://img.shields.io/static/v1?label=Helm&message=v3&color=informational&logo=helm)
+
+**Release date:** 2020-07-01
+
+* added additionalContainers option to chart
+
+### Default value changes
+
+```diff
+diff --git a/traefik/values.yaml b/traefik/values.yaml
+index 6a9dfd8..85df29c 100644
+--- a/traefik/values.yaml
++++ b/traefik/values.yaml
+@@ -14,6 +14,8 @@ deployment:
+   annotations: {}
+   # Additional pod annotations (e.g. for mesh injection or prometheus scraping)
+   podAnnotations: {}
++  # Additional containers (e.g. for metric offloading sidecars)
++  additionalContainers: {}
+
+ # Pod disruption budget
+ podDisruptionBudget:
+```
+
+## 8.7.2  ![AppVersion: 2.2.1](https://img.shields.io/static/v1?label=AppVersion&message=2.2.1&color=success&logo=) ![Helm: v2](https://img.shields.io/static/v1?label=Helm&message=v2&color=inactive&logo=helm) ![Helm: v3](https://img.shields.io/static/v1?label=Helm&message=v3&color=informational&logo=helm)
+
+**Release date:** 2020-06-30
+
+* Update image
+
+
+## 8.7.1  ![AppVersion: 2.2.1](https://img.shields.io/static/v1?label=AppVersion&message=2.2.1&color=success&logo=) ![Helm: v2](https://img.shields.io/static/v1?label=Helm&message=v2&color=inactive&logo=helm) ![Helm: v3](https://img.shields.io/static/v1?label=Helm&message=v3&color=informational&logo=helm)
+
+**Release date:** 2020-06-26
+
+* Update values.yaml
+
+### Default value changes
+
+```diff
+diff --git a/traefik/values.yaml b/traefik/values.yaml
+index 05f9eab..6a9dfd8 100644
+--- a/traefik/values.yaml
++++ b/traefik/values.yaml
+@@ -196,7 +196,7 @@ rbac:
+   # If set to true, installs namespace-specific Role and RoleBinding and requires provider configuration be set to that same namespace
+   namespaced: false
+
+-# The service account the pods will use to interact with the Kubernates API
++# The service account the pods will use to interact with the Kubernetes API
+ serviceAccount:
+   # If set, an existing service account is used
+   # If not set, a service account is created automatically using the fullname template
+```
+
+## 8.7.0  ![AppVersion: 2.2.1](https://img.shields.io/static/v1?label=AppVersion&message=2.2.1&color=success&logo=) ![Helm: v2](https://img.shields.io/static/v1?label=Helm&message=v2&color=inactive&logo=helm) ![Helm: v3](https://img.shields.io/static/v1?label=Helm&message=v3&color=informational&logo=helm)
+
+**Release date:** 2020-06-23
+
+* Add option to disable providers
+
+### Default value changes
+
+```diff
+diff --git a/traefik/values.yaml b/traefik/values.yaml
+index 102ae00..05f9eab 100644
+--- a/traefik/values.yaml
++++ b/traefik/values.yaml
+@@ -34,6 +34,16 @@ rollingUpdate:
+   maxUnavailable: 1
+   maxSurge: 1
+
++
++#
++# Configure providers
++#
++providers:
++  kubernetesCRD:
++    enabled: true
++  kubernetesIngress:
++    enabled: true
++
+ #
+ # Add volumes to the traefik pod.
+ # This can be used to mount a cert pair or a configmap that holds a config.toml file.
+```
+
+## 8.6.1  ![AppVersion: 2.2.1](https://img.shields.io/static/v1?label=AppVersion&message=2.2.1&color=success&logo=) ![Helm: v2](https://img.shields.io/static/v1?label=Helm&message=v2&color=inactive&logo=helm) ![Helm: v3](https://img.shields.io/static/v1?label=Helm&message=v3&color=informational&logo=helm)
+
+**Release date:** 2020-06-18
+
+* Fix read-only /tmp
+
+
+## 8.6.0  ![AppVersion: 2.2.1](https://img.shields.io/static/v1?label=AppVersion&message=2.2.1&color=success&logo=) ![Helm: v2](https://img.shields.io/static/v1?label=Helm&message=v2&color=inactive&logo=helm) ![Helm: v3](https://img.shields.io/static/v1?label=Helm&message=v3&color=informational&logo=helm)
+
+**Release date:** 2020-06-17
+
+* Add existing PVC support(#158)
+
+### Default value changes
+
+```diff
+diff --git a/traefik/values.yaml b/traefik/values.yaml
+index b2f4fc3..102ae00 100644
+--- a/traefik/values.yaml
++++ b/traefik/values.yaml
+@@ -164,6 +164,7 @@ autoscaling:
+ # It will persist TLS certificates.
+ persistence:
+   enabled: false
++#  existingClaim: ""
+   accessMode: ReadWriteOnce
+   size: 128Mi
+   # storageClass: ""
+```
+
+## 8.5.0  ![AppVersion: 2.2.1](https://img.shields.io/static/v1?label=AppVersion&message=2.2.1&color=success&logo=) ![Helm: v2](https://img.shields.io/static/v1?label=Helm&message=v2&color=inactive&logo=helm) ![Helm: v3](https://img.shields.io/static/v1?label=Helm&message=v3&color=informational&logo=helm)
+
+**Release date:** 2020-06-16
+
+* UDP support
+
+### Default value changes
+
+```diff
+diff --git a/traefik/values.yaml b/traefik/values.yaml
+index 9a9b668..b2f4fc3 100644
+--- a/traefik/values.yaml
++++ b/traefik/values.yaml
+@@ -100,11 +100,15 @@ ports:
+     expose: false
+     # The exposed port for this service
+     exposedPort: 9000
++    # The port protocol (TCP/UDP)
++    protocol: TCP
+   web:
+     port: 8000
+     # hostPort: 8000
+     expose: true
+     exposedPort: 80
++    # The port protocol (TCP/UDP)
++    protocol: TCP
+     # Use nodeport if set. This is useful if you have configured Traefik in a
+     # LoadBalancer
+     # nodePort: 32080
+@@ -113,6 +117,8 @@ ports:
+     # hostPort: 8443
+     expose: true
+     exposedPort: 443
++    # The port protocol (TCP/UDP)
++    protocol: TCP
+     # nodePort: 32443
+
+ # Options for the main traefik service, where the entrypoints traffic comes
+```
+
+## 8.4.1  ![AppVersion: 2.2.1](https://img.shields.io/static/v1?label=AppVersion&message=2.2.1&color=success&logo=) ![Helm: v2](https://img.shields.io/static/v1?label=Helm&message=v2&color=inactive&logo=helm) ![Helm: v3](https://img.shields.io/static/v1?label=Helm&message=v3&color=informational&logo=helm)
+
+**Release date:** 2020-06-10
+
+* Fix PDB with minAvailable set
+
+### Default value changes
+
+```diff
+diff --git a/traefik/values.yaml b/traefik/values.yaml
+index e812b98..9a9b668 100644
+--- a/traefik/values.yaml
++++ b/traefik/values.yaml
+@@ -18,7 +18,7 @@ deployment:
+ # Pod disruption budget
+ podDisruptionBudget:
+   enabled: false
+-  maxUnavailable: 1
++  # maxUnavailable: 1
+   # minAvailable: 0
+
+ # Create an IngressRoute for the dashboard
+```
+
+## 8.4.0  ![AppVersion: 2.2.1](https://img.shields.io/static/v1?label=AppVersion&message=2.2.1&color=success&logo=) ![Helm: v2](https://img.shields.io/static/v1?label=Helm&message=v2&color=inactive&logo=helm) ![Helm: v3](https://img.shields.io/static/v1?label=Helm&message=v3&color=informational&logo=helm)
+
+**Release date:** 2020-06-09
+
+* Add pod disruption budget (#192)
+
+### Default value changes
+
+```diff
+diff --git a/traefik/values.yaml b/traefik/values.yaml
+index 5f44e5c..e812b98 100644
+--- a/traefik/values.yaml
++++ b/traefik/values.yaml
+@@ -15,6 +15,12 @@ deployment:
+   # Additional pod annotations (e.g. for mesh injection or prometheus scraping)
+   podAnnotations: {}
+
++# Pod disruption budget
++podDisruptionBudget:
++  enabled: false
++  maxUnavailable: 1
++  # minAvailable: 0
++
+ # Create an IngressRoute for the dashboard
+ ingressRoute:
+   dashboard:
+```
+
+## 8.3.0  ![AppVersion: 2.2.1](https://img.shields.io/static/v1?label=AppVersion&message=2.2.1&color=success&logo=) ![Helm: v2](https://img.shields.io/static/v1?label=Helm&message=v2&color=inactive&logo=helm) ![Helm: v3](https://img.shields.io/static/v1?label=Helm&message=v3&color=informational&logo=helm)
+
+**Release date:** 2020-06-08
+
+* Add option to disable RBAC and ServiceAccount
+
+### Default value changes
+
+```diff
+diff --git a/traefik/values.yaml b/traefik/values.yaml
+index 96bba18..5f44e5c 100644
+--- a/traefik/values.yaml
++++ b/traefik/values.yaml
+@@ -165,6 +165,20 @@ persistence:
+ # affinity is left as default.
+ hostNetwork: false
+
++# Whether Role Based Access Control objects like roles and rolebindings should be created
++rbac:
++  enabled: true
++
++  # If set to false, installs ClusterRole and ClusterRoleBinding so Traefik can be used across namespaces.
++  # If set to true, installs namespace-specific Role and RoleBinding and requires provider configuration be set to that same namespace
++  namespaced: false
++
++# The service account the pods will use to interact with the Kubernates API
++serviceAccount:
++  # If set, an existing service account is used
++  # If not set, a service account is created automatically using the fullname template
++  name: ""
++
+ # Additional serviceAccount annotations (e.g. for oidc authentication)
+ serviceAccountAnnotations: {}
+
+```
+
+## 8.2.1  ![AppVersion: 2.2.1](https://img.shields.io/static/v1?label=AppVersion&message=2.2.1&color=success&logo=) ![Helm: v2](https://img.shields.io/static/v1?label=Helm&message=v2&color=inactive&logo=helm) ![Helm: v3](https://img.shields.io/static/v1?label=Helm&message=v3&color=informational&logo=helm)
+
+**Release date:** 2020-05-25
+
+* Remove suggested providers.kubernetesingress value
+
+### Default value changes
+
+```diff
+diff --git a/traefik/values.yaml b/traefik/values.yaml
+index e35bdf9..96bba18 100644
+--- a/traefik/values.yaml
++++ b/traefik/values.yaml
+@@ -50,9 +50,9 @@ globalArguments:
+ # Configure Traefik static configuration
+ # Additional arguments to be passed at Traefik's binary
+ # All available options available on https://docs.traefik.io/reference/static-configuration/cli/
+-## Use curly braces to pass values: `helm install --set="additionalArguments={--providers.kubernetesingress,--log.level=DEBUG}"`
++## Use curly braces to pass values: `helm install --set="additionalArguments={--providers.kubernetesingress.ingressclass=traefik-internal,--log.level=DEBUG}"`
+ additionalArguments: []
+-#  - "--providers.kubernetesingress"
++#  - "--providers.kubernetesingress.ingressclass=traefik-internal"
+ #  - "--log.level=DEBUG"
+
+ # Environment variables to be passed to Traefik's binary
+```
+
+## 8.2.0  ![AppVersion: 2.2.1](https://img.shields.io/static/v1?label=AppVersion&message=2.2.1&color=success&logo=) ![Helm: v2](https://img.shields.io/static/v1?label=Helm&message=v2&color=inactive&logo=helm) ![Helm: v3](https://img.shields.io/static/v1?label=Helm&message=v3&color=informational&logo=helm)
+
+**Release date:** 2020-05-18
+
+* Add kubernetes ingress by default
+
+
+## 8.1.5  ![AppVersion: 2.2.1](https://img.shields.io/static/v1?label=AppVersion&message=2.2.1&color=success&logo=) ![Helm: v2](https://img.shields.io/static/v1?label=Helm&message=v2&color=inactive&logo=helm) ![Helm: v3](https://img.shields.io/static/v1?label=Helm&message=v3&color=informational&logo=helm)
+
+**Release date:** 2020-05-18
+
+* Fix example log params in values.yml
+
+### Default value changes
+
+```diff
+diff --git a/traefik/values.yaml b/traefik/values.yaml
+index abe2334..e35bdf9 100644
+--- a/traefik/values.yaml
++++ b/traefik/values.yaml
+@@ -50,10 +50,10 @@ globalArguments:
+ # Configure Traefik static configuration
+ # Additional arguments to be passed at Traefik's binary
+ # All available options available on https://docs.traefik.io/reference/static-configuration/cli/
+-## Use curly braces to pass values: `helm install --set="additionalArguments={--providers.kubernetesingress,--logs.level=DEBUG}"`
++## Use curly braces to pass values: `helm install --set="additionalArguments={--providers.kubernetesingress,--log.level=DEBUG}"`
+ additionalArguments: []
+ #  - "--providers.kubernetesingress"
+-#  - "--logs.level=DEBUG"
++#  - "--log.level=DEBUG"
+
+ # Environment variables to be passed to Traefik's binary
+ env: []
+```
+
+## 8.1.4  ![AppVersion: 2.2.1](https://img.shields.io/static/v1?label=AppVersion&message=2.2.1&color=success&logo=) ![Helm: v2](https://img.shields.io/static/v1?label=Helm&message=v2&color=inactive&logo=helm) ![Helm: v3](https://img.shields.io/static/v1?label=Helm&message=v3&color=informational&logo=helm)
+
+**Release date:** 2020-04-30
+
+* Update Traefik to v2.2.1
+
+### Default value changes
+
+```diff
+diff --git a/traefik/values.yaml b/traefik/values.yaml
+index 57cc7e1..abe2334 100644
+--- a/traefik/values.yaml
++++ b/traefik/values.yaml
+@@ -1,7 +1,7 @@
+ # Default values for Traefik
+ image:
+   name: traefik
+-  tag: 2.2.0
++  tag: 2.2.1
+
+ #
+ # Configure the deployment
+```
+
+## 8.1.3  ![AppVersion: 2.2.0](https://img.shields.io/static/v1?label=AppVersion&message=2.2.0&color=success&logo=) ![Helm: v2](https://img.shields.io/static/v1?label=Helm&message=v2&color=inactive&logo=helm) ![Helm: v3](https://img.shields.io/static/v1?label=Helm&message=v3&color=informational&logo=helm)
+
+**Release date:** 2020-04-29
+
+* Clarify additionnal arguments log
+
+### Default value changes
+
+```diff
+diff --git a/traefik/values.yaml b/traefik/values.yaml
+index d639f72..57cc7e1 100644
+--- a/traefik/values.yaml
++++ b/traefik/values.yaml
+@@ -50,9 +50,10 @@ globalArguments:
+ # Configure Traefik static configuration
+ # Additional arguments to be passed at Traefik's binary
+ # All available options available on https://docs.traefik.io/reference/static-configuration/cli/
+-## Use curly braces to pass values: `helm install --set="additionalArguments={--providers.kubernetesingress,--global.checknewversion=true}"`
++## Use curly braces to pass values: `helm install --set="additionalArguments={--providers.kubernetesingress,--logs.level=DEBUG}"`
+ additionalArguments: []
+ #  - "--providers.kubernetesingress"
++#  - "--logs.level=DEBUG"
+
+ # Environment variables to be passed to Traefik's binary
+ env: []
+```
+
+## 8.1.2  ![AppVersion: 2.2.0](https://img.shields.io/static/v1?label=AppVersion&message=2.2.0&color=success&logo=) ![Helm: v2](https://img.shields.io/static/v1?label=Helm&message=v2&color=inactive&logo=helm) ![Helm: v3](https://img.shields.io/static/v1?label=Helm&message=v3&color=informational&logo=helm)
+
+**Release date:** 2020-04-23
+
+* Remove invalid flags. (#161)
+
+### Default value changes
+
+```diff
+diff --git a/traefik/values.yaml b/traefik/values.yaml
+index 0e7aaef..d639f72 100644
+--- a/traefik/values.yaml
++++ b/traefik/values.yaml
+@@ -34,8 +34,6 @@ rollingUpdate:
+ # After the volume has been mounted, add the configs into traefik by using the `additionalArguments` list below, eg:
+ # additionalArguments:
+ # - "--providers.file.filename=/config/dynamic.toml"
+-# - "--tls.certificates.certFile=/certs/tls.crt"
+-# - "--tls.certificates.keyFile=/certs/tls.key"
+ volumes: []
+ # - name: public-cert
+ #   mountPath: "/certs"
+```
+
+## 8.1.1  ![AppVersion: 2.2.0](https://img.shields.io/static/v1?label=AppVersion&message=2.2.0&color=success&logo=) ![Helm: v2](https://img.shields.io/static/v1?label=Helm&message=v2&color=inactive&logo=helm) ![Helm: v3](https://img.shields.io/static/v1?label=Helm&message=v3&color=informational&logo=helm)
+
+**Release date:** 2020-04-23
+
+* clarify project philosophy and guidelines
+
+
+## 8.1.0  ![AppVersion: 2.2.0](https://img.shields.io/static/v1?label=AppVersion&message=2.2.0&color=success&logo=) ![Helm: v2](https://img.shields.io/static/v1?label=Helm&message=v2&color=inactive&logo=helm) ![Helm: v3](https://img.shields.io/static/v1?label=Helm&message=v3&color=informational&logo=helm)
+
+**Release date:** 2020-04-22
+
+* Add priorityClassName & securityContext
+
+### Default value changes
+
+```diff
+diff --git a/traefik/values.yaml b/traefik/values.yaml
+index d55a40a..0e7aaef 100644
+--- a/traefik/values.yaml
++++ b/traefik/values.yaml
+@@ -191,3 +191,20 @@ affinity: {}
+ #       topologyKey: failure-domain.beta.kubernetes.io/zone
+ nodeSelector: {}
+ tolerations: []
++
++# Pods can have priority.
++# Priority indicates the importance of a Pod relative to other Pods.
++priorityClassName: ""
++
++# Set the container security context
++# To run the container with ports below 1024 this will need to be adjust to run as root
++securityContext:
++  capabilities:
++    drop: [ALL]
++  readOnlyRootFilesystem: true
++  runAsGroup: 65532
++  runAsNonRoot: true
++  runAsUser: 65532
++
++podSecurityContext:
++  fsGroup: 65532
+```
+
+## 8.0.4  ![AppVersion: 2.2.0](https://img.shields.io/static/v1?label=AppVersion&message=2.2.0&color=success&logo=) ![Helm: v2](https://img.shields.io/static/v1?label=Helm&message=v2&color=inactive&logo=helm) ![Helm: v3](https://img.shields.io/static/v1?label=Helm&message=v3&color=informational&logo=helm)
+
+**Release date:** 2020-04-20
+
+* Possibility to bind environment variables via envFrom
+
+### Default value changes
+
+```diff
+diff --git a/traefik/values.yaml b/traefik/values.yaml
+index 7f8092e..d55a40a 100644
+--- a/traefik/values.yaml
++++ b/traefik/values.yaml
+@@ -71,6 +71,12 @@ env: []
+ #       name: secret-name
+ #       key: secret-key
+
++envFrom: []
++# - configMapRef:
++#     name: config-map-name
++# - secretRef:
++#     name: secret-name
++
+ # Configure ports
+ ports:
+   # The name of this one can't be changed as it is used for the readiness and
+```
+
+## 8.0.3  ![AppVersion: 2.2.0](https://img.shields.io/static/v1?label=AppVersion&message=2.2.0&color=success&logo=) ![Helm: v2](https://img.shields.io/static/v1?label=Helm&message=v2&color=inactive&logo=helm) ![Helm: v3](https://img.shields.io/static/v1?label=Helm&message=v3&color=informational&logo=helm)
+
+**Release date:** 2020-04-15
+
+* Add support for data volume subPath. (#147)
+
+### Default value changes
+
+```diff
+diff --git a/traefik/values.yaml b/traefik/values.yaml
+index 152339b..7f8092e 100644
+--- a/traefik/values.yaml
++++ b/traefik/values.yaml
+@@ -152,6 +152,7 @@ persistence:
+   # storageClass: ""
+   path: /data
+   annotations: {}
++  # subPath: "" # only mount a subpath of the Volume into the pod
+
+ # If hostNetwork is true, runs traefik in the host network namespace
+ # To prevent unschedulabel pods due to port collisions, if hostNetwork=true
+```
+
+## 8.0.2  ![AppVersion: 2.2.0](https://img.shields.io/static/v1?label=AppVersion&message=2.2.0&color=success&logo=) ![Helm: v2](https://img.shields.io/static/v1?label=Helm&message=v2&color=inactive&logo=helm) ![Helm: v3](https://img.shields.io/static/v1?label=Helm&message=v3&color=informational&logo=helm)
+
+**Release date:** 2020-04-10
+
+* Ability to add custom labels to dashboard's IngressRoute
+
+### Default value changes
+
+```diff
+diff --git a/traefik/values.yaml b/traefik/values.yaml
+index 5d294b7..152339b 100644
+--- a/traefik/values.yaml
++++ b/traefik/values.yaml
+@@ -21,6 +21,8 @@ ingressRoute:
+     enabled: true
+     # Additional ingressRoute annotations (e.g. for kubernetes.io/ingress.class)
+     annotations: {}
++    # Additional ingressRoute labels (e.g. for filtering IngressRoute by custom labels)
++    labels: {}
+
+ rollingUpdate:
+   maxUnavailable: 1
+```
+
+## 8.0.1  ![AppVersion: 2.2.0](https://img.shields.io/static/v1?label=AppVersion&message=2.2.0&color=success&logo=) ![Helm: v2](https://img.shields.io/static/v1?label=Helm&message=v2&color=inactive&logo=helm) ![Helm: v3](https://img.shields.io/static/v1?label=Helm&message=v3&color=informational&logo=helm)
+
+**Release date:** 2020-04-10
+
+* rbac does not need "pods" per documentation
+
+
+## 8.0.0  ![AppVersion: 2.2.0](https://img.shields.io/static/v1?label=AppVersion&message=2.2.0&color=success&logo=) ![Helm: v2](https://img.shields.io/static/v1?label=Helm&message=v2&color=inactive&logo=helm) ![Helm: v3](https://img.shields.io/static/v1?label=Helm&message=v3&color=informational&logo=helm)
+
+**Release date:** 2020-04-07
+
+* follow helm best practices
+
+### Default value changes
+
+```diff
+diff --git a/traefik/values.yaml b/traefik/values.yaml
+index e61a9fd..5d294b7 100644
+--- a/traefik/values.yaml
++++ b/traefik/values.yaml
+@@ -10,7 +10,7 @@ deployment:
+   enabled: true
+   # Number of pods of the deployment
+   replicas: 1
+-  # Addtional deployment annotations (e.g. for jaeger-operator sidecar injection)
++  # Additional deployment annotations (e.g. for jaeger-operator sidecar injection)
+   annotations: {}
+   # Additional pod annotations (e.g. for mesh injection or prometheus scraping)
+   podAnnotations: {}
+@@ -19,7 +19,7 @@ deployment:
+ ingressRoute:
+   dashboard:
+     enabled: true
+-    # Addtional ingressRoute annotations (e.g. for kubernetes.io/ingress.class)
++    # Additional ingressRoute annotations (e.g. for kubernetes.io/ingress.class)
+     annotations: {}
+
+ rollingUpdate:
+```
+
+## 7.2.1  ![AppVersion: 2.2.0](https://img.shields.io/static/v1?label=AppVersion&message=2.2.0&color=success&logo=) ![Helm: v2](https://img.shields.io/static/v1?label=Helm&message=v2&color=inactive&logo=helm) ![Helm: v3](https://img.shields.io/static/v1?label=Helm&message=v3&color=informational&logo=helm)
+
+**Release date:** 2020-04-07
+
+* add annotations to ingressRoute
+
+### Default value changes
+
+```diff
+diff --git a/traefik/values.yaml b/traefik/values.yaml
+index 15d1c25..e61a9fd 100644
+--- a/traefik/values.yaml
++++ b/traefik/values.yaml
+@@ -19,6 +19,8 @@ deployment:
+ ingressRoute:
+   dashboard:
+     enabled: true
++    # Addtional ingressRoute annotations (e.g. for kubernetes.io/ingress.class)
++    annotations: {}
+
+ rollingUpdate:
+   maxUnavailable: 1
+```
+
+## 7.2.0  ![AppVersion: 2.2.0](https://img.shields.io/static/v1?label=AppVersion&message=2.2.0&color=success&logo=) ![Helm: v2](https://img.shields.io/static/v1?label=Helm&message=v2&color=inactive&logo=helm) ![Helm: v3](https://img.shields.io/static/v1?label=Helm&message=v3&color=informational&logo=helm)
+
+**Release date:** 2020-04-03
+
+* Add support for helm 2
+
+
+## 7.1.0  ![AppVersion: 2.2.0](https://img.shields.io/static/v1?label=AppVersion&message=2.2.0&color=success&logo=) ![Helm: v3](https://img.shields.io/static/v1?label=Helm&message=v3&color=informational&logo=helm)
+
+**Release date:** 2020-03-31
+
+* Add support for externalIPs
+
+### Default value changes
+
+```diff
+diff --git a/traefik/values.yaml b/traefik/values.yaml
+index 6d6d13f..15d1c25 100644
+--- a/traefik/values.yaml
++++ b/traefik/values.yaml
+@@ -116,6 +116,8 @@ service:
+   loadBalancerSourceRanges: []
+     # - 192.168.0.1/32
+     # - 172.16.0.0/16
++  externalIPs: []
++    # - 1.2.3.4
+
+ ## Create HorizontalPodAutoscaler object.
+ ##
+```
+
+## 7.0.0  ![AppVersion: 2.2.0](https://img.shields.io/static/v1?label=AppVersion&message=2.2.0&color=success&logo=) ![Helm: v3](https://img.shields.io/static/v1?label=Helm&message=v3&color=informational&logo=helm)
+
+**Release date:** 2020-03-27
+
+* Remove secretsEnv value key
+
+### Default value changes
+
+```diff
+diff --git a/traefik/values.yaml b/traefik/values.yaml
+index 1ac720d..6d6d13f 100644
+--- a/traefik/values.yaml
++++ b/traefik/values.yaml
+@@ -52,18 +52,20 @@ globalArguments:
+ additionalArguments: []
+ #  - "--providers.kubernetesingress"
+
+-# Secret to be set as environment variables to be passed to Traefik's binary
+-secretEnv: []
+-  # - name: SOME_VAR
+-  #   secretName: my-secret-name
+-  #   secretKey: my-secret-key
+-
+ # Environment variables to be passed to Traefik's binary
+ env: []
+-  # - name: SOME_VAR
+-  #   value: some-var-value
+-  # - name: SOME_OTHER_VAR
+-  #   value: some-other-var-value
++# - name: SOME_VAR
++#   value: some-var-value
++# - name: SOME_VAR_FROM_CONFIG_MAP
++#   valueFrom:
++#     configMapRef:
++#       name: configmap-name
++#       key: config-key
++# - name: SOME_SECRET
++#   valueFrom:
++#     secretKeyRef:
++#       name: secret-name
++#       key: secret-key
+
+ # Configure ports
+ ports:
+```
+
+## 6.4.0  ![AppVersion: 2.2.0](https://img.shields.io/static/v1?label=AppVersion&message=2.2.0&color=success&logo=) ![Helm: v3](https://img.shields.io/static/v1?label=Helm&message=v3&color=informational&logo=helm)
+
+**Release date:** 2020-03-27
+
+* Add ability to set serviceAccount annotations
+
+### Default value changes
+
+```diff
+diff --git a/traefik/values.yaml b/traefik/values.yaml
+index 85abe42..1ac720d 100644
+--- a/traefik/values.yaml
++++ b/traefik/values.yaml
+@@ -151,6 +151,9 @@ persistence:
+ # affinity is left as default.
+ hostNetwork: false
+
++# Additional serviceAccount annotations (e.g. for oidc authentication)
++serviceAccountAnnotations: {}
++
+ resources: {}
+   # requests:
+   #   cpu: "100m"
+```
+
+## 6.3.0  ![AppVersion: 2.2.0](https://img.shields.io/static/v1?label=AppVersion&message=2.2.0&color=success&logo=) ![Helm: v3](https://img.shields.io/static/v1?label=Helm&message=v3&color=informational&logo=helm)
+
+**Release date:** 2020-03-27
+
+* hpa
+
+### Default value changes
+
+```diff
+diff --git a/traefik/values.yaml b/traefik/values.yaml
+index 2f5d132..85abe42 100644
+--- a/traefik/values.yaml
++++ b/traefik/values.yaml
+@@ -115,6 +115,22 @@ service:
+     # - 192.168.0.1/32
+     # - 172.16.0.0/16
+
++## Create HorizontalPodAutoscaler object.
++##
++autoscaling:
++  enabled: false
++#   minReplicas: 1
++#   maxReplicas: 10
++#   metrics:
++#   - type: Resource
++#     resource:
++#       name: cpu
++#       targetAverageUtilization: 60
++#   - type: Resource
++#     resource:
++#       name: memory
++#       targetAverageUtilization: 60
++
+ # Enable persistence using Persistent Volume Claims
+ # ref: http://kubernetes.io/docs/user-guide/persistent-volumes/
+ # After the pvc has been mounted, add the configs into traefik by using the `additionalArguments` list below, eg:
+```
+
+## 6.2.0  ![AppVersion: 2.2.0](https://img.shields.io/static/v1?label=AppVersion&message=2.2.0&color=success&logo=) ![Helm: v3](https://img.shields.io/static/v1?label=Helm&message=v3&color=informational&logo=helm)
+
+**Release date:** 2020-03-26
+
+* Update to v2.2 (#96)
+
+### Default value changes
+
+```diff
+diff --git a/traefik/values.yaml b/traefik/values.yaml
+index ebd2fde..2f5d132 100644
+--- a/traefik/values.yaml
++++ b/traefik/values.yaml
+@@ -1,7 +1,7 @@
+ # Default values for Traefik
+ image:
+   name: traefik
+-  tag: 2.1.8
++  tag: 2.2.0
+
+ #
+ # Configure the deployment
+```
+
+## 6.1.2  ![AppVersion: 2.1.8](https://img.shields.io/static/v1?label=AppVersion&message=2.1.8&color=success&logo=) ![Helm: v3](https://img.shields.io/static/v1?label=Helm&message=v3&color=informational&logo=helm)
+
+**Release date:** 2020-03-20
+
+* Upgrade traefik version
+
+### Default value changes
+
+```diff
+diff --git a/traefik/values.yaml b/traefik/values.yaml
+index 65c7665..ebd2fde 100644
+--- a/traefik/values.yaml
++++ b/traefik/values.yaml
+@@ -1,7 +1,7 @@
+ # Default values for Traefik
+ image:
+   name: traefik
+-  tag: 2.1.4
++  tag: 2.1.8
+
+ #
+ # Configure the deployment
+```
+
+## 6.1.1  ![AppVersion: 2.1.4](https://img.shields.io/static/v1?label=AppVersion&message=2.1.4&color=success&logo=) ![Helm: v3](https://img.shields.io/static/v1?label=Helm&message=v3&color=informational&logo=helm)
+
+**Release date:** 2020-03-20
+
+* Upgrade traefik version
+
+### Default value changes
+
+```diff
+diff --git a/traefik/values.yaml b/traefik/values.yaml
+index 89c7ac1..65c7665 100644
+--- a/traefik/values.yaml
++++ b/traefik/values.yaml
+@@ -1,7 +1,7 @@
+ # Default values for Traefik
+ image:
+   name: traefik
+-  tag: 2.1.3
++  tag: 2.1.4
+
+ #
+ # Configure the deployment
+```
+
+## 6.1.0  ![AppVersion: 2.1.3](https://img.shields.io/static/v1?label=AppVersion&message=2.1.3&color=success&logo=) ![Helm: v3](https://img.shields.io/static/v1?label=Helm&message=v3&color=informational&logo=helm)
+
+**Release date:** 2020-03-20
+
+* Add ability to add annotations to deployment
+
+### Default value changes
+
+```diff
+diff --git a/traefik/values.yaml b/traefik/values.yaml
+index 8d66111..89c7ac1 100644
+--- a/traefik/values.yaml
++++ b/traefik/values.yaml
+@@ -10,6 +10,8 @@ deployment:
+   enabled: true
+   # Number of pods of the deployment
+   replicas: 1
++  # Addtional deployment annotations (e.g. for jaeger-operator sidecar injection)
++  annotations: {}
+   # Additional pod annotations (e.g. for mesh injection or prometheus scraping)
+   podAnnotations: {}
+
+```
+
+## 6.0.2  ![AppVersion: 2.1.3](https://img.shields.io/static/v1?label=AppVersion&message=2.1.3&color=success&logo=) ![Helm: v3](https://img.shields.io/static/v1?label=Helm&message=v3&color=informational&logo=helm)
+
+**Release date:** 2020-03-16
+
+* Correct storage class key name
+
+
+## 6.0.1  ![AppVersion: 2.1.3](https://img.shields.io/static/v1?label=AppVersion&message=2.1.3&color=success&logo=) ![Helm: v3](https://img.shields.io/static/v1?label=Helm&message=v3&color=informational&logo=helm)
+
+**Release date:** 2020-03-16
+
+* Change default values of arrays from objects to actual arrays
+
+### Default value changes
+
+```diff
+diff --git a/traefik/values.yaml b/traefik/values.yaml
+index 490b2b6..8d66111 100644
+--- a/traefik/values.yaml
++++ b/traefik/values.yaml
+@@ -51,13 +51,13 @@ additionalArguments: []
+ #  - "--providers.kubernetesingress"
+
+ # Secret to be set as environment variables to be passed to Traefik's binary
+-secretEnv: {}
++secretEnv: []
+   # - name: SOME_VAR
+   #   secretName: my-secret-name
+   #   secretKey: my-secret-key
+
+ # Environment variables to be passed to Traefik's binary
+-env: {}
++env: []
+   # - name: SOME_VAR
+   #   value: some-var-value
+   # - name: SOME_OTHER_VAR
+@@ -109,7 +109,7 @@ service:
+     # externalTrafficPolicy: Cluster
+     # loadBalancerIP: "1.2.3.4"
+     # clusterIP: "2.3.4.5"
+-  loadBalancerSourceRanges: {}
++  loadBalancerSourceRanges: []
+     # - 192.168.0.1/32
+     # - 172.16.0.0/16
+
+```
+
+## 6.0.0  ![AppVersion: 2.1.3](https://img.shields.io/static/v1?label=AppVersion&message=2.1.3&color=success&logo=) ![Helm: v3](https://img.shields.io/static/v1?label=Helm&message=v3&color=informational&logo=helm)
+
+**Release date:** 2020-03-15
+
+* Cleanup
+
+### Default value changes
+
+```diff
+diff --git a/traefik/values.yaml b/traefik/values.yaml
+index 7aebefe..490b2b6 100644
+--- a/traefik/values.yaml
++++ b/traefik/values.yaml
+@@ -18,15 +18,10 @@ ingressRoute:
+   dashboard:
+     enabled: true
+
+-additional:
+-  checkNewVersion: true
+-  sendAnonymousUsage: true
+-
+ rollingUpdate:
+   maxUnavailable: 1
+   maxSurge: 1
+
+-
+ #
+ # Add volumes to the traefik pod.
+ # This can be used to mount a cert pair or a configmap that holds a config.toml file.
+@@ -43,9 +38,14 @@ volumes: []
+ #   mountPath: "/config"
+ #   type: configMap
+
++globalArguments:
++  - "--global.checknewversion"
++  - "--global.sendanonymoususage"
++
+ #
+-# Configure Traefik entry points
++# Configure Traefik static configuration
+ # Additional arguments to be passed at Traefik's binary
++# All available options available on https://docs.traefik.io/reference/static-configuration/cli/
+ ## Use curly braces to pass values: `helm install --set="additionalArguments={--providers.kubernetesingress,--global.checknewversion=true}"`
+ additionalArguments: []
+ #  - "--providers.kubernetesingress"
+@@ -63,7 +63,7 @@ env: {}
+   # - name: SOME_OTHER_VAR
+   #   value: some-other-var-value
+
+-#
++# Configure ports
+ ports:
+   # The name of this one can't be changed as it is used for the readiness and
+   # liveness probes, but you can adjust its config to your liking
+@@ -94,7 +94,7 @@ ports:
+     # hostPort: 8443
+     expose: true
+     exposedPort: 443
+-  # nodePort: 32443
++    # nodePort: 32443
+
+ # Options for the main traefik service, where the entrypoints traffic comes
+ # from.
+@@ -113,9 +113,6 @@ service:
+     # - 192.168.0.1/32
+     # - 172.16.0.0/16
+
+-logs:
+-  loglevel: WARN
+-
+ # Enable persistence using Persistent Volume Claims
+ # ref: http://kubernetes.io/docs/user-guide/persistent-volumes/
+ # After the pvc has been mounted, add the configs into traefik by using the `additionalArguments` list below, eg:
+```
+
+## 5.6.0  ![AppVersion: 2.1.3](https://img.shields.io/static/v1?label=AppVersion&message=2.1.3&color=success&logo=) ![Helm: v3](https://img.shields.io/static/v1?label=Helm&message=v3&color=informational&logo=helm)
+
+**Release date:** 2020-03-12
+
+* Add field enabled for resources
+
+### Default value changes
+
+```diff
+diff --git a/traefik/values.yaml b/traefik/values.yaml
+index 38bb263..7aebefe 100644
+--- a/traefik/values.yaml
++++ b/traefik/values.yaml
+@@ -7,11 +7,17 @@ image:
+ # Configure the deployment
+ #
+ deployment:
++  enabled: true
+   # Number of pods of the deployment
+   replicas: 1
+   # Additional pod annotations (e.g. for mesh injection or prometheus scraping)
+   podAnnotations: {}
+
++# Create an IngressRoute for the dashboard
++ingressRoute:
++  dashboard:
++    enabled: true
++
+ additional:
+   checkNewVersion: true
+   sendAnonymousUsage: true
+@@ -93,6 +99,7 @@ ports:
+ # Options for the main traefik service, where the entrypoints traffic comes
+ # from.
+ service:
++  enabled: true
+   type: LoadBalancer
+   # Additional annotations (e.g. for cloud provider specific config)
+   annotations: {}
+```
+
+## 5.5.0  ![AppVersion: 2.1.3](https://img.shields.io/static/v1?label=AppVersion&message=2.1.3&color=success&logo=) ![Helm: v3](https://img.shields.io/static/v1?label=Helm&message=v3&color=informational&logo=helm)
+
+**Release date:** 2020-03-12
+
+* expose hostnetwork option
+
+### Default value changes
+
+```diff
+diff --git a/traefik/values.yaml b/traefik/values.yaml
+index ecb2833..38bb263 100644
+--- a/traefik/values.yaml
++++ b/traefik/values.yaml
+@@ -123,6 +123,12 @@ persistence:
+   path: /data
+   annotations: {}
+
++# If hostNetwork is true, runs traefik in the host network namespace
++# To prevent unschedulabel pods due to port collisions, if hostNetwork=true
++# and replicas>1, a pod anti-affinity is recommended and will be set if the
++# affinity is left as default.
++hostNetwork: false
++
+ resources: {}
+   # requests:
+   #   cpu: "100m"
+@@ -131,5 +137,17 @@ resources: {}
+   #   cpu: "300m"
+   #   memory: "150Mi"
+ affinity: {}
++# # This example pod anti-affinity forces the scheduler to put traefik pods
++# # on nodes where no other traefik pods are scheduled.
++# # It should be used when hostNetwork: true to prevent port conflicts
++#   podAntiAffinity:
++#     requiredDuringSchedulingIgnoredDuringExecution:
++#     - labelSelector:
++#         matchExpressions:
++#         - key: app
++#           operator: In
++#           values:
++#           - {{ template "traefik.name" . }}
++#       topologyKey: failure-domain.beta.kubernetes.io/zone
+ nodeSelector: {}
+ tolerations: []
+```
+
+## 5.4.0  ![AppVersion: 2.1.3](https://img.shields.io/static/v1?label=AppVersion&message=2.1.3&color=success&logo=) ![Helm: v3](https://img.shields.io/static/v1?label=Helm&message=v3&color=informational&logo=helm)
+
+**Release date:** 2020-03-12
+
+* Add support for hostport
+
+### Default value changes
+
+```diff
+diff --git a/traefik/values.yaml b/traefik/values.yaml
+index ec1d619..ecb2833 100644
+--- a/traefik/values.yaml
++++ b/traefik/values.yaml
+@@ -63,6 +63,9 @@ ports:
+   # liveness probes, but you can adjust its config to your liking
+   traefik:
+     port: 9000
++    # Use hostPort if set.
++    # hostPort: 9000
++
+     # Defines whether the port is exposed if service.type is LoadBalancer or
+     # NodePort.
+     #
+@@ -74,6 +77,7 @@ ports:
+     exposedPort: 9000
+   web:
+     port: 8000
++    # hostPort: 8000
+     expose: true
+     exposedPort: 80
+     # Use nodeport if set. This is useful if you have configured Traefik in a
+@@ -81,6 +85,7 @@ ports:
+     # nodePort: 32080
+   websecure:
+     port: 8443
++    # hostPort: 8443
+     expose: true
+     exposedPort: 443
+   # nodePort: 32443
+```
+
+## 5.3.3  ![AppVersion: 2.1.3](https://img.shields.io/static/v1?label=AppVersion&message=2.1.3&color=success&logo=) ![Helm: v3](https://img.shields.io/static/v1?label=Helm&message=v3&color=informational&logo=helm)
+
+**Release date:** 2020-03-12
+
+* Fix replica check
+
+### Default value changes
+
+```diff
+diff --git a/traefik/values.yaml b/traefik/values.yaml
+index 7f31548..ec1d619 100644
+--- a/traefik/values.yaml
++++ b/traefik/values.yaml
+@@ -40,7 +40,7 @@ volumes: []
+ #
+ # Configure Traefik entry points
+ # Additional arguments to be passed at Traefik's binary
+-## Use curly braces to pass values: `helm install --set="{--providers.kubernetesingress,--global.checknewversion=true}" ."
++## Use curly braces to pass values: `helm install --set="additionalArguments={--providers.kubernetesingress,--global.checknewversion=true}"`
+ additionalArguments: []
+ #  - "--providers.kubernetesingress"
+
+```
+
+## 5.3.2  ![AppVersion: 2.1.3](https://img.shields.io/static/v1?label=AppVersion&message=2.1.3&color=success&logo=) ![Helm: v3](https://img.shields.io/static/v1?label=Helm&message=v3&color=informational&logo=helm)
+
+**Release date:** 2020-03-11
+
+* Fixed typo in README
+
+
+## 5.3.1  ![AppVersion: 2.1.3](https://img.shields.io/static/v1?label=AppVersion&message=2.1.3&color=success&logo=) ![Helm: v3](https://img.shields.io/static/v1?label=Helm&message=v3&color=informational&logo=helm)
+
+**Release date:** 2020-03-11
+
+* Production ready
+
+
+## 5.3.0  ![AppVersion: 2.1.3](https://img.shields.io/static/v1?label=AppVersion&message=2.1.3&color=success&logo=) ![Helm: v3](https://img.shields.io/static/v1?label=Helm&message=v3&color=informational&logo=helm)
+
+**Release date:** 2020-03-11
+
+* Not authorise acme if replica > 1
+
+
+## 5.2.1  ![AppVersion: 2.1.3](https://img.shields.io/static/v1?label=AppVersion&message=2.1.3&color=success&logo=) ![Helm: v3](https://img.shields.io/static/v1?label=Helm&message=v3&color=informational&logo=helm)
+
+**Release date:** 2020-03-11
+
+* Fix volume mount
+
+
+## 5.2.0  ![AppVersion: 2.1.3](https://img.shields.io/static/v1?label=AppVersion&message=2.1.3&color=success&logo=) ![Helm: v3](https://img.shields.io/static/v1?label=Helm&message=v3&color=informational&logo=helm)
+
+**Release date:** 2020-03-11
+
+* Add secret as env var
+
+### Default value changes
+
+```diff
+diff --git a/traefik/values.yaml b/traefik/values.yaml
+index ccea845..7f31548 100644
+--- a/traefik/values.yaml
++++ b/traefik/values.yaml
+@@ -44,12 +44,18 @@ volumes: []
+ additionalArguments: []
+ #  - "--providers.kubernetesingress"
+
++# Secret to be set as environment variables to be passed to Traefik's binary
++secretEnv: {}
++  # - name: SOME_VAR
++  #   secretName: my-secret-name
++  #   secretKey: my-secret-key
++
+ # Environment variables to be passed to Traefik's binary
+ env: {}
+-#  - name: SOME_VAR
+-#    value: some-var-value
+-#  - name: SOME_OTHER_VAR
+-#    value: some-other-var-value
++  # - name: SOME_VAR
++  #   value: some-var-value
++  # - name: SOME_OTHER_VAR
++  #   value: some-other-var-value
+
+ #
+ ports:
+```
+
+## 5.1.0  ![AppVersion: 2.1.3](https://img.shields.io/static/v1?label=AppVersion&message=2.1.3&color=success&logo=) ![Helm: v3](https://img.shields.io/static/v1?label=Helm&message=v3&color=informational&logo=helm)
+
+**Release date:** 2020-03-10
+
+* Enhance security by add loadBalancerSourceRanges to lockdown ip address.
+
+### Default value changes
+
+```diff
+diff --git a/traefik/values.yaml b/traefik/values.yaml
+index 78bbee0..ccea845 100644
+--- a/traefik/values.yaml
++++ b/traefik/values.yaml
+@@ -91,6 +91,9 @@ service:
+     # externalTrafficPolicy: Cluster
+     # loadBalancerIP: "1.2.3.4"
+     # clusterIP: "2.3.4.5"
++  loadBalancerSourceRanges: {}
++    # - 192.168.0.1/32
++    # - 172.16.0.0/16
+
+ logs:
+   loglevel: WARN
+```
+
+## 5.0.0  ![AppVersion: 2.1.3](https://img.shields.io/static/v1?label=AppVersion&message=2.1.3&color=success&logo=) ![Helm: v3](https://img.shields.io/static/v1?label=Helm&message=v3&color=informational&logo=helm)
+
+**Release date:** 2020-03-10
+
+* Expose dashboard by default but only on traefik entrypoint
+
+### Default value changes
+
+```diff
+diff --git a/traefik/values.yaml b/traefik/values.yaml
+index a442fca..78bbee0 100644
+--- a/traefik/values.yaml
++++ b/traefik/values.yaml
+@@ -92,15 +92,6 @@ service:
+     # loadBalancerIP: "1.2.3.4"
+     # clusterIP: "2.3.4.5"
+
+-dashboard:
+-  # Enable the dashboard on Traefik
+-  enable: true
+-
+-  # Expose the dashboard and api through an ingress route at /dashboard
+-  # and /api This is not secure and SHOULD NOT be enabled on production
+-  # deployments
+-  ingressRoute: false
+-
+ logs:
+   loglevel: WARN
+
+```
+
+## 4.1.3  ![AppVersion: 2.1.3](https://img.shields.io/static/v1?label=AppVersion&message=2.1.3&color=success&logo=) ![Helm: v3](https://img.shields.io/static/v1?label=Helm&message=v3&color=informational&logo=helm)
+
+**Release date:** 2020-03-10
+
+* Add annotations for PVC (#98)
+
+### Default value changes
+
+```diff
+diff --git a/traefik/values.yaml b/traefik/values.yaml
+index 8b2f4db..a442fca 100644
+--- a/traefik/values.yaml
++++ b/traefik/values.yaml
+@@ -116,6 +116,7 @@ persistence:
+   size: 128Mi
+   # storageClass: ""
+   path: /data
++  annotations: {}
+
+ resources: {}
+   # requests:
+```
+
+## 4.1.2  ![AppVersion: 2.1.3](https://img.shields.io/static/v1?label=AppVersion&message=2.1.3&color=success&logo=) ![Helm: v3](https://img.shields.io/static/v1?label=Helm&message=v3&color=informational&logo=helm)
+
+**Release date:** 2020-03-10
+
+* Added persistent volume support. (#86)
+
+### Default value changes
+
+```diff
+diff --git a/traefik/values.yaml b/traefik/values.yaml
+index 2a2554f..8b2f4db 100644
+--- a/traefik/values.yaml
++++ b/traefik/values.yaml
+@@ -103,7 +103,20 @@ dashboard:
+
+ logs:
+   loglevel: WARN
+-#
++
++# Enable persistence using Persistent Volume Claims
++# ref: http://kubernetes.io/docs/user-guide/persistent-volumes/
++# After the pvc has been mounted, add the configs into traefik by using the `additionalArguments` list below, eg:
++# additionalArguments:
++# - "--certificatesresolvers.le.acme.storage=/data/acme.json"
++# It will persist TLS certificates.
++persistence:
++  enabled: false
++  accessMode: ReadWriteOnce
++  size: 128Mi
++  # storageClass: ""
++  path: /data
++
+ resources: {}
+   # requests:
+   #   cpu: "100m"
+```
+
+## 4.1.1  ![AppVersion: 2.1.3](https://img.shields.io/static/v1?label=AppVersion&message=2.1.3&color=success&logo=) ![Helm: v3](https://img.shields.io/static/v1?label=Helm&message=v3&color=informational&logo=helm)
+
+**Release date:** 2020-03-10
+
+* Add values to mount secrets or configmaps as volumes to the traefik pod (#84)
+
+### Default value changes
+
+```diff
+diff --git a/traefik/values.yaml b/traefik/values.yaml
+index 5401832..2a2554f 100644
+--- a/traefik/values.yaml
++++ b/traefik/values.yaml
+@@ -20,6 +20,23 @@ rollingUpdate:
+   maxUnavailable: 1
+   maxSurge: 1
+
++
++#
++# Add volumes to the traefik pod.
++# This can be used to mount a cert pair or a configmap that holds a config.toml file.
++# After the volume has been mounted, add the configs into traefik by using the `additionalArguments` list below, eg:
++# additionalArguments:
++# - "--providers.file.filename=/config/dynamic.toml"
++# - "--tls.certificates.certFile=/certs/tls.crt"
++# - "--tls.certificates.keyFile=/certs/tls.key"
++volumes: []
++# - name: public-cert
++#   mountPath: "/certs"
++#   type: secret
++# - name: configs
++#   mountPath: "/config"
++#   type: configMap
++
+ #
+ # Configure Traefik entry points
+ # Additional arguments to be passed at Traefik's binary
+```
+
+## 4.1.0  ![AppVersion: 2.1.3](https://img.shields.io/static/v1?label=AppVersion&message=2.1.3&color=success&logo=) ![Helm: v3](https://img.shields.io/static/v1?label=Helm&message=v3&color=informational&logo=helm)
+
+**Release date:** 2020-03-10
+
+* Add podAnnotations to the deployment (#83)
+
+### Default value changes
+
+```diff
+diff --git a/traefik/values.yaml b/traefik/values.yaml
+index 5eab74b..5401832 100644
+--- a/traefik/values.yaml
++++ b/traefik/values.yaml
+@@ -9,6 +9,8 @@ image:
+ deployment:
+   # Number of pods of the deployment
+   replicas: 1
++  # Additional pod annotations (e.g. for mesh injection or prometheus scraping)
++  podAnnotations: {}
+
+ additional:
+   checkNewVersion: true
+```
+
+## 4.0.0  ![AppVersion: 2.1.3](https://img.shields.io/static/v1?label=AppVersion&message=2.1.3&color=success&logo=) ![Helm: v3](https://img.shields.io/static/v1?label=Helm&message=v3&color=informational&logo=helm)
+
+**Release date:** 2020-03-06
+
+* Migrate to helm v3 (#94)
+
+
+## 3.5.0  ![AppVersion: 2.1.3](https://img.shields.io/static/v1?label=AppVersion&message=2.1.3&color=success&logo=) ![Helm: v2](https://img.shields.io/static/v1?label=Helm&message=v2&color=inactive&logo=helm) ![Helm: v3](https://img.shields.io/static/v1?label=Helm&message=v3&color=informational&logo=helm)
+
+**Release date:** 2020-02-18
+
+* Publish helm chart (#81)
+
+
+## 3.4.0  ![AppVersion: 2.1.3](https://img.shields.io/static/v1?label=AppVersion&message=2.1.3&color=success&logo=) ![Helm: v2](https://img.shields.io/static/v1?label=Helm&message=v2&color=inactive&logo=helm) ![Helm: v3](https://img.shields.io/static/v1?label=Helm&message=v3&color=informational&logo=helm)
+
+**Release date:** 2020-02-13
+
+* fix: tests.
+* feat: bump traefik to v2.1.3
+* Enable configuration of global checknewversion and sendanonymoususage (#80)
+
+### Default value changes
+
+```diff
+diff --git a/traefik/values.yaml b/traefik/values.yaml
+index bcc42f8..5eab74b 100644
+--- a/traefik/values.yaml
++++ b/traefik/values.yaml
+@@ -1,7 +1,7 @@
+ # Default values for Traefik
+ image:
+   name: traefik
+-  tag: 2.1.1
++  tag: 2.1.3
+
+ #
+ # Configure the deployment
+@@ -10,6 +10,10 @@ deployment:
+   # Number of pods of the deployment
+   replicas: 1
+
++additional:
++  checkNewVersion: true
++  sendAnonymousUsage: true
++
+ rollingUpdate:
+   maxUnavailable: 1
+   maxSurge: 1
+```
+
+## 3.3.3  ![AppVersion: 2.1.1](https://img.shields.io/static/v1?label=AppVersion&message=2.1.1&color=success&logo=) ![Helm: v2](https://img.shields.io/static/v1?label=Helm&message=v2&color=inactive&logo=helm) ![Helm: v3](https://img.shields.io/static/v1?label=Helm&message=v3&color=informational&logo=helm)
+
+**Release date:** 2020-02-05
+
+* fix: deployment environment variables.
+* fix: chart version.
+
+
+## 3.3.2  ![AppVersion: 2.1.1](https://img.shields.io/static/v1?label=AppVersion&message=2.1.1&color=success&logo=) ![Helm: v2](https://img.shields.io/static/v1?label=Helm&message=v2&color=inactive&logo=helm) ![Helm: v3](https://img.shields.io/static/v1?label=Helm&message=v3&color=informational&logo=helm)
+
+**Release date:** 2020-02-03
+
+* ix: deployment environment variables.
+
+
+## 3.3.1  ![AppVersion: 2.1.1](https://img.shields.io/static/v1?label=AppVersion&message=2.1.1&color=success&logo=) ![Helm: v2](https://img.shields.io/static/v1?label=Helm&message=v2&color=inactive&logo=helm) ![Helm: v3](https://img.shields.io/static/v1?label=Helm&message=v3&color=informational&logo=helm)
+
+**Release date:** 2020-01-27
+
+* fix: deployment environment variables.
+
+
+## 3.3.0  ![AppVersion: 2.1.1](https://img.shields.io/static/v1?label=AppVersion&message=2.1.1&color=success&logo=) ![Helm: v2](https://img.shields.io/static/v1?label=Helm&message=v2&color=inactive&logo=helm) ![Helm: v3](https://img.shields.io/static/v1?label=Helm&message=v3&color=informational&logo=helm)
+
+**Release date:** 2020-01-24
+
+* Enable configuration of environment variables in traefik deployment (#71)
+
+### Default value changes
+
+```diff
+diff --git a/traefik/values.yaml b/traefik/values.yaml
+index 4462359..bcc42f8 100644
+--- a/traefik/values.yaml
++++ b/traefik/values.yaml
+@@ -21,6 +21,13 @@ rollingUpdate:
+ additionalArguments: []
+ #  - "--providers.kubernetesingress"
+
++# Environment variables to be passed to Traefik's binary
++env: {}
++#  - name: SOME_VAR
++#    value: some-var-value
++#  - name: SOME_OTHER_VAR
++#    value: some-other-var-value
++
+ #
+ ports:
+   # The name of this one can't be changed as it is used for the readiness and
+```
+
+## 3.2.1  ![AppVersion: 2.1.1](https://img.shields.io/static/v1?label=AppVersion&message=2.1.1&color=success&logo=) ![Helm: v2](https://img.shields.io/static/v1?label=Helm&message=v2&color=inactive&logo=helm) ![Helm: v3](https://img.shields.io/static/v1?label=Helm&message=v3&color=informational&logo=helm)
+
+**Release date:** 2020-01-22
+
+* Add Unit Tests for the chart (#60)
+
+
+## 3.2.0  ![AppVersion: 2.1.1](https://img.shields.io/static/v1?label=AppVersion&message=2.1.1&color=success&logo=) ![Helm: v2](https://img.shields.io/static/v1?label=Helm&message=v2&color=inactive&logo=helm) ![Helm: v3](https://img.shields.io/static/v1?label=Helm&message=v3&color=informational&logo=helm)
+
+**Release date:** 2020-01-22
+
+* Make NodePort configurable (#67)
+
+### Default value changes
+
+```diff
+diff --git a/traefik/values.yaml b/traefik/values.yaml
+index b1fe42a..4462359 100644
+--- a/traefik/values.yaml
++++ b/traefik/values.yaml
+@@ -40,10 +40,14 @@ ports:
+     port: 8000
+     expose: true
+     exposedPort: 80
++    # Use nodeport if set. This is useful if you have configured Traefik in a
++    # LoadBalancer
++    # nodePort: 32080
+   websecure:
+     port: 8443
+     expose: true
+     exposedPort: 443
++  # nodePort: 32443
+
+ # Options for the main traefik service, where the entrypoints traffic comes
+ # from.
+```
+
+## 3.1.0  ![AppVersion: 2.1.1](https://img.shields.io/static/v1?label=AppVersion&message=2.1.1&color=success&logo=) ![Helm: v2](https://img.shields.io/static/v1?label=Helm&message=v2&color=inactive&logo=helm) ![Helm: v3](https://img.shields.io/static/v1?label=Helm&message=v3&color=informational&logo=helm)
+
+**Release date:** 2020-01-20
+
+* Switch Chart linting to ct (#59)
+
+### Default value changes
+
+```diff
+# Default values for Traefik
+image:
+  name: traefik
+  tag: 2.1.1
+
+#
+# Configure the deployment
+#
+deployment:
+  # Number of pods of the deployment
+  replicas: 1
+
+rollingUpdate:
+  maxUnavailable: 1
+  maxSurge: 1
+
+#
+# Configure Traefik entry points
+# Additional arguments to be passed at Traefik's binary
+## Use curly braces to pass values: `helm install --set="{--providers.kubernetesingress,--global.checknewversion=true}" ."
+additionalArguments: []
+#  - "--providers.kubernetesingress"
+
+#
+ports:
+  # The name of this one can't be changed as it is used for the readiness and
+  # liveness probes, but you can adjust its config to your liking
+  traefik:
+    port: 9000
+    # Defines whether the port is exposed if service.type is LoadBalancer or
+    # NodePort.
+    #
+    # You SHOULD NOT expose the traefik port on production deployments.
+    # If you want to access it from outside of your cluster,
+    # use `kubectl proxy` or create a secure ingress
+    expose: false
+    # The exposed port for this service
+    exposedPort: 9000
+  web:
+    port: 8000
+    expose: true
+    exposedPort: 80
+  websecure:
+    port: 8443
+    expose: true
+    exposedPort: 443
+
+# Options for the main traefik service, where the entrypoints traffic comes
+# from.
+service:
+  type: LoadBalancer
+  # Additional annotations (e.g. for cloud provider specific config)
+  annotations: {}
+  # Additional entries here will be added to the service spec. Cannot contains
+  # type, selector or ports entries.
+  spec: {}
+    # externalTrafficPolicy: Cluster
+    # loadBalancerIP: "1.2.3.4"
+    # clusterIP: "2.3.4.5"
+
+dashboard:
+  # Enable the dashboard on Traefik
+  enable: true
+
+  # Expose the dashboard and api through an ingress route at /dashboard
+  # and /api This is not secure and SHOULD NOT be enabled on production
+  # deployments
+  ingressRoute: false
+
+logs:
+  loglevel: WARN
+#
+resources: {}
+  # requests:
+  #   cpu: "100m"
+  #   memory: "50Mi"
+  # limits:
+  #   cpu: "300m"
+  #   memory: "150Mi"
+affinity: {}
+nodeSelector: {}
+tolerations: []
+```
+
+---
+Autogenerated from Helm Chart and git history using [helm-changelog](https://github.com/mogensen/helm-changelog)
diff --git a/charts/traefik/25.0.3+up25.0.0/Chart.yaml b/charts/traefik/25.0.3+up25.0.0/Chart.yaml
new file mode 100644
index 0000000..bd6c1a1
--- /dev/null
+++ b/charts/traefik/25.0.3+up25.0.0/Chart.yaml
@@ -0,0 +1,41 @@
+annotations:
+  artifacthub.io/changes: "- \"feat: ✨ add healthcheck ingressRoute\"\n- \"feat: :boom:
+    support http redirections and http challenges with cert-manager\"\n- \"feat: :boom:
+    rework and allow update of namespace policy for Gateway\"\n- \"fix: disable ClusterRole
+    and ClusterRoleBinding when not needed\"\n- \"fix: detect correctly v3 version
+    when using sha in `image.tag`\"\n- \"fix: allow updateStrategy.rollingUpdate.maxUnavailable
+    to be passed in as an int or string\"\n- \"fix: add missing separator in crds\"\n-
+    \"fix: add Prometheus scraping annotations only if serviceMonitor not created\"\n-
+    \"docs: Fix typo in the default values file\"\n- \"chore: remove label whitespace
+    at TLSOption\"\n- \"chore(release): \U0001F680 publish v25.0.0\"\n- \"chore(deps):
+    update traefik docker tag to v2.10.5\"\n- \"chore(deps): update docker.io/helmunittest/helm-unittest
+    docker tag to v3.12.3\"\n- \"chore(ci): \U0001F527 \U0001F477 add e2e test when
+    releasing\"\n"
+  fleet.cattle.io/bundle-id: k3s
+apiVersion: v2
+appVersion: v2.10.5
+description: A Traefik based Kubernetes ingress controller
+home: https://traefik.io/
+icon: https://raw.githubusercontent.com/traefik/traefik/v2.3/docs/content/assets/img/traefik.logo.png
+keywords:
+- traefik
+- ingress
+- networking
+kubeVersion: '>=1.16.0-0'
+maintainers:
+- email: emile@vauge.com
+  name: emilevauge
+- email: daniel.tomcej@gmail.com
+  name: dtomcej
+- email: ldez@traefik.io
+  name: ldez
+- email: michel.loiseleur@traefik.io
+  name: mloiseleur
+- email: charlie.haley@traefik.io
+  name: charlie-haley
+name: traefik
+sources:
+- https://github.com/traefik/traefik
+- https://github.com/traefik/traefik-helm-chart
+type: application
+version: 25.0.3+up25.0.0
diff --git a/charts/traefik/25.0.3+up25.0.0/EXAMPLES.md b/charts/traefik/25.0.3+up25.0.0/EXAMPLES.md
new file mode 100644
index 0000000..8f210ff
--- /dev/null
+++ b/charts/traefik/25.0.3+up25.0.0/EXAMPLES.md
@@ -0,0 +1,530 @@
+# Install as a DaemonSet
+
+Default install is using a `Deployment` but it's possible to use `DaemonSet`
+
+```yaml
+deployment:
+  kind: DaemonSet
+```
+
+# Install in a dedicated namespace, with limited RBAC
+
+Default install is using Cluster-wide RBAC but it can be restricted to target namespace.
+
+```yaml
+rbac:
+  namespaced: true
+```
+
+# Install with auto-scaling
+
+When enabling [HPA](https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/)
+to adjust replicas count according to CPU Usage, you'll need to set resources and nullify replicas.
+
+```yaml
+deployment:
+  replicas: null
+resources:
+  requests:
+    cpu: "100m"
+    memory: "50Mi"
+  limits:
+    cpu: "300m"
+    memory: "150Mi"
+autoscaling:
+  enabled: true
+  maxReplicas: 2
+  metrics:
+  - type: Resource
+    resource:
+      name: cpu
+      target:
+        type: Utilization
+        averageUtilization: 80
+```
+
+# Access Traefik dashboard without exposing it
+
+This HelmChart does not expose the Traefik dashboard by default, for security concerns.
+Thus, there are multiple ways to expose the dashboard.
+For instance, the dashboard access could be achieved through a port-forward :
+
+```bash
+kubectl port-forward $(kubectl get pods --selector "app.kubernetes.io/name=traefik" --output=name) 9000:9000
+```
+
+Accessible with the url: http://127.0.0.1:9000/dashboard/
+
+# Publish and protect Traefik Dashboard with basic Auth
+
+To expose the dashboard in a secure way as [recommended](https://doc.traefik.io/traefik/operations/dashboard/#dashboard-router-rule)
+in the documentation, it may be useful to override the router rule to specify
+a domain to match, or accept requests on the root path (/) in order to redirect
+them to /dashboard/.
+
+```yaml
+# Create an IngressRoute for the dashboard
+ingressRoute:
+  dashboard:
+    enabled: true
+    # Custom match rule with host domain
+    matchRule: Host(`traefik-dashboard.example.com`)
+    entryPoints: ["websecure"]
+    # Add custom middlewares : authentication and redirection
+    middlewares:
+      - name: traefik-dashboard-auth
+
+# Create the custom middlewares used by the IngressRoute dashboard (can also be created in another way).
+# /!\ Yes, you need to replace "changeme" password with a better one. /!\
+extraObjects:
+  - apiVersion: v1
+    kind: Secret
+    metadata:
+      name: traefik-dashboard-auth-secret
+    type: kubernetes.io/basic-auth
+    stringData:
+      username: admin
+      password: changeme
+
+  - apiVersion: traefik.io/v1alpha1
+    kind: Middleware
+    metadata:
+      name: traefik-dashboard-auth
+    spec:
+      basicAuth:
+        secret: traefik-dashboard-auth-secret
+```
+
+# Publish and protect Traefik Dashboard with an Ingress
+
+To expose the dashboard without IngressRoute, it's more complicated and less
+secure. You'll need to create an internal Service exposing Traefik API with
+special _traefik_ entrypoint.
+
+You'll need to double check:
+1. Service selector with your setup.
+2. Middleware annotation on the ingress, _default_ should be replaced with traefik's namespace
+
+```yaml
+ingressRoute:
+  dashboard:
+    enabled: false
+additionalArguments:
+- "--api.insecure=true"
+# Create the service, middleware and Ingress used to expose the dashboard (can also be created in another way).
+# /!\ Yes, you need to replace "changeme" password with a better one. /!\
+extraObjects:
+  - apiVersion: v1
+    kind: Service
+    metadata:
+      name: traefik-api
+    spec:
+      type: ClusterIP
+      selector:
+        app.kubernetes.io/name: traefik
+        app.kubernetes.io/instance: traefik-default
+      ports:
+      - port: 8080
+        name: traefik
+        targetPort: 9000
+        protocol: TCP
+
+  - apiVersion: v1
+    kind: Secret
+    metadata:
+      name: traefik-dashboard-auth-secret
+    type: kubernetes.io/basic-auth
+    stringData:
+      username: admin
+      password: changeme
+
+  - apiVersion: traefik.io/v1alpha1
+    kind: Middleware
+    metadata:
+      name: traefik-dashboard-auth
+    spec:
+      basicAuth:
+        secret: traefik-dashboard-auth-secret
+
+  - apiVersion: networking.k8s.io/v1
+    kind: Ingress
+    metadata:
+      name: traefik-dashboard
+      annotations:
+        traefik.ingress.kubernetes.io/router.entrypoints: websecure
+        traefik.ingress.kubernetes.io/router.middlewares: default-traefik-dashboard-auth@kubernetescrd
+    spec:
+      rules:
+      - host: traefik-dashboard.example.com
+        http:
+          paths:
+          - path: /
+            pathType: Prefix
+            backend:
+              service:
+                name: traefik-api
+                port:
+                  name: traefik
+```
+
+
+# Install on AWS
+
+It can use [native AWS support](https://kubernetes.io/docs/concepts/services-networking/service/#aws-nlb-support) on Kubernetes
+
+```yaml
+service:
+  annotations:
+    service.beta.kubernetes.io/aws-load-balancer-type: nlb
+```
+
+Or if [AWS LB controller](https://kubernetes-sigs.github.io/aws-load-balancer-controller/v2.2/guide/service/annotations/#legacy-cloud-provider) is installed :
+```yaml
+service:
+  annotations:
+    service.beta.kubernetes.io/aws-load-balancer-type: nlb-ip
+```
+
+# Install on GCP
+
+A [regional IP with a Service](https://cloud.google.com/kubernetes-engine/docs/tutorials/configuring-domain-name-static-ip#use_a_service) can be used
+```yaml
+service:
+  spec:
+    loadBalancerIP: "1.2.3.4"
+```
+
+Or a [global IP on Ingress](https://cloud.google.com/kubernetes-engine/docs/tutorials/configuring-domain-name-static-ip#use_an_ingress)
+```yaml
+service:
+  type: NodePort
+extraObjects:
+  - apiVersion: networking.k8s.io/v1
+    kind: Ingress
+    metadata:
+      name: traefik
+      annotations:
+        kubernetes.io/ingress.global-static-ip-name: "myGlobalIpName"
+    spec:
+      defaultBackend:
+        service:
+          name: traefik
+          port:
+            number: 80
+```
+
+Or a [global IP on a Gateway](https://cloud.google.com/kubernetes-engine/docs/how-to/deploying-gateways) with continuous HTTPS encryption.
+
+```yaml
+ports:
+  websecure:
+    appProtocol: HTTPS # Hint for Google L7 load balancer
+service:
+  type: ClusterIP
+extraObjects:
+- apiVersion: gateway.networking.k8s.io/v1beta1
+  kind: Gateway
+  metadata:
+    name: traefik
+    annotations:
+      networking.gke.io/certmap: "myCertificateMap"
+  spec:
+    gatewayClassName: gke-l7-global-external-managed
+    addresses:
+    - type: NamedAddress
+      value: "myGlobalIPName"
+    listeners:
+    - name: https
+      protocol: HTTPS
+      port: 443
+- apiVersion: gateway.networking.k8s.io/v1beta1
+  kind: HTTPRoute
+  metadata:
+    name: traefik
+  spec:
+    parentRefs:
+    - kind: Gateway
+      name: traefik
+    rules:
+    - backendRefs:
+      - name: traefik
+        port: 443
+- apiVersion: networking.gke.io/v1
+  kind: HealthCheckPolicy
+  metadata:
+    name: traefik
+  spec:
+    default:
+      config:
+        type: HTTP
+        httpHealthCheck:
+          port: 9000
+          requestPath: /ping
+    targetRef:
+      group: ""
+      kind: Service
+      name: traefik
+```
+
+# Install on Azure
+
+A [static IP on a resource group](https://learn.microsoft.com/en-us/azure/aks/static-ip) can be used:
+
+```yaml
+service:
+  spec:
+    loadBalancerIP: "1.2.3.4"
+  annotations:
+    service.beta.kubernetes.io/azure-load-balancer-resource-group: myResourceGroup
+```
+
+# Use HTTP3
+
+By default, it will use a Load balancers with mixed protocols on `websecure`
+entrypoint. They are available since v1.20 and in beta as of Kubernetes v1.24.
+Availability may depend on your Kubernetes provider.
+
+When using TCP and UDP with a single service, you may encounter [this issue](https://github.com/kubernetes/kubernetes/issues/47249#issuecomment-587960741) from Kubernetes.
+If you want to avoid this issue, you can set `ports.websecure.http3.advertisedPort`
+to an other value than 443
+
+```yaml
+ports:
+  websecure:
+    http3:
+      enabled: true
+```
+
+# Use ProxyProtocol on Digital Ocean
+
+PROXY protocol is a protocol for sending client connection information, such as origin IP addresses and port numbers, to the final backend server, rather than discarding it at the load balancer.
+
+```yaml
+service:
+  enabled: true
+  type: LoadBalancer
+  annotations:
+    # This will tell DigitalOcean to enable the proxy protocol.
+    service.beta.kubernetes.io/do-loadbalancer-enable-proxy-protocol: "true"
+  spec:
+    # This is the default and should stay as cluster to keep the DO health checks working.
+    externalTrafficPolicy: Cluster
+
+additionalArguments:
+  # Tell Traefik to only trust incoming headers from the Digital Ocean Load Balancers.
+  - "--entryPoints.web.proxyProtocol.trustedIPs=127.0.0.1/32,10.120.0.0/16"
+  - "--entryPoints.websecure.proxyProtocol.trustedIPs=127.0.0.1/32,10.120.0.0/16"
+  # Also whitelist the source of headers to trust,  the private IPs on the load balancers displayed on the networking page of DO.
+  - "--entryPoints.web.forwardedHeaders.trustedIPs=127.0.0.1/32,10.120.0.0/16"
+  - "--entryPoints.websecure.forwardedHeaders.trustedIPs=127.0.0.1/32,10.120.0.0/16"
+```
+
+# Enable plugin storage
+
+This chart follows common security practices: it runs as non root with a readonly root filesystem.
+When enabling a plugin which needs storage, you have to add it to the deployment.
+
+Here is a simple example with crowdsec. You may want to replace with your plugin or see complete exemple on crowdsec [here](https://github.com/maxlerebourg/crowdsec-bouncer-traefik-plugin/blob/main/exemples/kubernetes/README.md).
+
+```yaml
+deployment:
+  additionalVolumes:
+  - name: plugins
+additionalVolumeMounts:
+- name: plugins
+  mountPath: /plugins-storage
+additionalArguments:
+- "--experimental.plugins.bouncer.moduleName=github.com/maxlerebourg/crowdsec-bouncer-traefik-plugin"
+- "--experimental.plugins.bouncer.version=v1.1.9"
+```
+
+# Use Traefik native Let's Encrypt integration, without cert-manager
+
+In Traefik Proxy, ACME certificates are stored in a JSON file.
+
+This file needs to have 0600 permissions, meaning, only the owner of the file has full read and write access to it.
+By default, Kubernetes recursively changes ownership and permissions for the content of each volume.
+
+=> An initContainer can be used to avoid an issue on this sensitive file.
+See [#396](https://github.com/traefik/traefik-helm-chart/issues/396) for more details.
+
+```yaml
+persistence:
+  enabled: true
+  storageClass: xxx
+certResolvers:
+  letsencrypt:
+    dnsChallenge:
+      provider: cloudflare
+    storage: /data/acme.json
+env:
+  - name: CF_DNS_API_TOKEN
+    valueFrom:
+      secretKeyRef:
+        name: yyy
+        key: zzz
+deployment:
+  initContainers:
+    - name: volume-permissions
+      image: busybox:latest
+      command: ["sh", "-c", "touch /data/acme.json; chmod -v 600 /data/acme.json"]
+      volumeMounts:
+      - mountPath: /data
+        name: data
+```
+
+This example needs a CloudFlare token in a Kubernetes `Secret` and a working `StorageClass`.
+
+See [the list of supported providers](https://doc.traefik.io/traefik/https/acme/#providers) for others.
+
+# Provide default certificate with cert-manager and CloudFlare DNS
+
+Setup:
+
+* cert-manager installed in `cert-manager` namespace
+* A cloudflare account on a DNS Zone
+
+**Step 1**: Create `Secret` and `Issuer` needed by `cert-manager` with your API Token.
+See [cert-manager documentation](https://cert-manager.io/docs/configuration/acme/dns01/cloudflare/)
+for creating this token with needed rights:
+
+```yaml
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: cloudflare
+  namespace: traefik
+type: Opaque
+stringData:
+  api-token: XXX
+---
+apiVersion: cert-manager.io/v1
+kind: Issuer
+metadata:
+  name: cloudflare
+  namespace: traefik
+spec:
+  acme:
+    server: https://acme-v02.api.letsencrypt.org/directory
+    email: email@example.com
+    privateKeySecretRef:
+      name: cloudflare-key
+    solvers:
+      - dns01:
+          cloudflare:
+            apiTokenSecretRef:
+              name: cloudflare
+              key: api-token
+```
+
+**Step 2**: Create `Certificate` in traefik namespace
+
+```yaml
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: wildcard-example-com
+  namespace: traefik
+spec:
+  secretName: wildcard-example-com-tls
+  dnsNames:
+    - "example.com"
+    - "*.example.com"
+  issuerRef:
+    name: cloudflare
+    kind: Issuer
+```
+
+**Step 3**: Check that it's ready
+
+```bash
+kubectl get certificate -n traefik
+```
+
+If needed, logs of cert-manager pod can give you more information
+
+**Step 4**: Use it on the TLS Store in **values.yaml** file for this Helm Chart
+
+```yaml
+tlsStore:
+  default:
+    defaultCertificate:
+      secretName: wildcard-example-com-tls
+```
+
+**Step 5**: Enjoy. All your `IngressRoute` use this certificate by default now.
+
+They should use websecure entrypoint like this:
+
+```yaml
+apiVersion: traefik.io/v1alpha1
+kind: IngressRoute
+metadata:
+  name: example-com-tls
+spec:
+  entryPoints:
+    - websecure
+  routes:
+  - match: Host(`test.example.com`)
+    kind: Rule
+    services:
+    - name: XXXX
+      port: 80
+```
+
+# Use this Chart as a dependency of your own chart
+
+
+First, let's create a default Helm Chart, with Traefik as a dependency.
+```bash
+helm create foo
+cd foo
+echo "
+dependencies:
+  - name: traefik
+    version: "24.0.0"
+    repository: "https://traefik.github.io/charts"
+" >> Chart.yaml
+```
+
+Second, let's tune some values like enabling HPA:
+
+```bash
+cat <<-EOF >> values.yaml
+traefik:
+  autoscaling:
+    enabled: true
+    maxReplicas: 3
+EOF
+```
+
+Third, one can see if it works as expected:
+```bash
+helm dependency update
+helm dependency build
+helm template . | grep -A 14 -B 3 Horizontal
+```
+
+It should produce this output:
+
+```yaml
+---
+# Source: foo/charts/traefik/templates/hpa.yaml
+apiVersion: autoscaling/v2
+kind: HorizontalPodAutoscaler
+metadata:
+  name: release-name-traefik
+  namespace: flux-system
+  labels:
+    app.kubernetes.io/name: traefik
+    app.kubernetes.io/instance: release-name-flux-system
+    helm.sh/chart: traefik-24.0.0
+    app.kubernetes.io/managed-by: Helm
+spec:
+  scaleTargetRef:
+    apiVersion: apps/v1
+    kind: Deployment
+    name: release-name-traefik
+  maxReplicas: 3
+```
diff --git a/charts/traefik/25.0.3+up25.0.0/Guidelines.md b/charts/traefik/25.0.3+up25.0.0/Guidelines.md
new file mode 100644
index 0000000..91003bb
--- /dev/null
+++ b/charts/traefik/25.0.3+up25.0.0/Guidelines.md
@@ -0,0 +1,92 @@
+# Traefik Helm Chart Guidelines
+
+This document outlines the guidelines for developing, managing and extending the Traefik helm chart.
+
+This Helm Chart is documented using field description from comments with [helm-docs](https://github.com/norwoodj/helm-docs).
+
+Optionallity
+All non-critical features (Features not mandatory to starting Traefik) in the helm chart must be optional. All non-critical features should be disabled (commented out) in the values.yaml file. All optional non-critical features should be disabled (commented out) in the values.yaml file, and have a comment # (Optional) in the line above. This allows minimal configuration, and ease of extension.
+
+## Feature Example
+
+```yaml
+image:
+  # -- Traefik image host registry
+  registry: docker.io
+```
+
+This feature is expected and therefore is defined clearly in the values.yaml file.
+
+## Optional Feature Example
+
+```yaml
+# storage:
+#   controlNode:
+#     type: emptyDir
+```
+
+This feature is optional, non-critical, and therefore is commented out by default in the values.yaml file.
+
+To allow this, template blocks that use this need to recursively test for existence of values before using them:
+
+```yaml
+{{- if .Values.storage}}
+  {{- if .Values.storage.controlNode }}
+    //code
+    {{ .Values.storage.controlNode.type }}
+  {{- end }}
+{{- end }}
+```
+
+The non-critical feature defaults should be populated so that they can be enabled by simply uncommenting the section in the values.yaml file.
+
+## Optional Non-Critical Feature Example
+
+```yaml
+# storage:
+#   controlNode:
+#     type: emptyDir
+#     # (Optional)
+#     # volume: 1Gi
+```
+
+The volume option is clearly optional, and non-critical. It is commented out (apart from the storage section comment block), and is also preceeded by a comment of # (Optional) in the preceeding line. This facilitates configuration, when the storage section is uncommented, the optional features are still disabled by default.
+
+Similar to non-critical feaures, these options need to be tested for existance before use in the template.
+
+Note
+There can be optional values in critical features. These should just be added as an uncommented non-critical feature:
+
+```yaml
+image:
+  name: traefik
+  tag: 2.0.0
+  # (Optional)
+  # pullPolicy: IfNotPresent
+```
+
+Also, the first value under the primary value key does not require an optional comment:
+
+```yaml
+# ports:
+#   http: 80
+#   # (Optional)
+#   # https: 443
+```
+
+This is because if the main subkey is not defined, the entirety of the feature is optional.
+
+## Whitespace
+
+Extra whitespace is to be avoided in templating. Conditionals should chomp whitespace:
+
+```yaml
+{{- if .Values }}
+{{- end }}
+```
+
+There should be an empty commented line between each primary key in the values.yaml file to separate features from each other.
+
+## Values YAML Design
+
+The values.yaml file is designed to be user-friendly. It does not have to resemble the templated configuration if it is not conducive. Similarly, value names to not have to correspond to fields in the tempate if it is not condusive.
diff --git a/charts/traefik/25.0.3+up25.0.0/LICENSE b/charts/traefik/25.0.3+up25.0.0/LICENSE
new file mode 100644
index 0000000..907ff83
--- /dev/null
+++ b/charts/traefik/25.0.3+up25.0.0/LICENSE
@@ -0,0 +1,202 @@
+                                 Apache License
+                           Version 2.0, January 2004
+                        http://www.apache.org/licenses/
+
+   TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
+
+   1. Definitions.
+
+      "License" shall mean the terms and conditions for use, reproduction,
+      and distribution as defined by Sections 1 through 9 of this document.
+
+      "Licensor" shall mean the copyright owner or entity authorized by
+      the copyright owner that is granting the License.
+
+      "Legal Entity" shall mean the union of the acting entity and all
+      other entities that control, are controlled by, or are under common
+      control with that entity. For the purposes of this definition,
+      "control" means (i) the power, direct or indirect, to cause the
+      direction or management of such entity, whether by contract or
+      otherwise, or (ii) ownership of fifty percent (50%) or more of the
+      outstanding shares, or (iii) beneficial ownership of such entity.
+
+      "You" (or "Your") shall mean an individual or Legal Entity
+      exercising permissions granted by this License.
+
+      "Source" form shall mean the preferred form for making modifications,
+      including but not limited to software source code, documentation
+      source, and configuration files.
+
+      "Object" form shall mean any form resulting from mechanical
+      transformation or translation of a Source form, including but
+      not limited to compiled object code, generated documentation,
+      and conversions to other media types.
+
+      "Work" shall mean the work of authorship, whether in Source or
+      Object form, made available under the License, as indicated by a
+      copyright notice that is included in or attached to the work
+      (an example is provided in the Appendix below).
+
+      "Derivative Works" shall mean any work, whether in Source or Object
+      form, that is based on (or derived from) the Work and for which the
+      editorial revisions, annotations, elaborations, or other modifications
+      represent, as a whole, an original work of authorship. For the purposes
+      of this License, Derivative Works shall not include works that remain
+      separable from, or merely link (or bind by name) to the interfaces of,
+      the Work and Derivative Works thereof.
+
+      "Contribution" shall mean any work of authorship, including
+      the original version of the Work and any modifications or additions
+      to that Work or Derivative Works thereof, that is intentionally
+      submitted to Licensor for inclusion in the Work by the copyright owner
+      or by an individual or Legal Entity authorized to submit on behalf of
+      the copyright owner. For the purposes of this definition, "submitted"
+      means any form of electronic, verbal, or written communication sent
+      to the Licensor or its representatives, including but not limited to
+      communication on electronic mailing lists, source code control systems,
+      and issue tracking systems that are managed by, or on behalf of, the
+      Licensor for the purpose of discussing and improving the Work, but
+      excluding communication that is conspicuously marked or otherwise
+      designated in writing by the copyright owner as "Not a Contribution."
+
+      "Contributor" shall mean Licensor and any individual or Legal Entity
+      on behalf of whom a Contribution has been received by Licensor and
+      subsequently incorporated within the Work.
+
+   2. Grant of Copyright License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      copyright license to reproduce, prepare Derivative Works of,
+      publicly display, publicly perform, sublicense, and distribute the
+      Work and such Derivative Works in Source or Object form.
+
+   3. Grant of Patent License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      (except as stated in this section) patent license to make, have made,
+      use, offer to sell, sell, import, and otherwise transfer the Work,
+      where such license applies only to those patent claims licensable
+      by such Contributor that are necessarily infringed by their
+      Contribution(s) alone or by combination of their Contribution(s)
+      with the Work to which such Contribution(s) was submitted. If You
+      institute patent litigation against any entity (including a
+      cross-claim or counterclaim in a lawsuit) alleging that the Work
+      or a Contribution incorporated within the Work constitutes direct
+      or contributory patent infringement, then any patent licenses
+      granted to You under this License for that Work shall terminate
+      as of the date such litigation is filed.
+
+   4. Redistribution. You may reproduce and distribute copies of the
+      Work or Derivative Works thereof in any medium, with or without
+      modifications, and in Source or Object form, provided that You
+      meet the following conditions:
+
+      (a) You must give any other recipients of the Work or
+          Derivative Works a copy of this License; and
+
+      (b) You must cause any modified files to carry prominent notices
+          stating that You changed the files; and
+
+      (c) You must retain, in the Source form of any Derivative Works
+          that You distribute, all copyright, patent, trademark, and
+          attribution notices from the Source form of the Work,
+          excluding those notices that do not pertain to any part of
+          the Derivative Works; and
+
+      (d) If the Work includes a "NOTICE" text file as part of its
+          distribution, then any Derivative Works that You distribute must
+          include a readable copy of the attribution notices contained
+          within such NOTICE file, excluding those notices that do not
+          pertain to any part of the Derivative Works, in at least one
+          of the following places: within a NOTICE text file distributed
+          as part of the Derivative Works; within the Source form or
+          documentation, if provided along with the Derivative Works; or,
+          within a display generated by the Derivative Works, if and
+          wherever such third-party notices normally appear. The contents
+          of the NOTICE file are for informational purposes only and
+          do not modify the License. You may add Your own attribution
+          notices within Derivative Works that You distribute, alongside
+          or as an addendum to the NOTICE text from the Work, provided
+          that such additional attribution notices cannot be construed
+          as modifying the License.
+
+      You may add Your own copyright statement to Your modifications and
+      may provide additional or different license terms and conditions
+      for use, reproduction, or distribution of Your modifications, or
+      for any such Derivative Works as a whole, provided Your use,
+      reproduction, and distribution of the Work otherwise complies with
+      the conditions stated in this License.
+
+   5. Submission of Contributions. Unless You explicitly state otherwise,
+      any Contribution intentionally submitted for inclusion in the Work
+      by You to the Licensor shall be under the terms and conditions of
+      this License, without any additional terms or conditions.
+      Notwithstanding the above, nothing herein shall supersede or modify
+      the terms of any separate license agreement you may have executed
+      with Licensor regarding such Contributions.
+
+   6. Trademarks. This License does not grant permission to use the trade
+      names, trademarks, service marks, or product names of the Licensor,
+      except as required for reasonable and customary use in describing the
+      origin of the Work and reproducing the content of the NOTICE file.
+
+   7. Disclaimer of Warranty. Unless required by applicable law or
+      agreed to in writing, Licensor provides the Work (and each
+      Contributor provides its Contributions) on an "AS IS" BASIS,
+      WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+      implied, including, without limitation, any warranties or conditions
+      of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
+      PARTICULAR PURPOSE. You are solely responsible for determining the
+      appropriateness of using or redistributing the Work and assume any
+      risks associated with Your exercise of permissions under this License.
+
+   8. Limitation of Liability. In no event and under no legal theory,
+      whether in tort (including negligence), contract, or otherwise,
+      unless required by applicable law (such as deliberate and grossly
+      negligent acts) or agreed to in writing, shall any Contributor be
+      liable to You for damages, including any direct, indirect, special,
+      incidental, or consequential damages of any character arising as a
+      result of this License or out of the use or inability to use the
+      Work (including but not limited to damages for loss of goodwill,
+      work stoppage, computer failure or malfunction, or any and all
+      other commercial damages or losses), even if such Contributor
+      has been advised of the possibility of such damages.
+
+   9. Accepting Warranty or Additional Liability. While redistributing
+      the Work or Derivative Works thereof, You may choose to offer,
+      and charge a fee for, acceptance of support, warranty, indemnity,
+      or other liability obligations and/or rights consistent with this
+      License. However, in accepting such obligations, You may act only
+      on Your own behalf and on Your sole responsibility, not on behalf
+      of any other Contributor, and only if You agree to indemnify,
+      defend, and hold each Contributor harmless for any liability
+      incurred by, or claims asserted against, such Contributor by reason
+      of your accepting any such warranty or additional liability.
+
+   END OF TERMS AND CONDITIONS
+
+   APPENDIX: How to apply the Apache License to your work.
+
+      To apply the Apache License to your work, attach the following
+      boilerplate notice, with the fields enclosed by brackets "[]"
+      replaced with your own identifying information. (Don't include
+      the brackets!)  The text should be enclosed in the appropriate
+      comment syntax for the file format. We also recommend that a
+      file or class name and description of purpose be included on the
+      same "printed page" as the copyright notice for easier
+      identification within third-party archives.
+
+   Copyright 2020 Containous
+   Copyright 2020 Traefik Labs
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
diff --git a/charts/traefik/25.0.3+up25.0.0/README.md b/charts/traefik/25.0.3+up25.0.0/README.md
new file mode 100644
index 0000000..4494209
--- /dev/null
+++ b/charts/traefik/25.0.3+up25.0.0/README.md
@@ -0,0 +1,144 @@
+# Traefik
+
+[Traefik](https://traefik.io/) is a modern HTTP reverse proxy and load balancer made to deploy
+microservices with ease.
+
+## Introduction
+
+This chart bootstraps Traefik version 2 as a Kubernetes ingress controller,
+using Custom Resources `IngressRoute`: <https://docs.traefik.io/providers/kubernetes-crd/>.
+
+It's now possible to use this chart with Traefik v3 (current tested with beta3).
+Helm will auto detect which version is used based on image.tag. Set image.tag to a semver higher than 3.0, e.g. "v3.0.0-beta3".
+See [Migration guide from v2 to v3](https://doc.traefik.io/traefik/v3.0/migration/v2-to-v3/) and upgrading section of this chart on CRDs.
+
+### Philosophy
+
+The Traefik HelmChart is focused on Traefik deployment configuration.
+
+To keep this HelmChart as generic as possible we tend
+to avoid integrating any third party solutions nor any specific use cases.
+
+Accordingly, the encouraged approach to fulfill your needs:
+
+1. Override the default Traefik configuration values ([yaml file or cli](https://helm.sh/docs/chart_template_guide/values_files/))
+2. Append your own configurations (`kubectl apply -f myconf.yaml`)
+
+If needed, one may use [extraObjects](./traefik/tests/values/extra.yaml) or extend this HelmChart [as a Subchart](https://helm.sh/docs/chart_template_guide/subcharts_and_globals/). In the [examples](EXAMPLES.md), one can see how to use this Chart as a dependency.
+
+## Installing
+
+### Prerequisites
+
+1. [x] Helm **v3 > 3.9.0** [installed](https://helm.sh/docs/using_helm/#installing-helm): `helm version`
+2. [x] Traefik's chart repository: `helm repo add traefik https://traefik.github.io/charts`
+
+### Kubernetes Version Support
+
+Due to changes in CRD version support, the following versions of the chart are usable and supported on the following Kubernetes versions:
+
+|                         |  Kubernetes v1.15 and below | Kubernetes v1.16-v1.21 | Kubernetes v1.22 and above |
+|-------------------------|-----------------------------|------------------------|----------------------------|
+| Chart v9.20.2 and below | [x]                         | [x]                    |                            |
+| Chart v10.0.0 and above |                             | [x]                    | [x]                        |
+| Chart v22.0.0 and above |                             |                        | [x]                        |
+
+### CRDs Support of Traefik Proxy
+
+Due to changes in API Group of Traefik CRDs from `containo.us` to `traefik.io`, this Chart install the two CRDs API Group on the following versions:
+
+|                         |  `containo.us`              | `traefik.io`           |
+|-------------------------|-----------------------------|------------------------|
+| Chart v22.0.0 and below |  [x]                        |                        |
+| Chart v23.0.0 and above |  [x]                        | [x]                    |
+
+### Deploying Traefik
+
+```bash
+helm install traefik traefik/traefik
+```
+
+You can customize the install with a `values` file. There are some [EXAMPLES](./EXAMPLES.md) provided.
+Complete documentation on all available parameters is in the [default file](./traefik/values.yaml).
+
+```bash
+helm install -f myvalues.yaml traefik traefik/traefik
+```
+
+🛂 **Warning**: Helm v2 support was removed in the chart version 10.0.0.
+
+## Upgrading
+
+One can check what has changed in the [Changelog](./traefik/Changelog.md).
+
+```bash
+# Update repository
+helm repo update
+# See current Chart & Traefik version
+helm search repo traefik/traefik
+# Upgrade Traefik
+helm upgrade traefik traefik/traefik
+```
+
+New major version indicates that there is an incompatible breaking change.
+
+### Upgrading CRDs
+
+🛂 **Warning**: Traefik v3 totally removes the crd support for traefik.containo.us CRDs. By default this helm installs the CRDs compatible with v2 also, but Traefik v3 will no longer monitor them. There is no support for deprecation errors, so your existing resources may silently fail to work after upgrade to Traefik v3. See [Migration guide from v2 to v3](https://doc.traefik.io/traefik/v3.0/migration/v2-to-v3/) for more details.
+
+With Helm v3, CRDs created by this chart can not be updated, cf the [Helm Documentation on CRDs](https://helm.sh/docs/chart_best_practices/custom_resource_definitions). Please read carefully release notes of this chart before upgrading CRDs.
+
+```bash
+kubectl apply --server-side --force-conflicts -k https://github.com/traefik/traefik-helm-chart/traefik/crds/
+```
+
+### Upgrading after 18.X+
+
+It's detailed in [release notes](https://github.com/traefik/traefik-helm-chart/releases).
+
+### Upgrading from 17.x to 18.x
+
+Since v18.x, this chart by default merges TCP and UDP ports into a single (LoadBalancer) `Service`.
+Load balancers with mixed protocols are available since v1.20 and in
+[beta as of Kubernetes v1.24](https://kubernetes.io/docs/concepts/services-networking/service/#load-balancers-with-mixed-protocol-types).
+Availability may depend on your Kubernetes provider.
+
+To retain the old default behavior, set `service.single` to `false` in your values.
+
+When using TCP and UDP with a single service, you may encounter
+[this issue](https://github.com/kubernetes/kubernetes/issues/47249#issuecomment-587960741)
+from Kubernetes.
+
+On HTTP/3, if you want to avoid this issue, you can set
+`ports.websecure.http3.advertisedPort` to an other value than `443`
+
+If you were previously using HTTP/3, you should update your values as follows:
+  - Replace the old value (`true`) of `ports.websecure.http3` with a key `enabled: true`
+  - Remove `experimental.http3.enabled=true` entry
+
+### Upgrading from 16.x to 17.x
+
+Since v17.x, this chart provides unified labels following
+[Kubernetes recommendation](https://kubernetes.io/docs/concepts/overview/working-with-objects/common-labels/).
+
+This version needs to change an immutable field, which is not supported by
+Kubernetes and Helm, see [this issue](https://github.com/helm/helm/issues/7350)
+for more details.
+So you will have to delete your `Service`,  `Deployment` or `DaemonSet` in
+order to be able to upgrade.
+
+You may also upgrade by deploying another Traefik to a different namespace and
+removing after your first Traefik.
+
+Alternatively, since version 20.3.0 of this chart, you may set `instanceLabelOverride` to the previous value of that label.
+This will override the new `Release.Name-Release.Namespace` pattern to avoid any (longer) downtime.
+
+## Contributing
+
+If you want to contribute to this chart, please read the [Contributing Guide](./CONTRIBUTING.md).
+
+Thanks to all the people who have already contributed!
+
+<a href="https://github.com/traefik/traefik-helm-chart/graphs/contributors">
+  <img src="https://contributors-img.web.app/image?repo=traefik/traefik-helm-chart" />
+</a>
diff --git a/charts/traefik/25.0.3+up25.0.0/VALUES.md b/charts/traefik/25.0.3+up25.0.0/VALUES.md
new file mode 100644
index 0000000..bf6e85e
--- /dev/null
+++ b/charts/traefik/25.0.3+up25.0.0/VALUES.md
@@ -0,0 +1,171 @@
+# traefik
+
+![Version: 25.0.0](https://img.shields.io/badge/Version-25.0.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v2.10.5](https://img.shields.io/badge/AppVersion-v2.10.5-informational?style=flat-square)
+
+A Traefik based Kubernetes ingress controller
+
+**Homepage:** <https://traefik.io/>
+
+## Maintainers
+
+| Name | Email | Url |
+| ---- | ------ | --- |
+| emilevauge | <emile@vauge.com> |  |
+| dtomcej | <daniel.tomcej@gmail.com> |  |
+| ldez | <ldez@traefik.io> |  |
+| mloiseleur | <michel.loiseleur@traefik.io> |  |
+| charlie-haley | <charlie.haley@traefik.io> |  |
+
+## Source Code
+
+* <https://github.com/traefik/traefik>
+* <https://github.com/traefik/traefik-helm-chart>
+
+## Requirements
+
+Kubernetes: `>=1.16.0-0`
+
+## Values
+
+| Key | Type | Default | Description |
+|-----|------|---------|-------------|
+| additionalArguments | list | `[]` | Additional arguments to be passed at Traefik's binary All available options available on https://docs.traefik.io/reference/static-configuration/cli/ # Use curly braces to pass values: `helm install --set="additionalArguments={--providers.kubernetesingress.ingressclass=traefik-internal,--log.level=DEBUG}"` |
+| additionalVolumeMounts | list | `[]` | Additional volumeMounts to add to the Traefik container |
+| affinity | object | `{}` | on nodes where no other traefik pods are scheduled. It should be used when hostNetwork: true to prevent port conflicts |
+| autoscaling.enabled | bool | `false` | Create HorizontalPodAutoscaler object. |
+| certResolvers | object | `{}` | Certificates resolvers configuration |
+| commonLabels | object | `{}` | Add additional label to all resources |
+| deployment.additionalContainers | list | `[]` | Additional containers (e.g. for metric offloading sidecars) |
+| deployment.additionalVolumes | list | `[]` | Additional volumes available for use with initContainers and additionalContainers |
+| deployment.annotations | object | `{}` | Additional deployment annotations (e.g. for jaeger-operator sidecar injection) |
+| deployment.dnsConfig | object | `{}` | Custom pod DNS policy. Apply if `hostNetwork: true` dnsPolicy: ClusterFirstWithHostNet |
+| deployment.enabled | bool | `true` | Enable deployment |
+| deployment.imagePullSecrets | list | `[]` | Additional imagePullSecrets |
+| deployment.initContainers | list | `[]` | Additional initContainers (e.g. for setting file permission as shown below) |
+| deployment.kind | string | `"Deployment"` | Deployment or DaemonSet |
+| deployment.labels | object | `{}` | Additional deployment labels (e.g. for filtering deployment by custom labels) |
+| deployment.lifecycle | object | `{}` | Pod lifecycle actions |
+| deployment.minReadySeconds | int | `0` | The minimum number of seconds Traefik needs to be up and running before the DaemonSet/Deployment controller considers it available |
+| deployment.podAnnotations | object | `{}` | Additional pod annotations (e.g. for mesh injection or prometheus scraping) |
+| deployment.podLabels | object | `{}` | Additional Pod labels (e.g. for filtering Pod by custom labels) |
+| deployment.replicas | int | `1` | Number of pods of the deployment (only applies when kind == Deployment) |
+| deployment.shareProcessNamespace | bool | `false` | Use process namespace sharing |
+| deployment.terminationGracePeriodSeconds | int | `60` | Amount of time (in seconds) before Kubernetes will send the SIGKILL signal if Traefik does not shut down |
+| env | list | `[{"name":"POD_NAME","valueFrom":{"fieldRef":{"fieldPath":"metadata.name"}}},{"name":"POD_NAMESPACE","valueFrom":{"fieldRef":{"fieldPath":"metadata.namespace"}}}]` | Environment variables to be passed to Traefik's binary |
+| envFrom | list | `[]` | Environment variables to be passed to Traefik's binary from configMaps or secrets |
+| experimental.kubernetesGateway.enabled | bool | `false` | Enable traefik experimental GatewayClass CRD |
+| experimental.plugins | object | `{"enabled":false}` | Enable traefik version 3  enabled: false |
+| experimental.plugins.enabled | bool | `false` | Enable traefik experimental plugins |
+| extraObjects | list | `[]` | Extra objects to deploy (value evaluated as a template)  In some cases, it can avoid the need for additional, extended or adhoc deployments. See #595 for more details and traefik/tests/values/extra.yaml for example. |
+| globalArguments | list | `["--global.checknewversion","--global.sendanonymoususage"]` | Global command arguments to be passed to all traefik's pods |
+| hostNetwork | bool | `false` | If hostNetwork is true, runs traefik in the host network namespace To prevent unschedulabel pods due to port collisions, if hostNetwork=true and replicas>1, a pod anti-affinity is recommended and will be set if the affinity is left as default. |
+| image.pullPolicy | string | `"IfNotPresent"` | Traefik image pull policy |
+| image.registry | string | `"docker.io"` | Traefik image host registry |
+| image.repository | string | `"traefik"` | Traefik image repository |
+| image.tag | string | `""` | defaults to appVersion |
+| ingressClass | object | `{"enabled":true,"isDefaultClass":true}` | Create a default IngressClass for Traefik |
+| ingressRoute.dashboard.annotations | object | `{}` | Additional ingressRoute annotations (e.g. for kubernetes.io/ingress.class) |
+| ingressRoute.dashboard.enabled | bool | `true` | Create an IngressRoute for the dashboard |
+| ingressRoute.dashboard.entryPoints | list | `["traefik"]` | Specify the allowed entrypoints to use for the dashboard ingress route, (e.g. traefik, web, websecure). By default, it's using traefik entrypoint, which is not exposed. /!\ Do not expose your dashboard without any protection over the internet /!\ |
+| ingressRoute.dashboard.labels | object | `{}` | Additional ingressRoute labels (e.g. for filtering IngressRoute by custom labels) |
+| ingressRoute.dashboard.matchRule | string | `"PathPrefix(`/dashboard`) || PathPrefix(`/api`)"` | The router match rule used for the dashboard ingressRoute |
+| ingressRoute.dashboard.middlewares | list | `[]` | Additional ingressRoute middlewares (e.g. for authentication) |
+| ingressRoute.dashboard.tls | object | `{}` | TLS options (e.g. secret containing certificate) |
+| ingressRoute.healthcheck.annotations | object | `{}` | Additional ingressRoute annotations (e.g. for kubernetes.io/ingress.class) |
+| ingressRoute.healthcheck.enabled | bool | `false` | Create an IngressRoute for the healthcheck probe |
+| ingressRoute.healthcheck.entryPoints | list | `["traefik"]` | Specify the allowed entrypoints to use for the healthcheck ingress route, (e.g. traefik, web, websecure). By default, it's using traefik entrypoint, which is not exposed. |
+| ingressRoute.healthcheck.labels | object | `{}` | Additional ingressRoute labels (e.g. for filtering IngressRoute by custom labels) |
+| ingressRoute.healthcheck.matchRule | string | `"PathPrefix(`/ping`)"` | The router match rule used for the healthcheck ingressRoute |
+| ingressRoute.healthcheck.middlewares | list | `[]` | Additional ingressRoute middlewares (e.g. for authentication) |
+| ingressRoute.healthcheck.tls | object | `{}` | TLS options (e.g. secret containing certificate) |
+| livenessProbe.failureThreshold | int | `3` | The number of consecutive failures allowed before considering the probe as failed. |
+| livenessProbe.initialDelaySeconds | int | `2` | The number of seconds to wait before starting the first probe. |
+| livenessProbe.periodSeconds | int | `10` | The number of seconds to wait between consecutive probes. |
+| livenessProbe.successThreshold | int | `1` | The minimum consecutive successes required to consider the probe successful. |
+| livenessProbe.timeoutSeconds | int | `2` | The number of seconds to wait for a probe response before considering it as failed. |
+| logs.access.enabled | bool | `false` | To enable access logs |
+| logs.access.fields.general.defaultmode | string | `"keep"` | Available modes: keep, drop, redact. |
+| logs.access.fields.general.names | object | `{}` | Names of the fields to limit. |
+| logs.access.fields.headers.defaultmode | string | `"drop"` | Available modes: keep, drop, redact. |
+| logs.access.fields.headers.names | object | `{}` | Names of the headers to limit. |
+| logs.access.filters | object | `{}` | https://docs.traefik.io/observability/access-logs/#filtering |
+| logs.general.level | string | `"ERROR"` | Alternative logging levels are DEBUG, PANIC, FATAL, ERROR, WARN, and INFO. |
+| metrics.prometheus.entryPoint | string | `"metrics"` | Entry point used to expose metrics. |
+| nodeSelector | object | `{}` | nodeSelector is the simplest recommended form of node selection constraint. |
+| persistence.accessMode | string | `"ReadWriteOnce"` |  |
+| persistence.annotations | object | `{}` |  |
+| persistence.enabled | bool | `false` | Enable persistence using Persistent Volume Claims ref: http://kubernetes.io/docs/user-guide/persistent-volumes/ It can be used to store TLS certificates, see `storage` in certResolvers |
+| persistence.name | string | `"data"` |  |
+| persistence.path | string | `"/data"` |  |
+| persistence.size | string | `"128Mi"` |  |
+| podDisruptionBudget | object | `{"enabled":false}` | Pod disruption budget |
+| podSecurityContext.fsGroupChangePolicy | string | `"OnRootMismatch"` | Specifies the policy for changing ownership and permissions of volume contents to match the fsGroup. |
+| podSecurityContext.runAsGroup | int | `65532` | The ID of the group for all containers in the pod to run as. |
+| podSecurityContext.runAsNonRoot | bool | `true` | Specifies whether the containers should run as a non-root user. |
+| podSecurityContext.runAsUser | int | `65532` | The ID of the user for all containers in the pod to run as. |
+| podSecurityPolicy | object | `{"enabled":false}` | Enable to create a PodSecurityPolicy and assign it to the Service Account via RoleBinding or ClusterRoleBinding |
+| ports.metrics.expose | bool | `false` | You may not want to expose the metrics port on production deployments. If you want to access it from outside your cluster, use `kubectl port-forward` or create a secure ingress |
+| ports.metrics.exposedPort | int | `9100` | The exposed port for this service |
+| ports.metrics.port | int | `9100` | When using hostNetwork, use another port to avoid conflict with node exporter: https://github.com/prometheus/prometheus/wiki/Default-port-allocations |
+| ports.metrics.protocol | string | `"TCP"` | The port protocol (TCP/UDP) |
+| ports.traefik.expose | bool | `false` | You SHOULD NOT expose the traefik port on production deployments. If you want to access it from outside your cluster, use `kubectl port-forward` or create a secure ingress |
+| ports.traefik.exposedPort | int | `9000` | The exposed port for this service |
+| ports.traefik.port | int | `9000` |  |
+| ports.traefik.protocol | string | `"TCP"` | The port protocol (TCP/UDP) |
+| ports.web.expose | bool | `true` |  |
+| ports.web.exposedPort | int | `80` |  |
+| ports.web.port | int | `8000` |  |
+| ports.web.protocol | string | `"TCP"` |  |
+| ports.websecure.expose | bool | `true` |  |
+| ports.websecure.exposedPort | int | `443` |  |
+| ports.websecure.http3.enabled | bool | `false` |  |
+| ports.websecure.middlewares | list | `[]` | /!\ It introduces here a link between your static configuration and your dynamic configuration /!\ It follows the provider naming convention: https://doc.traefik.io/traefik/providers/overview/#provider-namespace middlewares:   - namespace-name1@kubernetescrd   - namespace-name2@kubernetescrd |
+| ports.websecure.port | int | `8443` |  |
+| ports.websecure.protocol | string | `"TCP"` |  |
+| ports.websecure.tls.certResolver | string | `""` |  |
+| ports.websecure.tls.domains | list | `[]` |  |
+| ports.websecure.tls.enabled | bool | `true` |  |
+| ports.websecure.tls.options | string | `""` |  |
+| priorityClassName | string | `""` | Priority indicates the importance of a Pod relative to other Pods. |
+| providers.kubernetesCRD.allowCrossNamespace | bool | `false` | Allows IngressRoute to reference resources in namespace other than theirs |
+| providers.kubernetesCRD.allowEmptyServices | bool | `false` | Allows to return 503 when there is no endpoints available |
+| providers.kubernetesCRD.allowExternalNameServices | bool | `false` | Allows to reference ExternalName services in IngressRoute |
+| providers.kubernetesCRD.enabled | bool | `true` | Load Kubernetes IngressRoute provider |
+| providers.kubernetesCRD.namespaces | list | `[]` | Array of namespaces to watch. If left empty, Traefik watches all namespaces. |
+| providers.kubernetesIngress.allowEmptyServices | bool | `false` | Allows to return 503 when there is no endpoints available |
+| providers.kubernetesIngress.allowExternalNameServices | bool | `false` | Allows to reference ExternalName services in Ingress |
+| providers.kubernetesIngress.enabled | bool | `true` | Load Kubernetes Ingress provider |
+| providers.kubernetesIngress.namespaces | list | `[]` | Array of namespaces to watch. If left empty, Traefik watches all namespaces. |
+| providers.kubernetesIngress.publishedService.enabled | bool | `false` |  |
+| rbac | object | `{"enabled":true,"namespaced":false}` | Whether Role Based Access Control objects like roles and rolebindings should be created |
+| readinessProbe.failureThreshold | int | `1` | The number of consecutive failures allowed before considering the probe as failed. |
+| readinessProbe.initialDelaySeconds | int | `2` | The number of seconds to wait before starting the first probe. |
+| readinessProbe.periodSeconds | int | `10` | The number of seconds to wait between consecutive probes. |
+| readinessProbe.successThreshold | int | `1` | The minimum consecutive successes required to consider the probe successful. |
+| readinessProbe.timeoutSeconds | int | `2` | The number of seconds to wait for a probe response before considering it as failed. |
+| resources | object | `{}` | The resources parameter defines CPU and memory requirements and limits for Traefik's containers. |
+| securityContext | object | `{"allowPrivilegeEscalation":false,"capabilities":{"drop":["ALL"]},"readOnlyRootFilesystem":true}` | To run the container with ports below 1024 this will need to be adjusted to run as root |
+| service.annotations | object | `{}` | Additional annotations applied to both TCP and UDP services (e.g. for cloud provider specific config) |
+| service.annotationsTCP | object | `{}` | Additional annotations for TCP service only |
+| service.annotationsUDP | object | `{}` | Additional annotations for UDP service only |
+| service.enabled | bool | `true` |  |
+| service.externalIPs | list | `[]` |  |
+| service.labels | object | `{}` | Additional service labels (e.g. for filtering Service by custom labels) |
+| service.loadBalancerSourceRanges | list | `[]` |  |
+| service.single | bool | `true` |  |
+| service.spec | object | `{}` | Cannot contain type, selector or ports entries. |
+| service.type | string | `"LoadBalancer"` |  |
+| serviceAccount | object | `{"name":""}` | The service account the pods will use to interact with the Kubernetes API |
+| serviceAccountAnnotations | object | `{}` | Additional serviceAccount annotations (e.g. for oidc authentication) |
+| tlsOptions | object | `{}` | TLS Options are created as TLSOption CRDs https://doc.traefik.io/traefik/https/tls/#tls-options When using `labelSelector`, you'll need to set labels on tlsOption accordingly. Example: tlsOptions:   default:     labels: {}     sniStrict: true     preferServerCipherSuites: true   customOptions:     labels: {}     curvePreferences:       - CurveP521       - CurveP384 |
+| tlsStore | object | `{}` | TLS Store are created as TLSStore CRDs. This is useful if you want to set a default certificate https://doc.traefik.io/traefik/https/tls/#default-certificate Example: tlsStore:   default:     defaultCertificate:       secretName: tls-cert |
+| tolerations | list | `[]` | Tolerations allow the scheduler to schedule pods with matching taints. |
+| topologySpreadConstraints | list | `[]` | You can use topology spread constraints to control how Pods are spread across your cluster among failure-domains. |
+| tracing | object | `{}` | https://doc.traefik.io/traefik/observability/tracing/overview/ |
+| updateStrategy.rollingUpdate.maxSurge | int | `1` |  |
+| updateStrategy.rollingUpdate.maxUnavailable | int | `0` |  |
+| updateStrategy.type | string | `"RollingUpdate"` | Customize updateStrategy: RollingUpdate or OnDelete |
+| volumes | list | `[]` | Add volumes to the traefik pod. The volume name will be passed to tpl. This can be used to mount a cert pair or a configmap that holds a config.toml file. After the volume has been mounted, add the configs into traefik by using the `additionalArguments` list below, eg: `additionalArguments: - "--providers.file.filename=/config/dynamic.toml" - "--ping" - "--ping.entrypoint=web"` |
+
+----------------------------------------------
+Autogenerated from chart metadata using [helm-docs v1.11.3](https://github.com/norwoodj/helm-docs/releases/v1.11.3)
diff --git a/charts/traefik/25.0.3+up25.0.0/templates/NOTES.txt b/charts/traefik/25.0.3+up25.0.0/templates/NOTES.txt
new file mode 100644
index 0000000..65e9f5b
--- /dev/null
+++ b/charts/traefik/25.0.3+up25.0.0/templates/NOTES.txt
@@ -0,0 +1,36 @@
+
+
+Traefik Proxy {{ .Values.image.tag | default .Chart.AppVersion }} has been deployed successfully on {{ template "traefik.namespace" . }} namespace !
+
+{{- if .Values.persistence }}
+{{- if and .Values.persistence.enabled (empty .Values.deployment.initContainer)}}
+
+🚨 When enabling persistence for certificates, permissions on acme.json can be
+lost when Traefik restarts. You can ensure correct permissions with an
+initContainer. See https://github.com/traefik/traefik-helm-chart/issues/396 for
+more info. 🚨
+
+{{- end }}
+{{- end }}
+{{- with .Values.providers.kubernetesCRD.labelSelector }}
+  {{- $labelsApplied := include "traefik.labels" $ }}
+  {{- $labelSelectors := regexSplit "," . -1 }}
+  {{- range $labelSelectors }}
+    {{- $labelSelectorRaw := regexSplit "=" . -1 }}
+    {{- $labelSelector := printf "%s: %s" (first $labelSelectorRaw) (last $labelSelectorRaw) }}
+    {{- if not (contains $labelSelector $labelsApplied) }}
+🚨 Resources populated with this chart don't match with labelSelector `{{.}}` applied on kubernetesCRD provider 🚨
+    {{- end }}
+  {{- end }}
+{{- end }}
+{{- with .Values.providers.kubernetesIngress.labelSelector }}
+  {{- $labelsApplied := include "traefik.labels" $ }}
+  {{- $labelSelectors := regexSplit "," . -1 }}
+  {{- range $labelSelectors }}
+    {{- $labelSelectorRaw := regexSplit "=" . -1 }}
+    {{- $labelSelector := printf "%s: %s" (first $labelSelectorRaw) (last $labelSelectorRaw) }}
+    {{- if not (contains $labelSelector $labelsApplied) }}
+🚨 Resources populated with this chart don't match with labelSelector `{{.}}` applied on kubernetesIngress provider 🚨
+    {{- end }}
+  {{- end }}
+{{- end }}
diff --git a/charts/traefik/25.0.3+up25.0.0/templates/_helpers.tpl b/charts/traefik/25.0.3+up25.0.0/templates/_helpers.tpl
new file mode 100644
index 0000000..acf878e
--- /dev/null
+++ b/charts/traefik/25.0.3+up25.0.0/templates/_helpers.tpl
@@ -0,0 +1,139 @@
+{{/* vim: set filetype=mustache: */}}
+
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "traefik.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "traefik.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Create the chart image name.
+*/}}
+
+{{- define "traefik.image-name" -}}
+{{- printf "%s:%s" .Values.image.repository (.Values.image.tag | default .Chart.AppVersion) }}
+{{- end -}}
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "traefik.fullname" -}}
+{{- if .Values.fullnameOverride -}}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- if contains $name .Release.Name -}}
+{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Allow customization of the instance label value.
+*/}}
+{{- define "traefik.instance-name" -}}
+{{- default (printf "%s-%s" .Release.Name .Release.Namespace) .Values.instanceLabelOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/* Shared labels used for selector*/}}
+{{/* This is an immutable field: this should not change between upgrade */}}
+{{- define "traefik.labelselector" -}}
+app.kubernetes.io/name: {{ template "traefik.name" . }}
+app.kubernetes.io/instance: {{ template "traefik.instance-name" . }}
+{{- end }}
+
+{{/* Shared labels used in metada */}}
+{{- define "traefik.labels" -}}
+{{ include "traefik.labelselector" . }}
+helm.sh/chart: {{ template "traefik.chart" . }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- with .Values.commonLabels }}
+{{ toYaml . }}
+{{- end }}
+{{- end }}
+
+{{/*
+Construct the namespace for all namespaced resources
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+Preserve the default behavior of the Release namespace if no override is provided
+*/}}
+{{- define "traefik.namespace" -}}
+{{- if .Values.namespaceOverride -}}
+{{- .Values.namespaceOverride | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- .Release.Namespace -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+The name of the service account to use
+*/}}
+{{- define "traefik.serviceAccountName" -}}
+{{- default (include "traefik.fullname" .) .Values.serviceAccount.name -}}
+{{- end -}}
+
+{{/*
+The name of the ClusterRole and ClusterRoleBinding to use.
+Adds the namespace to name to prevent duplicate resource names when there
+are multiple namespaced releases with the same release name.
+*/}}
+{{- define "traefik.clusterRoleName" -}}
+{{- (printf "%s-%s" (include "traefik.fullname" .) .Release.Namespace) | trunc 63 | trimSuffix "-" }}
+{{- end -}}
+
+{{/*
+Construct the path for the providers.kubernetesingress.ingressendpoint.publishedservice.
+By convention this will simply use the <namespace>/<service-name> to match the name of the
+service generated.
+Users can provide an override for an explicit service they want bound via `.Values.providers.kubernetesIngress.publishedService.pathOverride`
+*/}}
+{{- define "providers.kubernetesIngress.publishedServicePath" -}}
+{{- $defServiceName := printf "%s/%s" .Release.Namespace (include "traefik.fullname" .) -}}
+{{- $servicePath := default $defServiceName .Values.providers.kubernetesIngress.publishedService.pathOverride }}
+{{- print $servicePath | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Construct a comma-separated list of whitelisted namespaces
+*/}}
+{{- define "providers.kubernetesIngress.namespaces" -}}
+{{- default (include "traefik.namespace" .) (join "," .Values.providers.kubernetesIngress.namespaces) }}
+{{- end -}}
+{{- define "providers.kubernetesCRD.namespaces" -}}
+{{- default (include "traefik.namespace" .) (join "," .Values.providers.kubernetesCRD.namespaces) }}
+{{- end -}}
+
+{{/*
+Renders a complete tree, even values that contains template.
+*/}}
+{{- define "traefik.render" -}}
+  {{- if typeIs "string" .value }}
+    {{- tpl .value .context }}
+  {{ else }}
+    {{- tpl (.value | toYaml) .context }}
+  {{- end }}
+{{- end -}}
+
+{{- define "imageVersion" -}}
+{{ (split "@" (default $.Chart.AppVersion $.Values.image.tag))._0 }}
+{{- end -}}
+
+
+{{- define "system_default_registry" -}}
+{{- if .Values.global.systemDefaultRegistry -}}
+{{- printf "%s/" .Values.global.systemDefaultRegistry -}}
+{{- else -}}
+{{- "" -}}
+{{- end -}}
+{{- end -}}
diff --git a/charts/traefik/25.0.3+up25.0.0/templates/_podtemplate.tpl b/charts/traefik/25.0.3+up25.0.0/templates/_podtemplate.tpl
new file mode 100644
index 0000000..9ac57ba
--- /dev/null
+++ b/charts/traefik/25.0.3+up25.0.0/templates/_podtemplate.tpl
@@ -0,0 +1,753 @@
+{{- define "traefik.podTemplate" }}
+    metadata:
+      annotations:
+      {{- with .Values.deployment.podAnnotations }}
+      {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- if .Values.metrics }}
+      {{- if and (.Values.metrics.prometheus) (not .Values.metrics.prometheus.serviceMonitor) }}
+        prometheus.io/scrape: "true"
+        prometheus.io/path: "/metrics"
+        prometheus.io/port: {{ quote (index .Values.ports .Values.metrics.prometheus.entryPoint).port }}
+      {{- end }}
+      {{- end }}
+      labels:
+      {{- include "traefik.labels" . | nindent 8 -}}
+      {{- with .Values.deployment.podLabels }}
+      {{- toYaml . | nindent 8 }}
+      {{- end }}
+    spec:
+      {{- with .Values.deployment.imagePullSecrets }}
+      imagePullSecrets:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      serviceAccountName: {{ include "traefik.serviceAccountName" . }}
+      terminationGracePeriodSeconds: {{ default 60 .Values.deployment.terminationGracePeriodSeconds }}
+      hostNetwork: {{ .Values.hostNetwork }}
+      {{- with .Values.deployment.dnsPolicy }}
+      dnsPolicy: {{ . }}
+      {{- end }}
+      {{- with .Values.deployment.dnsConfig }}
+      dnsConfig:
+        {{- if .searches }}
+        searches:
+          {{- toYaml .searches | nindent 10 }}
+        {{- end }}
+        {{- if .nameservers }}
+        nameservers:
+          {{- toYaml .nameservers | nindent 10 }}
+        {{- end }}
+        {{- if .options }}
+        options:
+          {{- toYaml .options | nindent 10 }}
+        {{- end }}
+      {{- end }}
+      {{- with .Values.deployment.initContainers }}
+      initContainers:
+      {{- toYaml . | nindent 6 }}
+      {{- end }}
+      {{- if .Values.deployment.shareProcessNamespace }}
+      shareProcessNamespace: true
+      {{- end }}
+      containers:
+      - image: "{{ template "system_default_registry" . }}{{ template "traefik.image-name" . }}"
+        imagePullPolicy: {{ .Values.image.pullPolicy }}
+        name: {{ template "traefik.fullname" . }}
+        resources:
+          {{- with .Values.resources }}
+          {{- toYaml . | nindent 10 }}
+          {{- end }}
+        {{- if (and (empty .Values.ports.traefik) (empty .Values.deployment.healthchecksPort)) }}
+          {{- fail "ERROR: When disabling traefik port, you need to specify `deployment.healthchecksPort`" }}
+        {{- end }}
+        {{- $healthchecksPort := (default (.Values.ports.traefik).port .Values.deployment.healthchecksPort) }}
+        {{- $healthchecksScheme := (default "HTTP" .Values.deployment.healthchecksScheme) }}
+        readinessProbe:
+          httpGet:
+            path: /ping
+            port: {{ $healthchecksPort }}
+            scheme: {{ $healthchecksScheme }}
+          {{- toYaml .Values.readinessProbe | nindent 10 }}
+        livenessProbe:
+          httpGet:
+            path: /ping
+            port: {{ $healthchecksPort }}
+            scheme: {{ $healthchecksScheme }}
+          {{- toYaml .Values.livenessProbe | nindent 10 }}
+        lifecycle:
+          {{- with .Values.deployment.lifecycle }}
+          {{- toYaml . | nindent 10 }}
+          {{- end }}
+        ports:
+        {{- $hostNetwork := .Values.hostNetwork }}
+        {{- range $name, $config := .Values.ports }}
+        {{- if $config }}
+          {{- if and $hostNetwork (and $config.hostPort $config.port) }}
+            {{- if ne ($config.hostPort | int) ($config.port | int) }}
+              {{- fail "ERROR: All hostPort must match their respective containerPort when `hostNetwork` is enabled" }}
+            {{- end }}
+          {{- end }}
+        - name: {{ $name | quote }}
+          containerPort: {{ default $config.port $config.containerPort }}
+          {{- if $config.hostPort }}
+          hostPort: {{ $config.hostPort }}
+          {{- end }}
+          {{- if $config.hostIP }}
+          hostIP: {{ $config.hostIP }}
+          {{- end }}
+          protocol: {{ default "TCP" $config.protocol | quote }}
+        {{- if $config.http3 }}
+        {{- if and $config.http3.enabled $config.hostPort }}
+        {{- $http3Port := default $config.hostPort $config.http3.advertisedPort }}
+        - name: "{{ $name }}-http3"
+          containerPort: {{ $config.port }}
+          hostPort: {{ $http3Port }}
+          protocol: UDP
+        {{- end }}
+        {{- end }}
+        {{- end }}
+        {{- end }}
+        {{- with .Values.securityContext }}
+        securityContext:
+          {{- toYaml . | nindent 10 }}
+        {{- end }}
+        volumeMounts:
+          - name: {{ .Values.persistence.name }}
+            mountPath: {{ .Values.persistence.path }}
+            {{- if .Values.persistence.subPath }}
+            subPath: {{ .Values.persistence.subPath }}
+            {{- end }}
+          - name: tmp
+            mountPath: /tmp
+          {{- $root := . }}
+          {{- range .Values.volumes }}
+          - name: {{ tpl (.name) $root | replace "." "-" }}
+            mountPath: {{ .mountPath }}
+            readOnly: true
+          {{- end }}
+          {{- if .Values.experimental.plugins.enabled }}
+          - name: plugins
+            mountPath: "/plugins-storage"
+          {{- end }}
+          {{- if .Values.additionalVolumeMounts }}
+            {{- toYaml .Values.additionalVolumeMounts | nindent 10 }}
+          {{- end }}
+        args:
+          {{- with .Values.globalArguments }}
+          {{- range . }}
+          - {{ . | quote }}
+          {{- end }}
+          {{- end }}
+          {{- range $name, $config := .Values.ports }}
+          {{- if $config }}
+          - "--entrypoints.{{$name}}.address=:{{ $config.port }}/{{ default "tcp" $config.protocol | lower }}"
+          {{- with $config.asDefault }}
+          {{- if semverCompare "<3.0.0-0" (include "imageVersion" $) }}
+            {{- fail "ERROR: Default entrypoints are only available on Traefik v3. Please set `image.tag` to `v3.x`." }}
+          {{- end }}
+          - "--entrypoints.{{$name}}.asDefault={{ . }}"
+          {{- end }}
+          {{- end }}
+          {{- end }}
+          - "--api.dashboard=true"
+          - "--ping=true"
+
+          {{- if .Values.metrics }}
+          {{- with .Values.metrics.datadog }}
+          - "--metrics.datadog=true"
+           {{- with .address }}
+          - "--metrics.datadog.address={{ . }}"
+           {{- end }}
+           {{- with .pushInterval }}
+          - "--metrics.datadog.pushInterval={{ . }}"
+           {{- end }}
+           {{- with .prefix }}
+          - "--metrics.datadog.prefix={{ . }}"
+           {{- end }}
+           {{- if ne .addRoutersLabels nil }}
+            {{- with .addRoutersLabels | toString }}
+          - "--metrics.datadog.addRoutersLabels={{ . }}"
+            {{- end }}
+           {{- end }}
+           {{- if ne .addEntryPointsLabels nil }}
+            {{- with .addEntryPointsLabels | toString }}
+          - "--metrics.datadog.addEntryPointsLabels={{ . }}"
+            {{- end }}
+           {{- end }}
+           {{- if ne .addServicesLabels nil }}
+            {{- with .addServicesLabels | toString }}
+          - "--metrics.datadog.addServicesLabels={{ . }}"
+            {{- end }}
+           {{- end }}
+          {{- end }}
+
+          {{- with .Values.metrics.influxdb }}
+          - "--metrics.influxdb=true"
+          - "--metrics.influxdb.address={{ .address }}"
+          - "--metrics.influxdb.protocol={{ .protocol }}"
+           {{- with .database }}
+          - "--metrics.influxdb.database={{ . }}"
+           {{- end }}
+           {{- with .retentionPolicy }}
+          - "--metrics.influxdb.retentionPolicy={{ . }}"
+           {{- end }}
+           {{- with .username }}
+          - "--metrics.influxdb.username={{ . }}"
+           {{- end }}
+           {{- with .password }}
+          - "--metrics.influxdb.password={{ . }}"
+           {{- end }}
+           {{- with .pushInterval }}
+          - "--metrics.influxdb.pushInterval={{ . }}"
+           {{- end }}
+           {{- range $name, $value := .additionalLabels }}
+          - "--metrics.influxdb.additionalLabels.{{ $name }}={{ $value }}"
+           {{- end }}
+           {{- if ne .addRoutersLabels nil }}
+            {{- with .addRoutersLabels | toString }}
+          - "--metrics.influxdb.addRoutersLabels={{ . }}"
+            {{- end }}
+           {{- end }}
+           {{- if ne .addEntryPointsLabels nil }}
+            {{- with .addEntryPointsLabels | toString }}
+          - "--metrics.influxdb.addEntryPointsLabels={{ . }}"
+            {{- end }}
+           {{- end }}
+           {{- if ne .addServicesLabels nil }}
+            {{- with .addServicesLabels | toString }}
+          - "--metrics.influxdb.addServicesLabels={{ . }}"
+            {{- end }}
+           {{- end }}
+          {{- end }}
+
+          {{- with .Values.metrics.influxdb2 }}
+          - "--metrics.influxdb2=true"
+          - "--metrics.influxdb2.address={{ .address }}"
+          - "--metrics.influxdb2.token={{ .token }}"
+          - "--metrics.influxdb2.org={{ .org }}"
+          - "--metrics.influxdb2.bucket={{ .bucket }}"
+           {{- with .pushInterval }}
+          - "--metrics.influxdb2.pushInterval={{ . }}"
+           {{- end }}
+           {{- range $name, $value := .additionalLabels }}
+          - "--metrics.influxdb2.additionalLabels.{{ $name }}={{ $value }}"
+           {{- end }}
+           {{- if ne .addRoutersLabels nil }}
+            {{- with .addRoutersLabels | toString }}
+          - "--metrics.influxdb2.addRoutersLabels={{ . }}"
+            {{- end }}
+           {{- end }}
+           {{- if ne .addEntryPointsLabels nil }}
+            {{- with .addEntryPointsLabels | toString }}
+          - "--metrics.influxdb2.addEntryPointsLabels={{ . }}"
+            {{- end }}
+           {{- end }}
+           {{- if ne .addServicesLabels nil }}
+            {{- with .addServicesLabels | toString }}
+          - "--metrics.influxdb2.addServicesLabels={{ . }}"
+            {{- end }}
+           {{- end }}
+          {{- end }}
+          {{- if (.Values.metrics.prometheus) }}
+          - "--metrics.prometheus=true"
+          - "--metrics.prometheus.entrypoint={{ .Values.metrics.prometheus.entryPoint }}"
+          {{- if (eq (.Values.metrics.prometheus.addRoutersLabels | toString) "true") }}
+          - "--metrics.prometheus.addRoutersLabels=true"
+          {{- end }}
+          {{- if ne .Values.metrics.prometheus.addEntryPointsLabels nil }}
+           {{- with .Values.metrics.prometheus.addEntryPointsLabels | toString }}
+          - "--metrics.prometheus.addEntryPointsLabels={{ . }}"
+           {{- end }}
+          {{- end }}
+          {{- if ne .Values.metrics.prometheus.addServicesLabels nil }}
+           {{- with .Values.metrics.prometheus.addServicesLabels| toString }}
+          - "--metrics.prometheus.addServicesLabels={{ . }}"
+           {{- end }}
+          {{- end }}
+          {{- if .Values.metrics.prometheus.buckets }}
+          - "--metrics.prometheus.buckets={{ .Values.metrics.prometheus.buckets }}"
+          {{- end }}
+          {{- if .Values.metrics.prometheus.manualRouting }}
+          - "--metrics.prometheus.manualrouting=true"
+          {{- end }}
+          {{- end }}
+          {{- with .Values.metrics.statsd }}
+          - "--metrics.statsd=true"
+          - "--metrics.statsd.address={{ .address }}"
+           {{- with .pushInterval }}
+          - "--metrics.statsd.pushInterval={{ . }}"
+           {{- end }}
+           {{- with .prefix }}
+          - "--metrics.statsd.prefix={{ . }}"
+           {{- end }}
+           {{- if .addRoutersLabels}}
+          - "--metrics.statsd.addRoutersLabels=true"
+           {{- end }}
+           {{- if ne .addEntryPointsLabels nil }}
+            {{- with .addEntryPointsLabels | toString }}
+          - "--metrics.statsd.addEntryPointsLabels={{ . }}"
+            {{- end }}
+           {{- end }}
+           {{- if ne .addServicesLabels nil }}
+            {{- with .addServicesLabels | toString }}
+          - "--metrics.statsd.addServicesLabels={{ . }}"
+            {{- end }}
+           {{- end }}
+          {{- end }}
+
+          {{- end }}
+
+          {{- with .Values.metrics.openTelemetry }}
+           {{- if semverCompare "<3.0.0-0" (include "imageVersion" $) }}
+             {{- fail "ERROR: OpenTelemetry features are only available on Traefik v3. Please set `image.tag` to `v3.x`." }}
+           {{- end }}
+          - "--metrics.openTelemetry=true"
+          - "--metrics.openTelemetry.address={{ .address }}"
+           {{- if ne .addEntryPointsLabels nil }}
+            {{- with .addEntryPointsLabels | toString }}
+          - "--metrics.openTelemetry.addEntryPointsLabels={{ . }}"
+            {{- end }}
+           {{- end }}
+           {{- if ne .addRoutersLabels nil }}
+            {{- with .addRoutersLabels | toString }}
+          - "--metrics.openTelemetry.addRoutersLabels={{ . }}"
+            {{- end }}
+           {{- end }}
+           {{- if ne .addServicesLabels nil }}
+            {{- with .addServicesLabels | toString }}
+          - "--metrics.openTelemetry.addServicesLabels={{ . }}"
+            {{- end }}
+           {{- end }}
+           {{- with .explicitBoundaries }}
+          - "--metrics.openTelemetry.explicitBoundaries={{ join "," . }}"
+           {{- end }}
+           {{- with .headers }}
+            {{- range $name, $value := . }}
+          - "--metrics.openTelemetry.headers.{{ $name }}={{ $value }}"
+            {{- end }}
+           {{- end }}
+           {{- with .insecure }}
+          - "--metrics.openTelemetry.insecure={{ . }}"
+           {{- end }}
+           {{- with .pushInterval }}
+          - "--metrics.openTelemetry.pushInterval={{ . }}"
+           {{- end }}
+           {{- with .path }}
+          - "--metrics.openTelemetry.path={{ . }}"
+           {{- end }}
+           {{- with .tls }}
+            {{- with .ca }}
+          - "--metrics.openTelemetry.tls.ca={{ . }}"
+            {{- end }}
+            {{- with .cert }}
+          - "--metrics.openTelemetry.tls.cert={{ . }}"
+            {{- end }}
+            {{- with .key }}
+          - "--metrics.openTelemetry.tls.key={{ . }}"
+            {{- end }}
+            {{- with .insecureSkipVerify }}
+          - "--metrics.openTelemetry.tls.insecureSkipVerify={{ . }}"
+            {{- end }}
+           {{- end }}
+           {{- with .grpc }}
+          - "--metrics.openTelemetry.grpc={{ . }}"
+           {{- end }}
+          {{- end }}
+
+          {{- if .Values.tracing }}
+
+          {{- if .Values.tracing.openTelemetry }}
+           {{- if semverCompare "<3.0.0-0" (include "imageVersion" $) }}
+             {{- fail "ERROR: OpenTelemetry features are only available on Traefik v3. Please set `image.tag` to `v3.x`." }}
+           {{- end }}
+          - "--tracing.openTelemetry=true"
+          - "--tracing.openTelemetry.address={{ required "ERROR: When enabling openTelemetry on tracing, `tracing.openTelemetry.address` is required." .Values.tracing.openTelemetry.address }}"
+          {{- range $key, $value := .Values.tracing.openTelemetry.headers }}
+          - "--tracing.openTelemetry.headers.{{ $key }}={{ $value }}"
+          {{- end }}
+          {{- if .Values.tracing.openTelemetry.insecure }}
+          - "--tracing.openTelemetry.insecure={{ .Values.tracing.openTelemetry.insecure }}"
+          {{- end }}
+          {{- if .Values.tracing.openTelemetry.path }}
+          - "--tracing.openTelemetry.path={{ .Values.tracing.openTelemetry.path }}"
+          {{- end }}
+          {{- if .Values.tracing.openTelemetry.tls }}
+          {{- if .Values.tracing.openTelemetry.tls.ca }}
+          - "--tracing.openTelemetry.tls.ca={{ .Values.tracing.openTelemetry.tls.ca }}"
+          {{- end }}
+          {{- if .Values.tracing.openTelemetry.tls.cert }}
+          - "--tracing.openTelemetry.tls.cert={{ .Values.tracing.openTelemetry.tls.cert }}"
+          {{- end }}
+          {{- if .Values.tracing.openTelemetry.tls.key }}
+          - "--tracing.openTelemetry.tls.key={{ .Values.tracing.openTelemetry.tls.key }}"
+          {{- end }}
+          {{- if .Values.tracing.openTelemetry.tls.insecureSkipVerify }}
+          - "--tracing.openTelemetry.tls.insecureSkipVerify={{ .Values.tracing.openTelemetry.tls.insecureSkipVerify }}"
+          {{- end }}
+          {{- end }}
+          {{- if .Values.tracing.openTelemetry.grpc }}
+          - "--tracing.openTelemetry.grpc=true"
+          {{- end }}
+          {{- end }}
+
+          {{- if .Values.tracing.instana }}
+          - "--tracing.instana=true"
+          {{- if .Values.tracing.instana.localAgentHost }}
+          - "--tracing.instana.localAgentHost={{ .Values.tracing.instana.localAgentHost }}"
+          {{- end }}
+          {{- if .Values.tracing.instana.localAgentPort }}
+          - "--tracing.instana.localAgentPort={{ .Values.tracing.instana.localAgentPort }}"
+          {{- end }}
+          {{- if .Values.tracing.instana.logLevel }}
+          - "--tracing.instana.logLevel={{ .Values.tracing.instana.logLevel }}"
+          {{- end }}
+          {{- if .Values.tracing.instana.enableAutoProfile }}
+          - "--tracing.instana.enableAutoProfile={{ .Values.tracing.instana.enableAutoProfile }}"
+          {{- end }}
+          {{- end }}
+          {{- if .Values.tracing.datadog }}
+          - "--tracing.datadog=true"
+          {{- if .Values.tracing.datadog.localAgentHostPort }}
+          - "--tracing.datadog.localAgentHostPort={{ .Values.tracing.datadog.localAgentHostPort }}"
+          {{- end }}
+          {{- if .Values.tracing.datadog.debug }}
+          - "--tracing.datadog.debug=true"
+          {{- end }}
+          {{- if .Values.tracing.datadog.globalTag }}
+          - "--tracing.datadog.globalTag={{ .Values.tracing.datadog.globalTag }}"
+          {{- end }}
+          {{- if .Values.tracing.datadog.prioritySampling }}
+          - "--tracing.datadog.prioritySampling=true"
+          {{- end }}
+          {{- end }}
+          {{- if .Values.tracing.jaeger }}
+          - "--tracing.jaeger=true"
+          {{- if .Values.tracing.jaeger.samplingServerURL }}
+          - "--tracing.jaeger.samplingServerURL={{ .Values.tracing.jaeger.samplingServerURL }}"
+          {{- end }}
+          {{- if .Values.tracing.jaeger.samplingType }}
+          - "--tracing.jaeger.samplingType={{ .Values.tracing.jaeger.samplingType }}"
+          {{- end }}
+          {{- if .Values.tracing.jaeger.samplingParam }}
+          - "--tracing.jaeger.samplingParam={{ .Values.tracing.jaeger.samplingParam }}"
+          {{- end }}
+          {{- if .Values.tracing.jaeger.localAgentHostPort }}
+          - "--tracing.jaeger.localAgentHostPort={{ .Values.tracing.jaeger.localAgentHostPort }}"
+          {{- end }}
+          {{- if .Values.tracing.jaeger.gen128Bit }}
+          - "--tracing.jaeger.gen128Bit={{ .Values.tracing.jaeger.gen128Bit }}"
+          {{- end }}
+          {{- if .Values.tracing.jaeger.propagation }}
+          - "--tracing.jaeger.propagation={{ .Values.tracing.jaeger.propagation }}"
+          {{- end }}
+          {{- if .Values.tracing.jaeger.traceContextHeaderName }}
+          - "--tracing.jaeger.traceContextHeaderName={{ .Values.tracing.jaeger.traceContextHeaderName }}"
+          {{- end }}
+          {{- if .Values.tracing.jaeger.disableAttemptReconnecting }}
+          - "--tracing.jaeger.disableAttemptReconnecting={{ .Values.tracing.jaeger.disableAttemptReconnecting }}"
+          {{- end }}
+          {{- if .Values.tracing.jaeger.collector }}
+          {{- if .Values.tracing.jaeger.collector.endpoint }}
+          - "--tracing.jaeger.collector.endpoint={{ .Values.tracing.jaeger.collector.endpoint }}"
+          {{- end }}
+          {{- if .Values.tracing.jaeger.collector.user }}
+          - "--tracing.jaeger.collector.user={{ .Values.tracing.jaeger.collector.user }}"
+          {{- end }}
+          {{- if .Values.tracing.jaeger.collector.password }}
+          - "--tracing.jaeger.collector.password={{ .Values.tracing.jaeger.collector.password }}"
+          {{- end }}
+          {{- end }}
+          {{- end }}
+          {{- if .Values.tracing.zipkin }}
+          - "--tracing.zipkin=true"
+          {{- if .Values.tracing.zipkin.httpEndpoint }}
+          - "--tracing.zipkin.httpEndpoint={{ .Values.tracing.zipkin.httpEndpoint }}"
+          {{- end }}
+          {{- if .Values.tracing.zipkin.sameSpan }}
+          - "--tracing.zipkin.sameSpan={{ .Values.tracing.zipkin.sameSpan }}"
+          {{- end }}
+          {{- if .Values.tracing.zipkin.id128Bit }}
+          - "--tracing.zipkin.id128Bit={{ .Values.tracing.zipkin.id128Bit }}"
+          {{- end }}
+          {{- if .Values.tracing.zipkin.sampleRate }}
+          - "--tracing.zipkin.sampleRate={{ .Values.tracing.zipkin.sampleRate }}"
+          {{- end }}
+          {{- end }}
+          {{- if .Values.tracing.haystack }}
+          - "--tracing.haystack=true"
+          {{- if .Values.tracing.haystack.localAgentHost }}
+          - "--tracing.haystack.localAgentHost={{ .Values.tracing.haystack.localAgentHost }}"
+          {{- end }}
+          {{- if .Values.tracing.haystack.localAgentPort }}
+          - "--tracing.haystack.localAgentPort={{ .Values.tracing.haystack.localAgentPort }}"
+          {{- end }}
+          {{- if .Values.tracing.haystack.globalTag }}
+          - "--tracing.haystack.globalTag={{ .Values.tracing.haystack.globalTag }}"
+          {{- end }}
+          {{- if .Values.tracing.haystack.traceIDHeaderName }}
+          - "--tracing.haystack.traceIDHeaderName={{ .Values.tracing.haystack.traceIDHeaderName }}"
+          {{- end }}
+          {{- if .Values.tracing.haystack.parentIDHeaderName }}
+          - "--tracing.haystack.parentIDHeaderName={{ .Values.tracing.haystack.parentIDHeaderName }}"
+          {{- end }}
+          {{- if .Values.tracing.haystack.spanIDHeaderName }}
+          - "--tracing.haystack.spanIDHeaderName={{ .Values.tracing.haystack.spanIDHeaderName }}"
+          {{- end }}
+          {{- if .Values.tracing.haystack.baggagePrefixHeaderName }}
+          - "--tracing.haystack.baggagePrefixHeaderName={{ .Values.tracing.haystack.baggagePrefixHeaderName }}"
+          {{- end }}
+          {{- end }}
+          {{- if .Values.tracing.elastic }}
+          - "--tracing.elastic=true"
+          {{- if .Values.tracing.elastic.serverURL }}
+          - "--tracing.elastic.serverURL={{ .Values.tracing.elastic.serverURL }}"
+          {{- end }}
+          {{- if .Values.tracing.elastic.secretToken }}
+          - "--tracing.elastic.secretToken={{ .Values.tracing.elastic.secretToken }}"
+          {{- end }}
+          {{- if .Values.tracing.elastic.serviceEnvironment }}
+          - "--tracing.elastic.serviceEnvironment={{ .Values.tracing.elastic.serviceEnvironment }}"
+          {{- end }}
+          {{- end }}
+          {{- end }}
+          {{- if .Values.providers.kubernetesCRD.enabled }}
+          - "--providers.kubernetescrd"
+          {{- if .Values.providers.kubernetesCRD.labelSelector }}
+          - "--providers.kubernetescrd.labelSelector={{ .Values.providers.kubernetesCRD.labelSelector }}"
+          {{- end }}
+          {{- if .Values.providers.kubernetesCRD.ingressClass }}
+          - "--providers.kubernetescrd.ingressClass={{ .Values.providers.kubernetesCRD.ingressClass }}"
+          {{- end }}
+          {{- if .Values.providers.kubernetesCRD.allowCrossNamespace }}
+          - "--providers.kubernetescrd.allowCrossNamespace=true"
+          {{- end }}
+          {{- if .Values.providers.kubernetesCRD.allowExternalNameServices }}
+          - "--providers.kubernetescrd.allowExternalNameServices=true"
+          {{- end }}
+          {{- if .Values.providers.kubernetesCRD.allowEmptyServices }}
+          - "--providers.kubernetescrd.allowEmptyServices=true"
+          {{- end }}
+          {{- end }}
+          {{- if .Values.providers.kubernetesIngress.enabled }}
+          - "--providers.kubernetesingress"
+          {{- if .Values.providers.kubernetesIngress.allowExternalNameServices }}
+          - "--providers.kubernetesingress.allowExternalNameServices=true"
+          {{- end }}
+          {{- if .Values.providers.kubernetesIngress.allowEmptyServices }}
+          - "--providers.kubernetesingress.allowEmptyServices=true"
+          {{- end }}
+          {{- if and .Values.service.enabled .Values.providers.kubernetesIngress.publishedService.enabled }}
+          - "--providers.kubernetesingress.ingressendpoint.publishedservice={{ template "providers.kubernetesIngress.publishedServicePath" . }}"
+          {{- end }}
+          {{- if .Values.providers.kubernetesIngress.labelSelector }}
+          - "--providers.kubernetesingress.labelSelector={{ .Values.providers.kubernetesIngress.labelSelector }}"
+          {{- end }}
+          {{- if .Values.providers.kubernetesIngress.ingressClass }}
+          - "--providers.kubernetesingress.ingressClass={{ .Values.providers.kubernetesIngress.ingressClass }}"
+          {{- end }}
+          {{- end }}
+          {{- if .Values.experimental.kubernetesGateway.enabled }}
+          - "--providers.kubernetesgateway"
+          - "--experimental.kubernetesgateway"
+          {{- end }}
+          {{- with .Values.providers.kubernetesCRD }}
+          {{- if (and .enabled (or .namespaces (and $.Values.rbac.enabled $.Values.rbac.namespaced))) }}
+          - "--providers.kubernetescrd.namespaces={{ template "providers.kubernetesCRD.namespaces" $ }}"
+          {{- end }}
+          {{- end }}
+          {{- with .Values.providers.kubernetesIngress }}
+          {{- if (and .enabled (or .namespaces (and $.Values.rbac.enabled $.Values.rbac.namespaced))) }}
+          - "--providers.kubernetesingress.namespaces={{ template "providers.kubernetesIngress.namespaces" $ }}"
+          {{- end }}
+          {{- end }}
+          {{- range $entrypoint, $config := $.Values.ports }}
+          {{- if $config }}
+            {{- if $config.redirectTo }}
+             {{- if eq (typeOf $config.redirectTo) "string" }}
+               {{- fail "ERROR: Syntax of `ports.web.redirectTo` has changed to `ports.web.redirectTo.port`. Details in PR #934." }}
+             {{- end }}
+             {{- $toPort := index $.Values.ports $config.redirectTo.port }}
+          - "--entrypoints.{{ $entrypoint }}.http.redirections.entryPoint.to=:{{ $toPort.exposedPort }}"
+          - "--entrypoints.{{ $entrypoint }}.http.redirections.entryPoint.scheme=https"
+             {{- if $config.redirectTo.priority }}
+          - "--entrypoints.{{ $entrypoint }}.http.redirections.entryPoint.priority={{ $config.redirectTo.priority }}"
+             {{- end }}
+            {{- end }}
+            {{- if $config.middlewares }}
+          - "--entrypoints.{{ $entrypoint }}.http.middlewares={{ join "," $config.middlewares }}"
+            {{- end }}
+            {{- if $config.tls }}
+              {{- if $config.tls.enabled }}
+          - "--entrypoints.{{ $entrypoint }}.http.tls=true"
+                {{- if $config.tls.options }}
+          - "--entrypoints.{{ $entrypoint }}.http.tls.options={{ $config.tls.options }}"
+                {{- end }}
+                {{- if $config.tls.certResolver }}
+          - "--entrypoints.{{ $entrypoint }}.http.tls.certResolver={{ $config.tls.certResolver }}"
+                {{- end }}
+                {{- if $config.tls.domains }}
+                  {{- range $index, $domain := $config.tls.domains }}
+                    {{- if $domain.main }}
+          - "--entrypoints.{{ $entrypoint }}.http.tls.domains[{{ $index }}].main={{ $domain.main }}"
+                    {{- end }}
+                    {{- if $domain.sans }}
+          - "--entrypoints.{{ $entrypoint }}.http.tls.domains[{{ $index }}].sans={{ join "," $domain.sans }}"
+                    {{- end }}
+                  {{- end }}
+                {{- end }}
+                {{- if $config.http3 }}
+                  {{- if $config.http3.enabled }}
+                    {{- if semverCompare "<3.0.0-0" (include "imageVersion" $)}}
+          - "--experimental.http3=true"
+                    {{- end }}
+                    {{- if semverCompare ">=2.6.0-0" (include "imageVersion" $)}}
+          - "--entrypoints.{{ $entrypoint }}.http3"
+                    {{- else }}
+          - "--entrypoints.{{ $entrypoint }}.enableHTTP3=true"
+                    {{- end }}
+                    {{- if $config.http3.advertisedPort }}
+          - "--entrypoints.{{ $entrypoint }}.http3.advertisedPort={{ $config.http3.advertisedPort }}"
+                    {{- end }}
+                  {{- end }}
+                {{- end }}
+              {{- end }}
+            {{- end }}
+            {{- if $config.forwardedHeaders }}
+              {{- if $config.forwardedHeaders.trustedIPs }}
+          - "--entrypoints.{{ $entrypoint }}.forwardedHeaders.trustedIPs={{ join "," $config.forwardedHeaders.trustedIPs }}"
+              {{- end }}
+              {{- if $config.forwardedHeaders.insecure }}
+          - "--entrypoints.{{ $entrypoint }}.forwardedHeaders.insecure"
+              {{- end }}
+            {{- end }}
+            {{- if $config.proxyProtocol }}
+              {{- if $config.proxyProtocol.trustedIPs }}
+          - "--entrypoints.{{ $entrypoint }}.proxyProtocol.trustedIPs={{ join "," $config.proxyProtocol.trustedIPs }}"
+              {{- end }}
+              {{- if $config.proxyProtocol.insecure }}
+          - "--entrypoints.{{ $entrypoint }}.proxyProtocol.insecure"
+              {{- end }}
+            {{- end }}
+          {{- end }}
+          {{- end }}
+          {{- with .Values.logs }}
+          {{- if .general.format }}
+          - "--log.format={{ .general.format }}"
+          {{- end }}
+          {{- if ne .general.level "ERROR" }}
+          - "--log.level={{ .general.level | upper }}"
+          {{- end }}
+          {{- if .access.enabled }}
+          - "--accesslog=true"
+          {{- if .access.format }}
+          - "--accesslog.format={{ .access.format }}"
+          {{- end }}
+          {{- if .access.filePath }}
+          - "--accesslog.filepath={{ .access.filePath }}"
+          {{- end }}
+          {{- if .access.bufferingSize }}
+          - "--accesslog.bufferingsize={{ .access.bufferingSize }}"
+          {{- end }}
+          {{- if .access.filters }}
+          {{- if .access.filters.statuscodes }}
+          - "--accesslog.filters.statuscodes={{ .access.filters.statuscodes }}"
+          {{- end }}
+          {{- if .access.filters.retryattempts }}
+          - "--accesslog.filters.retryattempts"
+          {{- end }}
+          {{- if .access.filters.minduration }}
+          - "--accesslog.filters.minduration={{ .access.filters.minduration }}"
+          {{- end }}
+          {{- end }}
+          - "--accesslog.fields.defaultmode={{ .access.fields.general.defaultmode }}"
+          {{- range $fieldname, $fieldaction := .access.fields.general.names }}
+          - "--accesslog.fields.names.{{ $fieldname }}={{ $fieldaction }}"
+          {{- end }}
+          - "--accesslog.fields.headers.defaultmode={{ .access.fields.headers.defaultmode }}"
+          {{- range $fieldname, $fieldaction := .access.fields.headers.names }}
+          - "--accesslog.fields.headers.names.{{ $fieldname }}={{ $fieldaction }}"
+          {{- end }}
+          {{- end }}
+          {{- end }}
+          {{- range $resolver, $config := $.Values.certResolvers }}
+          {{- range $option, $setting := $config }}
+          {{- if kindIs "map" $setting }}
+          {{- range $field, $value := $setting }}
+          - "--certificatesresolvers.{{ $resolver }}.acme.{{ $option }}.{{ $field }}={{ if kindIs "slice" $value }}{{ join "," $value }}{{ else }}{{ $value }}{{ end }}"
+          {{- end }}
+          {{- else }}
+          - "--certificatesresolvers.{{ $resolver }}.acme.{{ $option }}={{ $setting }}"
+          {{- end }}
+          {{- end }}
+          {{- end }}
+          {{- with .Values.additionalArguments }}
+          {{- range . }}
+          - {{ . | quote }}
+          {{- end }}
+          {{- end }}
+        {{- with .Values.env }}
+        env:
+          {{- toYaml . | nindent 10 }}
+        {{- end }}
+        {{- with .Values.envFrom }}
+        envFrom:
+          {{- toYaml . | nindent 10 }}
+        {{- end }}
+      {{- if .Values.deployment.additionalContainers }}
+        {{- toYaml .Values.deployment.additionalContainers | nindent 6 }}
+      {{- end }}
+      volumes:
+        - name: {{ .Values.persistence.name }}
+          {{- if .Values.persistence.enabled }}
+          persistentVolumeClaim:
+            claimName: {{ default (include "traefik.fullname" .) .Values.persistence.existingClaim }}
+          {{- else }}
+          emptyDir: {}
+          {{- end }}
+        - name: tmp
+          emptyDir: {}
+        {{- $root := . }}
+        {{- range .Values.volumes }}
+        - name: {{ tpl (.name) $root | replace "." "-" }}
+          {{- if eq .type "secret" }}
+          secret:
+            secretName: {{ tpl (.name) $root }}
+          {{- else if eq .type "configMap" }}
+          configMap:
+            name: {{ tpl (.name) $root }}
+          {{- end }}
+        {{- end }}
+        {{- if .Values.deployment.additionalVolumes }}
+          {{- toYaml .Values.deployment.additionalVolumes | nindent 8 }}
+        {{- end }}
+        {{- if .Values.experimental.plugins.enabled }}
+        - name: plugins
+          emptyDir: {}
+        {{- end }}
+      {{- if .Values.affinity }}
+      affinity:
+        {{- tpl (toYaml .Values.affinity) . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.tolerations }}
+      tolerations:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.nodeSelector }}
+      nodeSelector:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- if .Values.priorityClassName }}
+      priorityClassName: {{ .Values.priorityClassName }}
+      {{- end }}
+      {{- with .Values.podSecurityContext }}
+      securityContext:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- if .Values.topologySpreadConstraints }}
+      {{- if (semverCompare "<1.19.0-0" .Capabilities.KubeVersion.Version) }}
+        {{- fail "ERROR: topologySpreadConstraints are supported only on kubernetes >= v1.19" -}}
+      {{- end }}
+      topologySpreadConstraints:
+        {{- tpl (toYaml .Values.topologySpreadConstraints) . | nindent 8 }}
+      {{- end }}
+{{ end -}}
diff --git a/charts/traefik/25.0.3+up25.0.0/templates/_service-internal.tpl b/charts/traefik/25.0.3+up25.0.0/templates/_service-internal.tpl
new file mode 100644
index 0000000..8cd6018
--- /dev/null
+++ b/charts/traefik/25.0.3+up25.0.0/templates/_service-internal.tpl
@@ -0,0 +1,48 @@
+{{- define "traefik.service-internal-metadata" }}
+  labels:
+  {{- include "traefik.labels" . | nindent 4 -}}
+  {{- with .Values.service.internal.labels }}
+  {{- toYaml . | nindent 4 }}
+  {{- end }}
+{{- end }}
+
+{{- define "traefik.service-internal-spec" -}}
+  {{- $type := default "ClusterIP" .Values.service.internal.type }}
+  type: {{ $type }}
+  {{- with .Values.service.internal.spec }}
+  {{- toYaml . | nindent 2 }}
+  {{- end }}
+  selector:
+    {{- include "traefik.labelselector" . | nindent 4 }}
+  {{- if eq $type "LoadBalancer" }}
+  {{- with .Values.service.internal.loadBalancerSourceRanges }}
+  loadBalancerSourceRanges:
+  {{- toYaml . | nindent 2 }}
+  {{- end -}}
+  {{- end -}}
+  {{- with .Values.service.internal.externalIPs }}
+  externalIPs:
+  {{- toYaml . | nindent 2 }}
+  {{- end -}}
+  {{- with .Values.service.internal.ipFamilyPolicy }}
+  ipFamilyPolicy: {{ . }}
+  {{- end }}
+  {{- with .Values.service.internal.ipFamilies }}
+  ipFamilies:
+  {{- toYaml . | nindent 2 }}
+  {{- end -}}
+{{- end }}
+
+{{- define "traefik.service-internal-ports" }}
+  {{- range $name, $config := . }}
+  {{- if $config.expose }}
+  - port: {{ default $config.port $config.exposedPort }}
+    name: {{ $name | quote }}
+    targetPort: {{ default $name $config.targetPort }}
+    protocol: {{ default "TCP" $config.protocol }}
+    {{- if $config.nodePort }}
+    nodePort: {{ $config.nodePort }}
+    {{- end }}
+  {{- end }}
+  {{- end }}
+{{- end }}
diff --git a/charts/traefik/25.0.3+up25.0.0/templates/_service-metrics.tpl b/charts/traefik/25.0.3+up25.0.0/templates/_service-metrics.tpl
new file mode 100644
index 0000000..d16a362
--- /dev/null
+++ b/charts/traefik/25.0.3+up25.0.0/templates/_service-metrics.tpl
@@ -0,0 +1,25 @@
+{{- define "traefik.metrics-service-metadata" }}
+  labels:
+  {{- include "traefik.metricsservicelabels" . | nindent 4 -}}
+  {{- with .Values.metrics.prometheus.service.labels }}
+  {{- toYaml . | nindent 4 }}
+  {{- end }}
+{{- end }}
+
+{{/* Labels used for metrics-relevant selector*/}}
+{{/* This is an immutable field: this should not change between upgrade */}}
+{{- define "traefik.metricslabelselector" -}}
+{{- include "traefik.labelselector" . }}
+app.kubernetes.io/component: metrics
+{{- end }}
+
+{{/* Shared labels used in metadata of metrics-service and servicemonitor */}}
+{{- define "traefik.metricsservicelabels" -}}
+{{ include "traefik.metricslabelselector" . }}
+helm.sh/chart: {{ template "traefik.chart" . }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- with .Values.commonLabels }}
+{{ toYaml . }}
+{{- end }}
+{{- end }}
+
diff --git a/charts/traefik/25.0.3+up25.0.0/templates/_service.tpl b/charts/traefik/25.0.3+up25.0.0/templates/_service.tpl
new file mode 100644
index 0000000..e7b5892
--- /dev/null
+++ b/charts/traefik/25.0.3+up25.0.0/templates/_service.tpl
@@ -0,0 +1,69 @@
+{{- define "traefik.service-metadata" }}
+  labels:
+  {{- include "traefik.labels" . | nindent 4 -}}
+  {{- with .Values.service.labels }}
+  {{- toYaml . | nindent 4 }}
+  {{- end }}
+{{- end }}
+
+{{- define "traefik.service-spec" -}}
+  {{- $type := default "LoadBalancer" .Values.service.type }}
+  type: {{ $type }}
+  {{- with .Values.service.loadBalancerClass }}
+  loadBalancerClass: {{ . }}
+  {{- end}}
+  {{- with .Values.service.spec }}
+  {{- toYaml . | nindent 2 }}
+  {{- end }}
+  selector:
+    {{- include "traefik.labelselector" . | nindent 4 }}
+  {{- if eq $type "LoadBalancer" }}
+  {{- with .Values.service.loadBalancerSourceRanges }}
+  loadBalancerSourceRanges:
+  {{- toYaml . | nindent 2 }}
+  {{- end -}}
+  {{- end -}}
+  {{- with .Values.service.externalIPs }}
+  externalIPs:
+  {{- toYaml . | nindent 2 }}
+  {{- end -}}
+  {{- with .Values.service.ipFamilyPolicy }}
+  ipFamilyPolicy: {{ . }}
+  {{- end }}
+  {{- with .Values.service.ipFamilies }}
+  ipFamilies:
+  {{- toYaml . | nindent 2 }}
+  {{- end -}}
+{{- end }}
+
+{{- define "traefik.service-ports" }}
+  {{- range $name, $config := . }}
+  {{- if $config.expose }}
+  - port: {{ default $config.port $config.exposedPort }}
+    name: {{ $name | quote }}
+    targetPort: {{ default $name $config.targetPort }}
+    protocol: {{ default "TCP" $config.protocol }}
+    {{- if $config.nodePort }}
+    nodePort: {{ $config.nodePort }}
+    {{- end }}
+    {{- if $config.appProtocol }}
+    appProtocol: {{ $config.appProtocol }}
+    {{- end }}
+  {{- end }}
+  {{- if $config.http3 }}
+  {{- if $config.http3.enabled }}
+  {{- $http3Port := default $config.exposedPort $config.http3.advertisedPort }}
+  - port: {{ $http3Port }}
+    name: "{{ $name }}-http3"
+    targetPort: {{ default $config.port $config.targetPort }}
+    protocol: UDP
+    {{- if $config.nodePort }}
+    nodePort: {{ $config.nodePort }}
+    {{- end }}
+    {{- if $config.appProtocol }}
+    appProtocol: {{ $config.appProtocol }}
+    {{- end }}
+  {{- end }}
+  {{- end }}
+  {{- end }}
+{{- end }}
diff --git a/charts/traefik/25.0.3+up25.0.0/templates/daemonset.yaml b/charts/traefik/25.0.3+up25.0.0/templates/daemonset.yaml
new file mode 100644
index 0000000..4814ac5
--- /dev/null
+++ b/charts/traefik/25.0.3+up25.0.0/templates/daemonset.yaml
@@ -0,0 +1,47 @@
+{{- if and .Values.deployment.enabled (eq .Values.deployment.kind "DaemonSet") -}}
+  {{- with .Values.additionalArguments -}}
+    {{- range . -}}
+      {{- if contains ".acme." . -}}
+        {{- fail (printf "ACME functionality is not supported when running Traefik as a DaemonSet") -}}
+      {{- end -}}
+    {{- end -}}
+  {{- end -}}
+  {{- if eq (default .Chart.AppVersion .Values.image.tag) "latest" }}
+    {{- fail "\n\n ERROR: latest tag should not be used" }}
+  {{- end }}
+  {{- with .Values.updateStrategy }}
+    {{- if eq (.type) "RollingUpdate" }}
+      {{- if not (contains "%" (toString .rollingUpdate.maxUnavailable)) }}
+        {{- if and ($.Values.hostNetwork) (lt (float64 .rollingUpdate.maxUnavailable) 1.0) }}
+          {{- fail "maxUnavailable should be greater than 1 when using hostNetwork." }}
+        {{- end }}
+      {{- end }}
+    {{- end }}
+  {{- end }}
+
+---
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  name: {{ template "traefik.fullname" . }}
+  namespace: {{ template "traefik.namespace" . }}
+  labels:
+  {{- include "traefik.labels" . | nindent 4 }}
+  {{- with .Values.deployment.labels }}
+  {{- toYaml . | nindent 4 }}
+  {{- end }}
+  annotations:
+  {{- with .Values.deployment.annotations }}
+  {{- toYaml . | nindent 4 }}
+  {{- end }}
+spec:
+  selector:
+    matchLabels:
+      {{- include "traefik.labelselector" . | nindent 6 }}
+  updateStrategy: {{ toYaml .Values.updateStrategy | nindent 4 }}
+  minReadySeconds: {{ .Values.deployment.minReadySeconds }}
+  {{- if .Values.deployment.revisionHistoryLimit }}
+  revisionHistoryLimit: {{ .Values.deployment.revisionHistoryLimit }}
+  {{- end }}
+  template: {{ template "traefik.podTemplate" . }}
+{{- end -}}
diff --git a/charts/traefik/25.0.3+up25.0.0/templates/dashboard-ingressroute.yaml b/charts/traefik/25.0.3+up25.0.0/templates/dashboard-ingressroute.yaml
new file mode 100644
index 0000000..0552219
--- /dev/null
+++ b/charts/traefik/25.0.3+up25.0.0/templates/dashboard-ingressroute.yaml
@@ -0,0 +1,36 @@
+{{- if .Values.ingressRoute.dashboard.enabled -}}
+apiVersion: traefik.io/v1alpha1
+kind: IngressRoute
+metadata:
+  name: {{ template "traefik.fullname" . }}-dashboard
+  namespace: {{ template "traefik.namespace" . }}
+  annotations:
+    {{- with .Values.ingressRoute.dashboard.annotations }}
+    {{- toYaml . | nindent 4 }}
+    {{- end }}
+  labels:
+    {{- include "traefik.labels" . | nindent 4 }}
+    {{- with .Values.ingressRoute.dashboard.labels }}
+    {{- toYaml . | nindent 4 }}
+    {{- end }}
+spec:
+  entryPoints:
+  {{- range .Values.ingressRoute.dashboard.entryPoints }}
+  - {{ . }}
+  {{- end }}
+  routes:
+  - match: {{ .Values.ingressRoute.dashboard.matchRule }}
+    kind: Rule
+    services:
+    - name: api@internal
+      kind: TraefikService
+    {{- with .Values.ingressRoute.dashboard.middlewares }}
+    middlewares:
+      {{- toYaml . | nindent 6 }}
+    {{- end -}}
+
+  {{- with .Values.ingressRoute.dashboard.tls }}
+  tls:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+{{- end -}}
diff --git a/charts/traefik/25.0.3+up25.0.0/templates/deployment.yaml b/charts/traefik/25.0.3+up25.0.0/templates/deployment.yaml
new file mode 100644
index 0000000..df7bb38
--- /dev/null
+++ b/charts/traefik/25.0.3+up25.0.0/templates/deployment.yaml
@@ -0,0 +1,48 @@
+{{/* check helm version */}}
+{{- if (semverCompare "<v3.9.0" (.Capabilities.HelmVersion.Version | default "v3.0.0")) -}}
+    {{- fail "ERROR: Helm >= 3.9.0 is required" -}}
+{{- end -}}
+
+{{- if and .Values.deployment.enabled (eq .Values.deployment.kind "Deployment") -}}
+  {{- if gt (int .Values.deployment.replicas) 1 -}}
+    {{- with .Values.additionalArguments -}}
+      {{- range . -}}
+        {{- if contains ".acme." . -}}
+          {{- fail (printf "You can not enable acme if you set more than one traefik replica") -}}
+        {{- end -}}
+      {{- end -}}
+    {{- end -}}
+  {{- end -}}
+  {{- if eq (default .Chart.AppVersion .Values.image.tag) "latest" }}
+    {{- fail "\n\n ERROR: latest tag should not be used" }}
+  {{- end }}
+
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ template "traefik.fullname" . }}
+  namespace: {{ template "traefik.namespace" . }}
+  labels:
+  {{- include "traefik.labels" . | nindent 4 }}
+  {{- with .Values.deployment.labels }}
+  {{- toYaml . | nindent 4 }}
+  {{- end }}
+  annotations:
+  {{- with .Values.deployment.annotations }}
+  {{- toYaml . | nindent 4 }}
+  {{- end }}
+spec:
+  {{- if not .Values.autoscaling.enabled }}
+  replicas: {{ default 1 .Values.deployment.replicas }}
+  {{- end }}
+  {{- if .Values.deployment.revisionHistoryLimit }}
+  revisionHistoryLimit: {{ .Values.deployment.revisionHistoryLimit }}
+  {{- end }}
+  selector:
+    matchLabels:
+      {{- include "traefik.labelselector" . | nindent 6 }}
+  strategy: {{ toYaml .Values.updateStrategy | nindent 4 }}
+  minReadySeconds: {{ .Values.deployment.minReadySeconds }}
+  template: {{ template "traefik.podTemplate" . }}
+{{- end -}}
diff --git a/charts/traefik/25.0.3+up25.0.0/templates/extra-objects.yaml b/charts/traefik/25.0.3+up25.0.0/templates/extra-objects.yaml
new file mode 100644
index 0000000..fb38e97
--- /dev/null
+++ b/charts/traefik/25.0.3+up25.0.0/templates/extra-objects.yaml
@@ -0,0 +1,4 @@
+{{- range .Values.extraObjects }}
+---
+{{ include "traefik.render" (dict "value" . "context" $) }}
+{{- end }}
diff --git a/charts/traefik/25.0.3+up25.0.0/templates/gateway.yaml b/charts/traefik/25.0.3+up25.0.0/templates/gateway.yaml
new file mode 100644
index 0000000..a5b5a12
--- /dev/null
+++ b/charts/traefik/25.0.3+up25.0.0/templates/gateway.yaml
@@ -0,0 +1,35 @@
+{{- if .Values.experimental.kubernetesGateway.enabled }}
+---
+apiVersion: gateway.networking.k8s.io/v1alpha2
+kind: Gateway
+metadata:
+  name: traefik-gateway
+  namespace: {{ default (include "traefik.namespace" .) .Values.experimental.kubernetesGateway.namespace }}
+  labels:
+    {{- include "traefik.labels" . | nindent 4 }}
+  {{- with .Values.experimental.kubernetesGateway.annotations }}
+  annotations:
+  {{- toYaml . | nindent 4 }}
+  {{- end }}
+spec:
+  gatewayClassName: traefik
+  listeners:
+    - name: web
+      port: {{ .Values.ports.web.port }}
+      protocol: HTTP
+      {{- with .Values.experimental.kubernetesGateway.namespacePolicy }}
+      allowedRoutes:
+        namespaces:
+          from: {{ . }}
+      {{- end }}
+    {{- if .Values.experimental.kubernetesGateway.certificate }}
+    - name: websecure
+      port: {{ $.Values.ports.websecure.port }}
+      protocol: HTTPS
+      tls:
+        certificateRefs:
+          - name: {{ .Values.experimental.kubernetesGateway.certificate.name }}
+            group: {{ .Values.experimental.kubernetesGateway.certificate.group }}
+            kind: {{ .Values.experimental.kubernetesGateway.certificate.kind }}
+    {{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/traefik/25.0.3+up25.0.0/templates/gatewayclass.yaml b/charts/traefik/25.0.3+up25.0.0/templates/gatewayclass.yaml
new file mode 100644
index 0000000..c8abada
--- /dev/null
+++ b/charts/traefik/25.0.3+up25.0.0/templates/gatewayclass.yaml
@@ -0,0 +1,11 @@
+{{- if .Values.experimental.kubernetesGateway.enabled }}
+---
+apiVersion: gateway.networking.k8s.io/v1alpha2
+kind: GatewayClass
+metadata:
+  name: traefik
+  labels:
+    {{- include "traefik.labels" . | nindent 4 }}
+spec:
+  controllerName: traefik.io/gateway-controller
+{{- end }}
diff --git a/charts/traefik/25.0.3+up25.0.0/templates/healthcheck-ingressroute.yaml b/charts/traefik/25.0.3+up25.0.0/templates/healthcheck-ingressroute.yaml
new file mode 100644
index 0000000..3a5476e
--- /dev/null
+++ b/charts/traefik/25.0.3+up25.0.0/templates/healthcheck-ingressroute.yaml
@@ -0,0 +1,36 @@
+{{- if .Values.ingressRoute.healthcheck.enabled -}}
+apiVersion: traefik.io/v1alpha1
+kind: IngressRoute
+metadata:
+  name: {{ template "traefik.fullname" . }}-healthcheck
+  namespace: {{ template "traefik.namespace" . }}
+  annotations:
+    {{- with .Values.ingressRoute.healthcheck.annotations }}
+    {{- toYaml . | nindent 4 }}
+    {{- end }}
+  labels:
+    {{- include "traefik.labels" . | nindent 4 }}
+    {{- with .Values.ingressRoute.healthcheck.labels }}
+    {{- toYaml . | nindent 4 }}
+    {{- end }}
+spec:
+  entryPoints:
+  {{- range .Values.ingressRoute.healthcheck.entryPoints }}
+  - {{ . }}
+  {{- end }}
+  routes:
+  - match: {{ .Values.ingressRoute.healthcheck.matchRule }}
+    kind: Rule
+    services:
+    - name: ping@internal
+      kind: TraefikService
+    {{- with .Values.ingressRoute.healthcheck.middlewares }}
+    middlewares:
+      {{- toYaml . | nindent 6 }}
+    {{- end -}}
+
+  {{- with .Values.ingressRoute.healthcheck.tls }}
+  tls:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+{{- end -}}
diff --git a/charts/traefik/25.0.3+up25.0.0/templates/hpa.yaml b/charts/traefik/25.0.3+up25.0.0/templates/hpa.yaml
new file mode 100644
index 0000000..cfa1e5a
--- /dev/null
+++ b/charts/traefik/25.0.3+up25.0.0/templates/hpa.yaml
@@ -0,0 +1,35 @@
+{{- if .Values.autoscaling.enabled }}
+
+{{- if not .Values.autoscaling.maxReplicas }}
+  {{- fail "ERROR: maxReplicas is required on HPA" }}
+{{- end }}
+
+{{- if semverCompare ">=1.23.0-0" .Capabilities.KubeVersion.Version }}
+apiVersion: autoscaling/v2
+{{- else }}
+apiVersion: autoscaling/v2beta2
+{{- end }}
+kind: HorizontalPodAutoscaler
+metadata:
+  name: {{ template "traefik.fullname" . }}
+  namespace: {{ template "traefik.namespace" . }}
+  labels:
+    {{- include "traefik.labels" . | nindent 4 }}
+spec:
+  scaleTargetRef:
+    apiVersion: apps/v1
+    kind: Deployment
+    name: {{ template "traefik.fullname" . }}
+{{- if .Values.autoscaling.minReplicas }}
+  minReplicas: {{ .Values.autoscaling.minReplicas }}
+{{- end }}
+  maxReplicas: {{ .Values.autoscaling.maxReplicas }}
+{{- if .Values.autoscaling.metrics }}
+  metrics:
+{{ toYaml .Values.autoscaling.metrics | indent 4 }}
+{{- end }}
+{{- if .Values.autoscaling.behavior }}
+  behavior:
+{{ toYaml .Values.autoscaling.behavior | indent 4 }}
+{{- end }}
+{{- end }}
diff --git a/charts/traefik/25.0.3+up25.0.0/templates/ingressclass.yaml b/charts/traefik/25.0.3+up25.0.0/templates/ingressclass.yaml
new file mode 100644
index 0000000..2c207c6
--- /dev/null
+++ b/charts/traefik/25.0.3+up25.0.0/templates/ingressclass.yaml
@@ -0,0 +1,21 @@
+{{- if .Values.ingressClass.enabled -}}
+  {{- if (semverCompare "<2.3.0" (include "imageVersion" $)) -}}
+    {{- fail "ERROR: IngressClass cannot be used with Traefik < 2.3.0" -}}
+  {{- end -}}
+  {{- if semverCompare ">=1.19.0-0" .Capabilities.KubeVersion.Version  -}}
+apiVersion: networking.k8s.io/v1
+  {{- else if semverCompare ">=1.16.0-0" .Capabilities.KubeVersion.Version }}
+apiVersion: networking.k8s.io/v1beta1
+  {{- else }}
+    {{- fail "ERROR: You must use at least Kubernetes v1.16 with this Chart" }}
+  {{- end }}
+kind: IngressClass
+metadata:
+  annotations:
+    ingressclass.kubernetes.io/is-default-class: {{ .Values.ingressClass.isDefaultClass | quote }}
+  labels:
+    {{- include "traefik.labels" . | nindent 4 }}
+  name: {{ .Values.ingressClass.name | default (include "traefik.fullname" .) }}
+spec:
+  controller: traefik.io/ingress-controller
+{{- end -}}
diff --git a/charts/traefik/25.0.3+up25.0.0/templates/poddisruptionbudget.yaml b/charts/traefik/25.0.3+up25.0.0/templates/poddisruptionbudget.yaml
new file mode 100644
index 0000000..f171639
--- /dev/null
+++ b/charts/traefik/25.0.3+up25.0.0/templates/poddisruptionbudget.yaml
@@ -0,0 +1,23 @@
+{{- if .Values.podDisruptionBudget.enabled -}}
+{{- if .Capabilities.APIVersions.Has "policy/v1/PodDisruptionBudget" }}
+apiVersion: policy/v1
+{{- else }}
+apiVersion: policy/v1beta1
+{{- end }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "traefik.fullname" . }}
+  namespace: {{ template "traefik.namespace" . }}
+  labels:
+    {{- include "traefik.labels" . | nindent 4 }}
+spec:
+  selector:
+    matchLabels:
+      {{- include "traefik.labelselector" . | nindent 6 }}
+  {{- if .Values.podDisruptionBudget.minAvailable }}
+  minAvailable: {{ .Values.podDisruptionBudget.minAvailable }}
+  {{- end }}
+  {{- if .Values.podDisruptionBudget.maxUnavailable }}
+  maxUnavailable: {{ .Values.podDisruptionBudget.maxUnavailable }}
+  {{- end }}
+{{- end -}}
diff --git a/charts/traefik/25.0.3+up25.0.0/templates/prometheusrules.yaml b/charts/traefik/25.0.3+up25.0.0/templates/prometheusrules.yaml
new file mode 100644
index 0000000..fa78605
--- /dev/null
+++ b/charts/traefik/25.0.3+up25.0.0/templates/prometheusrules.yaml
@@ -0,0 +1,30 @@
+{{- if .Values.metrics.prometheus }}
+{{- if .Values.metrics.prometheus.prometheusRule }}
+  {{- if (not (.Capabilities.APIVersions.Has "monitoring.coreos.com/v1")) }}
+    {{- if (not (.Values.metrics.prometheus.disableAPICheck)) }}
+      {{- fail "ERROR: You have to deploy monitoring.coreos.com/v1 first" }}
+    {{- end }}
+  {{- end }}
+apiVersion: monitoring.coreos.com/v1
+kind: PrometheusRule
+metadata:
+  name: {{ template "traefik.fullname" . }}
+  {{- if .Values.metrics.prometheus.prometheusRule.namespace }}
+  namespace: {{ .Values.metrics.prometheus.prometheusRule.namespace }}
+  {{- end }}
+  labels:
+    {{- include "traefik.labels" . | nindent 4 }}
+    {{- with .Values.metrics.prometheus.prometheusRule.additionalLabels }}
+    {{- toYaml . | nindent 4 }}
+    {{- end }}
+spec:
+  {{- if .Values.metrics.prometheus.prometheusRule.rules }}
+  groups:
+  - name: {{ template "traefik.name" $ }}
+    rules:
+    {{- with .Values.metrics.prometheus.prometheusRule.rules }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/traefik/25.0.3+up25.0.0/templates/pvc.yaml b/charts/traefik/25.0.3+up25.0.0/templates/pvc.yaml
new file mode 100644
index 0000000..7ab96f9
--- /dev/null
+++ b/charts/traefik/25.0.3+up25.0.0/templates/pvc.yaml
@@ -0,0 +1,26 @@
+{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) -}}
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: {{ template "traefik.fullname" . }}
+  namespace: {{ template "traefik.namespace" . }}
+  annotations:
+  {{- with .Values.persistence.annotations  }}
+  {{ toYaml . | nindent 4 }}
+  {{- end }}
+    helm.sh/resource-policy: keep
+  labels:
+    {{- include "traefik.labels" . | nindent 4 }}
+spec:
+  accessModes:
+    - {{ .Values.persistence.accessMode | quote }}
+  resources:
+    requests:
+      storage: {{ .Values.persistence.size | quote }}
+  {{- if .Values.persistence.storageClass }}
+  storageClassName: {{ .Values.persistence.storageClass | quote }}
+  {{- end }}
+  {{- if .Values.persistence.volumeName }}
+  volumeName: {{ .Values.persistence.volumeName | quote }}
+  {{- end }}
+{{- end -}}
diff --git a/charts/traefik/25.0.3+up25.0.0/templates/rbac/clusterrole.yaml b/charts/traefik/25.0.3+up25.0.0/templates/rbac/clusterrole.yaml
new file mode 100644
index 0000000..179663f
--- /dev/null
+++ b/charts/traefik/25.0.3+up25.0.0/templates/rbac/clusterrole.yaml
@@ -0,0 +1,111 @@
+{{- if and .Values.rbac.enabled (or .Values.providers.kubernetesIngress.enabled (not .Values.rbac.namespaced)) -}}
+---
+kind: ClusterRole
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: {{ template "traefik.clusterRoleName" . }}
+  labels:
+    {{- include "traefik.labels" . | nindent 4 }}
+    {{- range .Values.rbac.aggregateTo }}
+    rbac.authorization.k8s.io/aggregate-to-{{ . }}: "true"
+    {{- end }}
+rules:
+  - apiGroups:
+      - extensions
+      - networking.k8s.io
+    resources:
+      - ingressclasses
+{{- if not .Values.rbac.namespaced }}
+      - ingresses
+{{- end }}
+    verbs:
+      - get
+      - list
+      - watch
+{{- if not .Values.rbac.namespaced }}
+  - apiGroups:
+      - ""
+    resources:
+      - services
+      - endpoints
+      - secrets
+    verbs:
+      - get
+      - list
+      - watch
+{{- if .Values.providers.kubernetesIngress.enabled }}
+  - apiGroups:
+      - extensions
+      - networking.k8s.io
+    resources:
+      - ingresses/status
+    verbs:
+      - update
+{{- end -}}
+{{- if .Values.providers.kubernetesCRD.enabled }}
+  - apiGroups:
+      - traefik.io
+      {{- if semverCompare "<3.0.0-0" (include "imageVersion" $) }}
+      - traefik.containo.us
+      {{- end }}
+    resources:
+      - ingressroutes
+      - ingressroutetcps
+      - ingressrouteudps
+      - middlewares
+      - middlewaretcps
+      - tlsoptions
+      - tlsstores
+      - traefikservices
+      - serverstransports
+      {{- if semverCompare ">=3.0.0-0" (include "imageVersion" $)  }}
+      - serverstransporttcps
+      {{- end }}
+    verbs:
+      - get
+      - list
+      - watch
+{{- end -}}
+{{- if .Values.podSecurityPolicy.enabled }}
+  - apiGroups:
+      - policy
+    resourceNames:
+      - {{ template "traefik.fullname" . }}
+    resources:
+      - podsecuritypolicies
+    verbs:
+      - use
+{{- end -}}
+{{- if .Values.experimental.kubernetesGateway.enabled }}
+  - apiGroups:
+      - ""
+    resources:
+      - namespaces
+    verbs:
+      - list
+      - watch
+  - apiGroups:
+      - gateway.networking.k8s.io
+    resources:
+      - gatewayclasses
+      - gateways
+      - httproutes
+      - tcproutes
+      - tlsroutes
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - gateway.networking.k8s.io
+    resources:
+      - gatewayclasses/status
+      - gateways/status
+      - httproutes/status
+      - tcproutes/status
+      - tlsroutes/status
+    verbs:
+      - update
+{{- end -}}
+{{- end -}}
+{{- end -}}
diff --git a/charts/traefik/25.0.3+up25.0.0/templates/rbac/clusterrolebinding.yaml b/charts/traefik/25.0.3+up25.0.0/templates/rbac/clusterrolebinding.yaml
new file mode 100644
index 0000000..c6c36d5
--- /dev/null
+++ b/charts/traefik/25.0.3+up25.0.0/templates/rbac/clusterrolebinding.yaml
@@ -0,0 +1,17 @@
+{{- if and .Values.rbac.enabled (or .Values.providers.kubernetesIngress.enabled (not .Values.rbac.namespaced)) -}}
+---
+kind: ClusterRoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: {{ template "traefik.clusterRoleName" . }}
+  labels:
+    {{- include "traefik.labels" . | nindent 4 }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "traefik.clusterRoleName" . }}
+subjects:
+  - kind: ServiceAccount
+    name: {{ include "traefik.serviceAccountName" . }}
+    namespace: {{ template "traefik.namespace" . }}
+{{- end -}}
diff --git a/charts/traefik/25.0.3+up25.0.0/templates/rbac/podsecuritypolicy.yaml b/charts/traefik/25.0.3+up25.0.0/templates/rbac/podsecuritypolicy.yaml
new file mode 100644
index 0000000..bc0a3bd
--- /dev/null
+++ b/charts/traefik/25.0.3+up25.0.0/templates/rbac/podsecuritypolicy.yaml
@@ -0,0 +1,68 @@
+{{- if .Values.podSecurityPolicy.enabled }}
+{{- if semverCompare ">=1.25.0-0" .Capabilities.KubeVersion.Version }}
+  {{- fail "ERROR: PodSecurityPolicy has been removed in Kubernetes v1.25+" }}
+{{- end }}
+---
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  annotations:
+    seccomp.security.alpha.kubernetes.io/allowedProfileNames: runtime/default
+    seccomp.security.alpha.kubernetes.io/defaultProfileName: runtime/default
+  name: {{ template "traefik.fullname" . }}
+  labels:
+    {{- include "traefik.labels" . | nindent 4 }}
+spec:
+  privileged: false
+  allowPrivilegeEscalation: false
+  requiredDropCapabilities:
+    - ALL
+{{- if not .Values.securityContext.runAsNonRoot }}
+  allowedCapabilities:
+    - NET_BIND_SERVICE
+{{- end }}
+  hostNetwork: {{ .Values.hostNetwork }}
+  hostIPC: false
+  hostPID: false
+  fsGroup:
+{{- if .Values.securityContext.runAsNonRoot }}
+    ranges:
+    - max: 65535
+      min: 1
+    rule: MustRunAs
+{{- else }}
+    rule: RunAsAny
+{{- end }}
+{{- if .Values.hostNetwork }}
+  hostPorts:
+  - max: 65535
+    min: 1
+{{- end }}
+  readOnlyRootFilesystem: true
+  runAsUser:
+{{- if .Values.securityContext.runAsNonRoot }}
+    rule: MustRunAsNonRoot
+{{- else }}
+    rule: RunAsAny
+{{- end }}
+  seLinux:
+    rule: RunAsAny
+  supplementalGroups:
+{{- if .Values.securityContext.runAsNonRoot }}
+    ranges:
+    - max: 65535
+      min: 1
+    rule: MustRunAs
+{{- else }}
+    rule: RunAsAny
+{{- end }}
+  volumes:
+  - configMap
+  - downwardAPI
+  - secret
+  - emptyDir
+  - projected
+{{- if .Values.persistence.enabled }}
+  - persistentVolumeClaim
+{{- end -}}
+{{- end -}}
diff --git a/charts/traefik/25.0.3+up25.0.0/templates/rbac/role.yaml b/charts/traefik/25.0.3+up25.0.0/templates/rbac/role.yaml
new file mode 100644
index 0000000..35589ec
--- /dev/null
+++ b/charts/traefik/25.0.3+up25.0.0/templates/rbac/role.yaml
@@ -0,0 +1,79 @@
+{{- $ingressNamespaces := default (include "traefik.namespace" . | list) .Values.providers.kubernetesIngress.namespaces -}}
+{{- $CRDNamespaces := default (include "traefik.namespace" . | list) .Values.providers.kubernetesCRD.namespaces -}}
+{{- $allNamespaces := uniq (concat $ingressNamespaces $CRDNamespaces) -}}
+
+{{- if and .Values.rbac.enabled .Values.rbac.namespaced -}}
+{{- range $allNamespaces }}
+---
+kind: Role
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: {{ template "traefik.fullname" $ }}
+  namespace: {{ . }}
+  labels:
+    {{- include "traefik.labels" $ | nindent 4 }}
+rules:
+  - apiGroups:
+      - ""
+    resources:
+      - services
+      - endpoints
+      - secrets
+    verbs:
+      - get
+      - list
+      - watch
+{{- if (and (has . $ingressNamespaces) $.Values.providers.kubernetesIngress.enabled) }}
+  - apiGroups:
+      - extensions
+      - networking.k8s.io
+    resources:
+      - ingresses
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - extensions
+      - networking.k8s.io
+    resources:
+      - ingresses/status
+    verbs:
+      - update
+{{- end -}}
+{{- if (and (has . $CRDNamespaces) $.Values.providers.kubernetesCRD.enabled) }}
+  - apiGroups:
+      - traefik.io
+      {{- if semverCompare "<3.0.0-0" (include "imageVersion" $) }}
+      - traefik.containo.us
+      {{- end }}
+    resources:
+      - ingressroutes
+      - ingressroutetcps
+      - ingressrouteudps
+      - middlewares
+      - middlewaretcps
+      - tlsoptions
+      - tlsstores
+      - traefikservices
+      - serverstransports
+      {{- if semverCompare ">=3.0.0-0" (include "imageVersion" $) }}
+      - serverstransporttcps
+      {{- end }}
+    verbs:
+      - get
+      - list
+      - watch
+{{- end -}}
+{{- if $.Values.podSecurityPolicy.enabled }}
+  - apiGroups:
+      - extensions
+    resourceNames:
+      - {{ template "traefik.fullname" $ }}
+    resources:
+      - podsecuritypolicies
+    verbs:
+      - use
+{{- end -}}
+{{- end -}}
+{{- end -}}
diff --git a/charts/traefik/25.0.3+up25.0.0/templates/rbac/rolebinding.yaml b/charts/traefik/25.0.3+up25.0.0/templates/rbac/rolebinding.yaml
new file mode 100644
index 0000000..263a2e0
--- /dev/null
+++ b/charts/traefik/25.0.3+up25.0.0/templates/rbac/rolebinding.yaml
@@ -0,0 +1,24 @@
+{{- $ingressNamespaces := default (include "traefik.namespace" . | list) .Values.providers.kubernetesIngress.namespaces -}}
+{{- $CRDNamespaces := default (include "traefik.namespace" . | list) .Values.providers.kubernetesCRD.namespaces -}}
+{{- $allNamespaces := uniq (concat $ingressNamespaces $CRDNamespaces) -}}
+
+{{- if and .Values.rbac.enabled .Values.rbac.namespaced }}
+{{- range $allNamespaces }}
+---
+kind: RoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: {{ template "traefik.fullname" $ }}
+  namespace: {{ . }}
+  labels:
+    {{- include "traefik.labels" $ | nindent 4 }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "traefik.fullname" $ }}
+subjects:
+  - kind: ServiceAccount
+    name: {{ include "traefik.serviceAccountName" $ }}
+    namespace: {{ template "traefik.namespace" $ }}
+{{- end -}}
+{{- end -}}
diff --git a/charts/traefik/25.0.3+up25.0.0/templates/rbac/serviceaccount.yaml b/charts/traefik/25.0.3+up25.0.0/templates/rbac/serviceaccount.yaml
new file mode 100644
index 0000000..81f84c5
--- /dev/null
+++ b/charts/traefik/25.0.3+up25.0.0/templates/rbac/serviceaccount.yaml
@@ -0,0 +1,13 @@
+{{- if not .Values.serviceAccount.name -}}
+kind: ServiceAccount
+apiVersion: v1
+metadata:
+  name: {{ include "traefik.serviceAccountName" . }}
+  namespace: {{ template "traefik.namespace" . }}
+  labels:
+    {{- include "traefik.labels" . | nindent 4 }}
+  annotations:
+  {{- with .Values.serviceAccountAnnotations }}
+  {{- toYaml . | nindent 4 }}
+  {{- end }}
+{{- end -}}
diff --git a/charts/traefik/25.0.3+up25.0.0/templates/service-internal.yaml b/charts/traefik/25.0.3+up25.0.0/templates/service-internal.yaml
new file mode 100644
index 0000000..3436744
--- /dev/null
+++ b/charts/traefik/25.0.3+up25.0.0/templates/service-internal.yaml
@@ -0,0 +1,58 @@
+{{- if .Values.service.internal -}}
+
+{{- $fullname := include "traefik.fullname" . }}
+{{- if ge (len $fullname) 50 }}
+  {{- fail "ERROR: Cannot create an internal service when name contains more than 50 characters" }}
+{{- end }}
+
+{{- $tcpPorts := dict -}}
+{{- $udpPorts := dict -}}
+{{- $exposedPorts := false -}}
+{{- range $name, $config := .Values.ports -}}
+  {{- if eq (toString $config.protocol) "UDP" -}}
+    {{ $_ := set $udpPorts $name $config -}}
+  {{- end -}}
+  {{- if eq (toString (default "TCP" $config.protocol)) "TCP" -}}
+    {{ $_ := set $tcpPorts $name $config -}}
+  {{- end -}}
+{{- end -}}
+
+{{- if (or $tcpPorts .Values.service.single) }}
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ $fullname}}-internal
+  namespace: {{ template "traefik.namespace" . }}
+  {{- template "traefik.service-internal-metadata" . }}
+  annotations:
+  {{- with .Values.service.internal.annotations }}
+  {{- toYaml . | nindent 4 }}
+  {{- end }}
+spec:
+  {{- template "traefik.service-internal-spec" . }}
+  ports:
+  {{- template "traefik.service-internal-ports" $tcpPorts }}
+{{- if .Values.service.single }}
+  {{- template "traefik.service-internal-ports" $udpPorts }}
+{{- end }}
+{{- end }}
+
+{{- if (and $udpPorts (not .Values.service.single)) }}
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ $fullname }}-internal-udp
+  namespace: {{ template "traefik.namespace" . }}
+  {{- template "traefik.service-internal-metadata" . }}
+  annotations:
+  {{- with .Values.service.internal.annotations }}
+  {{- toYaml . | nindent 4 }}
+  {{- end }}
+spec:
+  {{- template "traefik.service-internal-spec" . }}
+  ports:
+  {{- template "traefik.service-internal-ports" $udpPorts }}
+{{- end }}
+
+{{- end -}}
diff --git a/charts/traefik/25.0.3+up25.0.0/templates/service-metrics.yaml b/charts/traefik/25.0.3+up25.0.0/templates/service-metrics.yaml
new file mode 100644
index 0000000..7660907
--- /dev/null
+++ b/charts/traefik/25.0.3+up25.0.0/templates/service-metrics.yaml
@@ -0,0 +1,33 @@
+{{- if .Values.metrics.prometheus }}
+{{- if .Values.metrics.prometheus.service }}
+{{- if (.Values.metrics.prometheus.service).enabled -}}
+
+{{- $fullname := include "traefik.fullname" . }}
+{{- if ge (len $fullname) 50 }}
+  {{- fail "ERROR: Cannot create a metrics service when name contains more than 50 characters" }}
+{{- end }}
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ $fullname }}-metrics
+  namespace: {{ template "traefik.namespace" . }}
+  {{- template "traefik.metrics-service-metadata" . }}
+  annotations:
+  {{- with .Values.metrics.prometheus.service.annotations }}
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+spec:
+  type: ClusterIP
+  selector:
+    {{- include "traefik.labelselector" . | nindent 4 }}
+  ports:
+  - port: {{ .Values.ports.metrics.port }}
+    name: "metrics"
+    targetPort: metrics
+    protocol: TCP
+    {{- if .Values.ports.metrics.nodePort }}
+    nodePort: {{ .Values.ports.metrics.nodePort }}
+    {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/traefik/25.0.3+up25.0.0/templates/service.yaml b/charts/traefik/25.0.3+up25.0.0/templates/service.yaml
new file mode 100644
index 0000000..66483fa
--- /dev/null
+++ b/charts/traefik/25.0.3+up25.0.0/templates/service.yaml
@@ -0,0 +1,69 @@
+{{- if .Values.service.enabled -}}
+
+{{- $tcpPorts := dict -}}
+{{- $udpPorts := dict -}}
+{{- $exposedPorts := false -}}
+{{- range $name, $config := .Values.ports -}}
+  {{- if $config -}}
+    {{- if $config.http3 -}}
+    {{- if $config.http3.enabled -}}
+      {{- if (not $config.tls.enabled) -}}
+        {{- fail "ERROR: You cannot enable http3 without enabling tls" -}}
+      {{- end -}}
+    {{- end -}}
+    {{- end -}}
+    {{- if eq (toString $config.protocol) "UDP" -}}
+      {{ $_ := set $udpPorts $name $config -}}
+    {{- end -}}
+    {{- if eq (toString (default "TCP" $config.protocol)) "TCP" -}}
+      {{ $_ := set $tcpPorts $name $config -}}
+    {{- end -}}
+    {{- if (eq $config.expose true) -}}
+      {{- $exposedPorts = true -}}
+    {{- end -}}
+  {{- end -}}
+{{- end -}}
+
+{{- if (eq $exposedPorts false) -}}
+  {{- fail "You need to expose at least one port or set enabled=false to service" -}}
+{{- end -}}
+
+{{- if and $exposedPorts (or $tcpPorts .Values.service.single) }}
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "traefik.fullname" . }}
+  namespace: {{ template "traefik.namespace" . }}
+  {{- template "traefik.service-metadata" . }}
+  annotations:
+  {{- with (merge dict .Values.service.annotationsTCP .Values.service.annotations) }}
+  {{- toYaml . | nindent 4 }}
+  {{- end }}
+spec:
+  {{- template "traefik.service-spec" . }}
+  ports:
+  {{- template "traefik.service-ports" $tcpPorts }}
+{{- if .Values.service.single }}
+  {{- template "traefik.service-ports" $udpPorts }}
+{{- end }}
+{{- end }}
+
+{{- if and $exposedPorts (and $udpPorts (not .Values.service.single)) }}
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "traefik.fullname" . }}-udp
+  namespace: {{ template "traefik.namespace" . }}
+  {{- template "traefik.service-metadata" . }}
+  annotations:
+  {{- with (merge dict .Values.service.annotationsUDP .Values.service.annotations) }}
+  {{- toYaml . | nindent 4 }}
+  {{- end }}
+spec:
+  {{- template "traefik.service-spec" . }}
+  ports:
+  {{- template "traefik.service-ports" $udpPorts }}
+{{- end }}
+
+{{- end -}}
diff --git a/charts/traefik/25.0.3+up25.0.0/templates/servicemonitor.yaml b/charts/traefik/25.0.3+up25.0.0/templates/servicemonitor.yaml
new file mode 100644
index 0000000..f3e1284
--- /dev/null
+++ b/charts/traefik/25.0.3+up25.0.0/templates/servicemonitor.yaml
@@ -0,0 +1,71 @@
+{{- if .Values.metrics.prometheus }}
+{{- if .Values.metrics.prometheus.serviceMonitor }}
+  {{- if (not (.Capabilities.APIVersions.Has "monitoring.coreos.com/v1")) }}
+    {{- if (not (.Values.metrics.prometheus.disableAPICheck)) }}
+      {{- fail "ERROR: You have to deploy monitoring.coreos.com/v1 first" }}
+    {{- end }}
+  {{- end }}
+apiVersion: monitoring.coreos.com/v1
+kind: ServiceMonitor
+metadata:
+  name: {{ template "traefik.fullname" . }}
+  {{- with .Values.metrics.prometheus.serviceMonitor.namespace }}
+  namespace: {{ . }}
+  {{- end }}
+  labels:
+    {{- if (.Values.metrics.prometheus.service).enabled }}
+    {{- include "traefik.metricsservicelabels" . | nindent 4 }}
+    {{- else }}
+    {{- include "traefik.labels" . | nindent 4 }}
+    {{- end }}
+    {{- with .Values.metrics.prometheus.serviceMonitor.additionalLabels }}
+    {{- toYaml . | nindent 4 }}
+    {{- end }}
+spec:
+  jobLabel: {{ .Values.metrics.prometheus.serviceMonitor.jobLabel | default .Release.Name }}
+  endpoints:
+    - targetPort: metrics
+      path: /{{ .Values.metrics.prometheus.entryPoint }}
+      {{- with .Values.metrics.prometheus.serviceMonitor.honorLabels }}
+      honorLabels: {{ . }}
+      {{- end }}
+      {{- with .Values.metrics.prometheus.serviceMonitor.honorTimestamps }}
+      honorTimestamps: {{ . }}
+      {{- end }}
+      {{- with .Values.metrics.prometheus.serviceMonitor.enableHttp2 }}
+      enableHttp2: {{ . }}
+      {{- end }}
+      {{- with .Values.metrics.prometheus.serviceMonitor.followRedirects }}
+      followRedirects: {{ . }}
+      {{- end }}
+      {{- with .Values.metrics.prometheus.serviceMonitor.interval }}
+      interval: {{ . }}
+      {{- end }}
+      {{- with .Values.metrics.prometheus.serviceMonitor.scrapeTimeout }}
+      scrapeTimeout: {{ . }}
+      {{- end }}
+{{- if .Values.metrics.prometheus.serviceMonitor.metricRelabelings }}
+      metricRelabelings:
+{{ tpl (toYaml .Values.metrics.prometheus.serviceMonitor.metricRelabelings | indent 6) . }}
+{{- end }}
+{{- if .Values.metrics.prometheus.serviceMonitor.relabelings }}
+      relabelings:
+{{ toYaml .Values.metrics.prometheus.serviceMonitor.relabelings | indent 6 }}
+{{- end }}
+  {{- if .Values.metrics.prometheus.serviceMonitor.namespaceSelector }}
+  namespaceSelector:
+{{ toYaml .Values.metrics.prometheus.serviceMonitor.namespaceSelector | indent 4 -}}
+  {{ else }}
+  namespaceSelector:
+    matchNames:
+      - {{ template "traefik.namespace" . }}
+  {{- end }}
+  selector:
+    matchLabels:
+      {{- if (.Values.metrics.prometheus.service).enabled }}
+      {{- include "traefik.metricslabelselector" . | nindent 6 }}
+      {{- else }}
+      {{- include "traefik.labelselector" . | nindent 6 }}
+      {{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/traefik/25.0.3+up25.0.0/templates/tlsoption.yaml b/charts/traefik/25.0.3+up25.0.0/templates/tlsoption.yaml
new file mode 100644
index 0000000..07ec031
--- /dev/null
+++ b/charts/traefik/25.0.3+up25.0.0/templates/tlsoption.yaml
@@ -0,0 +1,42 @@
+{{- range $name, $config := .Values.tlsOptions }}
+apiVersion: traefik.io/v1alpha1
+kind: TLSOption
+metadata:
+  name: {{ $name }}
+  namespace: {{ template "traefik.namespace" $ }}
+  labels:
+    {{- include "traefik.labels" $ | nindent 4 }}
+    {{- with $config.labels }}
+    {{- toYaml . | nindent 4 }}
+    {{- end }}
+spec:
+  {{- with $config.alpnProtocols }}
+  alpnProtocols:
+  {{- toYaml . | nindent 4 }}
+  {{- end }}
+  {{- with $config.cipherSuites }}
+  cipherSuites:
+  {{- toYaml . | nindent 4 }}
+  {{- end }}
+  {{- with $config.clientAuth }}
+  clientAuth:
+  {{- toYaml . | nindent 4 }}
+  {{- end }}
+  {{- with $config.curvePreferences }}
+  curvePreferences:
+  {{- toYaml . | nindent 4 }}
+  {{- end }}  
+  {{- if $config.maxVersion }}
+  maxVersion: {{ $config.maxVersion }}
+  {{- end }}
+  {{- if $config.minVersion }}
+  minVersion: {{ $config.minVersion }}
+  {{- end }}
+  {{- if $config.preferServerCipherSuites }}
+  preferServerCipherSuites: {{ $config.preferServerCipherSuites }}
+  {{- end }}
+  {{- if $config.sniStrict }}
+  sniStrict: {{ $config.sniStrict }}
+  {{- end }}
+---
+{{- end -}}
diff --git a/charts/traefik/25.0.3+up25.0.0/templates/tlsstore.yaml b/charts/traefik/25.0.3+up25.0.0/templates/tlsstore.yaml
new file mode 100644
index 0000000..88c8fb8
--- /dev/null
+++ b/charts/traefik/25.0.3+up25.0.0/templates/tlsstore.yaml
@@ -0,0 +1,12 @@
+{{- range $name, $config := .Values.tlsStore }}
+apiVersion: traefik.io/v1alpha1
+kind: TLSStore
+metadata:
+  name: {{ $name }}
+  namespace: {{ template "traefik.namespace" $ }}
+  labels:
+    {{- include "traefik.labels" $ | nindent 4 }}
+spec:
+  {{- toYaml $config | nindent 2 }}
+---
+{{- end -}}
diff --git a/charts/traefik/25.0.3+up25.0.0/templates/validate-install-crd.yaml b/charts/traefik/25.0.3+up25.0.0/templates/validate-install-crd.yaml
new file mode 100644
index 0000000..9d3eabe
--- /dev/null
+++ b/charts/traefik/25.0.3+up25.0.0/templates/validate-install-crd.yaml
@@ -0,0 +1,32 @@
+#{{- if gt (len (lookup "rbac.authorization.k8s.io/v1" "ClusterRole" "" "")) 0 -}}
+# {{- $found := dict -}}
+# {{- set $found "traefik.containo.us/v1alpha1/IngressRoute" false -}}
+# {{- set $found "traefik.containo.us/v1alpha1/IngressRouteTCP" false -}}
+# {{- set $found "traefik.containo.us/v1alpha1/IngressRouteUDP" false -}}
+# {{- set $found "traefik.containo.us/v1alpha1/Middleware" false -}}
+# {{- set $found "traefik.containo.us/v1alpha1/MiddlewareTCP" false -}}
+# {{- set $found "traefik.containo.us/v1alpha1/ServersTransport" false -}}
+# {{- set $found "traefik.containo.us/v1alpha1/TLSOption" false -}}
+# {{- set $found "traefik.containo.us/v1alpha1/TLSStore" false -}}
+# {{- set $found "traefik.containo.us/v1alpha1/TraefikService" false -}}
+# {{- set $found "traefik.io/v1alpha1/IngressRoute" false -}}
+# {{- set $found "traefik.io/v1alpha1/IngressRouteTCP" false -}}
+# {{- set $found "traefik.io/v1alpha1/IngressRouteUDP" false -}}
+# {{- set $found "traefik.io/v1alpha1/Middleware" false -}}
+# {{- set $found "traefik.io/v1alpha1/MiddlewareTCP" false -}}
+# {{- set $found "traefik.io/v1alpha1/ServersTransport" false -}}
+# {{- set $found "traefik.io/v1alpha1/ServersTransportTCP" false -}}
+# {{- set $found "traefik.io/v1alpha1/TLSOption" false -}}
+# {{- set $found "traefik.io/v1alpha1/TLSStore" false -}}
+# {{- set $found "traefik.io/v1alpha1/TraefikService" false -}}
+# {{- range .Capabilities.APIVersions -}}
+# {{- if hasKey $found (toString .) -}}
+# 	{{- set $found (toString .) true -}}
+# {{- end -}}
+# {{- end -}}
+# {{- range $_, $exists := $found -}}
+# {{- if (eq $exists false) -}}
+# 	{{- required "Required CRDs are missing. Please install the corresponding CRD chart before installing this chart." "" -}}
+# {{- end -}}
+# {{- end -}}
+#{{- end -}}
\ No newline at end of file
diff --git a/charts/traefik/25.0.3+up25.0.0/values.yaml b/charts/traefik/25.0.3+up25.0.0/values.yaml
new file mode 100644
index 0000000..f7af137
--- /dev/null
+++ b/charts/traefik/25.0.3+up25.0.0/values.yaml
@@ -0,0 +1,949 @@
+# Default values for Traefik
+image:
+  # -- Traefik image repository
+  repository: rancher/mirrored-library-traefik
+  # -- defaults to appVersion
+  tag: "v2.10.7"
+  # -- Traefik image pull policy
+  pullPolicy: IfNotPresent
+
+# -- Add additional label to all resources
+commonLabels: {}
+
+#
+# Configure the deployment
+#
+deployment:
+  # -- Enable deployment
+  enabled: true
+  # -- Deployment or DaemonSet
+  kind: Deployment
+  # -- Number of pods of the deployment (only applies when kind == Deployment)
+  replicas: 1
+  # -- Number of old history to retain to allow rollback (If not set, default Kubernetes value is set to 10)
+  # revisionHistoryLimit: 1
+  # -- Amount of time (in seconds) before Kubernetes will send the SIGKILL signal if Traefik does not shut down
+  terminationGracePeriodSeconds: 60
+  # -- The minimum number of seconds Traefik needs to be up and running before the DaemonSet/Deployment controller considers it available
+  minReadySeconds: 0
+  ## Override the liveness/readiness port. This is useful to integrate traefik
+  ## with an external Load Balancer that performs healthchecks.
+  ## Default: ports.traefik.port
+  # healthchecksPort: 9000
+  ## Override the liveness/readiness scheme. Useful for getting ping to
+  ## respond on websecure entryPoint.
+  # healthchecksScheme: HTTPS
+  # -- Additional deployment annotations (e.g. for jaeger-operator sidecar injection)
+  annotations: {}
+  # -- Additional deployment labels (e.g. for filtering deployment by custom labels)
+  labels: {}
+  # -- Additional pod annotations (e.g. for mesh injection or prometheus scraping)
+  podAnnotations: {}
+  # -- Additional Pod labels (e.g. for filtering Pod by custom labels)
+  podLabels: {}
+  # -- Additional containers (e.g. for metric offloading sidecars)
+  additionalContainers: []
+  # https://docs.datadoghq.com/developers/dogstatsd/unix_socket/?tab=host
+  # - name: socat-proxy
+  #   image: alpine/socat:1.0.5
+  #   args: ["-s", "-u", "udp-recv:8125", "unix-sendto:/socket/socket"]
+  #   volumeMounts:
+  #     - name: dsdsocket
+  #       mountPath: /socket
+  # -- Additional volumes available for use with initContainers and additionalContainers
+  additionalVolumes: []
+  # - name: dsdsocket
+  #   hostPath:
+  #     path: /var/run/statsd-exporter
+  # -- Additional initContainers (e.g. for setting file permission as shown below)
+  initContainers: []
+  # The "volume-permissions" init container is required if you run into permission issues.
+  # Related issue: https://github.com/traefik/traefik-helm-chart/issues/396
+  # - name: volume-permissions
+  #   image: busybox:latest
+  #   command: ["sh", "-c", "touch /data/acme.json; chmod -v 600 /data/acme.json"]
+  #   securityContext:
+  #     runAsNonRoot: true
+  #     runAsGroup: 65532
+  #     runAsUser: 65532
+  #   volumeMounts:
+  #     - name: data
+  #       mountPath: /data
+  # -- Use process namespace sharing
+  shareProcessNamespace: false
+  # -- Custom pod DNS policy. Apply if `hostNetwork: true`
+  # dnsPolicy: ClusterFirstWithHostNet
+  dnsConfig: {}
+  # nameservers:
+  #   - 192.0.2.1 # this is an example
+  # searches:
+  #   - ns1.svc.cluster-domain.example
+  #   - my.dns.search.suffix
+  # options:
+  #   - name: ndots
+  #     value: "2"
+  #   - name: edns0
+  # -- Additional imagePullSecrets
+  imagePullSecrets: []
+  # - name: myRegistryKeySecretName
+  # -- Pod lifecycle actions
+  lifecycle: {}
+  # preStop:
+  #   exec:
+  #     command: ["/bin/sh", "-c", "sleep 40"]
+  # postStart:
+  #   httpGet:
+  #     path: /ping
+  #     port: 9000
+  #     host: localhost
+  #     scheme: HTTP
+
+# -- Pod disruption budget
+podDisruptionBudget:
+  enabled: false
+  # maxUnavailable: 1
+  # maxUnavailable: 33%
+  # minAvailable: 0
+  # minAvailable: 25%
+
+# -- Create a default IngressClass for Traefik
+ingressClass:
+  enabled: true
+  isDefaultClass: true
+  # name: my-custom-class
+
+# Traefik experimental features
+experimental:
+  # This value is no longer used, set the image.tag to a semver higher than 3.0, e.g. "v3.0.0-beta3"
+  # v3:
+  # -- Enable traefik version 3
+  #  enabled: false
+  plugins:
+    # -- Enable traefik experimental plugins
+    enabled: false
+  kubernetesGateway:
+    # -- Enable traefik experimental GatewayClass CRD
+    enabled: false
+    ## Routes are restricted to namespace of the gateway by default.
+    ## https://gateway-api.sigs.k8s.io/references/spec/#gateway.networking.k8s.io/v1beta1.FromNamespaces
+    # namespacePolicy: All
+    # certificate:
+    #   group: "core"
+    #   kind: "Secret"
+    #   name: "mysecret"
+    # -- By default, Gateway would be created to the Namespace you are deploying Traefik to.
+    # You may create that Gateway in another namespace, setting its name below:
+    # namespace: default
+    # Additional gateway annotations (e.g. for cert-manager.io/issuer)
+    # annotations:
+    #   cert-manager.io/issuer: letsencrypt
+
+## Create an IngressRoute for the dashboard
+ingressRoute:
+  dashboard:
+    # -- Create an IngressRoute for the dashboard
+    enabled: true
+    # -- Additional ingressRoute annotations (e.g. for kubernetes.io/ingress.class)
+    annotations: {}
+    # -- Additional ingressRoute labels (e.g. for filtering IngressRoute by custom labels)
+    labels: {}
+    # -- The router match rule used for the dashboard ingressRoute
+    matchRule: PathPrefix(`/dashboard`) || PathPrefix(`/api`)
+    # -- Specify the allowed entrypoints to use for the dashboard ingress route, (e.g. traefik, web, websecure).
+    # By default, it's using traefik entrypoint, which is not exposed.
+    # /!\ Do not expose your dashboard without any protection over the internet /!\
+    entryPoints: ["traefik"]
+    # -- Additional ingressRoute middlewares (e.g. for authentication)
+    middlewares: []
+    # -- TLS options (e.g. secret containing certificate)
+    tls: {}
+  healthcheck:
+    # -- Create an IngressRoute for the healthcheck probe
+    enabled: false
+    # -- Additional ingressRoute annotations (e.g. for kubernetes.io/ingress.class)
+    annotations: {}
+    # -- Additional ingressRoute labels (e.g. for filtering IngressRoute by custom labels)
+    labels: {}
+    # -- The router match rule used for the healthcheck ingressRoute
+    matchRule: PathPrefix(`/ping`)
+    # -- Specify the allowed entrypoints to use for the healthcheck ingress route, (e.g. traefik, web, websecure).
+    # By default, it's using traefik entrypoint, which is not exposed.
+    entryPoints: ["traefik"]
+    # -- Additional ingressRoute middlewares (e.g. for authentication)
+    middlewares: []
+    # -- TLS options (e.g. secret containing certificate)
+    tls: {}
+
+updateStrategy:
+  # -- Customize updateStrategy: RollingUpdate or OnDelete
+  type: RollingUpdate
+  rollingUpdate:
+    maxUnavailable: 0
+    maxSurge: 1
+
+readinessProbe:
+  # -- The number of consecutive failures allowed before considering the probe as failed.
+  failureThreshold: 1
+  # -- The number of seconds to wait before starting the first probe.
+  initialDelaySeconds: 2
+  # -- The number of seconds to wait between consecutive probes.
+  periodSeconds: 10
+  # -- The minimum consecutive successes required to consider the probe successful.
+  successThreshold: 1
+  # -- The number of seconds to wait for a probe response before considering it as failed.
+  timeoutSeconds: 2
+livenessProbe:
+  # -- The number of consecutive failures allowed before considering the probe as failed.
+  failureThreshold: 3
+  # -- The number of seconds to wait before starting the first probe.
+  initialDelaySeconds: 2
+  # -- The number of seconds to wait between consecutive probes.
+  periodSeconds: 10
+  # -- The minimum consecutive successes required to consider the probe successful.
+  successThreshold: 1
+  # -- The number of seconds to wait for a probe response before considering it as failed.
+  timeoutSeconds: 2
+
+providers:
+  kubernetesCRD:
+    # -- Load Kubernetes IngressRoute provider
+    enabled: true
+    # -- Allows IngressRoute to reference resources in namespace other than theirs
+    allowCrossNamespace: false
+    # -- Allows to reference ExternalName services in IngressRoute
+    allowExternalNameServices: false
+    # -- Allows to return 503 when there is no endpoints available
+    allowEmptyServices: false
+    # ingressClass: traefik-internal
+    # labelSelector: environment=production,method=traefik
+    # -- Array of namespaces to watch. If left empty, Traefik watches all namespaces.
+    namespaces: []
+    # - "default"
+
+  kubernetesIngress:
+    # -- Load Kubernetes Ingress provider
+    enabled: true
+    # -- Allows to reference ExternalName services in Ingress
+    allowExternalNameServices: false
+    # -- Allows to return 503 when there is no endpoints available
+    allowEmptyServices: false
+    # ingressClass: traefik-internal
+    # labelSelector: environment=production,method=traefik
+    # -- Array of namespaces to watch. If left empty, Traefik watches all namespaces.
+    namespaces: []
+    # - "default"
+    # IP used for Kubernetes Ingress endpoints
+    publishedService:
+      enabled: false
+      # Published Kubernetes Service to copy status from. Format: namespace/servicename
+      # By default this Traefik service
+      # pathOverride: ""
+
+#
+# -- Add volumes to the traefik pod. The volume name will be passed to tpl.
+# This can be used to mount a cert pair or a configmap that holds a config.toml file.
+# After the volume has been mounted, add the configs into traefik by using the `additionalArguments` list below, eg:
+# `additionalArguments:
+# - "--providers.file.filename=/config/dynamic.toml"
+# - "--ping"
+# - "--ping.entrypoint=web"`
+volumes: []
+# - name: public-cert
+#   mountPath: "/certs"
+#   type: secret
+# - name: '{{ printf "%s-configs" .Release.Name }}'
+#   mountPath: "/config"
+#   type: configMap
+
+# -- Additional volumeMounts to add to the Traefik container
+additionalVolumeMounts: []
+# -- For instance when using a logshipper for access logs
+# - name: traefik-logs
+#   mountPath: /var/log/traefik
+
+logs:
+  general:
+    # -- By default, the logs use a text format (common), but you can
+    # also ask for the json format in the format option
+    # format: json
+    # By default, the level is set to ERROR.
+    # -- Alternative logging levels are DEBUG, PANIC, FATAL, ERROR, WARN, and INFO.
+    level: ERROR
+  access:
+    # -- To enable access logs
+    enabled: false
+    ## By default, logs are written using the Common Log Format (CLF) on stdout.
+    ## To write logs in JSON, use json in the format option.
+    ## If the given format is unsupported, the default (CLF) is used instead.
+    # format: json
+    # filePath: "/var/log/traefik/access.log
+    ## To write the logs in an asynchronous fashion, specify a bufferingSize option.
+    ## This option represents the number of log lines Traefik will keep in memory before writing
+    ## them to the selected output. In some cases, this option can greatly help performances.
+    # bufferingSize: 100
+    ## Filtering
+    # -- https://docs.traefik.io/observability/access-logs/#filtering
+    filters: {}
+    # statuscodes: "200,300-302"
+    # retryattempts: true
+    # minduration: 10ms
+    fields:
+      general:
+        # -- Available modes: keep, drop, redact.
+        defaultmode: keep
+        # -- Names of the fields to limit.
+        names: {}
+        ## Examples:
+        # ClientUsername: drop
+      headers:
+        # -- Available modes: keep, drop, redact.
+        defaultmode: drop
+        # -- Names of the headers to limit.
+        names: {}
+        ## Examples:
+        # User-Agent: redact
+        # Authorization: drop
+        # Content-Type: keep
+
+metrics:
+  ## -- Prometheus is enabled by default.
+  ## -- It can be disabled by setting "prometheus: null"
+  prometheus:
+    # -- Entry point used to expose metrics.
+    entryPoint: metrics
+    ## Enable metrics on entry points. Default=true
+    # addEntryPointsLabels: false
+    ## Enable metrics on routers. Default=false
+    # addRoutersLabels: true
+    ## Enable metrics on services. Default=true
+    # addServicesLabels: false
+    ## Buckets for latency metrics. Default="0.1,0.3,1.2,5.0"
+    # buckets: "0.5,1.0,2.5"
+    ## When manualRouting is true, it disables the default internal router in
+    ## order to allow creating a custom router for prometheus@internal service.
+    # manualRouting: true
+  #  datadog:
+  #    ## Address instructs exporter to send metrics to datadog-agent at this address.
+  #    address: "127.0.0.1:8125"
+  #    ## The interval used by the exporter to push metrics to datadog-agent. Default=10s
+  #    # pushInterval: 30s
+  #    ## The prefix to use for metrics collection. Default="traefik"
+  #    # prefix: traefik
+  #    ## Enable metrics on entry points. Default=true
+  #    # addEntryPointsLabels: false
+  #    ## Enable metrics on routers. Default=false
+  #    # addRoutersLabels: true
+  #    ## Enable metrics on services. Default=true
+  #    # addServicesLabels: false
+  #  influxdb:
+  #    ## Address instructs exporter to send metrics to influxdb at this address.
+  #    address: localhost:8089
+  #    ## InfluxDB's address protocol (udp or http). Default="udp"
+  #    protocol: udp
+  #    ## InfluxDB database used when protocol is http. Default=""
+  #    # database: ""
+  #    ## InfluxDB retention policy used when protocol is http. Default=""
+  #    # retentionPolicy: ""
+  #    ## InfluxDB username (only with http). Default=""
+  #    # username: ""
+  #    ## InfluxDB password (only with http). Default=""
+  #    # password: ""
+  #    ## The interval used by the exporter to push metrics to influxdb. Default=10s
+  #    # pushInterval: 30s
+  #    ## Additional labels (influxdb tags) on all metrics.
+  #    # additionalLabels:
+  #    #   env: production
+  #    #   foo: bar
+  #    ## Enable metrics on entry points. Default=true
+  #    # addEntryPointsLabels: false
+  #    ## Enable metrics on routers. Default=false
+  #    # addRoutersLabels: true
+  #    ## Enable metrics on services. Default=true
+  #    # addServicesLabels: false
+  #  influxdb2:
+  #    ## Address instructs exporter to send metrics to influxdb v2 at this address.
+  #    address: localhost:8086
+  #    ## Token with which to connect to InfluxDB v2.
+  #    token: xxx
+  #    ## Organisation where metrics will be stored.
+  #    org: ""
+  #    ## Bucket where metrics will be stored.
+  #    bucket: ""
+  #    ## The interval used by the exporter to push metrics to influxdb. Default=10s
+  #    # pushInterval: 30s
+  #    ## Additional labels (influxdb tags) on all metrics.
+  #    # additionalLabels:
+  #    #   env: production
+  #    #   foo: bar
+  #    ## Enable metrics on entry points. Default=true
+  #    # addEntryPointsLabels: false
+  #    ## Enable metrics on routers. Default=false
+  #    # addRoutersLabels: true
+  #    ## Enable metrics on services. Default=true
+  #    # addServicesLabels: false
+  #  statsd:
+  #    ## Address instructs exporter to send metrics to statsd at this address.
+  #    address: localhost:8125
+  #    ## The interval used by the exporter to push metrics to influxdb. Default=10s
+  #    # pushInterval: 30s
+  #    ## The prefix to use for metrics collection. Default="traefik"
+  #    # prefix: traefik
+  #    ## Enable metrics on entry points. Default=true
+  #    # addEntryPointsLabels: false
+  #    ## Enable metrics on routers. Default=false
+  #    # addRoutersLabels: true
+  #    ## Enable metrics on services. Default=true
+  #    # addServicesLabels: false
+  #  openTelemetry:
+  #    ## Address of the OpenTelemetry Collector to send metrics to.
+  #    address: "localhost:4318"
+  #    ## Enable metrics on entry points.
+  #    addEntryPointsLabels: true
+  #    ## Enable metrics on routers.
+  #    addRoutersLabels: true
+  #    ## Enable metrics on services.
+  #    addServicesLabels: true
+  #    ## Explicit boundaries for Histogram data points.
+  #    explicitBoundaries:
+  #      - "0.1"
+  #      - "0.3"
+  #      - "1.2"
+  #      - "5.0"
+  #    ## Additional headers sent with metrics by the reporter to the OpenTelemetry Collector.
+  #    headers:
+  #      foo: bar
+  #      test: test
+  #    ## Allows reporter to send metrics to the OpenTelemetry Collector without using a secured protocol.
+  #    insecure: true
+  #    ## Interval at which metrics are sent to the OpenTelemetry Collector.
+  #    pushInterval: 10s
+  #    ## Allows to override the default URL path used for sending metrics. This option has no effect when using gRPC transport.
+  #    path: /foo/v1/traces
+  #    ## Defines the TLS configuration used by the reporter to send metrics to the OpenTelemetry Collector.
+  #    tls:
+  #      ## The path to the certificate authority, it defaults to the system bundle.
+  #      ca: path/to/ca.crt
+  #      ## The path to the public certificate. When using this option, setting the key option is required.
+  #      cert: path/to/foo.cert
+  #      ## The path to the private key. When using this option, setting the cert option is required.
+  #      key: path/to/key.key
+  #      ## If set to true, the TLS connection accepts any certificate presented by the server regardless of the hostnames it covers.
+  #      insecureSkipVerify: true
+  #    ## This instructs the reporter to send metrics to the OpenTelemetry Collector using gRPC.
+  #    grpc: true
+
+  ## -- enable optional CRDs for Prometheus Operator
+  ##
+  ## Create a dedicated metrics service for use with ServiceMonitor
+  #  service:
+  #    enabled: false
+  #    labels: {}
+  #    annotations: {}
+  ## When set to true, it won't check if Prometheus Operator CRDs are deployed
+  #  disableAPICheck: false
+  #  serviceMonitor:
+  #    metricRelabelings: []
+  #      - sourceLabels: [__name__]
+  #        separator: ;
+  #        regex: ^fluentd_output_status_buffer_(oldest|newest)_.+
+  #        replacement: $1
+  #        action: drop
+  #    relabelings: []
+  #      - sourceLabels: [__meta_kubernetes_pod_node_name]
+  #        separator: ;
+  #        regex: ^(.*)$
+  #        targetLabel: nodename
+  #        replacement: $1
+  #        action: replace
+  #    jobLabel: traefik
+  #    interval: 30s
+  #    honorLabels: true
+  #    # (Optional)
+  #    # scrapeTimeout: 5s
+  #    # honorTimestamps: true
+  #    # enableHttp2: true
+  #    # followRedirects: true
+  #    # additionalLabels:
+  #    #   foo: bar
+  #    # namespace: "another-namespace"
+  #    # namespaceSelector: {}
+  #  prometheusRule:
+  #    additionalLabels: {}
+  #    namespace: "another-namespace"
+  #    rules:
+  #      - alert: TraefikDown
+  #        expr: up{job="traefik"} == 0
+  #        for: 5m
+  #        labels:
+  #          context: traefik
+  #          severity: warning
+  #        annotations:
+  #          summary: "Traefik Down"
+  #          description: "{{ $labels.pod }} on {{ $labels.nodename }} is down"
+
+## Tracing
+# -- https://doc.traefik.io/traefik/observability/tracing/overview/
+tracing: {}
+#  openTelemetry: # traefik v3+ only
+#    grpc: {}
+#    insecure: true
+#    address: localhost:4317
+# instana:
+#   localAgentHost: 127.0.0.1
+#   localAgentPort: 42699
+#   logLevel: info
+#   enableAutoProfile: true
+# datadog:
+#   localAgentHostPort: 127.0.0.1:8126
+#   debug: false
+#   globalTag: ""
+#   prioritySampling: false
+# jaeger:
+#   samplingServerURL: http://localhost:5778/sampling
+#   samplingType: const
+#   samplingParam: 1.0
+#   localAgentHostPort: 127.0.0.1:6831
+#   gen128Bit: false
+#   propagation: jaeger
+#   traceContextHeaderName: uber-trace-id
+#   disableAttemptReconnecting: true
+#   collector:
+#      endpoint: ""
+#      user: ""
+#      password: ""
+# zipkin:
+#   httpEndpoint: http://localhost:9411/api/v2/spans
+#   sameSpan: false
+#   id128Bit: true
+#   sampleRate: 1.0
+# haystack:
+#   localAgentHost: 127.0.0.1
+#   localAgentPort: 35000
+#   globalTag: ""
+#   traceIDHeaderName: ""
+#   parentIDHeaderName: ""
+#   spanIDHeaderName: ""
+#   baggagePrefixHeaderName: ""
+# elastic:
+#   serverURL: http://localhost:8200
+#   secretToken: ""
+#   serviceEnvironment: ""
+
+# -- Global command arguments to be passed to all traefik's pods
+globalArguments:
+- "--global.checknewversion"
+- "--global.sendanonymoususage"
+
+#
+# Configure Traefik static configuration
+# -- Additional arguments to be passed at Traefik's binary
+# All available options available on https://docs.traefik.io/reference/static-configuration/cli/
+## Use curly braces to pass values: `helm install --set="additionalArguments={--providers.kubernetesingress.ingressclass=traefik-internal,--log.level=DEBUG}"`
+additionalArguments: []
+#  - "--providers.kubernetesingress.ingressclass=traefik-internal"
+#  - "--log.level=DEBUG"
+
+# -- Environment variables to be passed to Traefik's binary
+env:
+- name: POD_NAME
+  valueFrom:
+    fieldRef:
+      fieldPath: metadata.name
+- name: POD_NAMESPACE
+  valueFrom:
+    fieldRef:
+      fieldPath: metadata.namespace
+# - name: SOME_VAR
+#   value: some-var-value
+# - name: SOME_VAR_FROM_CONFIG_MAP
+#   valueFrom:
+#     configMapRef:
+#       name: configmap-name
+#       key: config-key
+# - name: SOME_SECRET
+#   valueFrom:
+#     secretKeyRef:
+#       name: secret-name
+#       key: secret-key
+
+# -- Environment variables to be passed to Traefik's binary from configMaps or secrets
+envFrom: []
+# - configMapRef:
+#     name: config-map-name
+# - secretRef:
+#     name: secret-name
+
+ports:
+  traefik:
+    port: 9000
+    # -- Use hostPort if set.
+    # hostPort: 9000
+    #
+    # -- Use hostIP if set. If not set, Kubernetes will default to 0.0.0.0, which
+    # means it's listening on all your interfaces and all your IPs. You may want
+    # to set this value if you need traefik to listen on specific interface
+    # only.
+    # hostIP: 192.168.100.10
+
+    # Defines whether the port is exposed if service.type is LoadBalancer or
+    # NodePort.
+    #
+    # -- You SHOULD NOT expose the traefik port on production deployments.
+    # If you want to access it from outside your cluster,
+    # use `kubectl port-forward` or create a secure ingress
+    expose: false
+    # -- The exposed port for this service
+    exposedPort: 9000
+    # -- The port protocol (TCP/UDP)
+    protocol: TCP
+  web:
+    ## -- Enable this entrypoint as a default entrypoint. When a service doesn't explicitly set an entrypoint it will only use this entrypoint.
+    # asDefault: true
+    port: 8000
+    # hostPort: 8000
+    # containerPort: 8000
+    expose: true
+    exposedPort: 80
+    ## -- Different target traefik port on the cluster, useful for IP type LB
+    # targetPort: 80
+    # The port protocol (TCP/UDP)
+    protocol: TCP
+    # -- Use nodeport if set. This is useful if you have configured Traefik in a
+    # LoadBalancer.
+    # nodePort: 32080
+    # Port Redirections
+    # Added in 2.2, you can make permanent redirects via entrypoints.
+    # https://docs.traefik.io/routing/entrypoints/#redirection
+    # redirectTo:
+    #   port: websecure
+    #   (Optional)
+    #   priority: 10
+    #
+    # Trust forwarded  headers information (X-Forwarded-*).
+    # forwardedHeaders:
+    #   trustedIPs: []
+    #   insecure: false
+    #
+    # Enable the Proxy Protocol header parsing for the entry point
+    # proxyProtocol:
+    #   trustedIPs: []
+    #   insecure: false
+  websecure:
+    ## -- Enable this entrypoint as a default entrypoint. When a service doesn't explicitly set an entrypoint it will only use this entrypoint.
+    # asDefault: true
+    port: 8443
+    # hostPort: 8443
+    # containerPort: 8443
+    expose: true
+    exposedPort: 443
+    ## -- Different target traefik port on the cluster, useful for IP type LB
+    # targetPort: 80
+    ## -- The port protocol (TCP/UDP)
+    protocol: TCP
+    # nodePort: 32443
+    ## -- Specify an application protocol. This may be used as a hint for a Layer 7 load balancer.
+    # appProtocol: https
+    #
+    ## -- Enable HTTP/3 on the entrypoint
+    ## Enabling it will also enable http3 experimental feature
+    ## https://doc.traefik.io/traefik/routing/entrypoints/#http3
+    ## There are known limitations when trying to listen on same ports for
+    ## TCP & UDP (Http3). There is a workaround in this chart using dual Service.
+    ## https://github.com/kubernetes/kubernetes/issues/47249#issuecomment-587960741
+    http3:
+      enabled: false
+    # advertisedPort: 4443
+    #
+    ## -- Trust forwarded  headers information (X-Forwarded-*).
+    # forwardedHeaders:
+    #   trustedIPs: []
+    #   insecure: false
+    #
+    ## -- Enable the Proxy Protocol header parsing for the entry point
+    # proxyProtocol:
+    #   trustedIPs: []
+    #   insecure: false
+    #
+    ## Set TLS at the entrypoint
+    ## https://doc.traefik.io/traefik/routing/entrypoints/#tls
+    tls:
+      enabled: true
+      # this is the name of a TLSOption definition
+      options: ""
+      certResolver: ""
+      domains: []
+      # - main: example.com
+      #   sans:
+      #     - foo.example.com
+      #     - bar.example.com
+    #
+    # -- One can apply Middlewares on an entrypoint
+    # https://doc.traefik.io/traefik/middlewares/overview/
+    # https://doc.traefik.io/traefik/routing/entrypoints/#middlewares
+    # -- /!\ It introduces here a link between your static configuration and your dynamic configuration /!\
+    # It follows the provider naming convention: https://doc.traefik.io/traefik/providers/overview/#provider-namespace
+    # middlewares:
+    #   - namespace-name1@kubernetescrd
+    #   - namespace-name2@kubernetescrd
+    middlewares: []
+  metrics:
+    # -- When using hostNetwork, use another port to avoid conflict with node exporter:
+    # https://github.com/prometheus/prometheus/wiki/Default-port-allocations
+    port: 9100
+    # hostPort: 9100
+    # Defines whether the port is exposed if service.type is LoadBalancer or
+    # NodePort.
+    #
+    # -- You may not want to expose the metrics port on production deployments.
+    # If you want to access it from outside your cluster,
+    # use `kubectl port-forward` or create a secure ingress
+    expose: false
+    # -- The exposed port for this service
+    exposedPort: 9100
+    # -- The port protocol (TCP/UDP)
+    protocol: TCP
+
+# -- TLS Options are created as TLSOption CRDs
+# https://doc.traefik.io/traefik/https/tls/#tls-options
+# When using `labelSelector`, you'll need to set labels on tlsOption accordingly.
+# Example:
+# tlsOptions:
+#   default:
+#     labels: {}
+#     sniStrict: true
+#     preferServerCipherSuites: true
+#   customOptions:
+#     labels: {}
+#     curvePreferences:
+#       - CurveP521
+#       - CurveP384
+tlsOptions: {}
+
+# -- TLS Store are created as TLSStore CRDs. This is useful if you want to set a default certificate
+# https://doc.traefik.io/traefik/https/tls/#default-certificate
+# Example:
+# tlsStore:
+#   default:
+#     defaultCertificate:
+#       secretName: tls-cert
+tlsStore: {}
+
+service:
+  enabled: true
+  ## -- Single service is using `MixedProtocolLBService` feature gate.
+  ## -- When set to false, it will create two Service, one for TCP and one for UDP.
+  single: true
+  type: LoadBalancer
+  # -- Additional annotations applied to both TCP and UDP services (e.g. for cloud provider specific config)
+  annotations: {}
+  # -- Additional annotations for TCP service only
+  annotationsTCP: {}
+  # -- Additional annotations for UDP service only
+  annotationsUDP: {}
+  # -- Additional service labels (e.g. for filtering Service by custom labels)
+  labels: {}
+  # -- Additional entries here will be added to the service spec.
+  # -- Cannot contain type, selector or ports entries.
+  spec: {}
+  # externalTrafficPolicy: Cluster
+  # loadBalancerIP: "1.2.3.4"
+  # clusterIP: "2.3.4.5"
+  loadBalancerSourceRanges: []
+  # - 192.168.0.1/32
+  # - 172.16.0.0/16
+  ## -- Class of the load balancer implementation
+  # loadBalancerClass: service.k8s.aws/nlb
+  externalIPs: []
+  # - 1.2.3.4
+  ## One of SingleStack, PreferDualStack, or RequireDualStack.
+  # ipFamilyPolicy: SingleStack
+  ## List of IP families (e.g. IPv4 and/or IPv6).
+  ## ref: https://kubernetes.io/docs/concepts/services-networking/dual-stack/#services
+  # ipFamilies:
+  #   - IPv4
+  #   - IPv6
+  ##
+  ## -- An additionnal and optional internal Service.
+  ## Same parameters as external Service
+  # internal:
+  #   type: ClusterIP
+  #   # labels: {}
+  #   # annotations: {}
+  #   # spec: {}
+  #   # loadBalancerSourceRanges: []
+  #   # externalIPs: []
+  #   # ipFamilies: [ "IPv4","IPv6" ]
+
+autoscaling:
+  # -- Create HorizontalPodAutoscaler object.
+  enabled: false
+#   minReplicas: 1
+#   maxReplicas: 10
+#   metrics:
+#   - type: Resource
+#     resource:
+#       name: cpu
+#       target:
+#         type: Utilization
+#         averageUtilization: 60
+#   - type: Resource
+#     resource:
+#       name: memory
+#       target:
+#         type: Utilization
+#         averageUtilization: 60
+#   behavior:
+#     scaleDown:
+#       stabilizationWindowSeconds: 300
+#       policies:
+#       - type: Pods
+#         value: 1
+#         periodSeconds: 60
+
+persistence:
+  # -- Enable persistence using Persistent Volume Claims
+  # ref: http://kubernetes.io/docs/user-guide/persistent-volumes/
+  # It can be used to store TLS certificates, see `storage` in certResolvers
+  enabled: false
+  name: data
+  #  existingClaim: ""
+  accessMode: ReadWriteOnce
+  size: 128Mi
+  # storageClass: ""
+  # volumeName: ""
+  path: /data
+  annotations: {}
+  # -- Only mount a subpath of the Volume into the pod
+  # subPath: ""
+
+# -- Certificates resolvers configuration
+certResolvers: {}
+#   letsencrypt:
+#     # for challenge options cf. https://doc.traefik.io/traefik/https/acme/
+#     email: email@example.com
+#     dnsChallenge:
+#       # also add the provider's required configuration under env
+#       # or expand then from secrets/configmaps with envfrom
+#       # cf. https://doc.traefik.io/traefik/https/acme/#providers
+#       provider: digitalocean
+#       # add futher options for the dns challenge as needed
+#       # cf. https://doc.traefik.io/traefik/https/acme/#dnschallenge
+#       delayBeforeCheck: 30
+#       resolvers:
+#         - 1.1.1.1
+#         - 8.8.8.8
+#     tlsChallenge: true
+#     httpChallenge:
+#       entryPoint: "web"
+#     # It has to match the path with a persistent volume
+#     storage: /data/acme.json
+
+# -- If hostNetwork is true, runs traefik in the host network namespace
+# To prevent unschedulabel pods due to port collisions, if hostNetwork=true
+# and replicas>1, a pod anti-affinity is recommended and will be set if the
+# affinity is left as default.
+hostNetwork: false
+
+# -- Whether Role Based Access Control objects like roles and rolebindings should be created
+rbac:
+  enabled: true
+  # If set to false, installs ClusterRole and ClusterRoleBinding so Traefik can be used across namespaces.
+  # If set to true, installs Role and RoleBinding. Providers will only watch target namespace.
+  namespaced: false
+  # Enable user-facing roles
+  # https://kubernetes.io/docs/reference/access-authn-authz/rbac/#user-facing-roles
+  # aggregateTo: [ "admin" ]
+
+# -- Enable to create a PodSecurityPolicy and assign it to the Service Account via RoleBinding or ClusterRoleBinding
+podSecurityPolicy:
+  enabled: false
+
+# -- The service account the pods will use to interact with the Kubernetes API
+serviceAccount:
+  # If set, an existing service account is used
+  # If not set, a service account is created automatically using the fullname template
+  name: ""
+
+# -- Additional serviceAccount annotations (e.g. for oidc authentication)
+serviceAccountAnnotations: {}
+
+# -- The resources parameter defines CPU and memory requirements and limits for Traefik's containers.
+resources: {}
+# requests:
+#   cpu: "100m"
+#   memory: "50Mi"
+# limits:
+#   cpu: "300m"
+#   memory: "150Mi"
+
+# -- This example pod anti-affinity forces the scheduler to put traefik pods
+# -- on nodes where no other traefik pods are scheduled.
+# It should be used when hostNetwork: true to prevent port conflicts
+affinity: {}
+#  podAntiAffinity:
+#    requiredDuringSchedulingIgnoredDuringExecution:
+#      - labelSelector:
+#          matchLabels:
+#            app.kubernetes.io/name: '{{ template "traefik.name" . }}'
+#            app.kubernetes.io/instance: '{{ .Release.Name }}-{{ .Release.Namespace }}'
+#        topologyKey: kubernetes.io/hostname
+
+# -- nodeSelector is the simplest recommended form of node selection constraint.
+nodeSelector: {}
+# -- Tolerations allow the scheduler to schedule pods with matching taints.
+tolerations: []
+# -- You can use topology spread constraints to control
+# how Pods are spread across your cluster among failure-domains.
+topologySpreadConstraints: []
+# This example topologySpreadConstraints forces the scheduler to put traefik pods
+# on nodes where no other traefik pods are scheduled.
+#  - labelSelector:
+#      matchLabels:
+#        app: '{{ template "traefik.name" . }}'
+#    maxSkew: 1
+#    topologyKey: kubernetes.io/hostname
+#    whenUnsatisfiable: DoNotSchedule
+
+# -- Pods can have priority.
+# -- Priority indicates the importance of a Pod relative to other Pods.
+priorityClassName: ""
+
+# -- Set the container security context
+# -- To run the container with ports below 1024 this will need to be adjusted to run as root
+securityContext:
+  capabilities:
+    drop: [ALL]
+  readOnlyRootFilesystem: true
+  allowPrivilegeEscalation: false
+
+podSecurityContext:
+  # /!\ When setting fsGroup, Kubernetes will recursively change ownership and
+  # permissions for the contents of each volume to match the fsGroup. This can
+  # be an issue when storing sensitive content like TLS Certificates /!\
+  # fsGroup: 65532
+  # -- Specifies the policy for changing ownership and permissions of volume contents to match the fsGroup.
+  fsGroupChangePolicy: "OnRootMismatch"
+  # -- The ID of the group for all containers in the pod to run as.
+  runAsGroup: 65532
+  # -- Specifies whether the containers should run as a non-root user.
+  runAsNonRoot: true
+  # -- The ID of the user for all containers in the pod to run as.
+  runAsUser: 65532
+
+#
+# -- Extra objects to deploy (value evaluated as a template)
+#
+# In some cases, it can avoid the need for additional, extended or adhoc deployments.
+# See #595 for more details and traefik/tests/values/extra.yaml for example.
+extraObjects: []
+
+# This will override the default Release Namespace for Helm.
+# It will not affect optional CRDs such as `ServiceMonitor` and `PrometheusRules`
+# namespaceOverride: traefik
+#
+## -- This will override the default app.kubernetes.io/instance label for all Objects.
+# instanceLabelOverride: traefik
+
+#
+global:
+  systemDefaultRegistry: ""
diff --git a/index.yaml b/index.yaml
index 40fbb95..ffe3a1f 100755
--- a/index.yaml
+++ b/index.yaml
@@ -87,6 +87,51 @@ entries:
     - assets/snapshot-validation-webhook/snapshot-validation-webhook-1.6.1+up1.6.0.tgz
     version: 1.6.1+up1.6.0
   traefik:
+  - annotations:
+      artifacthub.io/changes: "- \"feat: ✨ add healthcheck ingressRoute\"\n- \"feat:
+        :boom: support http redirections and http challenges with cert-manager\"\n-
+        \"feat: :boom: rework and allow update of namespace policy for Gateway\"\n-
+        \"fix: disable ClusterRole and ClusterRoleBinding when not needed\"\n- \"fix:
+        detect correctly v3 version when using sha in `image.tag`\"\n- \"fix: allow
+        updateStrategy.rollingUpdate.maxUnavailable to be passed in as an int or string\"\n-
+        \"fix: add missing separator in crds\"\n- \"fix: add Prometheus scraping annotations
+        only if serviceMonitor not created\"\n- \"docs: Fix typo in the default values
+        file\"\n- \"chore: remove label whitespace at TLSOption\"\n- \"chore(release):
+        \U0001F680 publish v25.0.0\"\n- \"chore(deps): update traefik docker tag to
+        v2.10.5\"\n- \"chore(deps): update docker.io/helmunittest/helm-unittest docker
+        tag to v3.12.3\"\n- \"chore(ci): \U0001F527 \U0001F477 add e2e test when releasing\"\n"
+      fleet.cattle.io/bundle-id: k3s
+    apiVersion: v2
+    appVersion: v2.10.5
+    created: "2024-04-10T23:13:52.314208613Z"
+    description: A Traefik based Kubernetes ingress controller
+    digest: 2e9ef74ac99f8b5f92f0cd889657ec23d84f033d230635c589391a762ec544a8
+    home: https://traefik.io/
+    icon: https://raw.githubusercontent.com/traefik/traefik/v2.3/docs/content/assets/img/traefik.logo.png
+    keywords:
+    - traefik
+    - ingress
+    - networking
+    kubeVersion: '>=1.16.0-0'
+    maintainers:
+    - email: emile@vauge.com
+      name: emilevauge
+    - email: daniel.tomcej@gmail.com
+      name: dtomcej
+    - email: ldez@traefik.io
+      name: ldez
+    - email: michel.loiseleur@traefik.io
+      name: mloiseleur
+    - email: charlie.haley@traefik.io
+      name: charlie-haley
+    name: traefik
+    sources:
+    - https://github.com/traefik/traefik
+    - https://github.com/traefik/traefik-helm-chart
+    type: application
+    urls:
+    - assets/traefik/traefik-25.0.3+up25.0.0.tgz
+    version: 25.0.3+up25.0.0
   - annotations:
       artifacthub.io/changes: "- \"feat: ✨ add healthcheck ingressRoute\"\n- \"feat:
         :boom: support http redirections and http challenges with cert-manager\"\n-
@@ -245,6 +290,18 @@ entries:
     - assets/traefik/traefik-20.3.1+up20.3.0.tgz
     version: 20.3.1+up20.3.0
   traefik-crd:
+  - annotations:
+      fleet.cattle.io/bundle-id: k3s
+    apiVersion: v1
+    appVersion: v2.10.5
+    created: "2024-04-10T23:11:50.183482793Z"
+    description: Installs the CRDs for traefik
+    digest: bcdd1cb61bc9935d9e97c78e300dbdb1a9ee65d76059c68c705e8e36491cc9fc
+    name: traefik-crd
+    type: application
+    urls:
+    - assets/traefik-crd/traefik-crd-25.0.3+up25.0.0.tgz
+    version: 25.0.3+up25.0.0
   - annotations:
       fleet.cattle.io/bundle-id: k3s
     apiVersion: v1
diff --git a/packages/traefik/generated-changes/patch/templates/_podtemplate.tpl.patch b/packages/traefik/generated-changes/patch/templates/_podtemplate.tpl.patch
index 25da5e8..11f7124 100644
--- a/packages/traefik/generated-changes/patch/templates/_podtemplate.tpl.patch
+++ b/packages/traefik/generated-changes/patch/templates/_podtemplate.tpl.patch
@@ -5,7 +5,7 @@
        {{- end }}
        containers:
 -      - image: {{ template "traefik.image-name" . }}
-+      - image: {{ template "system_default_registry" . }}{{ template "traefik.image-name" . }}
++      - image: "{{ template "system_default_registry" . }}{{ template "traefik.image-name" . }}"
          imagePullPolicy: {{ .Values.image.pullPolicy }}
          name: {{ template "traefik.fullname" . }}
          resources:
diff --git a/packages/traefik/generated-changes/patch/values.yaml.patch b/packages/traefik/generated-changes/patch/values.yaml.patch
index d2582e2..9b8cf16 100644
--- a/packages/traefik/generated-changes/patch/values.yaml.patch
+++ b/packages/traefik/generated-changes/patch/values.yaml.patch
@@ -10,7 +10,7 @@
 +  repository: rancher/mirrored-library-traefik
    # -- defaults to appVersion
 -  tag: ""
-+  tag: "v2.10.5"
++  tag: "v2.10.7"
    # -- Traefik image pull policy
    pullPolicy: IfNotPresent
  
diff --git a/packages/traefik/package.yaml b/packages/traefik/package.yaml
index 3047211..635a7f4 100644
--- a/packages/traefik/package.yaml
+++ b/packages/traefik/package.yaml
@@ -1,5 +1,5 @@
 url: https://traefik.github.io/charts/traefik/traefik-25.0.0.tgz
-packageVersion: 2
+packageVersion: 3
 additionalCharts:
   - workingDir: charts-crd
     crdOptions: