all: children: cephs: hosts: instance: null computes: hosts: instance: null controllers: hosts: instance: null zuul_unreachable: hosts: {} hosts: instance: ansible_connection: ssh ansible_host: 162.253.55.204 ansible_port: 22 ansible_python_interpreter: auto ansible_user: zuul ceph_conf_overrides: - option: mon allow pool size one section: global value: true - option: osd crush chooseleaf type section: global value: 0 - option: auth allow insecure global id reclaim section: mon value: false ceph_csi_rbd_helm_values: provisioner: replicaCount: 1 ceph_fsid: 4837cbf8-4f90-4300-b3f6-726c9b9f89b4 ceph_osd_devices: - /dev/ceph-{{ inventory_hostname_short }}-osd0/data - /dev/ceph-{{ inventory_hostname_short }}-osd1/data - /dev/ceph-{{ inventory_hostname_short }}-osd2/data cilium_helm_values: operator: replicas: 1 cilium_ipv4_cidr: 172.24.0.0/16 csi_driver: local-path-provisioner kube_vip_address: 172.17.0.100 kube_vip_interface: '{{ ansible_facts[''default_ipv4''].interface }}' kubernetes_hostname: '{{ ansible_facts[''default_ipv4''].address }}' molecule_scenario: csi nodepool: az: nova cloud: public external_id: 74a985a5-a36f-4eda-85a3-3ddb2c837d7d host_id: 413ad91e6120ae81306de27e59dcefd40ab96f06b8665fea7030ef8f interface_ip: 162.253.55.204 label: ubuntu-jammy node_properties: {} private_ipv4: 162.253.55.204 private_ipv6: null provider: yul1 public_ipv4: 162.253.55.204 public_ipv6: 2604:e100:1:0:f816:3eff:fea2:49ec region: ca-ymq-1 slot: null zuul_node: az: nova cloud: public external_id: 74a985a5-a36f-4eda-85a3-3ddb2c837d7d host_id: 413ad91e6120ae81306de27e59dcefd40ab96f06b8665fea7030ef8f interface_ip: 162.253.55.204 label: ubuntu-jammy node_properties: {} private_ipv4: 162.253.55.204 private_ipv6: null provider: yul1 public_ipv4: 162.253.55.204 public_ipv6: 2604:e100:1:0:f816:3eff:fea2:49ec region: ca-ymq-1 slot: null uuid: null vars: ceph_conf_overrides: - option: mon allow pool size one section: global value: true - option: osd crush chooseleaf type section: global value: 0 - option: auth allow insecure global id reclaim section: mon value: false ceph_csi_rbd_helm_values: provisioner: replicaCount: 1 ceph_fsid: 4837cbf8-4f90-4300-b3f6-726c9b9f89b4 ceph_osd_devices: - /dev/ceph-{{ inventory_hostname_short }}-osd0/data - /dev/ceph-{{ inventory_hostname_short }}-osd1/data - /dev/ceph-{{ inventory_hostname_short }}-osd2/data cilium_helm_values: operator: replicas: 1 cilium_ipv4_cidr: 172.24.0.0/16 csi_driver: local-path-provisioner kube_vip_address: 172.17.0.100 kube_vip_interface: '{{ ansible_facts[''default_ipv4''].interface }}' kubernetes_hostname: '{{ ansible_facts[''default_ipv4''].address }}' molecule_scenario: csi zuul: _inheritance_path: - '' - '' - '' - '' - '' - '' ansible_version: '9' attempts: 1 branch: stable/2023.1 build: 2c7fba1b9702407b8b5b36b8cc9d33dd build_refs: - branch: stable/2023.1 change: '2595' change_message: "Update pxc (stable/2023.1)\n\n> \u2139\uFE0F **Note**\n> \n> This PR body was truncated due to platform limits.\n\nThis PR contains the following updates:\n\n| Package | Type | Update | Change | [Age](https://docs.renovatebot.com/merge-confidence/) | [Confidence](https://docs.renovatebot.com/merge-confidence/) |\n|---|---|---|---|---|---|\n| docker.io/percona/haproxy | | patch | `2.8.14` \u2192 `2.8.18` | ![age](https://developer.mend.io/api/mc/badges/age/docker/docker.io%2fpercona%2fhaproxy/2.8.18?slim=true) | ![confidence](https://developer.mend.io/api/mc/badges/confidence/docker/docker.io%2fpercona%2fhaproxy/2.8.14/2.8.18?slim=true) |\n| docker.io/percona/percona-xtradb-cluster-operator | | minor | `1.17.0` \u2192 `1.19.0` | ![age](https://developer.mend.io/api/mc/badges/age/docker/docker.io%2fpercona%2fpercona-xtradb-cluster-operator/1.19.0?slim=true) | ![confidence](https://developer.mend.io/api/mc/badges/confidence/docker/docker.io%2fpercona%2fpercona-xtradb-cluster-operator/1.17.0/1.19.0?slim=true) |\n| [github.com/percona/percona-xtradb-cluster-operator](https://redirect.github.com/percona/percona-xtradb-cluster-operator) | require | minor | `v1.16.1` \u2192 `v1.19.0` | ![age](https://developer.mend.io/api/mc/badges/age/go/github.com%2fpercona%2fpercona-xtradb-cluster-operator/v1.19.0?slim=true) | ![confidence](https://developer.mend.io/api/mc/badges/confidence/go/github.com%2fpercona%2fpercona-xtradb-cluster-operator/v1.16.1/v1.19.0?slim=true) |\n| [percona/percona-xtradb-cluster-operator](https://redirect.github.com/percona/percona-xtradb-cluster-operator) | | minor | `1.17.0` \u2192 `1.19.0` | ![age](https://developer.mend.io/api/mc/badges/age/github-releases/percona%2fpercona-xtradb-cluster-operator/1.19.0?slim=true) | ![confidence](https://developer.mend.io/api/mc/badges/confidence/github-releases/percona%2fpercona-xtradb-cluster-operator/1.17.0/1.19.0?slim=true) |\n| [pxc-operator](https://docs.percona.com/percona-operator-for-mysql/pxc/) ([source](https://redirect.github.com/percona/percona-helm-charts)) | | minor | `1.17.0` \u2192 `1.19.0` | ![age](https://developer.mend.io/api/mc/badges/age/helm/pxc-operator/1.19.0?slim=true) | ![confidence](https://developer.mend.io/api/mc/badges/confidence/helm/pxc-operator/1.17.0/1.19.0?slim=true) |\n| quay.io/prometheus/mysqld-exporter | | minor | `v0.17.0` \u2192 `v0.18.0` | ![age](https://developer.mend.io/api/mc/badges/age/docker/quay.io%2fprometheus%2fmysqld-exporter/v0.18.0?slim=true) | ![confidence](https://developer.mend.io/api/mc/badges/confidence/docker/quay.io%2fprometheus%2fmysqld-exporter/v0.17.0/v0.18.0?slim=true) |\n\n---\n\n### Release Notes\n\n
\npercona/percona-xtradb-cluster-operator (github.com/percona/percona-xtradb-cluster-operator)\n\n### [`v1.19.0`](https://redirect.github.com/percona/percona-xtradb-cluster-operator/releases/tag/v1.19.0)\n\n[Compare Source](https://redirect.github.com/percona/percona-xtradb-cluster-operator/compare/v1.18.0...v1.19.0)\n\n##### Release Highlights\n\nThis release of Percona Operator for MySQL based on Percona XtraDB Cluster includes the following new features and improvements:\n\n##### Ensure data security for Percona XtraDB Cluster 8.4 with data-at-rest encryption\n\nData at rest encryption ensures that sensitive information stored on disk remains protected from unauthorized access, even if the physical media is compromised. It is a foundational safeguard for compliance, trust and security in modern database environments.\n\nThe Operator supports data at rest encryption for MySQL 8.0 with HashiCorp Vault using the `keyring_vault` *plugin*. Now, it also supports data at rest encryption for MySQL 8.4, leveraging the `keyring_vault` *component*.\n\nThis enhancement enables you to benefit from the rich feature set of the latest major version of Percona XtraDB Cluster 8.4 while ensuring your sensitive data is secured. In doing so, you can meet compliance requirements and protect critical information without added operational complexity. Learn how to [configure data at rest encryption for Percona XtraDB Cluster 8.4](https://docs.percona.com/percona-operator-for-mysql/pxc/encryption-setup.html).\n\n##### Percona XtraDB Cluster 8.4 is now fully supported\n\nPercona XtraDB Cluster 8.4 is now fully supported and recommended for production deployments. Starting with this release, it becomes the default version for all new database cluster deployments using the Operator. This support enables you to benefit from its latest features, performance improvements, and enhanced security.\n\n##### Use your own CA certificates for TLS verification\n\nYou can now use your organization\u2019s custom Certificate Authority (CA) to securely verify TLS communication with S3 storage during backups and restores.\n\nThe configuration is straightforward: create the Secret that stores your custom CA and certificates to authorize in the S3 storage. Then reference this Secret and specify the CA certificate in the `caBundle` option in the Operator Custom Resource. The Operator will verify TLS communication against it.\n\nHere's the example configuration:\n\n```yml\nstorages:\n minio-s3:\n type: s3\n verifyTLS: true\n s3:\n caBundle:\n name: minio-ca-bundle\n key: tls.crt\n```\n\nWith this improvement, you ensure the following:\n\n- Security without compromise \u2013 no more bypassing identity checks.\n- Alignment with your internal standards \u2013 use the CA your company already trusts.\n- Confidence in backup and restore flows \u2013 every S3 interaction is properly verified.\n\nRead more about the use of own CA certificates in our [documentation](https://docs.percona.com/percona-operator-for-mysql/pxc/backups-storage.html#configure-tls-verification-with-custom-certificates-for-s3-storage)\n\n##### Configure duration for certificates issued by cert-manager\n\nBy default, the `cert-manager` generates certificates valid for 90 days. You now have more control over certificate lifetimes and can configure their custom duration when you create a new cluster. This way you can align with your organization's security and compliance policies.\n\nUse the following Custom Resource options to configure certificate duration:\n\n- `.spec.tls.certValidityDuration` \u2013 validity period for generated certificates\n- `.spec.tls.caValidityDuration` \u2013 validity period for the Certificate Authority (CA)\n\n```yaml\n tls:\n \ enabled: true\n certValidityDuration: 2160h\n caValidityDuration: 26280h\n```\n\nNote that the Operator enforces minimum durations to certificates:\n\n- For TLS certificates \u2013 1 hour\n- For CA certificate \u2013 730 hours.\n\nAlso, we don't recommend setting duration to exactly 1 hour to prevent certificate generation issues. Read more about rules and limitations about certificate duration configuration in our [documentation](https://docs.percona.com/percona-operator-for-mysql/pxc/tls-cert-manager.html#customize-certificate-duration-for-cert-manager).\n\nThis improvement empowers you to fine-tune certificate lifetimes while keeping your cluster secure and stable.\n\n##### Security context for ProxySQL sidecar containers\n\nYou can now define the security context for ProxySQL sidecar containers in the Operator, reducing the risk of unsecured sidecars bypassing Pod restrictions. This improvement lets you set user IDs, privileges, and filesystem access directly, ensuring compliance and strengthening Pod security.\n\nConfigure the security context in your custom resource. For example:\n\n```yaml\nspec:\n \ proxysql:\n sidecars:\n securityContext:\n privileged: false\n```\n\nWith this change, you enforce safer defaults across your deployments and close security gaps at the Pod level.\n\n##### Improved load balancing with ProxySQL scheduler (tech preview)\n\nThe Operator now integrates with the external `pxc_scheduler_handler` tool to improve query routing. This feature is currently in tech preview, so we recommend experimenting with it in test or staging environments before using it in production.\n\nWith this scheduler you get finer control over how your SQL queries are routed within your PXC cluster:\n\n- SELECT queries (that don't use FOR UPDATE) are intelligently distributed across all PXC nodes\u2014or all nodes except the writer, depending on your settings.\n- Non-SELECT queries and SELECT FOR UPDATE statements are routed to the writer node.\n- You don't have to micromanage the writer role: the scheduler automatically ensures only one writer is active at any time.\n\nThis means you could see:\n\n- better performance and higher throughput from distributing query loads\n- greater reliability with no single point of failure\n\n* Improved cluster health through early detection of replication lag and node issues\n\n- more efficient use of your resources and hardware\n- a smoother, more predictable experience for everyone using the database\n\nSee our [documentation](https://docs.percona.com/percona-operator-for-mysql/pxc/proxysql-conf.html#proxysql-scheduler-tech-preview) for full information about the scheduler behavior and setup.\n\nThe previous internal scheduler remains enabled by default to maintain backward compatibility. You can switch to the new one when you're ready to benefit from smarter query handling.\n\n##### Customize HAProxy backend health check intervals and failover behavior\n\nYou can now control how quickly HAProxy detects and reacts to node failures. Instead of waiting the default 20 seconds while HAProxy performs the failover, you can tune health checks to cut that down to just a few seconds. That means your applications recover faster, and users don't get stuck with hanging sessions when a node goes down.\n\nYou no longer need to override the entire HAProxy configuration to achieve this \u2014 the operator now gives you simple, direct options in the Custom Resource specification:\n\n```yaml\nhaproxy: \n healthCheck:\n interval: 10000\n rise: 1\n fall: 2\n```\n\nBy adjusting how often checks run and how many failures or successes mark a node as \u201Cdown\u201D or \u201Cup,\u201D you get faster failover, cleaner client handling, and easier configuration that is safe to upgrade and tailored to your environment.\n\n##### Switch from HAProxy to ProxySQL at runtime\n\nYou can now switch from HAProxy to ProxySQL without redeploying your Percona XtraDB Cluster. Previously, you had to choose ProxySQL only at startup. Now ProxySQL has the `caching_sha2_password` as the default authentication plugin, which gives you the flexibility to start with HAProxy and migrate to ProxySQL later as your needs evolve.\n\nWith this release, ProxySQL also includes a new [scheduler](#improved-load-balancing-with-proxysql-scheduler-tech-preview) that enhances SQL awareness, automates read/write splitting, and handles failovers more intelligently. This leads to faster queries, increased reliability, and more efficient cluster resource usage.\n\n**Which proxy should you choose?**\n\n- **HAProxy:** Choose HAProxy if you need a lightweight, TCP-level load balancer with minimal configuration. Note that for read/write splitting, your clients must connect to different HAProxy ports based on the query type.\n- **ProxySQL:** Opt for ProxySQL if you want built-in read/write splitting, advanced query-level control, and automated failover logic right out of the box.\n\nEach proxy brings its own resource requirements and advantages. We offer [additional guidance](https://docs.percona.com/percona-operator-for-mysql/pxc/load-balancing.html#what-load-balancer-to-use) on selecting the right proxy for your environment, plus [detailed recommendations](https://docs.percona.com/percona-operator-for-mysql/pxc/proxy-switching.html) on resource planning and best practices. Review these carefully to ensure your choice fits your operational and performance needs.\n\nTo switch between proxies, update your Custom Resource to set `haproxy.enabled` to `false` and `proxysql.enabled` to `true`. Apply the changes, and the Operator will handle the transition for you by restarting the relevant proxy Pods.\n\nWith this improvement you now control your proxy choice at runtime, and ProxySQL brings smarter routing and resilience right into the Operator.\n\n##### ProxySQL 3 support\n\nYou can now deploy ProxySQL 3 with Percona Operator for MySQL. This gives you more flexibility and control over how your applications connect to MySQL inside Kubernetes. Here\u2019s what you get:\n\n- Dual\u2011password support enables you to introduce a new password while the old one is still valid. As a result, you can rotate passwords without downtime\n- Enhanced event and query logging gives you real\u2011time visibility into query behavior and application traffic.\n- ProxySQL now logs the actual values bound to prepared statements. This helps you debug queries more effectively, since you see what data was passed instead of just placeholders\n- Event logs now include metadata about ProxySQL version and format. This makes it easier to track and audit logs across upgrades in your Operator\u2011managed deployments.\n\n##### Direct-access backups: Improved performance and reliability with sidecars (tech preview)\n\nBy default, the Operator makes backups using the SST method. This creates a separate backup Pod with Percona XtraBackup, while the database node enters Donor state and stops serving client requests. SST backups can also fail with cryptic network errors, making root cause analysis and recovery difficult.\n\nStarting with version 1.19.0, you can make backups via the XtraBackup sidecar container. The Operator deploys a sidecar with XtraBackup inside each Percona XtraDB Cluster Pod. This sidecar makes a backup and uploads it to the remote backup storage. The database Pod doesn\u2019t change its state to Donor and keeps accepting client requests.\n\nUsing the sidecar method provides a direct access to data thus boosting backup performance. The sidecar container constantly runs in the database Pod, so you have constant access to logs and status, which simplifies troubleshooting.\n\nTo enable the XtraBackup sidecar container backup method, set `PXCO_FEATURE_GATES=XtrabackupSidecar=true` environment variable in the Operator Deployment.\nThis functionality is in the tech preview stage and currently supports only cloud storages. We encourage you to try it out in your testing or staging environments and leave your feedback.\n\nFuture enhancements such as support of PVC volumes, backup encryption and incremental backups are planned for future releases.\n\nTo learn more about XtraBackup sidecar container backup method, see our [documentation](https://docs.percona.com/percona-operator-for-mysql/pxc/backups.html#xtrabackup-sidecar-method-tech-preview).\n\n##### Ensure only up to date data is served during backups\n\nWhen a node donates data during backups or SST, it enters into the DONOR state. At this point, the node should no longer handle client connections. HAProxy's external check correctly blocked new connections to the Donor node but allowed existing sessions to remain active. Those lingering sessions could return slow or outdated results.\n\nThe HAProxy default configuration now includes the `on-marked-down shutdown-sessions` directive. As soon as HAProxy marks a node as down, all active connections are immediately closed and clients reconnect to remaining active nodes. This ensures that only fresh, up to date data is served during backups.\n\n##### Automatic cleanup of backup and restore Jobs and associated Pods\n\nThe Operator creates a dedicated Job and Pod for every backup and restore operation. Previously, these Jobs and Pods remained in the cluster even after the operation was finished, and you had to manually delete them to free up resources.\n\nNow, you can offload this task to the Operator. Specify a time-to-live (TTL) for backup and restore Jobs once the operation is finished. When the TTL expires, the Operator automatically deletes the Job and its associated Pod.\n\nModify your Custom Resource as follows:\n\n```yaml\nbackup:\n image: perconalab/percona-xtradb-cluster-operator:main-pxc8.0-backup\n \ ttlSecondsAfterFinished: 3600\n```\n\nThis setting is global. It applies to all on-demand and scheduled backups, and all restores.\n\nThe Operator also ensures reliability: if a backup or restore takes longer than the configured TTL, it applies the `internal.percona.com/keep-job` finalizer to allow the operation to finish. After the operation completes either with the `Succeeded` or the `Failed` status, the finalizer is removed and the Job is cleaned up.\n\nThis improvement reduces manual maintenance overhead, gives you control over the processes lifetime for debugging or auditing purposes and helps keep your cluster healthy and efficient. By reducing unnecessary resource buildup, you gain smoother operations, lower maintenance overhead and improved reliability in production environments.\n\n##### Improved backup identification for point-in-time recovery readiness\n\nWhen a backup contains binlog gaps, the Operator now creates a `.pitr-not-ready` file in the backup storage. This file makes it easy to identify which backups are appropriate for point in time recovery both in the storage and when listing backup objects.\n\nBefore starting a restore, the Operator checks for this marker file and blocks unsafe restores, protecting you from incomplete recovery attempts. If needed, you can override this safeguard by adding the `percona.com/unsafe-pitr` annotation to the Restore object. Use this override with caution, as this is an unsafe configuration.\n\n##### Attach external PVCs for shared data access across applications and the database cluster\n\nSometimes your database needs more than its own internal storage. For example, it needs access to reference files, shared configuration files or lookup tables generated outside the database but still essential for queries and procedures.\n\nYou can now attach auxiliary pre-existing PVCs and mount that external data directly into your database, ProxySQL or HAProxy pods in a clean, declarative way using the Custom Resource.\n\nThis example configuration shows how to attach external PVC to the XtraDB Cluster Pods:\n\n```yaml\npxc:\n extraPVCs:\n \ - name: extra-data-volume\n claimName: my-extra-storage\n mountPath: /var/lib/mysql-extra\n readOnly: false\n```\n\nThis improvement gives you a reliable way to separate internal database storage from external domain data, update shared datasets independently, and still benefit from the Operator\u2019s automation and resilience.\n\n##### Customize password generation by the Operator\n\nBy default, the Operator generates user passwords using alphanumeric characters plus a set of special symbols. Some tools such as MySQL Prometheus Exporter or mysqlsh don't support certain symbols, which can make those passwords invalid.\n\nTo improve compatibility and user experience, you can now customize password generation parameters in the Custom Resource:\n\n```yaml\nspec:\n passwordGenerationOptions:\n symbols: \"!#$%&()*+,-.<=>?@​[]^_{}~\"\n \ maxLength: 20\n minLength: 16\n```\n\nThis enhancement lets you keep the convenience of automated password generation and at the same time ensure compliance with the tools and environments you integrate with the Operator.\n\n##### Configure memory allocator in the Operator\n\nBy default, Percona Operator for XtraDB Cluster uses the system allocator (`libc`) to manage memory. While this works for most cases, alternative allocators such as `jemalloc` and `tcmalloc` can improve performance and reduce fragmentation in high-traffic workloads.\n\nTo have more flexibility, you can now configure the memory allocator directly in the Custom Resource:\n\n```yaml\nspec:\n pxc:\n \ mysqlAllocator: jemalloc\n```\n\nSupported values are:\n\n- `jemalloc`\n- `tcmalloc`\n- `libc` (default, used when no value is set)\n\nIf you have already configured the memory allocator via the environment variable, the Operator will respect that setting and use it instead of the Custom Resource value.\n\nThis enhancement lets you fine-tune memory management for your cluster while keeping compatibility with existing configurations.\n\n##### Deprecation, rename, removal\n\n**Removed in 1.19.0:**\n\n- `proxysql.readinessDelaySec` and `proxysql.livenessDelaySec` fields are removed as redundant\n\n**Deprecated (will be removed in 1.22.0):**\n\n- `pxc.livenessDelaySec`. Use [`pxc.livenessProbes.initialDelaySeconds`](https://docs.percona.com/percona-operator-for-mysql/pxc/operator.html#pxclivenessprobesinitialdelayseconds)\n- `pxc.readinessDelaySec`. Use [`pxc.readinessProbes.initialDelaySeconds`](https://docs.percona.com/percona-operator-for-mysql/pxc/operator.html#pxcreadinessprobesinitialdelayseconds)\n- `haproxy.livenessDelaySec`. Use [`haproxy.livenessProbes.initialDelaySeconds`](https://docs.percona.com/percona-operator-for-mysql/pxc/operator.html#haproxylivenessprobesinitialdelayseconds)\n- `haproxy.readinessDelaySec`. Use [`haproxy.readinessProbes.initialDelaySeconds`](https://docs.percona.com/percona-operator-for-mysql/pxc/operator.html#haproxyreadinessprobesinitialdelayseconds)\n\n##### Changelog\n\n##### New Features\n\n- [K8SPXC-1332](https://perconadev.atlassian.net/browse/K8SPXC-1332) - Added the ability to load custom SSL certificates for backup operations to S3 storage. This enables secure communication with S3-compatible storage using the certificates approved and trusted by your company (Thank you Azam Abdoelbasier for submitting this request).\n- [K8SPXC-1494](https://perconadev.atlassian.net/browse/K8SPXC-1494) - Added the ability to configure the duration of TLS certificates created by `cert-manager`. This allows users to customize certificate lifecycles to meet their specific security requirements.\n- [K8SPXC-1576](https://perconadev.atlassian.net/browse/K8SPXC-1576) - Added the ability to use the XtraBackup sidecar container instead of SST for creating backups. This provides an alternative, potentially more efficient backup method.\n- [K8SPXC-1688](https://perconadev.atlassian.net/browse/K8SPXC-1688) - Added ability to mount pre-existing auxiliary PVCs as volumes to database and proxy pods. This facilitates easier integration with external data and storage resources (Thank you Emin AKTAS for submitting the request and contributing to it).\n- [K8SPXC-1733](https://perconadev.atlassian.net/browse/K8SPXC-1733) - Added the ability to customize password generation parameters, such as length and character sets via the Custom Resource. This ensures smooth operation of the tools with specific requirements towards password and leverages the automatic password generation of the Operator (Thank you user fydrah for submitting the request and contributing to it).\n- [K8SPXC-1734](https://perconadev.atlassian.net/browse/K8SPXC-1734) - Introduced configurable HAProxy backend health check parameters that can be tuned without overriding the entire configuration. This simplifies performance tuning for high-availability setups (Thank you Tim Stoop for submitting the request and contributing to it).\n\n##### Improvements\n\n- [K8SPXC-735](https://perconadev.atlassian.net/browse/K8SPXC-735) - Added the support of the `pxc_scheduler_handler` ProxySQL scheduler for SQL-aware routing and effective read/write splitting. This allows for better utilization of resources by distributing read-only traffic across the entire cluster while routing write requests only to the writer node.\n- [K8SPXC-992](https://perconadev.atlassian.net/browse/K8SPXC-992) - Improved binlog naming to prevent potential collisions between different collectors. The updated naming convention ensures unique and consistent identification of binary log files in storage.\n- [K8SPXC-1144](https://perconadev.atlassian.net/browse/K8SPXC-1144) - Introduced a mechanism to mark S3 backups as PITR-unready if binlog gaps are detected. This prevents users from attempting invalid point-in-time recoveries using inconsistent backups.\n- [K8SPXC-1214](https://perconadev.atlassian.net/browse/K8SPXC-1214) - Added an option to automatically clean up completed backup and restore jobs and their associated pods. This improvement helps reduce pressure on the Kubernetes API by removing stale resources (Thank you Alexandre Barth for reporting this issue).\n- [K8SPXC-1319](https://perconadev.atlassian.net/browse/K8SPXC-1319) - Enhanced the operator to support running multiple backup restores for different clusters in parallel. This removes a previous limitation that blocked concurrent restore operations across the environment.\n- [K8SPXC-1327](https://perconadev.atlassian.net/browse/K8SPXC-1327) - Added the ability to change the memory allocator for MySQL to improve memory management efficiency. This change helps optimize the overall memory footprint of PXC pods.\n- [K8SPXC-1373](https://perconadev.atlassian.net/browse/K8SPXC-1373) - Improved core dump handling to ensure that crashed instances can recover more reliably after an SST. This enhancement aids in diagnosing and recovering from unexpected server failures.\n- [K8SPXC-1431](https://perconadev.atlassian.net/browse/K8SPXC-1431) - Improved the delete-backup finalizer logic to correctly handle the deletion of on-demand backup PVCs.\n- [K8SPXC-1470](https://perconadev.atlassian.net/browse/K8SPXC-1470) - Added the ability to switch between HAProxy and ProxySQL within an existing cluster. This provides users with more flexibility to change their load-balancing solution as their needs evolve.\n- [K8SPXC-1511](https://perconadev.atlassian.net/browse/K8SPXC-1511) - Added the support of data at rest encryption for Percona XtraDB Cluster 8.4 via the `keyring vault` component. This change ensures compatibility with the latest security architecture of MySQL 8.4.\n- [K8SPXC-1525](https://perconadev.atlassian.net/browse/K8SPXC-1525) - Deprecated `pxc.livenessDelaySec` option in favor of more consistent liveness probe parameters. The Operator now prioritizes standard probe configurations to manage Pod lifecycle.\n- [K8SPXC-1568](https://perconadev.atlassian.net/browse/K8SPXC-1568) - Updated the Operator's password generation logic to prevent the '\\*' character from being used as the first character. This avoids potential issues with certain authentication plugins and command-line tools.\n- [K8SPXC-1594](https://perconadev.atlassian.net/browse/K8SPXC-1594) - Improved the database upgrade logic to prevent the controller from being blocked during the operation. This ensures that the Operator remains responsive to other cluster changes while an upgrade is in progress.\n- [K8SPXC-1628](https://perconadev.atlassian.net/browse/K8SPXC-1628) - Added support for `tcmalloc` as an alternative memory allocator in PXC images. This gives users additional options to tune and reduce the memory footprint of their database workloads.\n- [K8SPXC-1647](https://perconadev.atlassian.net/browse/K8SPXC-1647) - Implemented extended exit codes for garbd to provide better diagnostic information for different failure scenarios. This helps users identify the root cause of SST and joining issues faster.\n- [K8SPXC-1668](https://perconadev.atlassian.net/browse/K8SPXC-1668) - Added support for ProxySQL 3, providing users with access to the latest features and performance improvements of the load balancer.\n- [K8SPXC-1683](https://perconadev.atlassian.net/browse/K8SPXC-1683) - Expanded smart update tests to include PXC 8.4 and PMM 3, ensuring stable upgrade paths for the latest versions.\n- [K8SPXC-1703](https://perconadev.atlassian.net/browse/K8SPXC-1703) - Added the support of the `generateEmbeddedObjectMeta` option, improving the template handling for sidecars and extra PVCs (Thank you Emin AKTAS for reporting and contributing to this issue).\n- [K8SPXC-1748](https://perconadev.atlassian.net/browse/K8SPXC-1748) - Eliminated runtime CREATE FUNCTION statements in the PITR collector to avoid unnecessary Galera TOI (Total Order Isolation) events. This reduces the performance impact on the cluster when the PITR sidecar starts or restarts.\n\n##### Bugs Fixed\n\n- [K8SPXC-926](https://perconadev.atlassian.net/browse/K8SPXC-926) - Fixed an issue where a failed smart update on one cluster could block the Operator from managing other clusters in multi-cluster environments. The controller now handles update failures more gracefully without impacting independent resources.\n- [K8SPXC-1379](https://perconadev.atlassian.net/browse/K8SPXC-1379) - Fixed an issue where monit container resource values in ProxySQL pods did not correctly reflect the values specified in the PXC cluster definition. The operator now ensures that ProxySQL resource attributes are properly applied to the monitoring sidecar containers.\n- [K8SPXC-1424](https://perconadev.atlassian.net/browse/K8SPXC-1424) - Resolved a certificate renewal issue where CA certificates in TLS secrets could expire before server certificates were renewed. The Operator logic was updated to align renewal intervals for CA and server certificates when using cert-manager.\n- [K8SPXC-1581](https://perconadev.atlassian.net/browse/K8SPXC-1581) - Corrected the order of options in the restore prepare job to ensure that `--defaults-file` is passed as the first option to xtrabackup. This fix ensures that custom configuration files are correctly prioritized during the restore process.\n- [K8SPXC-1617](https://perconadev.atlassian.net/browse/K8SPXC-1617) - Fixed a binlog gap issue in Point-in-Time Recovery (PITR) that caused repeated test failures. Users are now advised to perform a full backup after each PITR restore to ensure data consistency and prevent gaps.\n- [K8SPXC-1632](https://perconadev.atlassian.net/browse/K8SPXC-1632) - Added missing SecurityContext configurations for ProxySQL sidecar containers to enhance pod security. This change ensures that all sidecars follow the defined security standards of the cluster.\n- [K8SPXC-1655](https://perconadev.atlassian.net/browse/K8SPXC-1655) - Fixed a failure in xtrabackup when using LZ4 compression on RHEL9-based Percona XtraDB Cluster images. The fix addresses compatibility issues with the latest compression libraries in the operating system environment.\n- [K8SPXC-1686](https://perconadev.atlassian.net/browse/K8SPXC-1686) - Improved backup error handling to ensure that providing an invalid Percona XtraBackup image results in a failed status. A new timeout field was introduced to prevent backup objects from hanging indefinitely in a starting state.\n- [K8SPXC-1687](https://perconadev.atlassian.net/browse/K8SPXC-1687) - Fixed the `copy-backup.sh` script to correctly handle and copy cloud-based backups stored in S3 or Azure. This ensures that the utility script works consistently across all supported storage types.\n- [K8SPXC-1701](https://perconadev.atlassian.net/browse/K8SPXC-1701) - Ensured that MySQL configurations are correctly mounted to the restore prepare job. This fix allows the restore process to use custom MySQL settings defined in the cluster (Thank you Emin AKTAS for reporting and contributing to this issue).\n- [K8SPXC-1702](https://perconadev.atlassian.net/browse/K8SPXC-1702) - Added the ability to override time zones for backup jobs. This resolves issues where time-dependent operations could fail due to missing timezone definitions (Thank you Emin AKTAS for reporting and contributing to this issue).\n- [K8SPXC-1721](https://perconadev.atlassian.net/browse/K8SPXC-1721) - Added a sleep interval to the recovery loop to prevent high CPU usage spikes when containers restart.\n- [K8SPXC-1725](https://perconadev.atlassian.net/browse/K8SPXC-1725) - Fixed a condition where a cluster could return stalled data during a backup or SST operation by adding the on-marked-down shutdown-sessions directive to HAProxy default configuration. This ensures that only fresh, up to date data is served during backups.\n- [K8SPXC-1726](https://perconadev.atlassian.net/browse/K8SPXC-1726) - Resolved a deployment breakage in the Operator version 1.18.0 via Helm caused by PMM 3 client incompatibilities. The fix ensures a smoother upgrade path for users migrating to newer versions of PMM (Thank you Antonio Falzarano for reporting and contributing to this issue).\n- [K8SPXC-1760](https://perconadev.atlassian.net/browse/K8SPXC-1760) - Fixed the handling of the crVersion field in the Helm chart templates. The Operator now correctly considers the version defined in `values.yaml` when generating the cluster configuration.\n- [K8SPXC-1771](https://perconadev.atlassian.net/browse/K8SPXC-1771) - Fixed the issue with excessive logging by the backup controller when backups are suspended or resumed due to an unready cluster. This improves log readability and reduces unnecessary diagnostic noise.\n- [K8SPXC-1772](https://perconadev.atlassian.net/browse/K8SPXC-1772) - Fixed a state transition bug where unsuspended backups could move directly from 'Starting' to 'Succeeded' without entering the 'Running' state. This ensures accurate tracking and visibility of the backup process status.\n\n##### Documentation Improvements\n\n- [K8SPXC-1747](https://perconadev.atlassian.net/browse/K8SPXC-1747) - Improved the documentation with the information about available environment variables for cluster components and the Operator. Documented the `S3_WORKERS_LIMIT` environment variable to allow throttling of backup deletions.\n- [K8SPXC-1661](https://perconadev.atlassian.net/browse/K8SPXC-1661) - Updated the operator documentation to reflect that PMM 3 uses service accounts instead of API keys. This ensures that users can correctly configure monitoring integration with the latest versions of PMM.\n- [K8SPXC-1663](https://perconadev.atlassian.net/browse/K8SPXC-1663) - Improved documentation for Point-in-Time Recovery steps. The updated documentation properly separates and sequences the recovery instructions for improved readability.\n\n##### Supported Software\n\nThe Operator was developed and tested with the following software:\n\n- Percona XtraDB Cluster versions 8.4.7-7.1, 8.0.44-35.1, and 5.7.44-31.65\n- Percona XtraBackup versions 8.4.0-5.1, 8.0.35-34.1, and 2.4.29\n- HAProxy 2.8.17\n- ProxySQL 2.7.3-1.2, 3.0.1-1.2\n- LogCollector based on fluent-bit 4.0.1-1\n- PMM Client 2.44.1-1 and 3.5.0\n\nOther options may also work but have not been tested.\n\n##### Supported Platforms\n\nPercona Operators are designed for compatibility with all [CNCF-certified](https://www.cncf.io/training/certification/software-conformance/) Kubernetes distributions. Our release process includes targeted testing and validation on major cloud provider platforms and OpenShift, as detailed below:\n\n- [Google Kubernetes Engine (GKE)](https://cloud.google.com/kubernetes-engine) 1.31 - 1.33\n- [Amazon Elastic Container Service for Kubernetes (EKS)](https://aws.amazon.com) 1.32 - 1.34\n- [Azure Kubernetes Service (AKS)](https://azure.microsoft.com/en-us/services/kubernetes-service/) 1.32 - 1.34\n- [OpenShift](https://www.redhat.com/en/technologies/cloud-computing/openshift) 4.17 - 4.20\n- [Minikube](https://minikube.sigs.k8s.io/docs/) 1.37.0 based on Kubernetes 1.34.0\n\nThis list only includes the platforms that the Percona Operators are specifically tested on as part of the release process. Other Kubernetes flavors and versions depend on the backward compatibility offered by Kubernetes itself.\n\n### [`v1.18.0`](https://redirect.github.com/percona/percona-xtradb-cluster-operator/releases/tag/v1.18.0)\n\n[Compare Source](https://redirect.github.com/percona/percona-xtradb-cluster-operator/compare/v1.17.0...v1.18.0)\n\n##### Release Highlights\n\nThis release of Percona Operator for MySQL based on Percona XtraDB Cluster includes the following new features and improvements:\n\n##### PMM3 support\n\nThe Operator is natively integrated with [PMM 3](https://www.percona.com/doc/percona-monitoring-and-management/3/index.html), enabling you to monitor the health and performance of your Percona Distribution for MySQL deployment and at the same time enjoy enhanced performance, new features, and improved security that PMM 3 provides.\n\nNote that the Operator supports both PMM2 and PMM3. The decision on what PMM version is used depends on the authentication method you provide in the Operator configuration: PMM2 uses API keys while PMM3 uses service account token. If the Operator configuration contains both authentication methods with non-empty values, PMM3 takes the priority.\n\nTo use PMM, ensure that the PMM client image is compatible with the PMM Server version. Check [Percona certified images](https://docs.percona.com/percona-operator-for-mysql/pxc/images.html) for the correct client image.\n\nFor how to configure monitoring with PMM, see the [documentation](https://docs.percona.com/percona-operator-for-mysql/pxc/monitoring.html).\n\n##### Improved monitoring for clusters in multi-region or multi-namespace deployments in PMM\n\nNow you can define a custom name for your clusters deployed in different data centers. This name helps Percona Management and Monitoring (PMM) Server to correctly recognize clusters as connected and monitor them as one deployment. Similarly, PMM Server identifies clusters deployed with the same names in different namespaces as separate ones and correctly displays performance metrics for you on dashboards.\n\nTo assign a custom name, define this configuration in the Custom Resource manifest for your cluster:\n\n```yaml\nspec:\n \ pmm:\n customClusterName: testClusterName\n```\n\n##### More resilient database restores without matching user Secrets\n\nYou no longer need matching user Secrets between your backup and your target cluster to perform a restore. The Operator now has a post-restore step that changes user passwords in the restored database to the ones from the local Secret. Also, it creates missing system users and adds missing grants.\n\nThis flow is the same regardless of whether you restore to the same cluster or to a completely new one.\n\nThe removal of this major roadblock to have a Secret for restores makes your disaster recovery process smoother and more reliable. This enhancement makes managing databases on Kubernetes more robust and operator-friendly.\n\n##### Improved backup retention for streamlined management of scheduled backups in cloud storage\n\nA new backup retention configuration gives you more control over how backups are managed in storage and retained in Kubernetes.\n\nWith the `deleteFromStorage` flag , you can disable automatic deletion from AWS S3 or Azure Blob storage and instead rely on native cloud lifecycle policies. This makes backup cleanup more efficient and better aligned with flexible storage strategies.\n\nThe legacy `keep` option is now deprecated and mapped to the new `retention` block for compatibility. We encourage you to start using the `backup.schedule.retention` configuration:\n\n```yaml\nschedule:\n \ - name: \"sat-night-backup\"\n schedule: \"0 0 * * 6\"\n retention:\n \ count: 3\n type: count\n deleteFromStorage: true\n storageName: s3-us-west\n```\n\nNote that if you have both `backup.schedule.keep` and `backup.schedule.retention` defined, the `backup.schedule.retention` takes precedence.\n\n##### Added labels to identify the version of the Operator\n\nCustom Resource Definition (CRD) is compatible with the last three Operator versions. To know which Operator version is attached to it, we've added labels to all Custom Resource Definitions. The labels help you identify the current Operator version and decide if you need to update the CRD. To view the labels, run: `kubectl get crd perconaxtradbclusters.pxc.percona.com --show-labels`.\n\n##### Cross-site replication is now supported for Percona XtraDB Cluster 8.4\n\nCross-site replication is now available with Percona XtraDB Cluster 8.4.x, lifting one of the limitations in the Operator for this database version. This enhancement marks a significant step toward general availability of Percona XtraDB Cluster 8.4 in the Operator by enabling multi-site deployments and improving resilience across distributed environments.\n\n##### Deprecation, Rename and Removal\n\n- The `pxc.expose.loadBalancerIP`, `haproxy.exposePrimary.loadBalancerIP`, `haproxy.exposeReplicas.loadBalancerIP` and `proxysql.expose.loadBalancerIP` keys are deprecated. The `loadBalancerIP` field is also deprecated upstream in Kubernetes\n due to its inconsistent behavior across cloud providers and lack of dual-stack support. As a result, its usage is strongly discouraged.\n\n \ We recommend using cloud provider-specific annotations instead, as they offer more predictable and portable behavior for managing load balancer IP assignments.\n\n The `pxc.expose.loadBalancerIP`, `haproxy.exposePrimary.loadBalancerIP`, `haproxy.exposeReplicas.loadBalancerIP` and `proxysql.expose.loadBalancerIP` keys are scheduled for removal in future releases.\n\n- The `backup.schedule.keep` field is deprecated and will be removed after release 1.21.0. We recommend using the `backup.schedule.retention` instead as follows:\n\n ```yaml\n \ schedule:\n - name: \"sat-night-backup\"\n schedule: \"0 0 ** 6\"\n retention:\n count: 3\n type: count\n deleteFromStorage: true\n storageName: s3-us-west\n ```\n\n- New repositories for Percona XtraBackup and Logcollector\n\n Now the Operator uses the official Percona Docker images for the `percona-xtrabackup` and `logcollector` components. Pay attention to the new image repositories when you upgrade the Operator and the database. Check the [Percona certified images](https://docs.percona.com/percona-operator-for-mysql/pxc/images.html) for exact image names.\n\n- Changes for Helm charts:\n\n - PMM3 is now the default. To keep using PMM2, set the `pmm.tag: 2.44.1`\n - If you install or upgrade the Operator with default manifests using Helm charts on Openshift 4.19, you must use the `docker.io` registry prefix to guarantee successful download from the DockerHub `percona-xtradb-cluster` repository. Read the [Considerations for using OpenShift 4.19](#considerations-for-using-openshift-419) section for more information.\n\n##### Known limitations\n\n##### Considerations for using OpenShift 4.19\n\nStarting with OpenShift 4.19, the way images with not fully qualified names are pulled has changed for repositories that share the same repository name on DockerHub and Red Hat Marketplace. By default the tags are pulled from Red Hat Marketplace. Specifying not fully qualified image names may result in the `ImagePullBackOff` error.\n\n- **OLM installation:** Images are provided with the fully qualified names and are pulled from the Red Hat Marketplace/DockerHub registry.\n- **Manual install/update with default manifests:** Images must use the `docker.io` registry prefix to guarantee successful download from the Dockerhub `percona-xtradb-cluster` repository.\n\nSee our documentation for [manual installation](https://docs.percona.com/percona-operator-for-mysql/pxc/openshift.html#install-the-operator-via-the-command-line-interface) or [update](https://docs.percona.com/percona-operator-for-mysql/pxc/update_openshift.html#update-via-the-command-line-interface).\n\n##### Changleog\n\n##### New Features\n\n- [K8SPXC-1284](https://perconadev.atlassian.net/browse/K8SPXC-1284) - Add the ability to configure protocol for peer-list DNS SRV lookups\n\n- [K8SPXC-1599](https://perconadev.atlassian.net/browse/K8SPXC-1599) - Allowed setting `loadBalancerClass` service type and using a custom implementation of a load balancer rather than the cloud provider default one\n\n##### Improvements\n\n- [K8SPXC-1375](https://perconadev.atlassian.net/browse/K8SPXC-1375) - Added a new retention configuration to allow users to delegate backup cleanup to cloud lifecycle policies (Thank you user Tristan for reporting this issue)\n\n- [K8SPXC-1376](https://perconadev.atlassian.net/browse/K8SPXC-1376) - Added the ability to restore from backup without a matching Secret resource\n\n- [K8SPXC-1399](https://perconadev.atlassian.net/browse/K8SPXC-1399) - Added a documentation how to set up a disaster recovery system and transfer workloads between sites\n\n- [K8SPXC-1415](https://perconadev.atlassian.net/browse/K8SPXC-1415) - Updated the `percona-xtrabackup` image to use the official `percona-xtrabackup` Docker image\n\n- [K8SPXC-1430](https://perconadev.atlassian.net/browse/K8SPXC-1430) - Improved handling of autogenerated certificates depending on the `delete-ssl` finalizer configuration\n\n- [K8SPXC-1448](https://perconadev.atlassian.net/browse/K8SPXC-1448), [K8SPXC-1449](https://perconadev.atlassian.net/browse/K8SPXC-1449) - Improved the `pvc-resize` test by using a custom storage class for EKS, reducing errors and improving the quota handling during resize\n\n- [K8SPXC-1450](https://perconadev.atlassian.net/browse/K8SPXC-1450) - Improved PVC resizing behavior when reducing the storage size by reverting the values when the quota is reached\n\n- [K8SPXC-1472](https://perconadev.atlassian.net/browse/K8SPXC-1472) - Deprecated the `loadBalancerIP` field due to its deprecation upstream\n\n- [K8SPXC-1513](https://perconadev.atlassian.net/browse/K8SPXC-1513) - Added PXC 8.4 support for version service\n\n- [K8SPXC-1529](https://perconadev.atlassian.net/browse/K8SPXC-1529) - Added support for cross-site replication with MySQL 8.4.0 by adding the use of `authentication_policy` instead of `default_authentication_plugin`\n\n- [K8SPXC-1553](https://perconadev.atlassian.net/browse/K8SPXC-1553) - Added support for PMM v3\n\n- [K8SPXC-1560](https://perconadev.atlassian.net/browse/K8SPXC-1560) - Added the warning about CRDs not being upgraded automatically after helm upgrade to the output\n\n- [K8SPXC-1566](https://perconadev.atlassian.net/browse/K8SPXC-1566) - Improved reconciliation of replicationChannels without proxy Pods by starting the database Pod bypassing the proxy (Thank you Justin Reasoner for contributing to this issue)\n\n- [K8SPXC-1569](https://perconadev.atlassian.net/browse/K8SPXC-1569) - Added Labels for Custom Resource Definitions (CRD) to identify the Operator version attached to them\n\n- [K8SPXC-1597](https://perconadev.atlassian.net/browse/K8SPXC-1597) - Improve the scheduled backups behavior for a cluster in an unhealthy state by postponing the job until the cluster reports the healthy status\n\n- [K8SPXC-1605](https://perconadev.atlassian.net/browse/K8SPXC-1605) - Introduced Azure CLI for checking if backup objects/folders exist in Azure storage\n\n- [K8SPXC-1612](https://perconadev.atlassian.net/browse/K8SPXC-1612) - Added the `imagePullSecrets` for PMM image\n\n- [K8SPXC-1615](https://perconadev.atlassian.net/browse/K8SPXC-1615) - Added the ability to define a custom cluster name for `pmm-admin` component\n\n- [K8SPXC-1624](https://perconadev.atlassian.net/browse/K8SPXC-1624) - Deleted deprecated finalizers code\n\n- [K8SPXC-1669](https://perconadev.atlassian.net/browse/K8SPXC-1669) - Improve the backup flow by generating a default endpoint URL for a storage from a region if it is not provided (Thank you Bernard Grymonpon for reporting this issue)\n\n- [K8SPXC-1677](https://perconadev.atlassian.net/browse/K8SPXC-1677) - Document the changed behavior with pulling images for default manifests on OpenShift 4.19 and update install and update instructions\n\n##### Bugs Fixed\n\n- [K8SPXC-1312](https://perconadev.atlassian.net/browse/K8SPXC-1312) - Fixed the issue with labels not being updated automatically for point-in-time recovery deployment upon Custom Resource changes\n\n- [K8SPXC-1347](https://perconadev.atlassian.net/browse/K8SPXC-1347) - Fixed the issue with point-in-time recovery failing due to TLS configuration mismatch between the server and the point-in-time recovery job by configuring it to use TLS if is required by the server.\n\n- [K8SPXC-1382](https://perconadev.atlassian.net/browse/K8SPXC-1382) - Fixed the issue with backup failing on AWS if using IAM profile without credentialsSecret by using credentialsSecret only when explicitly specified and relying on IAM roles instead (Thank you Itiel Olenick for reporting this issue)\n\n- [K8SPXC-1541](https://perconadev.atlassian.net/browse/K8SPXC-1541) - Fixed Telemetry module to to consider both empty string \"\" and comma separated namespaces in cluster-wide mode\n\n- [K8SPXC-1548](https://perconadev.atlassian.net/browse/K8SPXC-1548) Fixed the issue with deleting old backups on Google Cloud Storage by url-decoding the object path before deleting it (Thank you Mateusz Gruszkiewicz for reporting this issue)\n\n- [K8SPXC-1631](https://perconadev.atlassian.net/browse/K8SPXC-1631) - Fixed the issue with the Operator restarting pod-0 after the cluster is ready. The issue is caused by ConfigMap and StatefulSet being created too close to each other and Kubernetes API can't return the newly created ConfigMap before creating the StatefulSet. The issue is fixed by reconciling the StatefulSet after the reconciliation of ConfigMap is completed.\n\n- [K8SPXC-1664](https://perconadev.atlassian.net/browse/K8SPXC-1664) - Fixed the use of the proper script to check PXC nodes when adding them by HAProxy\n\n##### Supported Software\n\nThe Operator was developed and tested with the following software:\n\n- Percona XtraDB Cluster versions 8.4.5-5.1 (Tech preview), 8.0.42-33.1, and 5.7.44-31.65\n- Percona XtraBackup versions 8.4.0-3, 8.0.35-34.1, and 2.4.29\n- HAProxy 2.8.15-1\n- ProxySQL 2.7.3\n- LogCollector based on fluent-bit 4.0.1\n- PMM Client 2.44.1 and 3.3.1\n\nOther options may also work but have not been tested.\n\n##### Supported Platforms\n\nPercona Operators are designed for compatibility with all [CNCF-certified](https://www.cncf.io/training/certification/software-conformance/) Kubernetes distributions. Our release process includes targeted testing and validation on major cloud provider platforms and OpenShift, as detailed below for Operator version 1.16.0:\n\n- [Google Kubernetes Engine (GKE)](https://cloud.google.com/kubernetes-engine) 1.30 - 1.33\n- [Amazon Elastic Container Service for Kubernetes (EKS)](https://aws.amazon.com) 1.30 - 1.33\n- [Azure Kubernetes Service (AKS)](https://azure.microsoft.com/en-us/services/kubernetes-service/) 1.30 - 1.33\n- [OpenShift](https://www.redhat.com/en/technologies/cloud-computing/openshift) 4.15 - 4.19\n- [Minikube](https://minikube.sigs.k8s.io/docs/) 1.36.0 based on Kubernetes 1.33.1\n\nThis list only includes the platforms that the Percona Operators are specifically tested on as part of the release process. Other Kubernetes flavors and versions depend on the backward compatibility offered by Kubernetes itself.\n\n### [`v1.17.0`](https://redirect.github.com/percona/percona-xtradb-cluster-operator/releases/tag/v1.17.0)\n\n[Compare Source](https://redirect.github.com/percona/percona-xtradb-cluster-operator/compare/v1.16.1...v1.17.0)\n\n#### Release Highlights\n\n##### Improved observability for HAProxy and ProxySQL\n\nGet insights into the HAProxy and ProxySQL performance by connecting to their statistics pages. Use the `cluster-name-haproxy:8084` and `cluster-name-proxysql:6070` endpoints to do so. Learn about other available ports in the [documentation](https://docs.percona.com/percona-operator-for-mysql/pxc/haproxy-conf.html).\n\n##### Improved cluster load management during backups\n\nIf parallel backups overload your cluster, you can turn off parallel execution to prevent this. Previously, this meant that you could only run one backup at a time - no new backups could start until the current one was finished. Now, the Operator queues backups and runs them one after another automatically. You can fine-tune the backup sequence by setting the start time for all backups or for a specific on-demand one using the [`spec.backup.startingDeadlineSeconds`](https://docs.percona.com/percona-operator-for-mysql/pxc/operator.html#backupstartingdeadlineseconds) Custom Resource option. This provides greater control over backup operations.\n\nAnother improvement is for the case when your database cluster becomes unhealthy, for example, when a Pod crashes or restarts. The Operator suspends running backups to reduce the cluster's load. Once the cluster recovers and reports a Ready status, the Operator resumes the suspended backup. To further offload the cluster during an unhealthy state, you can configure how long a backup remains suspended by using the [`spec.backup.suspendedDeadlineSeconds`](https://docs.percona.com/percona-operator-for-mysql/pxc/operator.html#backupsuspendeddeadlineseconds) Custom Resource option. If this time expires before the cluster recovers, the backup is marked as \"failed.\"\n\n##### Monitor PMM Client health and status\n\nPercona Monitoring and Management (PMM) is a great tool to [monitor the health of your database cluster](https://docs.percona.com/percona-operator-for-mysql/pxc/monitoring.html). Now you can also learn if PMM itself is healthy using probes - a Kubernetes diagnostics mechanism to check the health and status of containers. Use the [`spec.pmm.readinessProbes.*`](https://docs.percona.com/percona-operator-for-mysql/pxc/operator.html#pmmreadinessprobesinitialdelayseconds) and [`spec.pmm.livenessProbes.*`](https://docs.percona.com/percona-operator-for-mysql/pxc/operator.html#pmmlivenessprobesinitialdelayseconds) Custom Resource options to fine-tune Readiness and Liveness probes for PMM Client.\n\n##### Improved observability of binary log backups\n\nGet insights into the success and failure rates of binlog operations, timeliness of processing and uploads and potential gaps or inconsistencies in binlog data with the Prometheus metrics added for the Operator. Gather this data by connecting to the `:8080/metrics` endpoint. Learn more about the available metrics in the [documentation](https://docs.percona.com/percona-operator-for-mysql/pxc/backups-pitr.html#binary-logs-statistics).\n\n#### Deprecation, Rename and Removal\n\nThe `spec.haproxy.exposePrimary.enabled` field is deprecated. If enabled via the `spec.haproxy.enabled`, the HAProxy primary service is already exposed.\n\n#### New Features\n\n- [K8SPXC-747](https://perconadev.atlassian.net/browse/K8SPXC-747), [K8SPXC-1473](https://perconadev.atlassian.net/browse/K8SPXC-1473) - Add the ability to access the statistics pages for HAProxy and ProxySQL\n\n- [K8SPXC-1366](https://perconadev.atlassian.net/browse/K8SPXC-1366) - Add the ability to queue backups and run them sequentially, and to optimize the cluster load with the ability to suspend backups for an unhealthy cluster. A user can assign the start time and suspension time to backups to manage them better.\n\n- [K8SPXC-1432](https://perconadev.atlassian.net/browse/K8SPXC-1432) - Enable users to configure cluster-wide Operator deployments in OpenShift certified catalog using OLM.\n\n#### Improvements\n\n- [K8SPXC-1367](https://perconadev.atlassian.net/browse/K8SPXC-1367) - Now a user can configure Readiness and Liveness probes for PMM Client container to check its health and status\n\n- [K8SPXC-1461](https://perconadev.atlassian.net/browse/K8SPXC-1461) - Improve logging for resizing PVC with the information about successful and failed PVC resize. Log errors on resize attempts if the Storage Class doesn't support resizing.\n\n- [K8SPXC-1466](https://perconadev.atlassian.net/browse/K8SPXC-1466) - Mark the containers that provide the service as default ones with the annotation. This enables a user to connect to a Pod without explicitly specifying a container.\n\n- [K8SPXC-1473](https://perconadev.atlassian.net/browse/K8SPXC-1473) - Add the ability to connect to the built-in statistics pages for HAProxy and ProxySQL by exposing the ports for those pages\n\n- [K8SPXC-1475](https://perconadev.atlassian.net/browse/K8SPXC-1475) - Update the backup image to use AWS CLI instead of MinIO CLI due to the license change\n\n- [K8SPXC-1510](https://perconadev.atlassian.net/browse/K8SPXC-1510) - Add the ability to suppress messages about the use of deprecated features in MySQL Error Log by adding the `log_error_suppression_list` key from the `my.cnf` configuration file and defining the message number in the `spec.pxc.configuration` subsection of the Custom Resource manifest. See [how to change MySQL options](https://docs.percona.com/percona-operator-for-mysql/pxc/options.html) for steps. This improves readability for MySQL error log.\n\n- [K8SPXC-1512](https://perconadev.atlassian.net/browse/K8SPXC-1512) - For Percona XtraDB Cluster version 8.4 and above, binary log user defined functions for point-in-time recovery (`binlog_utils_udf`) are now installed as a component instead of a plugin. This improves their compatibility across platforms and provides automatic dependency handling.\n\n- [K8SPXC-1542](https://perconadev.atlassian.net/browse/K8SPXC-1542) - Improve binlog upload for large files to Azure blob storage with the ability to define the block size and the number of concurrent writers for the upload (Thanks to user dcaputo-harmoni for contribution)\n\n- [K8SPXC-1543](https://perconadev.atlassian.net/browse/K8SPXC-1543) - Set PITR controller reference for binlog-collector deployment the same way as it's set for PXC and proxy StatefulSets. This creates a connection between PITR deployment and cluster resource (Thank you Vlad Gusev for the contribution)\n\n- [K8SPXC-1544](https://perconadev.atlassian.net/browse/K8SPXC-1544) - Improve observability of binlog collector by adding the support of basic Prometheus metrics (Thank you Vlad Gusev for the contribution)\n\n- [K8SPXC-1567](https://perconadev.atlassian.net/browse/K8SPXC-1567) - N\n\n
\n\n---\n\n### Configuration\n\n\U0001F4C5 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).\n\n\U0001F6A6 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.\n\n\u267B **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.\n\n\U0001F47B **Immortal**: This PR will be recreated if closed unmerged. Get [config help](https://redirect.github.com/renovatebot/renovate/discussions) if that's undesired.\n\n---\n\n - [ ] If you want to rebase/retry this PR, check this box\n\n---\n\nThis PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/vexxhost/atmosphere).\n\n" change_url: https://github.com/vexxhost/atmosphere/pull/2595 commit_id: 5d635ae7d201989f087661c6356a3703e1026788 patchset: 5d635ae7d201989f087661c6356a3703e1026788 project: canonical_hostname: github.com canonical_name: github.com/vexxhost/atmosphere name: vexxhost/atmosphere short_name: atmosphere src_dir: src/github.com/vexxhost/atmosphere topic: null buildset: 2cdabb163e2a4583b78a51ddd1aa586b buildset_refs: - branch: stable/2023.1 change: '2595' change_message: "Update pxc (stable/2023.1)\n\n> \u2139\uFE0F **Note**\n> \n> This PR body was truncated due to platform limits.\n\nThis PR contains the following updates:\n\n| Package | Type | Update | Change | [Age](https://docs.renovatebot.com/merge-confidence/) | [Confidence](https://docs.renovatebot.com/merge-confidence/) |\n|---|---|---|---|---|---|\n| docker.io/percona/haproxy | | patch | `2.8.14` \u2192 `2.8.18` | ![age](https://developer.mend.io/api/mc/badges/age/docker/docker.io%2fpercona%2fhaproxy/2.8.18?slim=true) | ![confidence](https://developer.mend.io/api/mc/badges/confidence/docker/docker.io%2fpercona%2fhaproxy/2.8.14/2.8.18?slim=true) |\n| docker.io/percona/percona-xtradb-cluster-operator | | minor | `1.17.0` \u2192 `1.19.0` | ![age](https://developer.mend.io/api/mc/badges/age/docker/docker.io%2fpercona%2fpercona-xtradb-cluster-operator/1.19.0?slim=true) | ![confidence](https://developer.mend.io/api/mc/badges/confidence/docker/docker.io%2fpercona%2fpercona-xtradb-cluster-operator/1.17.0/1.19.0?slim=true) |\n| [github.com/percona/percona-xtradb-cluster-operator](https://redirect.github.com/percona/percona-xtradb-cluster-operator) | require | minor | `v1.16.1` \u2192 `v1.19.0` | ![age](https://developer.mend.io/api/mc/badges/age/go/github.com%2fpercona%2fpercona-xtradb-cluster-operator/v1.19.0?slim=true) | ![confidence](https://developer.mend.io/api/mc/badges/confidence/go/github.com%2fpercona%2fpercona-xtradb-cluster-operator/v1.16.1/v1.19.0?slim=true) |\n| [percona/percona-xtradb-cluster-operator](https://redirect.github.com/percona/percona-xtradb-cluster-operator) | | minor | `1.17.0` \u2192 `1.19.0` | ![age](https://developer.mend.io/api/mc/badges/age/github-releases/percona%2fpercona-xtradb-cluster-operator/1.19.0?slim=true) | ![confidence](https://developer.mend.io/api/mc/badges/confidence/github-releases/percona%2fpercona-xtradb-cluster-operator/1.17.0/1.19.0?slim=true) |\n| [pxc-operator](https://docs.percona.com/percona-operator-for-mysql/pxc/) ([source](https://redirect.github.com/percona/percona-helm-charts)) | | minor | `1.17.0` \u2192 `1.19.0` | ![age](https://developer.mend.io/api/mc/badges/age/helm/pxc-operator/1.19.0?slim=true) | ![confidence](https://developer.mend.io/api/mc/badges/confidence/helm/pxc-operator/1.17.0/1.19.0?slim=true) |\n| quay.io/prometheus/mysqld-exporter | | minor | `v0.17.0` \u2192 `v0.18.0` | ![age](https://developer.mend.io/api/mc/badges/age/docker/quay.io%2fprometheus%2fmysqld-exporter/v0.18.0?slim=true) | ![confidence](https://developer.mend.io/api/mc/badges/confidence/docker/quay.io%2fprometheus%2fmysqld-exporter/v0.17.0/v0.18.0?slim=true) |\n\n---\n\n### Release Notes\n\n
\npercona/percona-xtradb-cluster-operator (github.com/percona/percona-xtradb-cluster-operator)\n\n### [`v1.19.0`](https://redirect.github.com/percona/percona-xtradb-cluster-operator/releases/tag/v1.19.0)\n\n[Compare Source](https://redirect.github.com/percona/percona-xtradb-cluster-operator/compare/v1.18.0...v1.19.0)\n\n##### Release Highlights\n\nThis release of Percona Operator for MySQL based on Percona XtraDB Cluster includes the following new features and improvements:\n\n##### Ensure data security for Percona XtraDB Cluster 8.4 with data-at-rest encryption\n\nData at rest encryption ensures that sensitive information stored on disk remains protected from unauthorized access, even if the physical media is compromised. It is a foundational safeguard for compliance, trust and security in modern database environments.\n\nThe Operator supports data at rest encryption for MySQL 8.0 with HashiCorp Vault using the `keyring_vault` *plugin*. Now, it also supports data at rest encryption for MySQL 8.4, leveraging the `keyring_vault` *component*.\n\nThis enhancement enables you to benefit from the rich feature set of the latest major version of Percona XtraDB Cluster 8.4 while ensuring your sensitive data is secured. In doing so, you can meet compliance requirements and protect critical information without added operational complexity. Learn how to [configure data at rest encryption for Percona XtraDB Cluster 8.4](https://docs.percona.com/percona-operator-for-mysql/pxc/encryption-setup.html).\n\n##### Percona XtraDB Cluster 8.4 is now fully supported\n\nPercona XtraDB Cluster 8.4 is now fully supported and recommended for production deployments. Starting with this release, it becomes the default version for all new database cluster deployments using the Operator. This support enables you to benefit from its latest features, performance improvements, and enhanced security.\n\n##### Use your own CA certificates for TLS verification\n\nYou can now use your organization\u2019s custom Certificate Authority (CA) to securely verify TLS communication with S3 storage during backups and restores.\n\nThe configuration is straightforward: create the Secret that stores your custom CA and certificates to authorize in the S3 storage. Then reference this Secret and specify the CA certificate in the `caBundle` option in the Operator Custom Resource. The Operator will verify TLS communication against it.\n\nHere's the example configuration:\n\n```yml\nstorages:\n minio-s3:\n type: s3\n verifyTLS: true\n s3:\n caBundle:\n name: minio-ca-bundle\n key: tls.crt\n```\n\nWith this improvement, you ensure the following:\n\n- Security without compromise \u2013 no more bypassing identity checks.\n- Alignment with your internal standards \u2013 use the CA your company already trusts.\n- Confidence in backup and restore flows \u2013 every S3 interaction is properly verified.\n\nRead more about the use of own CA certificates in our [documentation](https://docs.percona.com/percona-operator-for-mysql/pxc/backups-storage.html#configure-tls-verification-with-custom-certificates-for-s3-storage)\n\n##### Configure duration for certificates issued by cert-manager\n\nBy default, the `cert-manager` generates certificates valid for 90 days. You now have more control over certificate lifetimes and can configure their custom duration when you create a new cluster. This way you can align with your organization's security and compliance policies.\n\nUse the following Custom Resource options to configure certificate duration:\n\n- `.spec.tls.certValidityDuration` \u2013 validity period for generated certificates\n- `.spec.tls.caValidityDuration` \u2013 validity period for the Certificate Authority (CA)\n\n```yaml\n tls:\n \ enabled: true\n certValidityDuration: 2160h\n caValidityDuration: 26280h\n```\n\nNote that the Operator enforces minimum durations to certificates:\n\n- For TLS certificates \u2013 1 hour\n- For CA certificate \u2013 730 hours.\n\nAlso, we don't recommend setting duration to exactly 1 hour to prevent certificate generation issues. Read more about rules and limitations about certificate duration configuration in our [documentation](https://docs.percona.com/percona-operator-for-mysql/pxc/tls-cert-manager.html#customize-certificate-duration-for-cert-manager).\n\nThis improvement empowers you to fine-tune certificate lifetimes while keeping your cluster secure and stable.\n\n##### Security context for ProxySQL sidecar containers\n\nYou can now define the security context for ProxySQL sidecar containers in the Operator, reducing the risk of unsecured sidecars bypassing Pod restrictions. This improvement lets you set user IDs, privileges, and filesystem access directly, ensuring compliance and strengthening Pod security.\n\nConfigure the security context in your custom resource. For example:\n\n```yaml\nspec:\n \ proxysql:\n sidecars:\n securityContext:\n privileged: false\n```\n\nWith this change, you enforce safer defaults across your deployments and close security gaps at the Pod level.\n\n##### Improved load balancing with ProxySQL scheduler (tech preview)\n\nThe Operator now integrates with the external `pxc_scheduler_handler` tool to improve query routing. This feature is currently in tech preview, so we recommend experimenting with it in test or staging environments before using it in production.\n\nWith this scheduler you get finer control over how your SQL queries are routed within your PXC cluster:\n\n- SELECT queries (that don't use FOR UPDATE) are intelligently distributed across all PXC nodes\u2014or all nodes except the writer, depending on your settings.\n- Non-SELECT queries and SELECT FOR UPDATE statements are routed to the writer node.\n- You don't have to micromanage the writer role: the scheduler automatically ensures only one writer is active at any time.\n\nThis means you could see:\n\n- better performance and higher throughput from distributing query loads\n- greater reliability with no single point of failure\n\n* Improved cluster health through early detection of replication lag and node issues\n\n- more efficient use of your resources and hardware\n- a smoother, more predictable experience for everyone using the database\n\nSee our [documentation](https://docs.percona.com/percona-operator-for-mysql/pxc/proxysql-conf.html#proxysql-scheduler-tech-preview) for full information about the scheduler behavior and setup.\n\nThe previous internal scheduler remains enabled by default to maintain backward compatibility. You can switch to the new one when you're ready to benefit from smarter query handling.\n\n##### Customize HAProxy backend health check intervals and failover behavior\n\nYou can now control how quickly HAProxy detects and reacts to node failures. Instead of waiting the default 20 seconds while HAProxy performs the failover, you can tune health checks to cut that down to just a few seconds. That means your applications recover faster, and users don't get stuck with hanging sessions when a node goes down.\n\nYou no longer need to override the entire HAProxy configuration to achieve this \u2014 the operator now gives you simple, direct options in the Custom Resource specification:\n\n```yaml\nhaproxy: \n healthCheck:\n interval: 10000\n rise: 1\n fall: 2\n```\n\nBy adjusting how often checks run and how many failures or successes mark a node as \u201Cdown\u201D or \u201Cup,\u201D you get faster failover, cleaner client handling, and easier configuration that is safe to upgrade and tailored to your environment.\n\n##### Switch from HAProxy to ProxySQL at runtime\n\nYou can now switch from HAProxy to ProxySQL without redeploying your Percona XtraDB Cluster. Previously, you had to choose ProxySQL only at startup. Now ProxySQL has the `caching_sha2_password` as the default authentication plugin, which gives you the flexibility to start with HAProxy and migrate to ProxySQL later as your needs evolve.\n\nWith this release, ProxySQL also includes a new [scheduler](#improved-load-balancing-with-proxysql-scheduler-tech-preview) that enhances SQL awareness, automates read/write splitting, and handles failovers more intelligently. This leads to faster queries, increased reliability, and more efficient cluster resource usage.\n\n**Which proxy should you choose?**\n\n- **HAProxy:** Choose HAProxy if you need a lightweight, TCP-level load balancer with minimal configuration. Note that for read/write splitting, your clients must connect to different HAProxy ports based on the query type.\n- **ProxySQL:** Opt for ProxySQL if you want built-in read/write splitting, advanced query-level control, and automated failover logic right out of the box.\n\nEach proxy brings its own resource requirements and advantages. We offer [additional guidance](https://docs.percona.com/percona-operator-for-mysql/pxc/load-balancing.html#what-load-balancer-to-use) on selecting the right proxy for your environment, plus [detailed recommendations](https://docs.percona.com/percona-operator-for-mysql/pxc/proxy-switching.html) on resource planning and best practices. Review these carefully to ensure your choice fits your operational and performance needs.\n\nTo switch between proxies, update your Custom Resource to set `haproxy.enabled` to `false` and `proxysql.enabled` to `true`. Apply the changes, and the Operator will handle the transition for you by restarting the relevant proxy Pods.\n\nWith this improvement you now control your proxy choice at runtime, and ProxySQL brings smarter routing and resilience right into the Operator.\n\n##### ProxySQL 3 support\n\nYou can now deploy ProxySQL 3 with Percona Operator for MySQL. This gives you more flexibility and control over how your applications connect to MySQL inside Kubernetes. Here\u2019s what you get:\n\n- Dual\u2011password support enables you to introduce a new password while the old one is still valid. As a result, you can rotate passwords without downtime\n- Enhanced event and query logging gives you real\u2011time visibility into query behavior and application traffic.\n- ProxySQL now logs the actual values bound to prepared statements. This helps you debug queries more effectively, since you see what data was passed instead of just placeholders\n- Event logs now include metadata about ProxySQL version and format. This makes it easier to track and audit logs across upgrades in your Operator\u2011managed deployments.\n\n##### Direct-access backups: Improved performance and reliability with sidecars (tech preview)\n\nBy default, the Operator makes backups using the SST method. This creates a separate backup Pod with Percona XtraBackup, while the database node enters Donor state and stops serving client requests. SST backups can also fail with cryptic network errors, making root cause analysis and recovery difficult.\n\nStarting with version 1.19.0, you can make backups via the XtraBackup sidecar container. The Operator deploys a sidecar with XtraBackup inside each Percona XtraDB Cluster Pod. This sidecar makes a backup and uploads it to the remote backup storage. The database Pod doesn\u2019t change its state to Donor and keeps accepting client requests.\n\nUsing the sidecar method provides a direct access to data thus boosting backup performance. The sidecar container constantly runs in the database Pod, so you have constant access to logs and status, which simplifies troubleshooting.\n\nTo enable the XtraBackup sidecar container backup method, set `PXCO_FEATURE_GATES=XtrabackupSidecar=true` environment variable in the Operator Deployment.\nThis functionality is in the tech preview stage and currently supports only cloud storages. We encourage you to try it out in your testing or staging environments and leave your feedback.\n\nFuture enhancements such as support of PVC volumes, backup encryption and incremental backups are planned for future releases.\n\nTo learn more about XtraBackup sidecar container backup method, see our [documentation](https://docs.percona.com/percona-operator-for-mysql/pxc/backups.html#xtrabackup-sidecar-method-tech-preview).\n\n##### Ensure only up to date data is served during backups\n\nWhen a node donates data during backups or SST, it enters into the DONOR state. At this point, the node should no longer handle client connections. HAProxy's external check correctly blocked new connections to the Donor node but allowed existing sessions to remain active. Those lingering sessions could return slow or outdated results.\n\nThe HAProxy default configuration now includes the `on-marked-down shutdown-sessions` directive. As soon as HAProxy marks a node as down, all active connections are immediately closed and clients reconnect to remaining active nodes. This ensures that only fresh, up to date data is served during backups.\n\n##### Automatic cleanup of backup and restore Jobs and associated Pods\n\nThe Operator creates a dedicated Job and Pod for every backup and restore operation. Previously, these Jobs and Pods remained in the cluster even after the operation was finished, and you had to manually delete them to free up resources.\n\nNow, you can offload this task to the Operator. Specify a time-to-live (TTL) for backup and restore Jobs once the operation is finished. When the TTL expires, the Operator automatically deletes the Job and its associated Pod.\n\nModify your Custom Resource as follows:\n\n```yaml\nbackup:\n image: perconalab/percona-xtradb-cluster-operator:main-pxc8.0-backup\n \ ttlSecondsAfterFinished: 3600\n```\n\nThis setting is global. It applies to all on-demand and scheduled backups, and all restores.\n\nThe Operator also ensures reliability: if a backup or restore takes longer than the configured TTL, it applies the `internal.percona.com/keep-job` finalizer to allow the operation to finish. After the operation completes either with the `Succeeded` or the `Failed` status, the finalizer is removed and the Job is cleaned up.\n\nThis improvement reduces manual maintenance overhead, gives you control over the processes lifetime for debugging or auditing purposes and helps keep your cluster healthy and efficient. By reducing unnecessary resource buildup, you gain smoother operations, lower maintenance overhead and improved reliability in production environments.\n\n##### Improved backup identification for point-in-time recovery readiness\n\nWhen a backup contains binlog gaps, the Operator now creates a `.pitr-not-ready` file in the backup storage. This file makes it easy to identify which backups are appropriate for point in time recovery both in the storage and when listing backup objects.\n\nBefore starting a restore, the Operator checks for this marker file and blocks unsafe restores, protecting you from incomplete recovery attempts. If needed, you can override this safeguard by adding the `percona.com/unsafe-pitr` annotation to the Restore object. Use this override with caution, as this is an unsafe configuration.\n\n##### Attach external PVCs for shared data access across applications and the database cluster\n\nSometimes your database needs more than its own internal storage. For example, it needs access to reference files, shared configuration files or lookup tables generated outside the database but still essential for queries and procedures.\n\nYou can now attach auxiliary pre-existing PVCs and mount that external data directly into your database, ProxySQL or HAProxy pods in a clean, declarative way using the Custom Resource.\n\nThis example configuration shows how to attach external PVC to the XtraDB Cluster Pods:\n\n```yaml\npxc:\n extraPVCs:\n \ - name: extra-data-volume\n claimName: my-extra-storage\n mountPath: /var/lib/mysql-extra\n readOnly: false\n```\n\nThis improvement gives you a reliable way to separate internal database storage from external domain data, update shared datasets independently, and still benefit from the Operator\u2019s automation and resilience.\n\n##### Customize password generation by the Operator\n\nBy default, the Operator generates user passwords using alphanumeric characters plus a set of special symbols. Some tools such as MySQL Prometheus Exporter or mysqlsh don't support certain symbols, which can make those passwords invalid.\n\nTo improve compatibility and user experience, you can now customize password generation parameters in the Custom Resource:\n\n```yaml\nspec:\n passwordGenerationOptions:\n symbols: \"!#$%&()*+,-.<=>?@​[]^_{}~\"\n \ maxLength: 20\n minLength: 16\n```\n\nThis enhancement lets you keep the convenience of automated password generation and at the same time ensure compliance with the tools and environments you integrate with the Operator.\n\n##### Configure memory allocator in the Operator\n\nBy default, Percona Operator for XtraDB Cluster uses the system allocator (`libc`) to manage memory. While this works for most cases, alternative allocators such as `jemalloc` and `tcmalloc` can improve performance and reduce fragmentation in high-traffic workloads.\n\nTo have more flexibility, you can now configure the memory allocator directly in the Custom Resource:\n\n```yaml\nspec:\n pxc:\n \ mysqlAllocator: jemalloc\n```\n\nSupported values are:\n\n- `jemalloc`\n- `tcmalloc`\n- `libc` (default, used when no value is set)\n\nIf you have already configured the memory allocator via the environment variable, the Operator will respect that setting and use it instead of the Custom Resource value.\n\nThis enhancement lets you fine-tune memory management for your cluster while keeping compatibility with existing configurations.\n\n##### Deprecation, rename, removal\n\n**Removed in 1.19.0:**\n\n- `proxysql.readinessDelaySec` and `proxysql.livenessDelaySec` fields are removed as redundant\n\n**Deprecated (will be removed in 1.22.0):**\n\n- `pxc.livenessDelaySec`. Use [`pxc.livenessProbes.initialDelaySeconds`](https://docs.percona.com/percona-operator-for-mysql/pxc/operator.html#pxclivenessprobesinitialdelayseconds)\n- `pxc.readinessDelaySec`. Use [`pxc.readinessProbes.initialDelaySeconds`](https://docs.percona.com/percona-operator-for-mysql/pxc/operator.html#pxcreadinessprobesinitialdelayseconds)\n- `haproxy.livenessDelaySec`. Use [`haproxy.livenessProbes.initialDelaySeconds`](https://docs.percona.com/percona-operator-for-mysql/pxc/operator.html#haproxylivenessprobesinitialdelayseconds)\n- `haproxy.readinessDelaySec`. Use [`haproxy.readinessProbes.initialDelaySeconds`](https://docs.percona.com/percona-operator-for-mysql/pxc/operator.html#haproxyreadinessprobesinitialdelayseconds)\n\n##### Changelog\n\n##### New Features\n\n- [K8SPXC-1332](https://perconadev.atlassian.net/browse/K8SPXC-1332) - Added the ability to load custom SSL certificates for backup operations to S3 storage. This enables secure communication with S3-compatible storage using the certificates approved and trusted by your company (Thank you Azam Abdoelbasier for submitting this request).\n- [K8SPXC-1494](https://perconadev.atlassian.net/browse/K8SPXC-1494) - Added the ability to configure the duration of TLS certificates created by `cert-manager`. This allows users to customize certificate lifecycles to meet their specific security requirements.\n- [K8SPXC-1576](https://perconadev.atlassian.net/browse/K8SPXC-1576) - Added the ability to use the XtraBackup sidecar container instead of SST for creating backups. This provides an alternative, potentially more efficient backup method.\n- [K8SPXC-1688](https://perconadev.atlassian.net/browse/K8SPXC-1688) - Added ability to mount pre-existing auxiliary PVCs as volumes to database and proxy pods. This facilitates easier integration with external data and storage resources (Thank you Emin AKTAS for submitting the request and contributing to it).\n- [K8SPXC-1733](https://perconadev.atlassian.net/browse/K8SPXC-1733) - Added the ability to customize password generation parameters, such as length and character sets via the Custom Resource. This ensures smooth operation of the tools with specific requirements towards password and leverages the automatic password generation of the Operator (Thank you user fydrah for submitting the request and contributing to it).\n- [K8SPXC-1734](https://perconadev.atlassian.net/browse/K8SPXC-1734) - Introduced configurable HAProxy backend health check parameters that can be tuned without overriding the entire configuration. This simplifies performance tuning for high-availability setups (Thank you Tim Stoop for submitting the request and contributing to it).\n\n##### Improvements\n\n- [K8SPXC-735](https://perconadev.atlassian.net/browse/K8SPXC-735) - Added the support of the `pxc_scheduler_handler` ProxySQL scheduler for SQL-aware routing and effective read/write splitting. This allows for better utilization of resources by distributing read-only traffic across the entire cluster while routing write requests only to the writer node.\n- [K8SPXC-992](https://perconadev.atlassian.net/browse/K8SPXC-992) - Improved binlog naming to prevent potential collisions between different collectors. The updated naming convention ensures unique and consistent identification of binary log files in storage.\n- [K8SPXC-1144](https://perconadev.atlassian.net/browse/K8SPXC-1144) - Introduced a mechanism to mark S3 backups as PITR-unready if binlog gaps are detected. This prevents users from attempting invalid point-in-time recoveries using inconsistent backups.\n- [K8SPXC-1214](https://perconadev.atlassian.net/browse/K8SPXC-1214) - Added an option to automatically clean up completed backup and restore jobs and their associated pods. This improvement helps reduce pressure on the Kubernetes API by removing stale resources (Thank you Alexandre Barth for reporting this issue).\n- [K8SPXC-1319](https://perconadev.atlassian.net/browse/K8SPXC-1319) - Enhanced the operator to support running multiple backup restores for different clusters in parallel. This removes a previous limitation that blocked concurrent restore operations across the environment.\n- [K8SPXC-1327](https://perconadev.atlassian.net/browse/K8SPXC-1327) - Added the ability to change the memory allocator for MySQL to improve memory management efficiency. This change helps optimize the overall memory footprint of PXC pods.\n- [K8SPXC-1373](https://perconadev.atlassian.net/browse/K8SPXC-1373) - Improved core dump handling to ensure that crashed instances can recover more reliably after an SST. This enhancement aids in diagnosing and recovering from unexpected server failures.\n- [K8SPXC-1431](https://perconadev.atlassian.net/browse/K8SPXC-1431) - Improved the delete-backup finalizer logic to correctly handle the deletion of on-demand backup PVCs.\n- [K8SPXC-1470](https://perconadev.atlassian.net/browse/K8SPXC-1470) - Added the ability to switch between HAProxy and ProxySQL within an existing cluster. This provides users with more flexibility to change their load-balancing solution as their needs evolve.\n- [K8SPXC-1511](https://perconadev.atlassian.net/browse/K8SPXC-1511) - Added the support of data at rest encryption for Percona XtraDB Cluster 8.4 via the `keyring vault` component. This change ensures compatibility with the latest security architecture of MySQL 8.4.\n- [K8SPXC-1525](https://perconadev.atlassian.net/browse/K8SPXC-1525) - Deprecated `pxc.livenessDelaySec` option in favor of more consistent liveness probe parameters. The Operator now prioritizes standard probe configurations to manage Pod lifecycle.\n- [K8SPXC-1568](https://perconadev.atlassian.net/browse/K8SPXC-1568) - Updated the Operator's password generation logic to prevent the '\\*' character from being used as the first character. This avoids potential issues with certain authentication plugins and command-line tools.\n- [K8SPXC-1594](https://perconadev.atlassian.net/browse/K8SPXC-1594) - Improved the database upgrade logic to prevent the controller from being blocked during the operation. This ensures that the Operator remains responsive to other cluster changes while an upgrade is in progress.\n- [K8SPXC-1628](https://perconadev.atlassian.net/browse/K8SPXC-1628) - Added support for `tcmalloc` as an alternative memory allocator in PXC images. This gives users additional options to tune and reduce the memory footprint of their database workloads.\n- [K8SPXC-1647](https://perconadev.atlassian.net/browse/K8SPXC-1647) - Implemented extended exit codes for garbd to provide better diagnostic information for different failure scenarios. This helps users identify the root cause of SST and joining issues faster.\n- [K8SPXC-1668](https://perconadev.atlassian.net/browse/K8SPXC-1668) - Added support for ProxySQL 3, providing users with access to the latest features and performance improvements of the load balancer.\n- [K8SPXC-1683](https://perconadev.atlassian.net/browse/K8SPXC-1683) - Expanded smart update tests to include PXC 8.4 and PMM 3, ensuring stable upgrade paths for the latest versions.\n- [K8SPXC-1703](https://perconadev.atlassian.net/browse/K8SPXC-1703) - Added the support of the `generateEmbeddedObjectMeta` option, improving the template handling for sidecars and extra PVCs (Thank you Emin AKTAS for reporting and contributing to this issue).\n- [K8SPXC-1748](https://perconadev.atlassian.net/browse/K8SPXC-1748) - Eliminated runtime CREATE FUNCTION statements in the PITR collector to avoid unnecessary Galera TOI (Total Order Isolation) events. This reduces the performance impact on the cluster when the PITR sidecar starts or restarts.\n\n##### Bugs Fixed\n\n- [K8SPXC-926](https://perconadev.atlassian.net/browse/K8SPXC-926) - Fixed an issue where a failed smart update on one cluster could block the Operator from managing other clusters in multi-cluster environments. The controller now handles update failures more gracefully without impacting independent resources.\n- [K8SPXC-1379](https://perconadev.atlassian.net/browse/K8SPXC-1379) - Fixed an issue where monit container resource values in ProxySQL pods did not correctly reflect the values specified in the PXC cluster definition. The operator now ensures that ProxySQL resource attributes are properly applied to the monitoring sidecar containers.\n- [K8SPXC-1424](https://perconadev.atlassian.net/browse/K8SPXC-1424) - Resolved a certificate renewal issue where CA certificates in TLS secrets could expire before server certificates were renewed. The Operator logic was updated to align renewal intervals for CA and server certificates when using cert-manager.\n- [K8SPXC-1581](https://perconadev.atlassian.net/browse/K8SPXC-1581) - Corrected the order of options in the restore prepare job to ensure that `--defaults-file` is passed as the first option to xtrabackup. This fix ensures that custom configuration files are correctly prioritized during the restore process.\n- [K8SPXC-1617](https://perconadev.atlassian.net/browse/K8SPXC-1617) - Fixed a binlog gap issue in Point-in-Time Recovery (PITR) that caused repeated test failures. Users are now advised to perform a full backup after each PITR restore to ensure data consistency and prevent gaps.\n- [K8SPXC-1632](https://perconadev.atlassian.net/browse/K8SPXC-1632) - Added missing SecurityContext configurations for ProxySQL sidecar containers to enhance pod security. This change ensures that all sidecars follow the defined security standards of the cluster.\n- [K8SPXC-1655](https://perconadev.atlassian.net/browse/K8SPXC-1655) - Fixed a failure in xtrabackup when using LZ4 compression on RHEL9-based Percona XtraDB Cluster images. The fix addresses compatibility issues with the latest compression libraries in the operating system environment.\n- [K8SPXC-1686](https://perconadev.atlassian.net/browse/K8SPXC-1686) - Improved backup error handling to ensure that providing an invalid Percona XtraBackup image results in a failed status. A new timeout field was introduced to prevent backup objects from hanging indefinitely in a starting state.\n- [K8SPXC-1687](https://perconadev.atlassian.net/browse/K8SPXC-1687) - Fixed the `copy-backup.sh` script to correctly handle and copy cloud-based backups stored in S3 or Azure. This ensures that the utility script works consistently across all supported storage types.\n- [K8SPXC-1701](https://perconadev.atlassian.net/browse/K8SPXC-1701) - Ensured that MySQL configurations are correctly mounted to the restore prepare job. This fix allows the restore process to use custom MySQL settings defined in the cluster (Thank you Emin AKTAS for reporting and contributing to this issue).\n- [K8SPXC-1702](https://perconadev.atlassian.net/browse/K8SPXC-1702) - Added the ability to override time zones for backup jobs. This resolves issues where time-dependent operations could fail due to missing timezone definitions (Thank you Emin AKTAS for reporting and contributing to this issue).\n- [K8SPXC-1721](https://perconadev.atlassian.net/browse/K8SPXC-1721) - Added a sleep interval to the recovery loop to prevent high CPU usage spikes when containers restart.\n- [K8SPXC-1725](https://perconadev.atlassian.net/browse/K8SPXC-1725) - Fixed a condition where a cluster could return stalled data during a backup or SST operation by adding the on-marked-down shutdown-sessions directive to HAProxy default configuration. This ensures that only fresh, up to date data is served during backups.\n- [K8SPXC-1726](https://perconadev.atlassian.net/browse/K8SPXC-1726) - Resolved a deployment breakage in the Operator version 1.18.0 via Helm caused by PMM 3 client incompatibilities. The fix ensures a smoother upgrade path for users migrating to newer versions of PMM (Thank you Antonio Falzarano for reporting and contributing to this issue).\n- [K8SPXC-1760](https://perconadev.atlassian.net/browse/K8SPXC-1760) - Fixed the handling of the crVersion field in the Helm chart templates. The Operator now correctly considers the version defined in `values.yaml` when generating the cluster configuration.\n- [K8SPXC-1771](https://perconadev.atlassian.net/browse/K8SPXC-1771) - Fixed the issue with excessive logging by the backup controller when backups are suspended or resumed due to an unready cluster. This improves log readability and reduces unnecessary diagnostic noise.\n- [K8SPXC-1772](https://perconadev.atlassian.net/browse/K8SPXC-1772) - Fixed a state transition bug where unsuspended backups could move directly from 'Starting' to 'Succeeded' without entering the 'Running' state. This ensures accurate tracking and visibility of the backup process status.\n\n##### Documentation Improvements\n\n- [K8SPXC-1747](https://perconadev.atlassian.net/browse/K8SPXC-1747) - Improved the documentation with the information about available environment variables for cluster components and the Operator. Documented the `S3_WORKERS_LIMIT` environment variable to allow throttling of backup deletions.\n- [K8SPXC-1661](https://perconadev.atlassian.net/browse/K8SPXC-1661) - Updated the operator documentation to reflect that PMM 3 uses service accounts instead of API keys. This ensures that users can correctly configure monitoring integration with the latest versions of PMM.\n- [K8SPXC-1663](https://perconadev.atlassian.net/browse/K8SPXC-1663) - Improved documentation for Point-in-Time Recovery steps. The updated documentation properly separates and sequences the recovery instructions for improved readability.\n\n##### Supported Software\n\nThe Operator was developed and tested with the following software:\n\n- Percona XtraDB Cluster versions 8.4.7-7.1, 8.0.44-35.1, and 5.7.44-31.65\n- Percona XtraBackup versions 8.4.0-5.1, 8.0.35-34.1, and 2.4.29\n- HAProxy 2.8.17\n- ProxySQL 2.7.3-1.2, 3.0.1-1.2\n- LogCollector based on fluent-bit 4.0.1-1\n- PMM Client 2.44.1-1 and 3.5.0\n\nOther options may also work but have not been tested.\n\n##### Supported Platforms\n\nPercona Operators are designed for compatibility with all [CNCF-certified](https://www.cncf.io/training/certification/software-conformance/) Kubernetes distributions. Our release process includes targeted testing and validation on major cloud provider platforms and OpenShift, as detailed below:\n\n- [Google Kubernetes Engine (GKE)](https://cloud.google.com/kubernetes-engine) 1.31 - 1.33\n- [Amazon Elastic Container Service for Kubernetes (EKS)](https://aws.amazon.com) 1.32 - 1.34\n- [Azure Kubernetes Service (AKS)](https://azure.microsoft.com/en-us/services/kubernetes-service/) 1.32 - 1.34\n- [OpenShift](https://www.redhat.com/en/technologies/cloud-computing/openshift) 4.17 - 4.20\n- [Minikube](https://minikube.sigs.k8s.io/docs/) 1.37.0 based on Kubernetes 1.34.0\n\nThis list only includes the platforms that the Percona Operators are specifically tested on as part of the release process. Other Kubernetes flavors and versions depend on the backward compatibility offered by Kubernetes itself.\n\n### [`v1.18.0`](https://redirect.github.com/percona/percona-xtradb-cluster-operator/releases/tag/v1.18.0)\n\n[Compare Source](https://redirect.github.com/percona/percona-xtradb-cluster-operator/compare/v1.17.0...v1.18.0)\n\n##### Release Highlights\n\nThis release of Percona Operator for MySQL based on Percona XtraDB Cluster includes the following new features and improvements:\n\n##### PMM3 support\n\nThe Operator is natively integrated with [PMM 3](https://www.percona.com/doc/percona-monitoring-and-management/3/index.html), enabling you to monitor the health and performance of your Percona Distribution for MySQL deployment and at the same time enjoy enhanced performance, new features, and improved security that PMM 3 provides.\n\nNote that the Operator supports both PMM2 and PMM3. The decision on what PMM version is used depends on the authentication method you provide in the Operator configuration: PMM2 uses API keys while PMM3 uses service account token. If the Operator configuration contains both authentication methods with non-empty values, PMM3 takes the priority.\n\nTo use PMM, ensure that the PMM client image is compatible with the PMM Server version. Check [Percona certified images](https://docs.percona.com/percona-operator-for-mysql/pxc/images.html) for the correct client image.\n\nFor how to configure monitoring with PMM, see the [documentation](https://docs.percona.com/percona-operator-for-mysql/pxc/monitoring.html).\n\n##### Improved monitoring for clusters in multi-region or multi-namespace deployments in PMM\n\nNow you can define a custom name for your clusters deployed in different data centers. This name helps Percona Management and Monitoring (PMM) Server to correctly recognize clusters as connected and monitor them as one deployment. Similarly, PMM Server identifies clusters deployed with the same names in different namespaces as separate ones and correctly displays performance metrics for you on dashboards.\n\nTo assign a custom name, define this configuration in the Custom Resource manifest for your cluster:\n\n```yaml\nspec:\n \ pmm:\n customClusterName: testClusterName\n```\n\n##### More resilient database restores without matching user Secrets\n\nYou no longer need matching user Secrets between your backup and your target cluster to perform a restore. The Operator now has a post-restore step that changes user passwords in the restored database to the ones from the local Secret. Also, it creates missing system users and adds missing grants.\n\nThis flow is the same regardless of whether you restore to the same cluster or to a completely new one.\n\nThe removal of this major roadblock to have a Secret for restores makes your disaster recovery process smoother and more reliable. This enhancement makes managing databases on Kubernetes more robust and operator-friendly.\n\n##### Improved backup retention for streamlined management of scheduled backups in cloud storage\n\nA new backup retention configuration gives you more control over how backups are managed in storage and retained in Kubernetes.\n\nWith the `deleteFromStorage` flag , you can disable automatic deletion from AWS S3 or Azure Blob storage and instead rely on native cloud lifecycle policies. This makes backup cleanup more efficient and better aligned with flexible storage strategies.\n\nThe legacy `keep` option is now deprecated and mapped to the new `retention` block for compatibility. We encourage you to start using the `backup.schedule.retention` configuration:\n\n```yaml\nschedule:\n \ - name: \"sat-night-backup\"\n schedule: \"0 0 * * 6\"\n retention:\n \ count: 3\n type: count\n deleteFromStorage: true\n storageName: s3-us-west\n```\n\nNote that if you have both `backup.schedule.keep` and `backup.schedule.retention` defined, the `backup.schedule.retention` takes precedence.\n\n##### Added labels to identify the version of the Operator\n\nCustom Resource Definition (CRD) is compatible with the last three Operator versions. To know which Operator version is attached to it, we've added labels to all Custom Resource Definitions. The labels help you identify the current Operator version and decide if you need to update the CRD. To view the labels, run: `kubectl get crd perconaxtradbclusters.pxc.percona.com --show-labels`.\n\n##### Cross-site replication is now supported for Percona XtraDB Cluster 8.4\n\nCross-site replication is now available with Percona XtraDB Cluster 8.4.x, lifting one of the limitations in the Operator for this database version. This enhancement marks a significant step toward general availability of Percona XtraDB Cluster 8.4 in the Operator by enabling multi-site deployments and improving resilience across distributed environments.\n\n##### Deprecation, Rename and Removal\n\n- The `pxc.expose.loadBalancerIP`, `haproxy.exposePrimary.loadBalancerIP`, `haproxy.exposeReplicas.loadBalancerIP` and `proxysql.expose.loadBalancerIP` keys are deprecated. The `loadBalancerIP` field is also deprecated upstream in Kubernetes\n due to its inconsistent behavior across cloud providers and lack of dual-stack support. As a result, its usage is strongly discouraged.\n\n \ We recommend using cloud provider-specific annotations instead, as they offer more predictable and portable behavior for managing load balancer IP assignments.\n\n The `pxc.expose.loadBalancerIP`, `haproxy.exposePrimary.loadBalancerIP`, `haproxy.exposeReplicas.loadBalancerIP` and `proxysql.expose.loadBalancerIP` keys are scheduled for removal in future releases.\n\n- The `backup.schedule.keep` field is deprecated and will be removed after release 1.21.0. We recommend using the `backup.schedule.retention` instead as follows:\n\n ```yaml\n \ schedule:\n - name: \"sat-night-backup\"\n schedule: \"0 0 ** 6\"\n retention:\n count: 3\n type: count\n deleteFromStorage: true\n storageName: s3-us-west\n ```\n\n- New repositories for Percona XtraBackup and Logcollector\n\n Now the Operator uses the official Percona Docker images for the `percona-xtrabackup` and `logcollector` components. Pay attention to the new image repositories when you upgrade the Operator and the database. Check the [Percona certified images](https://docs.percona.com/percona-operator-for-mysql/pxc/images.html) for exact image names.\n\n- Changes for Helm charts:\n\n - PMM3 is now the default. To keep using PMM2, set the `pmm.tag: 2.44.1`\n - If you install or upgrade the Operator with default manifests using Helm charts on Openshift 4.19, you must use the `docker.io` registry prefix to guarantee successful download from the DockerHub `percona-xtradb-cluster` repository. Read the [Considerations for using OpenShift 4.19](#considerations-for-using-openshift-419) section for more information.\n\n##### Known limitations\n\n##### Considerations for using OpenShift 4.19\n\nStarting with OpenShift 4.19, the way images with not fully qualified names are pulled has changed for repositories that share the same repository name on DockerHub and Red Hat Marketplace. By default the tags are pulled from Red Hat Marketplace. Specifying not fully qualified image names may result in the `ImagePullBackOff` error.\n\n- **OLM installation:** Images are provided with the fully qualified names and are pulled from the Red Hat Marketplace/DockerHub registry.\n- **Manual install/update with default manifests:** Images must use the `docker.io` registry prefix to guarantee successful download from the Dockerhub `percona-xtradb-cluster` repository.\n\nSee our documentation for [manual installation](https://docs.percona.com/percona-operator-for-mysql/pxc/openshift.html#install-the-operator-via-the-command-line-interface) or [update](https://docs.percona.com/percona-operator-for-mysql/pxc/update_openshift.html#update-via-the-command-line-interface).\n\n##### Changleog\n\n##### New Features\n\n- [K8SPXC-1284](https://perconadev.atlassian.net/browse/K8SPXC-1284) - Add the ability to configure protocol for peer-list DNS SRV lookups\n\n- [K8SPXC-1599](https://perconadev.atlassian.net/browse/K8SPXC-1599) - Allowed setting `loadBalancerClass` service type and using a custom implementation of a load balancer rather than the cloud provider default one\n\n##### Improvements\n\n- [K8SPXC-1375](https://perconadev.atlassian.net/browse/K8SPXC-1375) - Added a new retention configuration to allow users to delegate backup cleanup to cloud lifecycle policies (Thank you user Tristan for reporting this issue)\n\n- [K8SPXC-1376](https://perconadev.atlassian.net/browse/K8SPXC-1376) - Added the ability to restore from backup without a matching Secret resource\n\n- [K8SPXC-1399](https://perconadev.atlassian.net/browse/K8SPXC-1399) - Added a documentation how to set up a disaster recovery system and transfer workloads between sites\n\n- [K8SPXC-1415](https://perconadev.atlassian.net/browse/K8SPXC-1415) - Updated the `percona-xtrabackup` image to use the official `percona-xtrabackup` Docker image\n\n- [K8SPXC-1430](https://perconadev.atlassian.net/browse/K8SPXC-1430) - Improved handling of autogenerated certificates depending on the `delete-ssl` finalizer configuration\n\n- [K8SPXC-1448](https://perconadev.atlassian.net/browse/K8SPXC-1448), [K8SPXC-1449](https://perconadev.atlassian.net/browse/K8SPXC-1449) - Improved the `pvc-resize` test by using a custom storage class for EKS, reducing errors and improving the quota handling during resize\n\n- [K8SPXC-1450](https://perconadev.atlassian.net/browse/K8SPXC-1450) - Improved PVC resizing behavior when reducing the storage size by reverting the values when the quota is reached\n\n- [K8SPXC-1472](https://perconadev.atlassian.net/browse/K8SPXC-1472) - Deprecated the `loadBalancerIP` field due to its deprecation upstream\n\n- [K8SPXC-1513](https://perconadev.atlassian.net/browse/K8SPXC-1513) - Added PXC 8.4 support for version service\n\n- [K8SPXC-1529](https://perconadev.atlassian.net/browse/K8SPXC-1529) - Added support for cross-site replication with MySQL 8.4.0 by adding the use of `authentication_policy` instead of `default_authentication_plugin`\n\n- [K8SPXC-1553](https://perconadev.atlassian.net/browse/K8SPXC-1553) - Added support for PMM v3\n\n- [K8SPXC-1560](https://perconadev.atlassian.net/browse/K8SPXC-1560) - Added the warning about CRDs not being upgraded automatically after helm upgrade to the output\n\n- [K8SPXC-1566](https://perconadev.atlassian.net/browse/K8SPXC-1566) - Improved reconciliation of replicationChannels without proxy Pods by starting the database Pod bypassing the proxy (Thank you Justin Reasoner for contributing to this issue)\n\n- [K8SPXC-1569](https://perconadev.atlassian.net/browse/K8SPXC-1569) - Added Labels for Custom Resource Definitions (CRD) to identify the Operator version attached to them\n\n- [K8SPXC-1597](https://perconadev.atlassian.net/browse/K8SPXC-1597) - Improve the scheduled backups behavior for a cluster in an unhealthy state by postponing the job until the cluster reports the healthy status\n\n- [K8SPXC-1605](https://perconadev.atlassian.net/browse/K8SPXC-1605) - Introduced Azure CLI for checking if backup objects/folders exist in Azure storage\n\n- [K8SPXC-1612](https://perconadev.atlassian.net/browse/K8SPXC-1612) - Added the `imagePullSecrets` for PMM image\n\n- [K8SPXC-1615](https://perconadev.atlassian.net/browse/K8SPXC-1615) - Added the ability to define a custom cluster name for `pmm-admin` component\n\n- [K8SPXC-1624](https://perconadev.atlassian.net/browse/K8SPXC-1624) - Deleted deprecated finalizers code\n\n- [K8SPXC-1669](https://perconadev.atlassian.net/browse/K8SPXC-1669) - Improve the backup flow by generating a default endpoint URL for a storage from a region if it is not provided (Thank you Bernard Grymonpon for reporting this issue)\n\n- [K8SPXC-1677](https://perconadev.atlassian.net/browse/K8SPXC-1677) - Document the changed behavior with pulling images for default manifests on OpenShift 4.19 and update install and update instructions\n\n##### Bugs Fixed\n\n- [K8SPXC-1312](https://perconadev.atlassian.net/browse/K8SPXC-1312) - Fixed the issue with labels not being updated automatically for point-in-time recovery deployment upon Custom Resource changes\n\n- [K8SPXC-1347](https://perconadev.atlassian.net/browse/K8SPXC-1347) - Fixed the issue with point-in-time recovery failing due to TLS configuration mismatch between the server and the point-in-time recovery job by configuring it to use TLS if is required by the server.\n\n- [K8SPXC-1382](https://perconadev.atlassian.net/browse/K8SPXC-1382) - Fixed the issue with backup failing on AWS if using IAM profile without credentialsSecret by using credentialsSecret only when explicitly specified and relying on IAM roles instead (Thank you Itiel Olenick for reporting this issue)\n\n- [K8SPXC-1541](https://perconadev.atlassian.net/browse/K8SPXC-1541) - Fixed Telemetry module to to consider both empty string \"\" and comma separated namespaces in cluster-wide mode\n\n- [K8SPXC-1548](https://perconadev.atlassian.net/browse/K8SPXC-1548) Fixed the issue with deleting old backups on Google Cloud Storage by url-decoding the object path before deleting it (Thank you Mateusz Gruszkiewicz for reporting this issue)\n\n- [K8SPXC-1631](https://perconadev.atlassian.net/browse/K8SPXC-1631) - Fixed the issue with the Operator restarting pod-0 after the cluster is ready. The issue is caused by ConfigMap and StatefulSet being created too close to each other and Kubernetes API can't return the newly created ConfigMap before creating the StatefulSet. The issue is fixed by reconciling the StatefulSet after the reconciliation of ConfigMap is completed.\n\n- [K8SPXC-1664](https://perconadev.atlassian.net/browse/K8SPXC-1664) - Fixed the use of the proper script to check PXC nodes when adding them by HAProxy\n\n##### Supported Software\n\nThe Operator was developed and tested with the following software:\n\n- Percona XtraDB Cluster versions 8.4.5-5.1 (Tech preview), 8.0.42-33.1, and 5.7.44-31.65\n- Percona XtraBackup versions 8.4.0-3, 8.0.35-34.1, and 2.4.29\n- HAProxy 2.8.15-1\n- ProxySQL 2.7.3\n- LogCollector based on fluent-bit 4.0.1\n- PMM Client 2.44.1 and 3.3.1\n\nOther options may also work but have not been tested.\n\n##### Supported Platforms\n\nPercona Operators are designed for compatibility with all [CNCF-certified](https://www.cncf.io/training/certification/software-conformance/) Kubernetes distributions. Our release process includes targeted testing and validation on major cloud provider platforms and OpenShift, as detailed below for Operator version 1.16.0:\n\n- [Google Kubernetes Engine (GKE)](https://cloud.google.com/kubernetes-engine) 1.30 - 1.33\n- [Amazon Elastic Container Service for Kubernetes (EKS)](https://aws.amazon.com) 1.30 - 1.33\n- [Azure Kubernetes Service (AKS)](https://azure.microsoft.com/en-us/services/kubernetes-service/) 1.30 - 1.33\n- [OpenShift](https://www.redhat.com/en/technologies/cloud-computing/openshift) 4.15 - 4.19\n- [Minikube](https://minikube.sigs.k8s.io/docs/) 1.36.0 based on Kubernetes 1.33.1\n\nThis list only includes the platforms that the Percona Operators are specifically tested on as part of the release process. Other Kubernetes flavors and versions depend on the backward compatibility offered by Kubernetes itself.\n\n### [`v1.17.0`](https://redirect.github.com/percona/percona-xtradb-cluster-operator/releases/tag/v1.17.0)\n\n[Compare Source](https://redirect.github.com/percona/percona-xtradb-cluster-operator/compare/v1.16.1...v1.17.0)\n\n#### Release Highlights\n\n##### Improved observability for HAProxy and ProxySQL\n\nGet insights into the HAProxy and ProxySQL performance by connecting to their statistics pages. Use the `cluster-name-haproxy:8084` and `cluster-name-proxysql:6070` endpoints to do so. Learn about other available ports in the [documentation](https://docs.percona.com/percona-operator-for-mysql/pxc/haproxy-conf.html).\n\n##### Improved cluster load management during backups\n\nIf parallel backups overload your cluster, you can turn off parallel execution to prevent this. Previously, this meant that you could only run one backup at a time - no new backups could start until the current one was finished. Now, the Operator queues backups and runs them one after another automatically. You can fine-tune the backup sequence by setting the start time for all backups or for a specific on-demand one using the [`spec.backup.startingDeadlineSeconds`](https://docs.percona.com/percona-operator-for-mysql/pxc/operator.html#backupstartingdeadlineseconds) Custom Resource option. This provides greater control over backup operations.\n\nAnother improvement is for the case when your database cluster becomes unhealthy, for example, when a Pod crashes or restarts. The Operator suspends running backups to reduce the cluster's load. Once the cluster recovers and reports a Ready status, the Operator resumes the suspended backup. To further offload the cluster during an unhealthy state, you can configure how long a backup remains suspended by using the [`spec.backup.suspendedDeadlineSeconds`](https://docs.percona.com/percona-operator-for-mysql/pxc/operator.html#backupsuspendeddeadlineseconds) Custom Resource option. If this time expires before the cluster recovers, the backup is marked as \"failed.\"\n\n##### Monitor PMM Client health and status\n\nPercona Monitoring and Management (PMM) is a great tool to [monitor the health of your database cluster](https://docs.percona.com/percona-operator-for-mysql/pxc/monitoring.html). Now you can also learn if PMM itself is healthy using probes - a Kubernetes diagnostics mechanism to check the health and status of containers. Use the [`spec.pmm.readinessProbes.*`](https://docs.percona.com/percona-operator-for-mysql/pxc/operator.html#pmmreadinessprobesinitialdelayseconds) and [`spec.pmm.livenessProbes.*`](https://docs.percona.com/percona-operator-for-mysql/pxc/operator.html#pmmlivenessprobesinitialdelayseconds) Custom Resource options to fine-tune Readiness and Liveness probes for PMM Client.\n\n##### Improved observability of binary log backups\n\nGet insights into the success and failure rates of binlog operations, timeliness of processing and uploads and potential gaps or inconsistencies in binlog data with the Prometheus metrics added for the Operator. Gather this data by connecting to the `:8080/metrics` endpoint. Learn more about the available metrics in the [documentation](https://docs.percona.com/percona-operator-for-mysql/pxc/backups-pitr.html#binary-logs-statistics).\n\n#### Deprecation, Rename and Removal\n\nThe `spec.haproxy.exposePrimary.enabled` field is deprecated. If enabled via the `spec.haproxy.enabled`, the HAProxy primary service is already exposed.\n\n#### New Features\n\n- [K8SPXC-747](https://perconadev.atlassian.net/browse/K8SPXC-747), [K8SPXC-1473](https://perconadev.atlassian.net/browse/K8SPXC-1473) - Add the ability to access the statistics pages for HAProxy and ProxySQL\n\n- [K8SPXC-1366](https://perconadev.atlassian.net/browse/K8SPXC-1366) - Add the ability to queue backups and run them sequentially, and to optimize the cluster load with the ability to suspend backups for an unhealthy cluster. A user can assign the start time and suspension time to backups to manage them better.\n\n- [K8SPXC-1432](https://perconadev.atlassian.net/browse/K8SPXC-1432) - Enable users to configure cluster-wide Operator deployments in OpenShift certified catalog using OLM.\n\n#### Improvements\n\n- [K8SPXC-1367](https://perconadev.atlassian.net/browse/K8SPXC-1367) - Now a user can configure Readiness and Liveness probes for PMM Client container to check its health and status\n\n- [K8SPXC-1461](https://perconadev.atlassian.net/browse/K8SPXC-1461) - Improve logging for resizing PVC with the information about successful and failed PVC resize. Log errors on resize attempts if the Storage Class doesn't support resizing.\n\n- [K8SPXC-1466](https://perconadev.atlassian.net/browse/K8SPXC-1466) - Mark the containers that provide the service as default ones with the annotation. This enables a user to connect to a Pod without explicitly specifying a container.\n\n- [K8SPXC-1473](https://perconadev.atlassian.net/browse/K8SPXC-1473) - Add the ability to connect to the built-in statistics pages for HAProxy and ProxySQL by exposing the ports for those pages\n\n- [K8SPXC-1475](https://perconadev.atlassian.net/browse/K8SPXC-1475) - Update the backup image to use AWS CLI instead of MinIO CLI due to the license change\n\n- [K8SPXC-1510](https://perconadev.atlassian.net/browse/K8SPXC-1510) - Add the ability to suppress messages about the use of deprecated features in MySQL Error Log by adding the `log_error_suppression_list` key from the `my.cnf` configuration file and defining the message number in the `spec.pxc.configuration` subsection of the Custom Resource manifest. See [how to change MySQL options](https://docs.percona.com/percona-operator-for-mysql/pxc/options.html) for steps. This improves readability for MySQL error log.\n\n- [K8SPXC-1512](https://perconadev.atlassian.net/browse/K8SPXC-1512) - For Percona XtraDB Cluster version 8.4 and above, binary log user defined functions for point-in-time recovery (`binlog_utils_udf`) are now installed as a component instead of a plugin. This improves their compatibility across platforms and provides automatic dependency handling.\n\n- [K8SPXC-1542](https://perconadev.atlassian.net/browse/K8SPXC-1542) - Improve binlog upload for large files to Azure blob storage with the ability to define the block size and the number of concurrent writers for the upload (Thanks to user dcaputo-harmoni for contribution)\n\n- [K8SPXC-1543](https://perconadev.atlassian.net/browse/K8SPXC-1543) - Set PITR controller reference for binlog-collector deployment the same way as it's set for PXC and proxy StatefulSets. This creates a connection between PITR deployment and cluster resource (Thank you Vlad Gusev for the contribution)\n\n- [K8SPXC-1544](https://perconadev.atlassian.net/browse/K8SPXC-1544) - Improve observability of binlog collector by adding the support of basic Prometheus metrics (Thank you Vlad Gusev for the contribution)\n\n- [K8SPXC-1567](https://perconadev.atlassian.net/browse/K8SPXC-1567) - N\n\n
\n\n---\n\n### Configuration\n\n\U0001F4C5 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).\n\n\U0001F6A6 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.\n\n\u267B **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.\n\n\U0001F47B **Immortal**: This PR will be recreated if closed unmerged. Get [config help](https://redirect.github.com/renovatebot/renovate/discussions) if that's undesired.\n\n---\n\n - [ ] If you want to rebase/retry this PR, check this box\n\n---\n\nThis PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/vexxhost/atmosphere).\n\n" change_url: https://github.com/vexxhost/atmosphere/pull/2595 commit_id: 5d635ae7d201989f087661c6356a3703e1026788 patchset: 5d635ae7d201989f087661c6356a3703e1026788 project: canonical_hostname: github.com canonical_name: github.com/vexxhost/atmosphere name: vexxhost/atmosphere short_name: atmosphere src_dir: src/github.com/vexxhost/atmosphere topic: null change: '2595' change_message: "Update pxc (stable/2023.1)\n\n> \u2139\uFE0F **Note**\n> \n> This PR body was truncated due to platform limits.\n\nThis PR contains the following updates:\n\n| Package | Type | Update | Change | [Age](https://docs.renovatebot.com/merge-confidence/) | [Confidence](https://docs.renovatebot.com/merge-confidence/) |\n|---|---|---|---|---|---|\n| docker.io/percona/haproxy | | patch | `2.8.14` \u2192 `2.8.18` | ![age](https://developer.mend.io/api/mc/badges/age/docker/docker.io%2fpercona%2fhaproxy/2.8.18?slim=true) | ![confidence](https://developer.mend.io/api/mc/badges/confidence/docker/docker.io%2fpercona%2fhaproxy/2.8.14/2.8.18?slim=true) |\n| docker.io/percona/percona-xtradb-cluster-operator | | minor | `1.17.0` \u2192 `1.19.0` | ![age](https://developer.mend.io/api/mc/badges/age/docker/docker.io%2fpercona%2fpercona-xtradb-cluster-operator/1.19.0?slim=true) | ![confidence](https://developer.mend.io/api/mc/badges/confidence/docker/docker.io%2fpercona%2fpercona-xtradb-cluster-operator/1.17.0/1.19.0?slim=true) |\n| [github.com/percona/percona-xtradb-cluster-operator](https://redirect.github.com/percona/percona-xtradb-cluster-operator) | require | minor | `v1.16.1` \u2192 `v1.19.0` | ![age](https://developer.mend.io/api/mc/badges/age/go/github.com%2fpercona%2fpercona-xtradb-cluster-operator/v1.19.0?slim=true) | ![confidence](https://developer.mend.io/api/mc/badges/confidence/go/github.com%2fpercona%2fpercona-xtradb-cluster-operator/v1.16.1/v1.19.0?slim=true) |\n| [percona/percona-xtradb-cluster-operator](https://redirect.github.com/percona/percona-xtradb-cluster-operator) | | minor | `1.17.0` \u2192 `1.19.0` | ![age](https://developer.mend.io/api/mc/badges/age/github-releases/percona%2fpercona-xtradb-cluster-operator/1.19.0?slim=true) | ![confidence](https://developer.mend.io/api/mc/badges/confidence/github-releases/percona%2fpercona-xtradb-cluster-operator/1.17.0/1.19.0?slim=true) |\n| [pxc-operator](https://docs.percona.com/percona-operator-for-mysql/pxc/) ([source](https://redirect.github.com/percona/percona-helm-charts)) | | minor | `1.17.0` \u2192 `1.19.0` | ![age](https://developer.mend.io/api/mc/badges/age/helm/pxc-operator/1.19.0?slim=true) | ![confidence](https://developer.mend.io/api/mc/badges/confidence/helm/pxc-operator/1.17.0/1.19.0?slim=true) |\n| quay.io/prometheus/mysqld-exporter | | minor | `v0.17.0` \u2192 `v0.18.0` | ![age](https://developer.mend.io/api/mc/badges/age/docker/quay.io%2fprometheus%2fmysqld-exporter/v0.18.0?slim=true) | ![confidence](https://developer.mend.io/api/mc/badges/confidence/docker/quay.io%2fprometheus%2fmysqld-exporter/v0.17.0/v0.18.0?slim=true) |\n\n---\n\n### Release Notes\n\n
\npercona/percona-xtradb-cluster-operator (github.com/percona/percona-xtradb-cluster-operator)\n\n### [`v1.19.0`](https://redirect.github.com/percona/percona-xtradb-cluster-operator/releases/tag/v1.19.0)\n\n[Compare Source](https://redirect.github.com/percona/percona-xtradb-cluster-operator/compare/v1.18.0...v1.19.0)\n\n##### Release Highlights\n\nThis release of Percona Operator for MySQL based on Percona XtraDB Cluster includes the following new features and improvements:\n\n##### Ensure data security for Percona XtraDB Cluster 8.4 with data-at-rest encryption\n\nData at rest encryption ensures that sensitive information stored on disk remains protected from unauthorized access, even if the physical media is compromised. It is a foundational safeguard for compliance, trust and security in modern database environments.\n\nThe Operator supports data at rest encryption for MySQL 8.0 with HashiCorp Vault using the `keyring_vault` *plugin*. Now, it also supports data at rest encryption for MySQL 8.4, leveraging the `keyring_vault` *component*.\n\nThis enhancement enables you to benefit from the rich feature set of the latest major version of Percona XtraDB Cluster 8.4 while ensuring your sensitive data is secured. In doing so, you can meet compliance requirements and protect critical information without added operational complexity. Learn how to [configure data at rest encryption for Percona XtraDB Cluster 8.4](https://docs.percona.com/percona-operator-for-mysql/pxc/encryption-setup.html).\n\n##### Percona XtraDB Cluster 8.4 is now fully supported\n\nPercona XtraDB Cluster 8.4 is now fully supported and recommended for production deployments. Starting with this release, it becomes the default version for all new database cluster deployments using the Operator. This support enables you to benefit from its latest features, performance improvements, and enhanced security.\n\n##### Use your own CA certificates for TLS verification\n\nYou can now use your organization\u2019s custom Certificate Authority (CA) to securely verify TLS communication with S3 storage during backups and restores.\n\nThe configuration is straightforward: create the Secret that stores your custom CA and certificates to authorize in the S3 storage. Then reference this Secret and specify the CA certificate in the `caBundle` option in the Operator Custom Resource. The Operator will verify TLS communication against it.\n\nHere's the example configuration:\n\n```yml\nstorages:\n \ minio-s3:\n type: s3\n verifyTLS: true\n s3:\n caBundle:\n \ name: minio-ca-bundle\n key: tls.crt\n```\n\nWith this improvement, you ensure the following:\n\n- Security without compromise \u2013 no more bypassing identity checks.\n- Alignment with your internal standards \u2013 use the CA your company already trusts.\n- Confidence in backup and restore flows \u2013 every S3 interaction is properly verified.\n\nRead more about the use of own CA certificates in our [documentation](https://docs.percona.com/percona-operator-for-mysql/pxc/backups-storage.html#configure-tls-verification-with-custom-certificates-for-s3-storage)\n\n##### Configure duration for certificates issued by cert-manager\n\nBy default, the `cert-manager` generates certificates valid for 90 days. You now have more control over certificate lifetimes and can configure their custom duration when you create a new cluster. This way you can align with your organization's security and compliance policies.\n\nUse the following Custom Resource options to configure certificate duration:\n\n- `.spec.tls.certValidityDuration` \u2013 validity period for generated certificates\n- `.spec.tls.caValidityDuration` \u2013 validity period for the Certificate Authority (CA)\n\n```yaml\n tls:\n \ enabled: true\n certValidityDuration: 2160h\n caValidityDuration: 26280h\n```\n\nNote that the Operator enforces minimum durations to certificates:\n\n- For TLS certificates \u2013 1 hour\n- For CA certificate \u2013 730 hours.\n\nAlso, we don't recommend setting duration to exactly 1 hour to prevent certificate generation issues. Read more about rules and limitations about certificate duration configuration in our [documentation](https://docs.percona.com/percona-operator-for-mysql/pxc/tls-cert-manager.html#customize-certificate-duration-for-cert-manager).\n\nThis improvement empowers you to fine-tune certificate lifetimes while keeping your cluster secure and stable.\n\n##### Security context for ProxySQL sidecar containers\n\nYou can now define the security context for ProxySQL sidecar containers in the Operator, reducing the risk of unsecured sidecars bypassing Pod restrictions. This improvement lets you set user IDs, privileges, and filesystem access directly, ensuring compliance and strengthening Pod security.\n\nConfigure the security context in your custom resource. For example:\n\n```yaml\nspec:\n \ proxysql:\n sidecars:\n securityContext:\n privileged: false\n```\n\nWith this change, you enforce safer defaults across your deployments and close security gaps at the Pod level.\n\n##### Improved load balancing with ProxySQL scheduler (tech preview)\n\nThe Operator now integrates with the external `pxc_scheduler_handler` tool to improve query routing. This feature is currently in tech preview, so we recommend experimenting with it in test or staging environments before using it in production.\n\nWith this scheduler you get finer control over how your SQL queries are routed within your PXC cluster:\n\n- SELECT queries (that don't use FOR UPDATE) are intelligently distributed across all PXC nodes\u2014or all nodes except the writer, depending on your settings.\n- Non-SELECT queries and SELECT FOR UPDATE statements are routed to the writer node.\n- You don't have to micromanage the writer role: the scheduler automatically ensures only one writer is active at any time.\n\nThis means you could see:\n\n- better performance and higher throughput from distributing query loads\n- greater reliability with no single point of failure\n\n* Improved cluster health through early detection of replication lag and node issues\n\n- more efficient use of your resources and hardware\n- a smoother, more predictable experience for everyone using the database\n\nSee our [documentation](https://docs.percona.com/percona-operator-for-mysql/pxc/proxysql-conf.html#proxysql-scheduler-tech-preview) for full information about the scheduler behavior and setup.\n\nThe previous internal scheduler remains enabled by default to maintain backward compatibility. You can switch to the new one when you're ready to benefit from smarter query handling.\n\n##### Customize HAProxy backend health check intervals and failover behavior\n\nYou can now control how quickly HAProxy detects and reacts to node failures. Instead of waiting the default 20 seconds while HAProxy performs the failover, you can tune health checks to cut that down to just a few seconds. That means your applications recover faster, and users don't get stuck with hanging sessions when a node goes down.\n\nYou no longer need to override the entire HAProxy configuration to achieve this \u2014 the operator now gives you simple, direct options in the Custom Resource specification:\n\n```yaml\nhaproxy: \ \n healthCheck:\n interval: 10000\n rise: 1\n fall: 2\n```\n\nBy adjusting how often checks run and how many failures or successes mark a node as \u201Cdown\u201D or \u201Cup,\u201D you get faster failover, cleaner client handling, and easier configuration that is safe to upgrade and tailored to your environment.\n\n##### Switch from HAProxy to ProxySQL at runtime\n\nYou can now switch from HAProxy to ProxySQL without redeploying your Percona XtraDB Cluster. Previously, you had to choose ProxySQL only at startup. Now ProxySQL has the `caching_sha2_password` as the default authentication plugin, which gives you the flexibility to start with HAProxy and migrate to ProxySQL later as your needs evolve.\n\nWith this release, ProxySQL also includes a new [scheduler](#improved-load-balancing-with-proxysql-scheduler-tech-preview) that enhances SQL awareness, automates read/write splitting, and handles failovers more intelligently. This leads to faster queries, increased reliability, and more efficient cluster resource usage.\n\n**Which proxy should you choose?**\n\n- **HAProxy:** Choose HAProxy if you need a lightweight, TCP-level load balancer with minimal configuration. Note that for read/write splitting, your clients must connect to different HAProxy ports based on the query type.\n- **ProxySQL:** Opt for ProxySQL if you want built-in read/write splitting, advanced query-level control, and automated failover logic right out of the box.\n\nEach proxy brings its own resource requirements and advantages. We offer [additional guidance](https://docs.percona.com/percona-operator-for-mysql/pxc/load-balancing.html#what-load-balancer-to-use) on selecting the right proxy for your environment, plus [detailed recommendations](https://docs.percona.com/percona-operator-for-mysql/pxc/proxy-switching.html) on resource planning and best practices. Review these carefully to ensure your choice fits your operational and performance needs.\n\nTo switch between proxies, update your Custom Resource to set `haproxy.enabled` to `false` and `proxysql.enabled` to `true`. Apply the changes, and the Operator will handle the transition for you by restarting the relevant proxy Pods.\n\nWith this improvement you now control your proxy choice at runtime, and ProxySQL brings smarter routing and resilience right into the Operator.\n\n##### ProxySQL 3 support\n\nYou can now deploy ProxySQL 3 with Percona Operator for MySQL. This gives you more flexibility and control over how your applications connect to MySQL inside Kubernetes. Here\u2019s what you get:\n\n- Dual\u2011password support enables you to introduce a new password while the old one is still valid. As a result, you can rotate passwords without downtime\n- Enhanced event and query logging gives you real\u2011time visibility into query behavior and application traffic.\n- ProxySQL now logs the actual values bound to prepared statements. This helps you debug queries more effectively, since you see what data was passed instead of just placeholders\n- Event logs now include metadata about ProxySQL version and format. This makes it easier to track and audit logs across upgrades in your Operator\u2011managed deployments.\n\n##### Direct-access backups: Improved performance and reliability with sidecars (tech preview)\n\nBy default, the Operator makes backups using the SST method. This creates a separate backup Pod with Percona XtraBackup, while the database node enters Donor state and stops serving client requests. SST backups can also fail with cryptic network errors, making root cause analysis and recovery difficult.\n\nStarting with version 1.19.0, you can make backups via the XtraBackup sidecar container. The Operator deploys a sidecar with XtraBackup inside each Percona XtraDB Cluster Pod. This sidecar makes a backup and uploads it to the remote backup storage. The database Pod doesn\u2019t change its state to Donor and keeps accepting client requests.\n\nUsing the sidecar method provides a direct access to data thus boosting backup performance. The sidecar container constantly runs in the database Pod, so you have constant access to logs and status, which simplifies troubleshooting.\n\nTo enable the XtraBackup sidecar container backup method, set `PXCO_FEATURE_GATES=XtrabackupSidecar=true` environment variable in the Operator Deployment.\nThis functionality is in the tech preview stage and currently supports only cloud storages. We encourage you to try it out in your testing or staging environments and leave your feedback.\n\nFuture enhancements such as support of PVC volumes, backup encryption and incremental backups are planned for future releases.\n\nTo learn more about XtraBackup sidecar container backup method, see our [documentation](https://docs.percona.com/percona-operator-for-mysql/pxc/backups.html#xtrabackup-sidecar-method-tech-preview).\n\n##### Ensure only up to date data is served during backups\n\nWhen a node donates data during backups or SST, it enters into the DONOR state. At this point, the node should no longer handle client connections. HAProxy's external check correctly blocked new connections to the Donor node but allowed existing sessions to remain active. Those lingering sessions could return slow or outdated results.\n\nThe HAProxy default configuration now includes the `on-marked-down shutdown-sessions` directive. As soon as HAProxy marks a node as down, all active connections are immediately closed and clients reconnect to remaining active nodes. This ensures that only fresh, up to date data is served during backups.\n\n##### Automatic cleanup of backup and restore Jobs and associated Pods\n\nThe Operator creates a dedicated Job and Pod for every backup and restore operation. Previously, these Jobs and Pods remained in the cluster even after the operation was finished, and you had to manually delete them to free up resources.\n\nNow, you can offload this task to the Operator. Specify a time-to-live (TTL) for backup and restore Jobs once the operation is finished. When the TTL expires, the Operator automatically deletes the Job and its associated Pod.\n\nModify your Custom Resource as follows:\n\n```yaml\nbackup:\n image: perconalab/percona-xtradb-cluster-operator:main-pxc8.0-backup\n \ ttlSecondsAfterFinished: 3600\n```\n\nThis setting is global. It applies to all on-demand and scheduled backups, and all restores.\n\nThe Operator also ensures reliability: if a backup or restore takes longer than the configured TTL, it applies the `internal.percona.com/keep-job` finalizer to allow the operation to finish. After the operation completes either with the `Succeeded` or the `Failed` status, the finalizer is removed and the Job is cleaned up.\n\nThis improvement reduces manual maintenance overhead, gives you control over the processes lifetime for debugging or auditing purposes and helps keep your cluster healthy and efficient. By reducing unnecessary resource buildup, you gain smoother operations, lower maintenance overhead and improved reliability in production environments.\n\n##### Improved backup identification for point-in-time recovery readiness\n\nWhen a backup contains binlog gaps, the Operator now creates a `.pitr-not-ready` file in the backup storage. This file makes it easy to identify which backups are appropriate for point in time recovery both in the storage and when listing backup objects.\n\nBefore starting a restore, the Operator checks for this marker file and blocks unsafe restores, protecting you from incomplete recovery attempts. If needed, you can override this safeguard by adding the `percona.com/unsafe-pitr` annotation to the Restore object. Use this override with caution, as this is an unsafe configuration.\n\n##### Attach external PVCs for shared data access across applications and the database cluster\n\nSometimes your database needs more than its own internal storage. For example, it needs access to reference files, shared configuration files or lookup tables generated outside the database but still essential for queries and procedures.\n\nYou can now attach auxiliary pre-existing PVCs and mount that external data directly into your database, ProxySQL or HAProxy pods in a clean, declarative way using the Custom Resource.\n\nThis example configuration shows how to attach external PVC to the XtraDB Cluster Pods:\n\n```yaml\npxc:\n extraPVCs:\n - name: extra-data-volume\n claimName: my-extra-storage\n mountPath: /var/lib/mysql-extra\n readOnly: false\n```\n\nThis improvement gives you a reliable way to separate internal database storage from external domain data, update shared datasets independently, and still benefit from the Operator\u2019s automation and resilience.\n\n##### Customize password generation by the Operator\n\nBy default, the Operator generates user passwords using alphanumeric characters plus a set of special symbols. Some tools such as MySQL Prometheus Exporter or mysqlsh don't support certain symbols, which can make those passwords invalid.\n\nTo improve compatibility and user experience, you can now customize password generation parameters in the Custom Resource:\n\n```yaml\nspec:\n passwordGenerationOptions:\n symbols: \"!#$%&()*+,-.<=>?@​[]^_{}~\"\n maxLength: 20\n minLength: 16\n```\n\nThis enhancement lets you keep the convenience of automated password generation and at the same time ensure compliance with the tools and environments you integrate with the Operator.\n\n##### Configure memory allocator in the Operator\n\nBy default, Percona Operator for XtraDB Cluster uses the system allocator (`libc`) to manage memory. While this works for most cases, alternative allocators such as `jemalloc` and `tcmalloc` can improve performance and reduce fragmentation in high-traffic workloads.\n\nTo have more flexibility, you can now configure the memory allocator directly in the Custom Resource:\n\n```yaml\nspec:\n \ pxc:\n mysqlAllocator: jemalloc\n```\n\nSupported values are:\n\n- `jemalloc`\n- `tcmalloc`\n- `libc` (default, used when no value is set)\n\nIf you have already configured the memory allocator via the environment variable, the Operator will respect that setting and use it instead of the Custom Resource value.\n\nThis enhancement lets you fine-tune memory management for your cluster while keeping compatibility with existing configurations.\n\n##### Deprecation, rename, removal\n\n**Removed in 1.19.0:**\n\n- `proxysql.readinessDelaySec` and `proxysql.livenessDelaySec` fields are removed as redundant\n\n**Deprecated (will be removed in 1.22.0):**\n\n- `pxc.livenessDelaySec`. Use [`pxc.livenessProbes.initialDelaySeconds`](https://docs.percona.com/percona-operator-for-mysql/pxc/operator.html#pxclivenessprobesinitialdelayseconds)\n- `pxc.readinessDelaySec`. Use [`pxc.readinessProbes.initialDelaySeconds`](https://docs.percona.com/percona-operator-for-mysql/pxc/operator.html#pxcreadinessprobesinitialdelayseconds)\n- `haproxy.livenessDelaySec`. Use [`haproxy.livenessProbes.initialDelaySeconds`](https://docs.percona.com/percona-operator-for-mysql/pxc/operator.html#haproxylivenessprobesinitialdelayseconds)\n- `haproxy.readinessDelaySec`. Use [`haproxy.readinessProbes.initialDelaySeconds`](https://docs.percona.com/percona-operator-for-mysql/pxc/operator.html#haproxyreadinessprobesinitialdelayseconds)\n\n##### Changelog\n\n##### New Features\n\n- [K8SPXC-1332](https://perconadev.atlassian.net/browse/K8SPXC-1332) - Added the ability to load custom SSL certificates for backup operations to S3 storage. This enables secure communication with S3-compatible storage using the certificates approved and trusted by your company (Thank you Azam Abdoelbasier for submitting this request).\n- [K8SPXC-1494](https://perconadev.atlassian.net/browse/K8SPXC-1494) - Added the ability to configure the duration of TLS certificates created by `cert-manager`. This allows users to customize certificate lifecycles to meet their specific security requirements.\n- [K8SPXC-1576](https://perconadev.atlassian.net/browse/K8SPXC-1576) - Added the ability to use the XtraBackup sidecar container instead of SST for creating backups. This provides an alternative, potentially more efficient backup method.\n- [K8SPXC-1688](https://perconadev.atlassian.net/browse/K8SPXC-1688) - Added ability to mount pre-existing auxiliary PVCs as volumes to database and proxy pods. This facilitates easier integration with external data and storage resources (Thank you Emin AKTAS for submitting the request and contributing to it).\n- [K8SPXC-1733](https://perconadev.atlassian.net/browse/K8SPXC-1733) - Added the ability to customize password generation parameters, such as length and character sets via the Custom Resource. This ensures smooth operation of the tools with specific requirements towards password and leverages the automatic password generation of the Operator (Thank you user fydrah for submitting the request and contributing to it).\n- [K8SPXC-1734](https://perconadev.atlassian.net/browse/K8SPXC-1734) - Introduced configurable HAProxy backend health check parameters that can be tuned without overriding the entire configuration. This simplifies performance tuning for high-availability setups (Thank you Tim Stoop for submitting the request and contributing to it).\n\n##### Improvements\n\n- [K8SPXC-735](https://perconadev.atlassian.net/browse/K8SPXC-735) - Added the support of the `pxc_scheduler_handler` ProxySQL scheduler for SQL-aware routing and effective read/write splitting. This allows for better utilization of resources by distributing read-only traffic across the entire cluster while routing write requests only to the writer node.\n- [K8SPXC-992](https://perconadev.atlassian.net/browse/K8SPXC-992) - Improved binlog naming to prevent potential collisions between different collectors. The updated naming convention ensures unique and consistent identification of binary log files in storage.\n- [K8SPXC-1144](https://perconadev.atlassian.net/browse/K8SPXC-1144) - Introduced a mechanism to mark S3 backups as PITR-unready if binlog gaps are detected. This prevents users from attempting invalid point-in-time recoveries using inconsistent backups.\n- [K8SPXC-1214](https://perconadev.atlassian.net/browse/K8SPXC-1214) - Added an option to automatically clean up completed backup and restore jobs and their associated pods. This improvement helps reduce pressure on the Kubernetes API by removing stale resources (Thank you Alexandre Barth for reporting this issue).\n- [K8SPXC-1319](https://perconadev.atlassian.net/browse/K8SPXC-1319) - Enhanced the operator to support running multiple backup restores for different clusters in parallel. This removes a previous limitation that blocked concurrent restore operations across the environment.\n- [K8SPXC-1327](https://perconadev.atlassian.net/browse/K8SPXC-1327) - Added the ability to change the memory allocator for MySQL to improve memory management efficiency. This change helps optimize the overall memory footprint of PXC pods.\n- [K8SPXC-1373](https://perconadev.atlassian.net/browse/K8SPXC-1373) - Improved core dump handling to ensure that crashed instances can recover more reliably after an SST. This enhancement aids in diagnosing and recovering from unexpected server failures.\n- [K8SPXC-1431](https://perconadev.atlassian.net/browse/K8SPXC-1431) - Improved the delete-backup finalizer logic to correctly handle the deletion of on-demand backup PVCs.\n- [K8SPXC-1470](https://perconadev.atlassian.net/browse/K8SPXC-1470) - Added the ability to switch between HAProxy and ProxySQL within an existing cluster. This provides users with more flexibility to change their load-balancing solution as their needs evolve.\n- [K8SPXC-1511](https://perconadev.atlassian.net/browse/K8SPXC-1511) - Added the support of data at rest encryption for Percona XtraDB Cluster 8.4 via the `keyring vault` component. This change ensures compatibility with the latest security architecture of MySQL 8.4.\n- [K8SPXC-1525](https://perconadev.atlassian.net/browse/K8SPXC-1525) - Deprecated `pxc.livenessDelaySec` option in favor of more consistent liveness probe parameters. The Operator now prioritizes standard probe configurations to manage Pod lifecycle.\n- [K8SPXC-1568](https://perconadev.atlassian.net/browse/K8SPXC-1568) - Updated the Operator's password generation logic to prevent the '\\*' character from being used as the first character. This avoids potential issues with certain authentication plugins and command-line tools.\n- [K8SPXC-1594](https://perconadev.atlassian.net/browse/K8SPXC-1594) - Improved the database upgrade logic to prevent the controller from being blocked during the operation. This ensures that the Operator remains responsive to other cluster changes while an upgrade is in progress.\n- [K8SPXC-1628](https://perconadev.atlassian.net/browse/K8SPXC-1628) - Added support for `tcmalloc` as an alternative memory allocator in PXC images. This gives users additional options to tune and reduce the memory footprint of their database workloads.\n- [K8SPXC-1647](https://perconadev.atlassian.net/browse/K8SPXC-1647) - Implemented extended exit codes for garbd to provide better diagnostic information for different failure scenarios. This helps users identify the root cause of SST and joining issues faster.\n- [K8SPXC-1668](https://perconadev.atlassian.net/browse/K8SPXC-1668) - Added support for ProxySQL 3, providing users with access to the latest features and performance improvements of the load balancer.\n- [K8SPXC-1683](https://perconadev.atlassian.net/browse/K8SPXC-1683) - Expanded smart update tests to include PXC 8.4 and PMM 3, ensuring stable upgrade paths for the latest versions.\n- [K8SPXC-1703](https://perconadev.atlassian.net/browse/K8SPXC-1703) - Added the support of the `generateEmbeddedObjectMeta` option, improving the template handling for sidecars and extra PVCs (Thank you Emin AKTAS for reporting and contributing to this issue).\n- [K8SPXC-1748](https://perconadev.atlassian.net/browse/K8SPXC-1748) - Eliminated runtime CREATE FUNCTION statements in the PITR collector to avoid unnecessary Galera TOI (Total Order Isolation) events. This reduces the performance impact on the cluster when the PITR sidecar starts or restarts.\n\n##### Bugs Fixed\n\n- [K8SPXC-926](https://perconadev.atlassian.net/browse/K8SPXC-926) - Fixed an issue where a failed smart update on one cluster could block the Operator from managing other clusters in multi-cluster environments. The controller now handles update failures more gracefully without impacting independent resources.\n- [K8SPXC-1379](https://perconadev.atlassian.net/browse/K8SPXC-1379) - Fixed an issue where monit container resource values in ProxySQL pods did not correctly reflect the values specified in the PXC cluster definition. The operator now ensures that ProxySQL resource attributes are properly applied to the monitoring sidecar containers.\n- [K8SPXC-1424](https://perconadev.atlassian.net/browse/K8SPXC-1424) - Resolved a certificate renewal issue where CA certificates in TLS secrets could expire before server certificates were renewed. The Operator logic was updated to align renewal intervals for CA and server certificates when using cert-manager.\n- [K8SPXC-1581](https://perconadev.atlassian.net/browse/K8SPXC-1581) - Corrected the order of options in the restore prepare job to ensure that `--defaults-file` is passed as the first option to xtrabackup. This fix ensures that custom configuration files are correctly prioritized during the restore process.\n- [K8SPXC-1617](https://perconadev.atlassian.net/browse/K8SPXC-1617) - Fixed a binlog gap issue in Point-in-Time Recovery (PITR) that caused repeated test failures. Users are now advised to perform a full backup after each PITR restore to ensure data consistency and prevent gaps.\n- [K8SPXC-1632](https://perconadev.atlassian.net/browse/K8SPXC-1632) - Added missing SecurityContext configurations for ProxySQL sidecar containers to enhance pod security. This change ensures that all sidecars follow the defined security standards of the cluster.\n- [K8SPXC-1655](https://perconadev.atlassian.net/browse/K8SPXC-1655) - Fixed a failure in xtrabackup when using LZ4 compression on RHEL9-based Percona XtraDB Cluster images. The fix addresses compatibility issues with the latest compression libraries in the operating system environment.\n- [K8SPXC-1686](https://perconadev.atlassian.net/browse/K8SPXC-1686) - Improved backup error handling to ensure that providing an invalid Percona XtraBackup image results in a failed status. A new timeout field was introduced to prevent backup objects from hanging indefinitely in a starting state.\n- [K8SPXC-1687](https://perconadev.atlassian.net/browse/K8SPXC-1687) - Fixed the `copy-backup.sh` script to correctly handle and copy cloud-based backups stored in S3 or Azure. This ensures that the utility script works consistently across all supported storage types.\n- [K8SPXC-1701](https://perconadev.atlassian.net/browse/K8SPXC-1701) - Ensured that MySQL configurations are correctly mounted to the restore prepare job. This fix allows the restore process to use custom MySQL settings defined in the cluster (Thank you Emin AKTAS for reporting and contributing to this issue).\n- [K8SPXC-1702](https://perconadev.atlassian.net/browse/K8SPXC-1702) - Added the ability to override time zones for backup jobs. This resolves issues where time-dependent operations could fail due to missing timezone definitions (Thank you Emin AKTAS for reporting and contributing to this issue).\n- [K8SPXC-1721](https://perconadev.atlassian.net/browse/K8SPXC-1721) - Added a sleep interval to the recovery loop to prevent high CPU usage spikes when containers restart.\n- [K8SPXC-1725](https://perconadev.atlassian.net/browse/K8SPXC-1725) - Fixed a condition where a cluster could return stalled data during a backup or SST operation by adding the on-marked-down shutdown-sessions directive to HAProxy default configuration. This ensures that only fresh, up to date data is served during backups.\n- [K8SPXC-1726](https://perconadev.atlassian.net/browse/K8SPXC-1726) - Resolved a deployment breakage in the Operator version 1.18.0 via Helm caused by PMM 3 client incompatibilities. The fix ensures a smoother upgrade path for users migrating to newer versions of PMM (Thank you Antonio Falzarano for reporting and contributing to this issue).\n- [K8SPXC-1760](https://perconadev.atlassian.net/browse/K8SPXC-1760) - Fixed the handling of the crVersion field in the Helm chart templates. The Operator now correctly considers the version defined in `values.yaml` when generating the cluster configuration.\n- [K8SPXC-1771](https://perconadev.atlassian.net/browse/K8SPXC-1771) - Fixed the issue with excessive logging by the backup controller when backups are suspended or resumed due to an unready cluster. This improves log readability and reduces unnecessary diagnostic noise.\n- [K8SPXC-1772](https://perconadev.atlassian.net/browse/K8SPXC-1772) - Fixed a state transition bug where unsuspended backups could move directly from 'Starting' to 'Succeeded' without entering the 'Running' state. This ensures accurate tracking and visibility of the backup process status.\n\n##### Documentation Improvements\n\n- [K8SPXC-1747](https://perconadev.atlassian.net/browse/K8SPXC-1747) - Improved the documentation with the information about available environment variables for cluster components and the Operator. Documented the `S3_WORKERS_LIMIT` environment variable to allow throttling of backup deletions.\n- [K8SPXC-1661](https://perconadev.atlassian.net/browse/K8SPXC-1661) - Updated the operator documentation to reflect that PMM 3 uses service accounts instead of API keys. This ensures that users can correctly configure monitoring integration with the latest versions of PMM.\n- [K8SPXC-1663](https://perconadev.atlassian.net/browse/K8SPXC-1663) - Improved documentation for Point-in-Time Recovery steps. The updated documentation properly separates and sequences the recovery instructions for improved readability.\n\n##### Supported Software\n\nThe Operator was developed and tested with the following software:\n\n- Percona XtraDB Cluster versions 8.4.7-7.1, 8.0.44-35.1, and 5.7.44-31.65\n- Percona XtraBackup versions 8.4.0-5.1, 8.0.35-34.1, and 2.4.29\n- HAProxy 2.8.17\n- ProxySQL 2.7.3-1.2, 3.0.1-1.2\n- LogCollector based on fluent-bit 4.0.1-1\n- PMM Client 2.44.1-1 and 3.5.0\n\nOther options may also work but have not been tested.\n\n##### Supported Platforms\n\nPercona Operators are designed for compatibility with all [CNCF-certified](https://www.cncf.io/training/certification/software-conformance/) Kubernetes distributions. Our release process includes targeted testing and validation on major cloud provider platforms and OpenShift, as detailed below:\n\n- [Google Kubernetes Engine (GKE)](https://cloud.google.com/kubernetes-engine) 1.31 - 1.33\n- [Amazon Elastic Container Service for Kubernetes (EKS)](https://aws.amazon.com) 1.32 - 1.34\n- [Azure Kubernetes Service (AKS)](https://azure.microsoft.com/en-us/services/kubernetes-service/) 1.32 - 1.34\n- [OpenShift](https://www.redhat.com/en/technologies/cloud-computing/openshift) 4.17 - 4.20\n- [Minikube](https://minikube.sigs.k8s.io/docs/) 1.37.0 based on Kubernetes 1.34.0\n\nThis list only includes the platforms that the Percona Operators are specifically tested on as part of the release process. Other Kubernetes flavors and versions depend on the backward compatibility offered by Kubernetes itself.\n\n### [`v1.18.0`](https://redirect.github.com/percona/percona-xtradb-cluster-operator/releases/tag/v1.18.0)\n\n[Compare Source](https://redirect.github.com/percona/percona-xtradb-cluster-operator/compare/v1.17.0...v1.18.0)\n\n##### Release Highlights\n\nThis release of Percona Operator for MySQL based on Percona XtraDB Cluster includes the following new features and improvements:\n\n##### PMM3 support\n\nThe Operator is natively integrated with [PMM 3](https://www.percona.com/doc/percona-monitoring-and-management/3/index.html), enabling you to monitor the health and performance of your Percona Distribution for MySQL deployment and at the same time enjoy enhanced performance, new features, and improved security that PMM 3 provides.\n\nNote that the Operator supports both PMM2 and PMM3. The decision on what PMM version is used depends on the authentication method you provide in the Operator configuration: PMM2 uses API keys while PMM3 uses service account token. If the Operator configuration contains both authentication methods with non-empty values, PMM3 takes the priority.\n\nTo use PMM, ensure that the PMM client image is compatible with the PMM Server version. Check [Percona certified images](https://docs.percona.com/percona-operator-for-mysql/pxc/images.html) for the correct client image.\n\nFor how to configure monitoring with PMM, see the [documentation](https://docs.percona.com/percona-operator-for-mysql/pxc/monitoring.html).\n\n##### Improved monitoring for clusters in multi-region or multi-namespace deployments in PMM\n\nNow you can define a custom name for your clusters deployed in different data centers. This name helps Percona Management and Monitoring (PMM) Server to correctly recognize clusters as connected and monitor them as one deployment. Similarly, PMM Server identifies clusters deployed with the same names in different namespaces as separate ones and correctly displays performance metrics for you on dashboards.\n\nTo assign a custom name, define this configuration in the Custom Resource manifest for your cluster:\n\n```yaml\nspec:\n pmm:\n \ customClusterName: testClusterName\n```\n\n##### More resilient database restores without matching user Secrets\n\nYou no longer need matching user Secrets between your backup and your target cluster to perform a restore. The Operator now has a post-restore step that changes user passwords in the restored database to the ones from the local Secret. Also, it creates missing system users and adds missing grants.\n\nThis flow is the same regardless of whether you restore to the same cluster or to a completely new one.\n\nThe removal of this major roadblock to have a Secret for restores makes your disaster recovery process smoother and more reliable. This enhancement makes managing databases on Kubernetes more robust and operator-friendly.\n\n##### Improved backup retention for streamlined management of scheduled backups in cloud storage\n\nA new backup retention configuration gives you more control over how backups are managed in storage and retained in Kubernetes.\n\nWith the `deleteFromStorage` flag , you can disable automatic deletion from AWS S3 or Azure Blob storage and instead rely on native cloud lifecycle policies. This makes backup cleanup more efficient and better aligned with flexible storage strategies.\n\nThe legacy `keep` option is now deprecated and mapped to the new `retention` block for compatibility. We encourage you to start using the `backup.schedule.retention` configuration:\n\n```yaml\nschedule:\n \ - name: \"sat-night-backup\"\n schedule: \"0 0 * * 6\"\n retention:\n \ count: 3\n type: count\n deleteFromStorage: true\n storageName: s3-us-west\n```\n\nNote that if you have both `backup.schedule.keep` and `backup.schedule.retention` defined, the `backup.schedule.retention` takes precedence.\n\n##### Added labels to identify the version of the Operator\n\nCustom Resource Definition (CRD) is compatible with the last three Operator versions. To know which Operator version is attached to it, we've added labels to all Custom Resource Definitions. The labels help you identify the current Operator version and decide if you need to update the CRD. To view the labels, run: `kubectl get crd perconaxtradbclusters.pxc.percona.com --show-labels`.\n\n##### Cross-site replication is now supported for Percona XtraDB Cluster 8.4\n\nCross-site replication is now available with Percona XtraDB Cluster 8.4.x, lifting one of the limitations in the Operator for this database version. This enhancement marks a significant step toward general availability of Percona XtraDB Cluster 8.4 in the Operator by enabling multi-site deployments and improving resilience across distributed environments.\n\n##### Deprecation, Rename and Removal\n\n- The `pxc.expose.loadBalancerIP`, `haproxy.exposePrimary.loadBalancerIP`, `haproxy.exposeReplicas.loadBalancerIP` and `proxysql.expose.loadBalancerIP` keys are deprecated. The `loadBalancerIP` field is also deprecated upstream in Kubernetes\n due to its inconsistent behavior across cloud providers and lack of dual-stack support. As a result, its usage is strongly discouraged.\n\n We recommend using cloud provider-specific annotations instead, as they offer more predictable and portable behavior for managing load balancer IP assignments.\n\n The `pxc.expose.loadBalancerIP`, `haproxy.exposePrimary.loadBalancerIP`, `haproxy.exposeReplicas.loadBalancerIP` and `proxysql.expose.loadBalancerIP` keys are scheduled for removal in future releases.\n\n- The `backup.schedule.keep` field is deprecated and will be removed after release 1.21.0. We recommend using the `backup.schedule.retention` instead as follows:\n\n ```yaml\n schedule:\n - name: \"sat-night-backup\"\n \ schedule: \"0 0 ** 6\"\n retention:\n count: 3\n type: count\n deleteFromStorage: true\n storageName: s3-us-west\n ```\n\n- New repositories for Percona XtraBackup and Logcollector\n\n Now the Operator uses the official Percona Docker images for the `percona-xtrabackup` and `logcollector` components. Pay attention to the new image repositories when you upgrade the Operator and the database. Check the [Percona certified images](https://docs.percona.com/percona-operator-for-mysql/pxc/images.html) for exact image names.\n\n- Changes for Helm charts:\n\n - PMM3 is now the default. To keep using PMM2, set the `pmm.tag: 2.44.1`\n - If you install or upgrade the Operator with default manifests using Helm charts on Openshift 4.19, you must use the `docker.io` registry prefix to guarantee successful download from the DockerHub `percona-xtradb-cluster` repository. Read the [Considerations for using OpenShift 4.19](#considerations-for-using-openshift-419) section for more information.\n\n##### Known limitations\n\n##### Considerations for using OpenShift 4.19\n\nStarting with OpenShift 4.19, the way images with not fully qualified names are pulled has changed for repositories that share the same repository name on DockerHub and Red Hat Marketplace. By default the tags are pulled from Red Hat Marketplace. Specifying not fully qualified image names may result in the `ImagePullBackOff` error.\n\n- **OLM installation:** Images are provided with the fully qualified names and are pulled from the Red Hat Marketplace/DockerHub registry.\n- **Manual install/update with default manifests:** Images must use the `docker.io` registry prefix to guarantee successful download from the Dockerhub `percona-xtradb-cluster` repository.\n\nSee our documentation for [manual installation](https://docs.percona.com/percona-operator-for-mysql/pxc/openshift.html#install-the-operator-via-the-command-line-interface) or [update](https://docs.percona.com/percona-operator-for-mysql/pxc/update_openshift.html#update-via-the-command-line-interface).\n\n##### Changleog\n\n##### New Features\n\n- [K8SPXC-1284](https://perconadev.atlassian.net/browse/K8SPXC-1284) - Add the ability to configure protocol for peer-list DNS SRV lookups\n\n- [K8SPXC-1599](https://perconadev.atlassian.net/browse/K8SPXC-1599) - Allowed setting `loadBalancerClass` service type and using a custom implementation of a load balancer rather than the cloud provider default one\n\n##### Improvements\n\n- [K8SPXC-1375](https://perconadev.atlassian.net/browse/K8SPXC-1375) - Added a new retention configuration to allow users to delegate backup cleanup to cloud lifecycle policies (Thank you user Tristan for reporting this issue)\n\n- [K8SPXC-1376](https://perconadev.atlassian.net/browse/K8SPXC-1376) - Added the ability to restore from backup without a matching Secret resource\n\n- [K8SPXC-1399](https://perconadev.atlassian.net/browse/K8SPXC-1399) - Added a documentation how to set up a disaster recovery system and transfer workloads between sites\n\n- [K8SPXC-1415](https://perconadev.atlassian.net/browse/K8SPXC-1415) - Updated the `percona-xtrabackup` image to use the official `percona-xtrabackup` Docker image\n\n- [K8SPXC-1430](https://perconadev.atlassian.net/browse/K8SPXC-1430) - Improved handling of autogenerated certificates depending on the `delete-ssl` finalizer configuration\n\n- [K8SPXC-1448](https://perconadev.atlassian.net/browse/K8SPXC-1448), [K8SPXC-1449](https://perconadev.atlassian.net/browse/K8SPXC-1449) - Improved the `pvc-resize` test by using a custom storage class for EKS, reducing errors and improving the quota handling during resize\n\n- [K8SPXC-1450](https://perconadev.atlassian.net/browse/K8SPXC-1450) - Improved PVC resizing behavior when reducing the storage size by reverting the values when the quota is reached\n\n- [K8SPXC-1472](https://perconadev.atlassian.net/browse/K8SPXC-1472) - Deprecated the `loadBalancerIP` field due to its deprecation upstream\n\n- [K8SPXC-1513](https://perconadev.atlassian.net/browse/K8SPXC-1513) - Added PXC 8.4 support for version service\n\n- [K8SPXC-1529](https://perconadev.atlassian.net/browse/K8SPXC-1529) - Added support for cross-site replication with MySQL 8.4.0 by adding the use of `authentication_policy` instead of `default_authentication_plugin`\n\n- [K8SPXC-1553](https://perconadev.atlassian.net/browse/K8SPXC-1553) - Added support for PMM v3\n\n- [K8SPXC-1560](https://perconadev.atlassian.net/browse/K8SPXC-1560) - Added the warning about CRDs not being upgraded automatically after helm upgrade to the output\n\n- [K8SPXC-1566](https://perconadev.atlassian.net/browse/K8SPXC-1566) - Improved reconciliation of replicationChannels without proxy Pods by starting the database Pod bypassing the proxy (Thank you Justin Reasoner for contributing to this issue)\n\n- [K8SPXC-1569](https://perconadev.atlassian.net/browse/K8SPXC-1569) - Added Labels for Custom Resource Definitions (CRD) to identify the Operator version attached to them\n\n- [K8SPXC-1597](https://perconadev.atlassian.net/browse/K8SPXC-1597) - Improve the scheduled backups behavior for a cluster in an unhealthy state by postponing the job until the cluster reports the healthy status\n\n- [K8SPXC-1605](https://perconadev.atlassian.net/browse/K8SPXC-1605) - Introduced Azure CLI for checking if backup objects/folders exist in Azure storage\n\n- [K8SPXC-1612](https://perconadev.atlassian.net/browse/K8SPXC-1612) - Added the `imagePullSecrets` for PMM image\n\n- [K8SPXC-1615](https://perconadev.atlassian.net/browse/K8SPXC-1615) - Added the ability to define a custom cluster name for `pmm-admin` component\n\n- [K8SPXC-1624](https://perconadev.atlassian.net/browse/K8SPXC-1624) - Deleted deprecated finalizers code\n\n- [K8SPXC-1669](https://perconadev.atlassian.net/browse/K8SPXC-1669) - Improve the backup flow by generating a default endpoint URL for a storage from a region if it is not provided (Thank you Bernard Grymonpon for reporting this issue)\n\n- [K8SPXC-1677](https://perconadev.atlassian.net/browse/K8SPXC-1677) - Document the changed behavior with pulling images for default manifests on OpenShift 4.19 and update install and update instructions\n\n##### Bugs Fixed\n\n- [K8SPXC-1312](https://perconadev.atlassian.net/browse/K8SPXC-1312) - Fixed the issue with labels not being updated automatically for point-in-time recovery deployment upon Custom Resource changes\n\n- [K8SPXC-1347](https://perconadev.atlassian.net/browse/K8SPXC-1347) - Fixed the issue with point-in-time recovery failing due to TLS configuration mismatch between the server and the point-in-time recovery job by configuring it to use TLS if is required by the server.\n\n- [K8SPXC-1382](https://perconadev.atlassian.net/browse/K8SPXC-1382) - Fixed the issue with backup failing on AWS if using IAM profile without credentialsSecret by using credentialsSecret only when explicitly specified and relying on IAM roles instead (Thank you Itiel Olenick for reporting this issue)\n\n- [K8SPXC-1541](https://perconadev.atlassian.net/browse/K8SPXC-1541) - Fixed Telemetry module to to consider both empty string \"\" and comma separated namespaces in cluster-wide mode\n\n- [K8SPXC-1548](https://perconadev.atlassian.net/browse/K8SPXC-1548) Fixed the issue with deleting old backups on Google Cloud Storage by url-decoding the object path before deleting it (Thank you Mateusz Gruszkiewicz for reporting this issue)\n\n- [K8SPXC-1631](https://perconadev.atlassian.net/browse/K8SPXC-1631) - Fixed the issue with the Operator restarting pod-0 after the cluster is ready. The issue is caused by ConfigMap and StatefulSet being created too close to each other and Kubernetes API can't return the newly created ConfigMap before creating the StatefulSet. The issue is fixed by reconciling the StatefulSet after the reconciliation of ConfigMap is completed.\n\n- [K8SPXC-1664](https://perconadev.atlassian.net/browse/K8SPXC-1664) - Fixed the use of the proper script to check PXC nodes when adding them by HAProxy\n\n##### Supported Software\n\nThe Operator was developed and tested with the following software:\n\n- Percona XtraDB Cluster versions 8.4.5-5.1 (Tech preview), 8.0.42-33.1, and 5.7.44-31.65\n- Percona XtraBackup versions 8.4.0-3, 8.0.35-34.1, and 2.4.29\n- HAProxy 2.8.15-1\n- ProxySQL 2.7.3\n- LogCollector based on fluent-bit 4.0.1\n- PMM Client 2.44.1 and 3.3.1\n\nOther options may also work but have not been tested.\n\n##### Supported Platforms\n\nPercona Operators are designed for compatibility with all [CNCF-certified](https://www.cncf.io/training/certification/software-conformance/) Kubernetes distributions. Our release process includes targeted testing and validation on major cloud provider platforms and OpenShift, as detailed below for Operator version 1.16.0:\n\n- [Google Kubernetes Engine (GKE)](https://cloud.google.com/kubernetes-engine) 1.30 - 1.33\n- [Amazon Elastic Container Service for Kubernetes (EKS)](https://aws.amazon.com) 1.30 - 1.33\n- [Azure Kubernetes Service (AKS)](https://azure.microsoft.com/en-us/services/kubernetes-service/) 1.30 - 1.33\n- [OpenShift](https://www.redhat.com/en/technologies/cloud-computing/openshift) 4.15 - 4.19\n- [Minikube](https://minikube.sigs.k8s.io/docs/) 1.36.0 based on Kubernetes 1.33.1\n\nThis list only includes the platforms that the Percona Operators are specifically tested on as part of the release process. Other Kubernetes flavors and versions depend on the backward compatibility offered by Kubernetes itself.\n\n### [`v1.17.0`](https://redirect.github.com/percona/percona-xtradb-cluster-operator/releases/tag/v1.17.0)\n\n[Compare Source](https://redirect.github.com/percona/percona-xtradb-cluster-operator/compare/v1.16.1...v1.17.0)\n\n#### Release Highlights\n\n##### Improved observability for HAProxy and ProxySQL\n\nGet insights into the HAProxy and ProxySQL performance by connecting to their statistics pages. Use the `cluster-name-haproxy:8084` and `cluster-name-proxysql:6070` endpoints to do so. Learn about other available ports in the [documentation](https://docs.percona.com/percona-operator-for-mysql/pxc/haproxy-conf.html).\n\n##### Improved cluster load management during backups\n\nIf parallel backups overload your cluster, you can turn off parallel execution to prevent this. Previously, this meant that you could only run one backup at a time - no new backups could start until the current one was finished. Now, the Operator queues backups and runs them one after another automatically. You can fine-tune the backup sequence by setting the start time for all backups or for a specific on-demand one using the [`spec.backup.startingDeadlineSeconds`](https://docs.percona.com/percona-operator-for-mysql/pxc/operator.html#backupstartingdeadlineseconds) Custom Resource option. This provides greater control over backup operations.\n\nAnother improvement is for the case when your database cluster becomes unhealthy, for example, when a Pod crashes or restarts. The Operator suspends running backups to reduce the cluster's load. Once the cluster recovers and reports a Ready status, the Operator resumes the suspended backup. To further offload the cluster during an unhealthy state, you can configure how long a backup remains suspended by using the [`spec.backup.suspendedDeadlineSeconds`](https://docs.percona.com/percona-operator-for-mysql/pxc/operator.html#backupsuspendeddeadlineseconds) Custom Resource option. If this time expires before the cluster recovers, the backup is marked as \"failed.\"\n\n##### Monitor PMM Client health and status\n\nPercona Monitoring and Management (PMM) is a great tool to [monitor the health of your database cluster](https://docs.percona.com/percona-operator-for-mysql/pxc/monitoring.html). Now you can also learn if PMM itself is healthy using probes - a Kubernetes diagnostics mechanism to check the health and status of containers. Use the [`spec.pmm.readinessProbes.*`](https://docs.percona.com/percona-operator-for-mysql/pxc/operator.html#pmmreadinessprobesinitialdelayseconds) and [`spec.pmm.livenessProbes.*`](https://docs.percona.com/percona-operator-for-mysql/pxc/operator.html#pmmlivenessprobesinitialdelayseconds) Custom Resource options to fine-tune Readiness and Liveness probes for PMM Client.\n\n##### Improved observability of binary log backups\n\nGet insights into the success and failure rates of binlog operations, timeliness of processing and uploads and potential gaps or inconsistencies in binlog data with the Prometheus metrics added for the Operator. Gather this data by connecting to the `:8080/metrics` endpoint. Learn more about the available metrics in the [documentation](https://docs.percona.com/percona-operator-for-mysql/pxc/backups-pitr.html#binary-logs-statistics).\n\n#### Deprecation, Rename and Removal\n\nThe `spec.haproxy.exposePrimary.enabled` field is deprecated. If enabled via the `spec.haproxy.enabled`, the HAProxy primary service is already exposed.\n\n#### New Features\n\n- [K8SPXC-747](https://perconadev.atlassian.net/browse/K8SPXC-747), [K8SPXC-1473](https://perconadev.atlassian.net/browse/K8SPXC-1473) - Add the ability to access the statistics pages for HAProxy and ProxySQL\n\n- [K8SPXC-1366](https://perconadev.atlassian.net/browse/K8SPXC-1366) - Add the ability to queue backups and run them sequentially, and to optimize the cluster load with the ability to suspend backups for an unhealthy cluster. A user can assign the start time and suspension time to backups to manage them better.\n\n- [K8SPXC-1432](https://perconadev.atlassian.net/browse/K8SPXC-1432) - Enable users to configure cluster-wide Operator deployments in OpenShift certified catalog using OLM.\n\n#### Improvements\n\n- [K8SPXC-1367](https://perconadev.atlassian.net/browse/K8SPXC-1367) - Now a user can configure Readiness and Liveness probes for PMM Client container to check its health and status\n\n- [K8SPXC-1461](https://perconadev.atlassian.net/browse/K8SPXC-1461) - Improve logging for resizing PVC with the information about successful and failed PVC resize. Log errors on resize attempts if the Storage Class doesn't support resizing.\n\n- [K8SPXC-1466](https://perconadev.atlassian.net/browse/K8SPXC-1466) - Mark the containers that provide the service as default ones with the annotation. This enables a user to connect to a Pod without explicitly specifying a container.\n\n- [K8SPXC-1473](https://perconadev.atlassian.net/browse/K8SPXC-1473) - Add the ability to connect to the built-in statistics pages for HAProxy and ProxySQL by exposing the ports for those pages\n\n- [K8SPXC-1475](https://perconadev.atlassian.net/browse/K8SPXC-1475) - Update the backup image to use AWS CLI instead of MinIO CLI due to the license change\n\n- [K8SPXC-1510](https://perconadev.atlassian.net/browse/K8SPXC-1510) - Add the ability to suppress messages about the use of deprecated features in MySQL Error Log by adding the `log_error_suppression_list` key from the `my.cnf` configuration file and defining the message number in the `spec.pxc.configuration` subsection of the Custom Resource manifest. See [how to change MySQL options](https://docs.percona.com/percona-operator-for-mysql/pxc/options.html) for steps. This improves readability for MySQL error log.\n\n- [K8SPXC-1512](https://perconadev.atlassian.net/browse/K8SPXC-1512) - For Percona XtraDB Cluster version 8.4 and above, binary log user defined functions for point-in-time recovery (`binlog_utils_udf`) are now installed as a component instead of a plugin. This improves their compatibility across platforms and provides automatic dependency handling.\n\n- [K8SPXC-1542](https://perconadev.atlassian.net/browse/K8SPXC-1542) - Improve binlog upload for large files to Azure blob storage with the ability to define the block size and the number of concurrent writers for the upload (Thanks to user dcaputo-harmoni for contribution)\n\n- [K8SPXC-1543](https://perconadev.atlassian.net/browse/K8SPXC-1543) - Set PITR controller reference for binlog-collector deployment the same way as it's set for PXC and proxy StatefulSets. This creates a connection between PITR deployment and cluster resource (Thank you Vlad Gusev for the contribution)\n\n- [K8SPXC-1544](https://perconadev.atlassian.net/browse/K8SPXC-1544) - Improve observability of binlog collector by adding the support of basic Prometheus metrics (Thank you Vlad Gusev for the contribution)\n\n- [K8SPXC-1567](https://perconadev.atlassian.net/browse/K8SPXC-1567) - N\n\n
\n\n---\n\n### Configuration\n\n\U0001F4C5 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).\n\n\U0001F6A6 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.\n\n\u267B **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.\n\n\U0001F47B **Immortal**: This PR will be recreated if closed unmerged. Get [config help](https://redirect.github.com/renovatebot/renovate/discussions) if that's undesired.\n\n---\n\n - [ ] If you want to rebase/retry this PR, check this box\n\n---\n\nThis PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/vexxhost/atmosphere).\n\n" change_url: https://github.com/vexxhost/atmosphere/pull/2595 child_jobs: [] commit_id: 5d635ae7d201989f087661c6356a3703e1026788 event_id: 6ef92260-f582-11f0-80cf-1808d8ce6c67 executor: hostname: 3a2793d2bd32 inventory_file: /var/lib/zuul/builds/2c7fba1b9702407b8b5b36b8cc9d33dd/ansible/inventory.yaml log_root: /var/lib/zuul/builds/2c7fba1b9702407b8b5b36b8cc9d33dd/work/logs result_data_file: /var/lib/zuul/builds/2c7fba1b9702407b8b5b36b8cc9d33dd/work/results.json src_root: /var/lib/zuul/builds/2c7fba1b9702407b8b5b36b8cc9d33dd/work/src work_root: /var/lib/zuul/builds/2c7fba1b9702407b8b5b36b8cc9d33dd/work include_vars: [] items: - branch: stable/2023.1 change: '2595' change_message: "Update pxc (stable/2023.1)\n\n> \u2139\uFE0F **Note**\n> \n> This PR body was truncated due to platform limits.\n\nThis PR contains the following updates:\n\n| Package | Type | Update | Change | [Age](https://docs.renovatebot.com/merge-confidence/) | [Confidence](https://docs.renovatebot.com/merge-confidence/) |\n|---|---|---|---|---|---|\n| docker.io/percona/haproxy | | patch | `2.8.14` \u2192 `2.8.18` | ![age](https://developer.mend.io/api/mc/badges/age/docker/docker.io%2fpercona%2fhaproxy/2.8.18?slim=true) | ![confidence](https://developer.mend.io/api/mc/badges/confidence/docker/docker.io%2fpercona%2fhaproxy/2.8.14/2.8.18?slim=true) |\n| docker.io/percona/percona-xtradb-cluster-operator | | minor | `1.17.0` \u2192 `1.19.0` | ![age](https://developer.mend.io/api/mc/badges/age/docker/docker.io%2fpercona%2fpercona-xtradb-cluster-operator/1.19.0?slim=true) | ![confidence](https://developer.mend.io/api/mc/badges/confidence/docker/docker.io%2fpercona%2fpercona-xtradb-cluster-operator/1.17.0/1.19.0?slim=true) |\n| [github.com/percona/percona-xtradb-cluster-operator](https://redirect.github.com/percona/percona-xtradb-cluster-operator) | require | minor | `v1.16.1` \u2192 `v1.19.0` | ![age](https://developer.mend.io/api/mc/badges/age/go/github.com%2fpercona%2fpercona-xtradb-cluster-operator/v1.19.0?slim=true) | ![confidence](https://developer.mend.io/api/mc/badges/confidence/go/github.com%2fpercona%2fpercona-xtradb-cluster-operator/v1.16.1/v1.19.0?slim=true) |\n| [percona/percona-xtradb-cluster-operator](https://redirect.github.com/percona/percona-xtradb-cluster-operator) | | minor | `1.17.0` \u2192 `1.19.0` | ![age](https://developer.mend.io/api/mc/badges/age/github-releases/percona%2fpercona-xtradb-cluster-operator/1.19.0?slim=true) | ![confidence](https://developer.mend.io/api/mc/badges/confidence/github-releases/percona%2fpercona-xtradb-cluster-operator/1.17.0/1.19.0?slim=true) |\n| [pxc-operator](https://docs.percona.com/percona-operator-for-mysql/pxc/) ([source](https://redirect.github.com/percona/percona-helm-charts)) | | minor | `1.17.0` \u2192 `1.19.0` | ![age](https://developer.mend.io/api/mc/badges/age/helm/pxc-operator/1.19.0?slim=true) | ![confidence](https://developer.mend.io/api/mc/badges/confidence/helm/pxc-operator/1.17.0/1.19.0?slim=true) |\n| quay.io/prometheus/mysqld-exporter | | minor | `v0.17.0` \u2192 `v0.18.0` | ![age](https://developer.mend.io/api/mc/badges/age/docker/quay.io%2fprometheus%2fmysqld-exporter/v0.18.0?slim=true) | ![confidence](https://developer.mend.io/api/mc/badges/confidence/docker/quay.io%2fprometheus%2fmysqld-exporter/v0.17.0/v0.18.0?slim=true) |\n\n---\n\n### Release Notes\n\n
\npercona/percona-xtradb-cluster-operator (github.com/percona/percona-xtradb-cluster-operator)\n\n### [`v1.19.0`](https://redirect.github.com/percona/percona-xtradb-cluster-operator/releases/tag/v1.19.0)\n\n[Compare Source](https://redirect.github.com/percona/percona-xtradb-cluster-operator/compare/v1.18.0...v1.19.0)\n\n##### Release Highlights\n\nThis release of Percona Operator for MySQL based on Percona XtraDB Cluster includes the following new features and improvements:\n\n##### Ensure data security for Percona XtraDB Cluster 8.4 with data-at-rest encryption\n\nData at rest encryption ensures that sensitive information stored on disk remains protected from unauthorized access, even if the physical media is compromised. It is a foundational safeguard for compliance, trust and security in modern database environments.\n\nThe Operator supports data at rest encryption for MySQL 8.0 with HashiCorp Vault using the `keyring_vault` *plugin*. Now, it also supports data at rest encryption for MySQL 8.4, leveraging the `keyring_vault` *component*.\n\nThis enhancement enables you to benefit from the rich feature set of the latest major version of Percona XtraDB Cluster 8.4 while ensuring your sensitive data is secured. In doing so, you can meet compliance requirements and protect critical information without added operational complexity. Learn how to [configure data at rest encryption for Percona XtraDB Cluster 8.4](https://docs.percona.com/percona-operator-for-mysql/pxc/encryption-setup.html).\n\n##### Percona XtraDB Cluster 8.4 is now fully supported\n\nPercona XtraDB Cluster 8.4 is now fully supported and recommended for production deployments. Starting with this release, it becomes the default version for all new database cluster deployments using the Operator. This support enables you to benefit from its latest features, performance improvements, and enhanced security.\n\n##### Use your own CA certificates for TLS verification\n\nYou can now use your organization\u2019s custom Certificate Authority (CA) to securely verify TLS communication with S3 storage during backups and restores.\n\nThe configuration is straightforward: create the Secret that stores your custom CA and certificates to authorize in the S3 storage. Then reference this Secret and specify the CA certificate in the `caBundle` option in the Operator Custom Resource. The Operator will verify TLS communication against it.\n\nHere's the example configuration:\n\n```yml\nstorages:\n minio-s3:\n type: s3\n verifyTLS: true\n s3:\n caBundle:\n name: minio-ca-bundle\n key: tls.crt\n```\n\nWith this improvement, you ensure the following:\n\n- Security without compromise \u2013 no more bypassing identity checks.\n- Alignment with your internal standards \u2013 use the CA your company already trusts.\n- Confidence in backup and restore flows \u2013 every S3 interaction is properly verified.\n\nRead more about the use of own CA certificates in our [documentation](https://docs.percona.com/percona-operator-for-mysql/pxc/backups-storage.html#configure-tls-verification-with-custom-certificates-for-s3-storage)\n\n##### Configure duration for certificates issued by cert-manager\n\nBy default, the `cert-manager` generates certificates valid for 90 days. You now have more control over certificate lifetimes and can configure their custom duration when you create a new cluster. This way you can align with your organization's security and compliance policies.\n\nUse the following Custom Resource options to configure certificate duration:\n\n- `.spec.tls.certValidityDuration` \u2013 validity period for generated certificates\n- `.spec.tls.caValidityDuration` \u2013 validity period for the Certificate Authority (CA)\n\n```yaml\n tls:\n \ enabled: true\n certValidityDuration: 2160h\n caValidityDuration: 26280h\n```\n\nNote that the Operator enforces minimum durations to certificates:\n\n- For TLS certificates \u2013 1 hour\n- For CA certificate \u2013 730 hours.\n\nAlso, we don't recommend setting duration to exactly 1 hour to prevent certificate generation issues. Read more about rules and limitations about certificate duration configuration in our [documentation](https://docs.percona.com/percona-operator-for-mysql/pxc/tls-cert-manager.html#customize-certificate-duration-for-cert-manager).\n\nThis improvement empowers you to fine-tune certificate lifetimes while keeping your cluster secure and stable.\n\n##### Security context for ProxySQL sidecar containers\n\nYou can now define the security context for ProxySQL sidecar containers in the Operator, reducing the risk of unsecured sidecars bypassing Pod restrictions. This improvement lets you set user IDs, privileges, and filesystem access directly, ensuring compliance and strengthening Pod security.\n\nConfigure the security context in your custom resource. For example:\n\n```yaml\nspec:\n \ proxysql:\n sidecars:\n securityContext:\n privileged: false\n```\n\nWith this change, you enforce safer defaults across your deployments and close security gaps at the Pod level.\n\n##### Improved load balancing with ProxySQL scheduler (tech preview)\n\nThe Operator now integrates with the external `pxc_scheduler_handler` tool to improve query routing. This feature is currently in tech preview, so we recommend experimenting with it in test or staging environments before using it in production.\n\nWith this scheduler you get finer control over how your SQL queries are routed within your PXC cluster:\n\n- SELECT queries (that don't use FOR UPDATE) are intelligently distributed across all PXC nodes\u2014or all nodes except the writer, depending on your settings.\n- Non-SELECT queries and SELECT FOR UPDATE statements are routed to the writer node.\n- You don't have to micromanage the writer role: the scheduler automatically ensures only one writer is active at any time.\n\nThis means you could see:\n\n- better performance and higher throughput from distributing query loads\n- greater reliability with no single point of failure\n\n* Improved cluster health through early detection of replication lag and node issues\n\n- more efficient use of your resources and hardware\n- a smoother, more predictable experience for everyone using the database\n\nSee our [documentation](https://docs.percona.com/percona-operator-for-mysql/pxc/proxysql-conf.html#proxysql-scheduler-tech-preview) for full information about the scheduler behavior and setup.\n\nThe previous internal scheduler remains enabled by default to maintain backward compatibility. You can switch to the new one when you're ready to benefit from smarter query handling.\n\n##### Customize HAProxy backend health check intervals and failover behavior\n\nYou can now control how quickly HAProxy detects and reacts to node failures. Instead of waiting the default 20 seconds while HAProxy performs the failover, you can tune health checks to cut that down to just a few seconds. That means your applications recover faster, and users don't get stuck with hanging sessions when a node goes down.\n\nYou no longer need to override the entire HAProxy configuration to achieve this \u2014 the operator now gives you simple, direct options in the Custom Resource specification:\n\n```yaml\nhaproxy: \n healthCheck:\n interval: 10000\n rise: 1\n fall: 2\n```\n\nBy adjusting how often checks run and how many failures or successes mark a node as \u201Cdown\u201D or \u201Cup,\u201D you get faster failover, cleaner client handling, and easier configuration that is safe to upgrade and tailored to your environment.\n\n##### Switch from HAProxy to ProxySQL at runtime\n\nYou can now switch from HAProxy to ProxySQL without redeploying your Percona XtraDB Cluster. Previously, you had to choose ProxySQL only at startup. Now ProxySQL has the `caching_sha2_password` as the default authentication plugin, which gives you the flexibility to start with HAProxy and migrate to ProxySQL later as your needs evolve.\n\nWith this release, ProxySQL also includes a new [scheduler](#improved-load-balancing-with-proxysql-scheduler-tech-preview) that enhances SQL awareness, automates read/write splitting, and handles failovers more intelligently. This leads to faster queries, increased reliability, and more efficient cluster resource usage.\n\n**Which proxy should you choose?**\n\n- **HAProxy:** Choose HAProxy if you need a lightweight, TCP-level load balancer with minimal configuration. Note that for read/write splitting, your clients must connect to different HAProxy ports based on the query type.\n- **ProxySQL:** Opt for ProxySQL if you want built-in read/write splitting, advanced query-level control, and automated failover logic right out of the box.\n\nEach proxy brings its own resource requirements and advantages. We offer [additional guidance](https://docs.percona.com/percona-operator-for-mysql/pxc/load-balancing.html#what-load-balancer-to-use) on selecting the right proxy for your environment, plus [detailed recommendations](https://docs.percona.com/percona-operator-for-mysql/pxc/proxy-switching.html) on resource planning and best practices. Review these carefully to ensure your choice fits your operational and performance needs.\n\nTo switch between proxies, update your Custom Resource to set `haproxy.enabled` to `false` and `proxysql.enabled` to `true`. Apply the changes, and the Operator will handle the transition for you by restarting the relevant proxy Pods.\n\nWith this improvement you now control your proxy choice at runtime, and ProxySQL brings smarter routing and resilience right into the Operator.\n\n##### ProxySQL 3 support\n\nYou can now deploy ProxySQL 3 with Percona Operator for MySQL. This gives you more flexibility and control over how your applications connect to MySQL inside Kubernetes. Here\u2019s what you get:\n\n- Dual\u2011password support enables you to introduce a new password while the old one is still valid. As a result, you can rotate passwords without downtime\n- Enhanced event and query logging gives you real\u2011time visibility into query behavior and application traffic.\n- ProxySQL now logs the actual values bound to prepared statements. This helps you debug queries more effectively, since you see what data was passed instead of just placeholders\n- Event logs now include metadata about ProxySQL version and format. This makes it easier to track and audit logs across upgrades in your Operator\u2011managed deployments.\n\n##### Direct-access backups: Improved performance and reliability with sidecars (tech preview)\n\nBy default, the Operator makes backups using the SST method. This creates a separate backup Pod with Percona XtraBackup, while the database node enters Donor state and stops serving client requests. SST backups can also fail with cryptic network errors, making root cause analysis and recovery difficult.\n\nStarting with version 1.19.0, you can make backups via the XtraBackup sidecar container. The Operator deploys a sidecar with XtraBackup inside each Percona XtraDB Cluster Pod. This sidecar makes a backup and uploads it to the remote backup storage. The database Pod doesn\u2019t change its state to Donor and keeps accepting client requests.\n\nUsing the sidecar method provides a direct access to data thus boosting backup performance. The sidecar container constantly runs in the database Pod, so you have constant access to logs and status, which simplifies troubleshooting.\n\nTo enable the XtraBackup sidecar container backup method, set `PXCO_FEATURE_GATES=XtrabackupSidecar=true` environment variable in the Operator Deployment.\nThis functionality is in the tech preview stage and currently supports only cloud storages. We encourage you to try it out in your testing or staging environments and leave your feedback.\n\nFuture enhancements such as support of PVC volumes, backup encryption and incremental backups are planned for future releases.\n\nTo learn more about XtraBackup sidecar container backup method, see our [documentation](https://docs.percona.com/percona-operator-for-mysql/pxc/backups.html#xtrabackup-sidecar-method-tech-preview).\n\n##### Ensure only up to date data is served during backups\n\nWhen a node donates data during backups or SST, it enters into the DONOR state. At this point, the node should no longer handle client connections. HAProxy's external check correctly blocked new connections to the Donor node but allowed existing sessions to remain active. Those lingering sessions could return slow or outdated results.\n\nThe HAProxy default configuration now includes the `on-marked-down shutdown-sessions` directive. As soon as HAProxy marks a node as down, all active connections are immediately closed and clients reconnect to remaining active nodes. This ensures that only fresh, up to date data is served during backups.\n\n##### Automatic cleanup of backup and restore Jobs and associated Pods\n\nThe Operator creates a dedicated Job and Pod for every backup and restore operation. Previously, these Jobs and Pods remained in the cluster even after the operation was finished, and you had to manually delete them to free up resources.\n\nNow, you can offload this task to the Operator. Specify a time-to-live (TTL) for backup and restore Jobs once the operation is finished. When the TTL expires, the Operator automatically deletes the Job and its associated Pod.\n\nModify your Custom Resource as follows:\n\n```yaml\nbackup:\n image: perconalab/percona-xtradb-cluster-operator:main-pxc8.0-backup\n \ ttlSecondsAfterFinished: 3600\n```\n\nThis setting is global. It applies to all on-demand and scheduled backups, and all restores.\n\nThe Operator also ensures reliability: if a backup or restore takes longer than the configured TTL, it applies the `internal.percona.com/keep-job` finalizer to allow the operation to finish. After the operation completes either with the `Succeeded` or the `Failed` status, the finalizer is removed and the Job is cleaned up.\n\nThis improvement reduces manual maintenance overhead, gives you control over the processes lifetime for debugging or auditing purposes and helps keep your cluster healthy and efficient. By reducing unnecessary resource buildup, you gain smoother operations, lower maintenance overhead and improved reliability in production environments.\n\n##### Improved backup identification for point-in-time recovery readiness\n\nWhen a backup contains binlog gaps, the Operator now creates a `.pitr-not-ready` file in the backup storage. This file makes it easy to identify which backups are appropriate for point in time recovery both in the storage and when listing backup objects.\n\nBefore starting a restore, the Operator checks for this marker file and blocks unsafe restores, protecting you from incomplete recovery attempts. If needed, you can override this safeguard by adding the `percona.com/unsafe-pitr` annotation to the Restore object. Use this override with caution, as this is an unsafe configuration.\n\n##### Attach external PVCs for shared data access across applications and the database cluster\n\nSometimes your database needs more than its own internal storage. For example, it needs access to reference files, shared configuration files or lookup tables generated outside the database but still essential for queries and procedures.\n\nYou can now attach auxiliary pre-existing PVCs and mount that external data directly into your database, ProxySQL or HAProxy pods in a clean, declarative way using the Custom Resource.\n\nThis example configuration shows how to attach external PVC to the XtraDB Cluster Pods:\n\n```yaml\npxc:\n extraPVCs:\n \ - name: extra-data-volume\n claimName: my-extra-storage\n mountPath: /var/lib/mysql-extra\n readOnly: false\n```\n\nThis improvement gives you a reliable way to separate internal database storage from external domain data, update shared datasets independently, and still benefit from the Operator\u2019s automation and resilience.\n\n##### Customize password generation by the Operator\n\nBy default, the Operator generates user passwords using alphanumeric characters plus a set of special symbols. Some tools such as MySQL Prometheus Exporter or mysqlsh don't support certain symbols, which can make those passwords invalid.\n\nTo improve compatibility and user experience, you can now customize password generation parameters in the Custom Resource:\n\n```yaml\nspec:\n passwordGenerationOptions:\n symbols: \"!#$%&()*+,-.<=>?@​[]^_{}~\"\n \ maxLength: 20\n minLength: 16\n```\n\nThis enhancement lets you keep the convenience of automated password generation and at the same time ensure compliance with the tools and environments you integrate with the Operator.\n\n##### Configure memory allocator in the Operator\n\nBy default, Percona Operator for XtraDB Cluster uses the system allocator (`libc`) to manage memory. While this works for most cases, alternative allocators such as `jemalloc` and `tcmalloc` can improve performance and reduce fragmentation in high-traffic workloads.\n\nTo have more flexibility, you can now configure the memory allocator directly in the Custom Resource:\n\n```yaml\nspec:\n pxc:\n \ mysqlAllocator: jemalloc\n```\n\nSupported values are:\n\n- `jemalloc`\n- `tcmalloc`\n- `libc` (default, used when no value is set)\n\nIf you have already configured the memory allocator via the environment variable, the Operator will respect that setting and use it instead of the Custom Resource value.\n\nThis enhancement lets you fine-tune memory management for your cluster while keeping compatibility with existing configurations.\n\n##### Deprecation, rename, removal\n\n**Removed in 1.19.0:**\n\n- `proxysql.readinessDelaySec` and `proxysql.livenessDelaySec` fields are removed as redundant\n\n**Deprecated (will be removed in 1.22.0):**\n\n- `pxc.livenessDelaySec`. Use [`pxc.livenessProbes.initialDelaySeconds`](https://docs.percona.com/percona-operator-for-mysql/pxc/operator.html#pxclivenessprobesinitialdelayseconds)\n- `pxc.readinessDelaySec`. Use [`pxc.readinessProbes.initialDelaySeconds`](https://docs.percona.com/percona-operator-for-mysql/pxc/operator.html#pxcreadinessprobesinitialdelayseconds)\n- `haproxy.livenessDelaySec`. Use [`haproxy.livenessProbes.initialDelaySeconds`](https://docs.percona.com/percona-operator-for-mysql/pxc/operator.html#haproxylivenessprobesinitialdelayseconds)\n- `haproxy.readinessDelaySec`. Use [`haproxy.readinessProbes.initialDelaySeconds`](https://docs.percona.com/percona-operator-for-mysql/pxc/operator.html#haproxyreadinessprobesinitialdelayseconds)\n\n##### Changelog\n\n##### New Features\n\n- [K8SPXC-1332](https://perconadev.atlassian.net/browse/K8SPXC-1332) - Added the ability to load custom SSL certificates for backup operations to S3 storage. This enables secure communication with S3-compatible storage using the certificates approved and trusted by your company (Thank you Azam Abdoelbasier for submitting this request).\n- [K8SPXC-1494](https://perconadev.atlassian.net/browse/K8SPXC-1494) - Added the ability to configure the duration of TLS certificates created by `cert-manager`. This allows users to customize certificate lifecycles to meet their specific security requirements.\n- [K8SPXC-1576](https://perconadev.atlassian.net/browse/K8SPXC-1576) - Added the ability to use the XtraBackup sidecar container instead of SST for creating backups. This provides an alternative, potentially more efficient backup method.\n- [K8SPXC-1688](https://perconadev.atlassian.net/browse/K8SPXC-1688) - Added ability to mount pre-existing auxiliary PVCs as volumes to database and proxy pods. This facilitates easier integration with external data and storage resources (Thank you Emin AKTAS for submitting the request and contributing to it).\n- [K8SPXC-1733](https://perconadev.atlassian.net/browse/K8SPXC-1733) - Added the ability to customize password generation parameters, such as length and character sets via the Custom Resource. This ensures smooth operation of the tools with specific requirements towards password and leverages the automatic password generation of the Operator (Thank you user fydrah for submitting the request and contributing to it).\n- [K8SPXC-1734](https://perconadev.atlassian.net/browse/K8SPXC-1734) - Introduced configurable HAProxy backend health check parameters that can be tuned without overriding the entire configuration. This simplifies performance tuning for high-availability setups (Thank you Tim Stoop for submitting the request and contributing to it).\n\n##### Improvements\n\n- [K8SPXC-735](https://perconadev.atlassian.net/browse/K8SPXC-735) - Added the support of the `pxc_scheduler_handler` ProxySQL scheduler for SQL-aware routing and effective read/write splitting. This allows for better utilization of resources by distributing read-only traffic across the entire cluster while routing write requests only to the writer node.\n- [K8SPXC-992](https://perconadev.atlassian.net/browse/K8SPXC-992) - Improved binlog naming to prevent potential collisions between different collectors. The updated naming convention ensures unique and consistent identification of binary log files in storage.\n- [K8SPXC-1144](https://perconadev.atlassian.net/browse/K8SPXC-1144) - Introduced a mechanism to mark S3 backups as PITR-unready if binlog gaps are detected. This prevents users from attempting invalid point-in-time recoveries using inconsistent backups.\n- [K8SPXC-1214](https://perconadev.atlassian.net/browse/K8SPXC-1214) - Added an option to automatically clean up completed backup and restore jobs and their associated pods. This improvement helps reduce pressure on the Kubernetes API by removing stale resources (Thank you Alexandre Barth for reporting this issue).\n- [K8SPXC-1319](https://perconadev.atlassian.net/browse/K8SPXC-1319) - Enhanced the operator to support running multiple backup restores for different clusters in parallel. This removes a previous limitation that blocked concurrent restore operations across the environment.\n- [K8SPXC-1327](https://perconadev.atlassian.net/browse/K8SPXC-1327) - Added the ability to change the memory allocator for MySQL to improve memory management efficiency. This change helps optimize the overall memory footprint of PXC pods.\n- [K8SPXC-1373](https://perconadev.atlassian.net/browse/K8SPXC-1373) - Improved core dump handling to ensure that crashed instances can recover more reliably after an SST. This enhancement aids in diagnosing and recovering from unexpected server failures.\n- [K8SPXC-1431](https://perconadev.atlassian.net/browse/K8SPXC-1431) - Improved the delete-backup finalizer logic to correctly handle the deletion of on-demand backup PVCs.\n- [K8SPXC-1470](https://perconadev.atlassian.net/browse/K8SPXC-1470) - Added the ability to switch between HAProxy and ProxySQL within an existing cluster. This provides users with more flexibility to change their load-balancing solution as their needs evolve.\n- [K8SPXC-1511](https://perconadev.atlassian.net/browse/K8SPXC-1511) - Added the support of data at rest encryption for Percona XtraDB Cluster 8.4 via the `keyring vault` component. This change ensures compatibility with the latest security architecture of MySQL 8.4.\n- [K8SPXC-1525](https://perconadev.atlassian.net/browse/K8SPXC-1525) - Deprecated `pxc.livenessDelaySec` option in favor of more consistent liveness probe parameters. The Operator now prioritizes standard probe configurations to manage Pod lifecycle.\n- [K8SPXC-1568](https://perconadev.atlassian.net/browse/K8SPXC-1568) - Updated the Operator's password generation logic to prevent the '\\*' character from being used as the first character. This avoids potential issues with certain authentication plugins and command-line tools.\n- [K8SPXC-1594](https://perconadev.atlassian.net/browse/K8SPXC-1594) - Improved the database upgrade logic to prevent the controller from being blocked during the operation. This ensures that the Operator remains responsive to other cluster changes while an upgrade is in progress.\n- [K8SPXC-1628](https://perconadev.atlassian.net/browse/K8SPXC-1628) - Added support for `tcmalloc` as an alternative memory allocator in PXC images. This gives users additional options to tune and reduce the memory footprint of their database workloads.\n- [K8SPXC-1647](https://perconadev.atlassian.net/browse/K8SPXC-1647) - Implemented extended exit codes for garbd to provide better diagnostic information for different failure scenarios. This helps users identify the root cause of SST and joining issues faster.\n- [K8SPXC-1668](https://perconadev.atlassian.net/browse/K8SPXC-1668) - Added support for ProxySQL 3, providing users with access to the latest features and performance improvements of the load balancer.\n- [K8SPXC-1683](https://perconadev.atlassian.net/browse/K8SPXC-1683) - Expanded smart update tests to include PXC 8.4 and PMM 3, ensuring stable upgrade paths for the latest versions.\n- [K8SPXC-1703](https://perconadev.atlassian.net/browse/K8SPXC-1703) - Added the support of the `generateEmbeddedObjectMeta` option, improving the template handling for sidecars and extra PVCs (Thank you Emin AKTAS for reporting and contributing to this issue).\n- [K8SPXC-1748](https://perconadev.atlassian.net/browse/K8SPXC-1748) - Eliminated runtime CREATE FUNCTION statements in the PITR collector to avoid unnecessary Galera TOI (Total Order Isolation) events. This reduces the performance impact on the cluster when the PITR sidecar starts or restarts.\n\n##### Bugs Fixed\n\n- [K8SPXC-926](https://perconadev.atlassian.net/browse/K8SPXC-926) - Fixed an issue where a failed smart update on one cluster could block the Operator from managing other clusters in multi-cluster environments. The controller now handles update failures more gracefully without impacting independent resources.\n- [K8SPXC-1379](https://perconadev.atlassian.net/browse/K8SPXC-1379) - Fixed an issue where monit container resource values in ProxySQL pods did not correctly reflect the values specified in the PXC cluster definition. The operator now ensures that ProxySQL resource attributes are properly applied to the monitoring sidecar containers.\n- [K8SPXC-1424](https://perconadev.atlassian.net/browse/K8SPXC-1424) - Resolved a certificate renewal issue where CA certificates in TLS secrets could expire before server certificates were renewed. The Operator logic was updated to align renewal intervals for CA and server certificates when using cert-manager.\n- [K8SPXC-1581](https://perconadev.atlassian.net/browse/K8SPXC-1581) - Corrected the order of options in the restore prepare job to ensure that `--defaults-file` is passed as the first option to xtrabackup. This fix ensures that custom configuration files are correctly prioritized during the restore process.\n- [K8SPXC-1617](https://perconadev.atlassian.net/browse/K8SPXC-1617) - Fixed a binlog gap issue in Point-in-Time Recovery (PITR) that caused repeated test failures. Users are now advised to perform a full backup after each PITR restore to ensure data consistency and prevent gaps.\n- [K8SPXC-1632](https://perconadev.atlassian.net/browse/K8SPXC-1632) - Added missing SecurityContext configurations for ProxySQL sidecar containers to enhance pod security. This change ensures that all sidecars follow the defined security standards of the cluster.\n- [K8SPXC-1655](https://perconadev.atlassian.net/browse/K8SPXC-1655) - Fixed a failure in xtrabackup when using LZ4 compression on RHEL9-based Percona XtraDB Cluster images. The fix addresses compatibility issues with the latest compression libraries in the operating system environment.\n- [K8SPXC-1686](https://perconadev.atlassian.net/browse/K8SPXC-1686) - Improved backup error handling to ensure that providing an invalid Percona XtraBackup image results in a failed status. A new timeout field was introduced to prevent backup objects from hanging indefinitely in a starting state.\n- [K8SPXC-1687](https://perconadev.atlassian.net/browse/K8SPXC-1687) - Fixed the `copy-backup.sh` script to correctly handle and copy cloud-based backups stored in S3 or Azure. This ensures that the utility script works consistently across all supported storage types.\n- [K8SPXC-1701](https://perconadev.atlassian.net/browse/K8SPXC-1701) - Ensured that MySQL configurations are correctly mounted to the restore prepare job. This fix allows the restore process to use custom MySQL settings defined in the cluster (Thank you Emin AKTAS for reporting and contributing to this issue).\n- [K8SPXC-1702](https://perconadev.atlassian.net/browse/K8SPXC-1702) - Added the ability to override time zones for backup jobs. This resolves issues where time-dependent operations could fail due to missing timezone definitions (Thank you Emin AKTAS for reporting and contributing to this issue).\n- [K8SPXC-1721](https://perconadev.atlassian.net/browse/K8SPXC-1721) - Added a sleep interval to the recovery loop to prevent high CPU usage spikes when containers restart.\n- [K8SPXC-1725](https://perconadev.atlassian.net/browse/K8SPXC-1725) - Fixed a condition where a cluster could return stalled data during a backup or SST operation by adding the on-marked-down shutdown-sessions directive to HAProxy default configuration. This ensures that only fresh, up to date data is served during backups.\n- [K8SPXC-1726](https://perconadev.atlassian.net/browse/K8SPXC-1726) - Resolved a deployment breakage in the Operator version 1.18.0 via Helm caused by PMM 3 client incompatibilities. The fix ensures a smoother upgrade path for users migrating to newer versions of PMM (Thank you Antonio Falzarano for reporting and contributing to this issue).\n- [K8SPXC-1760](https://perconadev.atlassian.net/browse/K8SPXC-1760) - Fixed the handling of the crVersion field in the Helm chart templates. The Operator now correctly considers the version defined in `values.yaml` when generating the cluster configuration.\n- [K8SPXC-1771](https://perconadev.atlassian.net/browse/K8SPXC-1771) - Fixed the issue with excessive logging by the backup controller when backups are suspended or resumed due to an unready cluster. This improves log readability and reduces unnecessary diagnostic noise.\n- [K8SPXC-1772](https://perconadev.atlassian.net/browse/K8SPXC-1772) - Fixed a state transition bug where unsuspended backups could move directly from 'Starting' to 'Succeeded' without entering the 'Running' state. This ensures accurate tracking and visibility of the backup process status.\n\n##### Documentation Improvements\n\n- [K8SPXC-1747](https://perconadev.atlassian.net/browse/K8SPXC-1747) - Improved the documentation with the information about available environment variables for cluster components and the Operator. Documented the `S3_WORKERS_LIMIT` environment variable to allow throttling of backup deletions.\n- [K8SPXC-1661](https://perconadev.atlassian.net/browse/K8SPXC-1661) - Updated the operator documentation to reflect that PMM 3 uses service accounts instead of API keys. This ensures that users can correctly configure monitoring integration with the latest versions of PMM.\n- [K8SPXC-1663](https://perconadev.atlassian.net/browse/K8SPXC-1663) - Improved documentation for Point-in-Time Recovery steps. The updated documentation properly separates and sequences the recovery instructions for improved readability.\n\n##### Supported Software\n\nThe Operator was developed and tested with the following software:\n\n- Percona XtraDB Cluster versions 8.4.7-7.1, 8.0.44-35.1, and 5.7.44-31.65\n- Percona XtraBackup versions 8.4.0-5.1, 8.0.35-34.1, and 2.4.29\n- HAProxy 2.8.17\n- ProxySQL 2.7.3-1.2, 3.0.1-1.2\n- LogCollector based on fluent-bit 4.0.1-1\n- PMM Client 2.44.1-1 and 3.5.0\n\nOther options may also work but have not been tested.\n\n##### Supported Platforms\n\nPercona Operators are designed for compatibility with all [CNCF-certified](https://www.cncf.io/training/certification/software-conformance/) Kubernetes distributions. Our release process includes targeted testing and validation on major cloud provider platforms and OpenShift, as detailed below:\n\n- [Google Kubernetes Engine (GKE)](https://cloud.google.com/kubernetes-engine) 1.31 - 1.33\n- [Amazon Elastic Container Service for Kubernetes (EKS)](https://aws.amazon.com) 1.32 - 1.34\n- [Azure Kubernetes Service (AKS)](https://azure.microsoft.com/en-us/services/kubernetes-service/) 1.32 - 1.34\n- [OpenShift](https://www.redhat.com/en/technologies/cloud-computing/openshift) 4.17 - 4.20\n- [Minikube](https://minikube.sigs.k8s.io/docs/) 1.37.0 based on Kubernetes 1.34.0\n\nThis list only includes the platforms that the Percona Operators are specifically tested on as part of the release process. Other Kubernetes flavors and versions depend on the backward compatibility offered by Kubernetes itself.\n\n### [`v1.18.0`](https://redirect.github.com/percona/percona-xtradb-cluster-operator/releases/tag/v1.18.0)\n\n[Compare Source](https://redirect.github.com/percona/percona-xtradb-cluster-operator/compare/v1.17.0...v1.18.0)\n\n##### Release Highlights\n\nThis release of Percona Operator for MySQL based on Percona XtraDB Cluster includes the following new features and improvements:\n\n##### PMM3 support\n\nThe Operator is natively integrated with [PMM 3](https://www.percona.com/doc/percona-monitoring-and-management/3/index.html), enabling you to monitor the health and performance of your Percona Distribution for MySQL deployment and at the same time enjoy enhanced performance, new features, and improved security that PMM 3 provides.\n\nNote that the Operator supports both PMM2 and PMM3. The decision on what PMM version is used depends on the authentication method you provide in the Operator configuration: PMM2 uses API keys while PMM3 uses service account token. If the Operator configuration contains both authentication methods with non-empty values, PMM3 takes the priority.\n\nTo use PMM, ensure that the PMM client image is compatible with the PMM Server version. Check [Percona certified images](https://docs.percona.com/percona-operator-for-mysql/pxc/images.html) for the correct client image.\n\nFor how to configure monitoring with PMM, see the [documentation](https://docs.percona.com/percona-operator-for-mysql/pxc/monitoring.html).\n\n##### Improved monitoring for clusters in multi-region or multi-namespace deployments in PMM\n\nNow you can define a custom name for your clusters deployed in different data centers. This name helps Percona Management and Monitoring (PMM) Server to correctly recognize clusters as connected and monitor them as one deployment. Similarly, PMM Server identifies clusters deployed with the same names in different namespaces as separate ones and correctly displays performance metrics for you on dashboards.\n\nTo assign a custom name, define this configuration in the Custom Resource manifest for your cluster:\n\n```yaml\nspec:\n \ pmm:\n customClusterName: testClusterName\n```\n\n##### More resilient database restores without matching user Secrets\n\nYou no longer need matching user Secrets between your backup and your target cluster to perform a restore. The Operator now has a post-restore step that changes user passwords in the restored database to the ones from the local Secret. Also, it creates missing system users and adds missing grants.\n\nThis flow is the same regardless of whether you restore to the same cluster or to a completely new one.\n\nThe removal of this major roadblock to have a Secret for restores makes your disaster recovery process smoother and more reliable. This enhancement makes managing databases on Kubernetes more robust and operator-friendly.\n\n##### Improved backup retention for streamlined management of scheduled backups in cloud storage\n\nA new backup retention configuration gives you more control over how backups are managed in storage and retained in Kubernetes.\n\nWith the `deleteFromStorage` flag , you can disable automatic deletion from AWS S3 or Azure Blob storage and instead rely on native cloud lifecycle policies. This makes backup cleanup more efficient and better aligned with flexible storage strategies.\n\nThe legacy `keep` option is now deprecated and mapped to the new `retention` block for compatibility. We encourage you to start using the `backup.schedule.retention` configuration:\n\n```yaml\nschedule:\n \ - name: \"sat-night-backup\"\n schedule: \"0 0 * * 6\"\n retention:\n \ count: 3\n type: count\n deleteFromStorage: true\n storageName: s3-us-west\n```\n\nNote that if you have both `backup.schedule.keep` and `backup.schedule.retention` defined, the `backup.schedule.retention` takes precedence.\n\n##### Added labels to identify the version of the Operator\n\nCustom Resource Definition (CRD) is compatible with the last three Operator versions. To know which Operator version is attached to it, we've added labels to all Custom Resource Definitions. The labels help you identify the current Operator version and decide if you need to update the CRD. To view the labels, run: `kubectl get crd perconaxtradbclusters.pxc.percona.com --show-labels`.\n\n##### Cross-site replication is now supported for Percona XtraDB Cluster 8.4\n\nCross-site replication is now available with Percona XtraDB Cluster 8.4.x, lifting one of the limitations in the Operator for this database version. This enhancement marks a significant step toward general availability of Percona XtraDB Cluster 8.4 in the Operator by enabling multi-site deployments and improving resilience across distributed environments.\n\n##### Deprecation, Rename and Removal\n\n- The `pxc.expose.loadBalancerIP`, `haproxy.exposePrimary.loadBalancerIP`, `haproxy.exposeReplicas.loadBalancerIP` and `proxysql.expose.loadBalancerIP` keys are deprecated. The `loadBalancerIP` field is also deprecated upstream in Kubernetes\n due to its inconsistent behavior across cloud providers and lack of dual-stack support. As a result, its usage is strongly discouraged.\n\n \ We recommend using cloud provider-specific annotations instead, as they offer more predictable and portable behavior for managing load balancer IP assignments.\n\n The `pxc.expose.loadBalancerIP`, `haproxy.exposePrimary.loadBalancerIP`, `haproxy.exposeReplicas.loadBalancerIP` and `proxysql.expose.loadBalancerIP` keys are scheduled for removal in future releases.\n\n- The `backup.schedule.keep` field is deprecated and will be removed after release 1.21.0. We recommend using the `backup.schedule.retention` instead as follows:\n\n ```yaml\n \ schedule:\n - name: \"sat-night-backup\"\n schedule: \"0 0 ** 6\"\n retention:\n count: 3\n type: count\n deleteFromStorage: true\n storageName: s3-us-west\n ```\n\n- New repositories for Percona XtraBackup and Logcollector\n\n Now the Operator uses the official Percona Docker images for the `percona-xtrabackup` and `logcollector` components. Pay attention to the new image repositories when you upgrade the Operator and the database. Check the [Percona certified images](https://docs.percona.com/percona-operator-for-mysql/pxc/images.html) for exact image names.\n\n- Changes for Helm charts:\n\n - PMM3 is now the default. To keep using PMM2, set the `pmm.tag: 2.44.1`\n - If you install or upgrade the Operator with default manifests using Helm charts on Openshift 4.19, you must use the `docker.io` registry prefix to guarantee successful download from the DockerHub `percona-xtradb-cluster` repository. Read the [Considerations for using OpenShift 4.19](#considerations-for-using-openshift-419) section for more information.\n\n##### Known limitations\n\n##### Considerations for using OpenShift 4.19\n\nStarting with OpenShift 4.19, the way images with not fully qualified names are pulled has changed for repositories that share the same repository name on DockerHub and Red Hat Marketplace. By default the tags are pulled from Red Hat Marketplace. Specifying not fully qualified image names may result in the `ImagePullBackOff` error.\n\n- **OLM installation:** Images are provided with the fully qualified names and are pulled from the Red Hat Marketplace/DockerHub registry.\n- **Manual install/update with default manifests:** Images must use the `docker.io` registry prefix to guarantee successful download from the Dockerhub `percona-xtradb-cluster` repository.\n\nSee our documentation for [manual installation](https://docs.percona.com/percona-operator-for-mysql/pxc/openshift.html#install-the-operator-via-the-command-line-interface) or [update](https://docs.percona.com/percona-operator-for-mysql/pxc/update_openshift.html#update-via-the-command-line-interface).\n\n##### Changleog\n\n##### New Features\n\n- [K8SPXC-1284](https://perconadev.atlassian.net/browse/K8SPXC-1284) - Add the ability to configure protocol for peer-list DNS SRV lookups\n\n- [K8SPXC-1599](https://perconadev.atlassian.net/browse/K8SPXC-1599) - Allowed setting `loadBalancerClass` service type and using a custom implementation of a load balancer rather than the cloud provider default one\n\n##### Improvements\n\n- [K8SPXC-1375](https://perconadev.atlassian.net/browse/K8SPXC-1375) - Added a new retention configuration to allow users to delegate backup cleanup to cloud lifecycle policies (Thank you user Tristan for reporting this issue)\n\n- [K8SPXC-1376](https://perconadev.atlassian.net/browse/K8SPXC-1376) - Added the ability to restore from backup without a matching Secret resource\n\n- [K8SPXC-1399](https://perconadev.atlassian.net/browse/K8SPXC-1399) - Added a documentation how to set up a disaster recovery system and transfer workloads between sites\n\n- [K8SPXC-1415](https://perconadev.atlassian.net/browse/K8SPXC-1415) - Updated the `percona-xtrabackup` image to use the official `percona-xtrabackup` Docker image\n\n- [K8SPXC-1430](https://perconadev.atlassian.net/browse/K8SPXC-1430) - Improved handling of autogenerated certificates depending on the `delete-ssl` finalizer configuration\n\n- [K8SPXC-1448](https://perconadev.atlassian.net/browse/K8SPXC-1448), [K8SPXC-1449](https://perconadev.atlassian.net/browse/K8SPXC-1449) - Improved the `pvc-resize` test by using a custom storage class for EKS, reducing errors and improving the quota handling during resize\n\n- [K8SPXC-1450](https://perconadev.atlassian.net/browse/K8SPXC-1450) - Improved PVC resizing behavior when reducing the storage size by reverting the values when the quota is reached\n\n- [K8SPXC-1472](https://perconadev.atlassian.net/browse/K8SPXC-1472) - Deprecated the `loadBalancerIP` field due to its deprecation upstream\n\n- [K8SPXC-1513](https://perconadev.atlassian.net/browse/K8SPXC-1513) - Added PXC 8.4 support for version service\n\n- [K8SPXC-1529](https://perconadev.atlassian.net/browse/K8SPXC-1529) - Added support for cross-site replication with MySQL 8.4.0 by adding the use of `authentication_policy` instead of `default_authentication_plugin`\n\n- [K8SPXC-1553](https://perconadev.atlassian.net/browse/K8SPXC-1553) - Added support for PMM v3\n\n- [K8SPXC-1560](https://perconadev.atlassian.net/browse/K8SPXC-1560) - Added the warning about CRDs not being upgraded automatically after helm upgrade to the output\n\n- [K8SPXC-1566](https://perconadev.atlassian.net/browse/K8SPXC-1566) - Improved reconciliation of replicationChannels without proxy Pods by starting the database Pod bypassing the proxy (Thank you Justin Reasoner for contributing to this issue)\n\n- [K8SPXC-1569](https://perconadev.atlassian.net/browse/K8SPXC-1569) - Added Labels for Custom Resource Definitions (CRD) to identify the Operator version attached to them\n\n- [K8SPXC-1597](https://perconadev.atlassian.net/browse/K8SPXC-1597) - Improve the scheduled backups behavior for a cluster in an unhealthy state by postponing the job until the cluster reports the healthy status\n\n- [K8SPXC-1605](https://perconadev.atlassian.net/browse/K8SPXC-1605) - Introduced Azure CLI for checking if backup objects/folders exist in Azure storage\n\n- [K8SPXC-1612](https://perconadev.atlassian.net/browse/K8SPXC-1612) - Added the `imagePullSecrets` for PMM image\n\n- [K8SPXC-1615](https://perconadev.atlassian.net/browse/K8SPXC-1615) - Added the ability to define a custom cluster name for `pmm-admin` component\n\n- [K8SPXC-1624](https://perconadev.atlassian.net/browse/K8SPXC-1624) - Deleted deprecated finalizers code\n\n- [K8SPXC-1669](https://perconadev.atlassian.net/browse/K8SPXC-1669) - Improve the backup flow by generating a default endpoint URL for a storage from a region if it is not provided (Thank you Bernard Grymonpon for reporting this issue)\n\n- [K8SPXC-1677](https://perconadev.atlassian.net/browse/K8SPXC-1677) - Document the changed behavior with pulling images for default manifests on OpenShift 4.19 and update install and update instructions\n\n##### Bugs Fixed\n\n- [K8SPXC-1312](https://perconadev.atlassian.net/browse/K8SPXC-1312) - Fixed the issue with labels not being updated automatically for point-in-time recovery deployment upon Custom Resource changes\n\n- [K8SPXC-1347](https://perconadev.atlassian.net/browse/K8SPXC-1347) - Fixed the issue with point-in-time recovery failing due to TLS configuration mismatch between the server and the point-in-time recovery job by configuring it to use TLS if is required by the server.\n\n- [K8SPXC-1382](https://perconadev.atlassian.net/browse/K8SPXC-1382) - Fixed the issue with backup failing on AWS if using IAM profile without credentialsSecret by using credentialsSecret only when explicitly specified and relying on IAM roles instead (Thank you Itiel Olenick for reporting this issue)\n\n- [K8SPXC-1541](https://perconadev.atlassian.net/browse/K8SPXC-1541) - Fixed Telemetry module to to consider both empty string \"\" and comma separated namespaces in cluster-wide mode\n\n- [K8SPXC-1548](https://perconadev.atlassian.net/browse/K8SPXC-1548) Fixed the issue with deleting old backups on Google Cloud Storage by url-decoding the object path before deleting it (Thank you Mateusz Gruszkiewicz for reporting this issue)\n\n- [K8SPXC-1631](https://perconadev.atlassian.net/browse/K8SPXC-1631) - Fixed the issue with the Operator restarting pod-0 after the cluster is ready. The issue is caused by ConfigMap and StatefulSet being created too close to each other and Kubernetes API can't return the newly created ConfigMap before creating the StatefulSet. The issue is fixed by reconciling the StatefulSet after the reconciliation of ConfigMap is completed.\n\n- [K8SPXC-1664](https://perconadev.atlassian.net/browse/K8SPXC-1664) - Fixed the use of the proper script to check PXC nodes when adding them by HAProxy\n\n##### Supported Software\n\nThe Operator was developed and tested with the following software:\n\n- Percona XtraDB Cluster versions 8.4.5-5.1 (Tech preview), 8.0.42-33.1, and 5.7.44-31.65\n- Percona XtraBackup versions 8.4.0-3, 8.0.35-34.1, and 2.4.29\n- HAProxy 2.8.15-1\n- ProxySQL 2.7.3\n- LogCollector based on fluent-bit 4.0.1\n- PMM Client 2.44.1 and 3.3.1\n\nOther options may also work but have not been tested.\n\n##### Supported Platforms\n\nPercona Operators are designed for compatibility with all [CNCF-certified](https://www.cncf.io/training/certification/software-conformance/) Kubernetes distributions. Our release process includes targeted testing and validation on major cloud provider platforms and OpenShift, as detailed below for Operator version 1.16.0:\n\n- [Google Kubernetes Engine (GKE)](https://cloud.google.com/kubernetes-engine) 1.30 - 1.33\n- [Amazon Elastic Container Service for Kubernetes (EKS)](https://aws.amazon.com) 1.30 - 1.33\n- [Azure Kubernetes Service (AKS)](https://azure.microsoft.com/en-us/services/kubernetes-service/) 1.30 - 1.33\n- [OpenShift](https://www.redhat.com/en/technologies/cloud-computing/openshift) 4.15 - 4.19\n- [Minikube](https://minikube.sigs.k8s.io/docs/) 1.36.0 based on Kubernetes 1.33.1\n\nThis list only includes the platforms that the Percona Operators are specifically tested on as part of the release process. Other Kubernetes flavors and versions depend on the backward compatibility offered by Kubernetes itself.\n\n### [`v1.17.0`](https://redirect.github.com/percona/percona-xtradb-cluster-operator/releases/tag/v1.17.0)\n\n[Compare Source](https://redirect.github.com/percona/percona-xtradb-cluster-operator/compare/v1.16.1...v1.17.0)\n\n#### Release Highlights\n\n##### Improved observability for HAProxy and ProxySQL\n\nGet insights into the HAProxy and ProxySQL performance by connecting to their statistics pages. Use the `cluster-name-haproxy:8084` and `cluster-name-proxysql:6070` endpoints to do so. Learn about other available ports in the [documentation](https://docs.percona.com/percona-operator-for-mysql/pxc/haproxy-conf.html).\n\n##### Improved cluster load management during backups\n\nIf parallel backups overload your cluster, you can turn off parallel execution to prevent this. Previously, this meant that you could only run one backup at a time - no new backups could start until the current one was finished. Now, the Operator queues backups and runs them one after another automatically. You can fine-tune the backup sequence by setting the start time for all backups or for a specific on-demand one using the [`spec.backup.startingDeadlineSeconds`](https://docs.percona.com/percona-operator-for-mysql/pxc/operator.html#backupstartingdeadlineseconds) Custom Resource option. This provides greater control over backup operations.\n\nAnother improvement is for the case when your database cluster becomes unhealthy, for example, when a Pod crashes or restarts. The Operator suspends running backups to reduce the cluster's load. Once the cluster recovers and reports a Ready status, the Operator resumes the suspended backup. To further offload the cluster during an unhealthy state, you can configure how long a backup remains suspended by using the [`spec.backup.suspendedDeadlineSeconds`](https://docs.percona.com/percona-operator-for-mysql/pxc/operator.html#backupsuspendeddeadlineseconds) Custom Resource option. If this time expires before the cluster recovers, the backup is marked as \"failed.\"\n\n##### Monitor PMM Client health and status\n\nPercona Monitoring and Management (PMM) is a great tool to [monitor the health of your database cluster](https://docs.percona.com/percona-operator-for-mysql/pxc/monitoring.html). Now you can also learn if PMM itself is healthy using probes - a Kubernetes diagnostics mechanism to check the health and status of containers. Use the [`spec.pmm.readinessProbes.*`](https://docs.percona.com/percona-operator-for-mysql/pxc/operator.html#pmmreadinessprobesinitialdelayseconds) and [`spec.pmm.livenessProbes.*`](https://docs.percona.com/percona-operator-for-mysql/pxc/operator.html#pmmlivenessprobesinitialdelayseconds) Custom Resource options to fine-tune Readiness and Liveness probes for PMM Client.\n\n##### Improved observability of binary log backups\n\nGet insights into the success and failure rates of binlog operations, timeliness of processing and uploads and potential gaps or inconsistencies in binlog data with the Prometheus metrics added for the Operator. Gather this data by connecting to the `:8080/metrics` endpoint. Learn more about the available metrics in the [documentation](https://docs.percona.com/percona-operator-for-mysql/pxc/backups-pitr.html#binary-logs-statistics).\n\n#### Deprecation, Rename and Removal\n\nThe `spec.haproxy.exposePrimary.enabled` field is deprecated. If enabled via the `spec.haproxy.enabled`, the HAProxy primary service is already exposed.\n\n#### New Features\n\n- [K8SPXC-747](https://perconadev.atlassian.net/browse/K8SPXC-747), [K8SPXC-1473](https://perconadev.atlassian.net/browse/K8SPXC-1473) - Add the ability to access the statistics pages for HAProxy and ProxySQL\n\n- [K8SPXC-1366](https://perconadev.atlassian.net/browse/K8SPXC-1366) - Add the ability to queue backups and run them sequentially, and to optimize the cluster load with the ability to suspend backups for an unhealthy cluster. A user can assign the start time and suspension time to backups to manage them better.\n\n- [K8SPXC-1432](https://perconadev.atlassian.net/browse/K8SPXC-1432) - Enable users to configure cluster-wide Operator deployments in OpenShift certified catalog using OLM.\n\n#### Improvements\n\n- [K8SPXC-1367](https://perconadev.atlassian.net/browse/K8SPXC-1367) - Now a user can configure Readiness and Liveness probes for PMM Client container to check its health and status\n\n- [K8SPXC-1461](https://perconadev.atlassian.net/browse/K8SPXC-1461) - Improve logging for resizing PVC with the information about successful and failed PVC resize. Log errors on resize attempts if the Storage Class doesn't support resizing.\n\n- [K8SPXC-1466](https://perconadev.atlassian.net/browse/K8SPXC-1466) - Mark the containers that provide the service as default ones with the annotation. This enables a user to connect to a Pod without explicitly specifying a container.\n\n- [K8SPXC-1473](https://perconadev.atlassian.net/browse/K8SPXC-1473) - Add the ability to connect to the built-in statistics pages for HAProxy and ProxySQL by exposing the ports for those pages\n\n- [K8SPXC-1475](https://perconadev.atlassian.net/browse/K8SPXC-1475) - Update the backup image to use AWS CLI instead of MinIO CLI due to the license change\n\n- [K8SPXC-1510](https://perconadev.atlassian.net/browse/K8SPXC-1510) - Add the ability to suppress messages about the use of deprecated features in MySQL Error Log by adding the `log_error_suppression_list` key from the `my.cnf` configuration file and defining the message number in the `spec.pxc.configuration` subsection of the Custom Resource manifest. See [how to change MySQL options](https://docs.percona.com/percona-operator-for-mysql/pxc/options.html) for steps. This improves readability for MySQL error log.\n\n- [K8SPXC-1512](https://perconadev.atlassian.net/browse/K8SPXC-1512) - For Percona XtraDB Cluster version 8.4 and above, binary log user defined functions for point-in-time recovery (`binlog_utils_udf`) are now installed as a component instead of a plugin. This improves their compatibility across platforms and provides automatic dependency handling.\n\n- [K8SPXC-1542](https://perconadev.atlassian.net/browse/K8SPXC-1542) - Improve binlog upload for large files to Azure blob storage with the ability to define the block size and the number of concurrent writers for the upload (Thanks to user dcaputo-harmoni for contribution)\n\n- [K8SPXC-1543](https://perconadev.atlassian.net/browse/K8SPXC-1543) - Set PITR controller reference for binlog-collector deployment the same way as it's set for PXC and proxy StatefulSets. This creates a connection between PITR deployment and cluster resource (Thank you Vlad Gusev for the contribution)\n\n- [K8SPXC-1544](https://perconadev.atlassian.net/browse/K8SPXC-1544) - Improve observability of binlog collector by adding the support of basic Prometheus metrics (Thank you Vlad Gusev for the contribution)\n\n- [K8SPXC-1567](https://perconadev.atlassian.net/browse/K8SPXC-1567) - N\n\n
\n\n---\n\n### Configuration\n\n\U0001F4C5 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).\n\n\U0001F6A6 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.\n\n\u267B **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.\n\n\U0001F47B **Immortal**: This PR will be recreated if closed unmerged. Get [config help](https://redirect.github.com/renovatebot/renovate/discussions) if that's undesired.\n\n---\n\n - [ ] If you want to rebase/retry this PR, check this box\n\n---\n\nThis PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/vexxhost/atmosphere).\n\n" change_url: https://github.com/vexxhost/atmosphere/pull/2595 commit_id: 5d635ae7d201989f087661c6356a3703e1026788 patchset: 5d635ae7d201989f087661c6356a3703e1026788 project: canonical_hostname: github.com canonical_name: github.com/vexxhost/atmosphere name: vexxhost/atmosphere short_name: atmosphere src_dir: src/github.com/vexxhost/atmosphere topic: null job: atmosphere-molecule-csi-local-path-provisioner jobtags: [] max_attempts: 3 message: VXBkYXRlIHB4YyAoc3RhYmxlLzIwMjMuMSkKCj4g4oS577iPICoqTm90ZSoqCj4gCj4gVGhpcyBQUiBib2R5IHdhcyB0cnVuY2F0ZWQgZHVlIHRvIHBsYXRmb3JtIGxpbWl0cy4KClRoaXMgUFIgY29udGFpbnMgdGhlIGZvbGxvd2luZyB1cGRhdGVzOgoKfCBQYWNrYWdlIHwgVHlwZSB8IFVwZGF0ZSB8IENoYW5nZSB8IFtBZ2VdKGh0dHBzOi8vZG9jcy5yZW5vdmF0ZWJvdC5jb20vbWVyZ2UtY29uZmlkZW5jZS8pIHwgW0NvbmZpZGVuY2VdKGh0dHBzOi8vZG9jcy5yZW5vdmF0ZWJvdC5jb20vbWVyZ2UtY29uZmlkZW5jZS8pIHwKfC0tLXwtLS18LS0tfC0tLXwtLS18LS0tfAp8IGRvY2tlci5pby9wZXJjb25hL2hhcHJveHkgfCAgfCBwYXRjaCB8IGAyLjguMTRgIOKGkiBgMi44LjE4YCB8ICFbYWdlXShodHRwczovL2RldmVsb3Blci5tZW5kLmlvL2FwaS9tYy9iYWRnZXMvYWdlL2RvY2tlci9kb2NrZXIuaW8lMmZwZXJjb25hJTJmaGFwcm94eS8yLjguMTg/c2xpbT10cnVlKSB8ICFbY29uZmlkZW5jZV0oaHR0cHM6Ly9kZXZlbG9wZXIubWVuZC5pby9hcGkvbWMvYmFkZ2VzL2NvbmZpZGVuY2UvZG9ja2VyL2RvY2tlci5pbyUyZnBlcmNvbmElMmZoYXByb3h5LzIuOC4xNC8yLjguMTg/c2xpbT10cnVlKSB8CnwgZG9ja2VyLmlvL3BlcmNvbmEvcGVyY29uYS14dHJhZGItY2x1c3Rlci1vcGVyYXRvciB8ICB8IG1pbm9yIHwgYDEuMTcuMGAg4oaSIGAxLjE5LjBgIHwgIVthZ2VdKGh0dHBzOi8vZGV2ZWxvcGVyLm1lbmQuaW8vYXBpL21jL2JhZGdlcy9hZ2UvZG9ja2VyL2RvY2tlci5pbyUyZnBlcmNvbmElMmZwZXJjb25hLXh0cmFkYi1jbHVzdGVyLW9wZXJhdG9yLzEuMTkuMD9zbGltPXRydWUpIHwgIVtjb25maWRlbmNlXShodHRwczovL2RldmVsb3Blci5tZW5kLmlvL2FwaS9tYy9iYWRnZXMvY29uZmlkZW5jZS9kb2NrZXIvZG9ja2VyLmlvJTJmcGVyY29uYSUyZnBlcmNvbmEteHRyYWRiLWNsdXN0ZXItb3BlcmF0b3IvMS4xNy4wLzEuMTkuMD9zbGltPXRydWUpIHwKfCBbZ2l0aHViLmNvbS9wZXJjb25hL3BlcmNvbmEteHRyYWRiLWNsdXN0ZXItb3BlcmF0b3JdKGh0dHBzOi8vcmVkaXJlY3QuZ2l0aHViLmNvbS9wZXJjb25hL3BlcmNvbmEteHRyYWRiLWNsdXN0ZXItb3BlcmF0b3IpIHwgcmVxdWlyZSB8IG1pbm9yIHwgYHYxLjE2LjFgIOKGkiBgdjEuMTkuMGAgfCAhW2FnZV0oaHR0cHM6Ly9kZXZlbG9wZXIubWVuZC5pby9hcGkvbWMvYmFkZ2VzL2FnZS9nby9naXRodWIuY29tJTJmcGVyY29uYSUyZnBlcmNvbmEteHRyYWRiLWNsdXN0ZXItb3BlcmF0b3IvdjEuMTkuMD9zbGltPXRydWUpIHwgIVtjb25maWRlbmNlXShodHRwczovL2RldmVsb3Blci5tZW5kLmlvL2FwaS9tYy9iYWRnZXMvY29uZmlkZW5jZS9nby9naXRodWIuY29tJTJmcGVyY29uYSUyZnBlcmNvbmEteHRyYWRiLWNsdXN0ZXItb3BlcmF0b3IvdjEuMTYuMS92MS4xOS4wP3NsaW09dHJ1ZSkgfAp8IFtwZXJjb25hL3BlcmNvbmEteHRyYWRiLWNsdXN0ZXItb3BlcmF0b3JdKGh0dHBzOi8vcmVkaXJlY3QuZ2l0aHViLmNvbS9wZXJjb25hL3BlcmNvbmEteHRyYWRiLWNsdXN0ZXItb3BlcmF0b3IpIHwgIHwgbWlub3IgfCBgMS4xNy4wYCDihpIgYDEuMTkuMGAgfCAhW2FnZV0oaHR0cHM6Ly9kZXZlbG9wZXIubWVuZC5pby9hcGkvbWMvYmFkZ2VzL2FnZS9naXRodWItcmVsZWFzZXMvcGVyY29uYSUyZnBlcmNvbmEteHRyYWRiLWNsdXN0ZXItb3BlcmF0b3IvMS4xOS4wP3NsaW09dHJ1ZSkgfCAhW2NvbmZpZGVuY2VdKGh0dHBzOi8vZGV2ZWxvcGVyLm1lbmQuaW8vYXBpL21jL2JhZGdlcy9jb25maWRlbmNlL2dpdGh1Yi1yZWxlYXNlcy9wZXJjb25hJTJmcGVyY29uYS14dHJhZGItY2x1c3Rlci1vcGVyYXRvci8xLjE3LjAvMS4xOS4wP3NsaW09dHJ1ZSkgfAp8IFtweGMtb3BlcmF0b3JdKGh0dHBzOi8vZG9jcy5wZXJjb25hLmNvbS9wZXJjb25hLW9wZXJhdG9yLWZvci1teXNxbC9weGMvKSAoW3NvdXJjZV0oaHR0cHM6Ly9yZWRpcmVjdC5naXRodWIuY29tL3BlcmNvbmEvcGVyY29uYS1oZWxtLWNoYXJ0cykpIHwgIHwgbWlub3IgfCBgMS4xNy4wYCDihpIgYDEuMTkuMGAgfCAhW2FnZV0oaHR0cHM6Ly9kZXZlbG9wZXIubWVuZC5pby9hcGkvbWMvYmFkZ2VzL2FnZS9oZWxtL3B4Yy1vcGVyYXRvci8xLjE5LjA/c2xpbT10cnVlKSB8ICFbY29uZmlkZW5jZV0oaHR0cHM6Ly9kZXZlbG9wZXIubWVuZC5pby9hcGkvbWMvYmFkZ2VzL2NvbmZpZGVuY2UvaGVsbS9weGMtb3BlcmF0b3IvMS4xNy4wLzEuMTkuMD9zbGltPXRydWUpIHwKfCBxdWF5LmlvL3Byb21ldGhldXMvbXlzcWxkLWV4cG9ydGVyIHwgIHwgbWlub3IgfCBgdjAuMTcuMGAg4oaSIGB2MC4xOC4wYCB8ICFbYWdlXShodHRwczovL2RldmVsb3Blci5tZW5kLmlvL2FwaS9tYy9iYWRnZXMvYWdlL2RvY2tlci9xdWF5LmlvJTJmcHJvbWV0aGV1cyUyZm15c3FsZC1leHBvcnRlci92MC4xOC4wP3NsaW09dHJ1ZSkgfCAhW2NvbmZpZGVuY2VdKGh0dHBzOi8vZGV2ZWxvcGVyLm1lbmQuaW8vYXBpL21jL2JhZGdlcy9jb25maWRlbmNlL2RvY2tlci9xdWF5LmlvJTJmcHJvbWV0aGV1cyUyZm15c3FsZC1leHBvcnRlci92MC4xNy4wL3YwLjE4LjA/c2xpbT10cnVlKSB8CgotLS0KCiMjIyBSZWxlYXNlIE5vdGVzCgo8ZGV0YWlscz4KPHN1bW1hcnk+cGVyY29uYS9wZXJjb25hLXh0cmFkYi1jbHVzdGVyLW9wZXJhdG9yIChnaXRodWIuY29tL3BlcmNvbmEvcGVyY29uYS14dHJhZGItY2x1c3Rlci1vcGVyYXRvcik8L3N1bW1hcnk+CgojIyMgW2B2MS4xOS4wYF0oaHR0cHM6Ly9yZWRpcmVjdC5naXRodWIuY29tL3BlcmNvbmEvcGVyY29uYS14dHJhZGItY2x1c3Rlci1vcGVyYXRvci9yZWxlYXNlcy90YWcvdjEuMTkuMCkKCltDb21wYXJlIFNvdXJjZV0oaHR0cHM6Ly9yZWRpcmVjdC5naXRodWIuY29tL3BlcmNvbmEvcGVyY29uYS14dHJhZGItY2x1c3Rlci1vcGVyYXRvci9jb21wYXJlL3YxLjE4LjAuLi52MS4xOS4wKQoKIyMjIyMgUmVsZWFzZSBIaWdobGlnaHRzCgpUaGlzIHJlbGVhc2Ugb2YgUGVyY29uYSBPcGVyYXRvciBmb3IgTXlTUUwgYmFzZWQgb24gUGVyY29uYSBYdHJhREIgQ2x1c3RlciBpbmNsdWRlcyB0aGUgZm9sbG93aW5nIG5ldyBmZWF0dXJlcyBhbmQgaW1wcm92ZW1lbnRzOgoKIyMjIyMgRW5zdXJlIGRhdGEgc2VjdXJpdHkgZm9yIFBlcmNvbmEgWHRyYURCIENsdXN0ZXIgOC40IHdpdGggZGF0YS1hdC1yZXN0IGVuY3J5cHRpb24KCkRhdGEgYXQgcmVzdCBlbmNyeXB0aW9uIGVuc3VyZXMgdGhhdCBzZW5zaXRpdmUgaW5mb3JtYXRpb24gc3RvcmVkIG9uIGRpc2sgcmVtYWlucyBwcm90ZWN0ZWQgZnJvbSB1bmF1dGhvcml6ZWQgYWNjZXNzLCBldmVuIGlmIHRoZSBwaHlzaWNhbCBtZWRpYSBpcyBjb21wcm9taXNlZC4gSXQgaXMgYSBmb3VuZGF0aW9uYWwgc2FmZWd1YXJkIGZvciBjb21wbGlhbmNlLCB0cnVzdCBhbmQgc2VjdXJpdHkgaW4gbW9kZXJuIGRhdGFiYXNlIGVudmlyb25tZW50cy4KClRoZSBPcGVyYXRvciBzdXBwb3J0cyBkYXRhIGF0IHJlc3QgZW5jcnlwdGlvbiBmb3IgTXlTUUwgOC4wIHdpdGggSGFzaGlDb3JwIFZhdWx0IHVzaW5nIHRoZSBga2V5cmluZ192YXVsdGAgKnBsdWdpbiouIE5vdywgaXQgYWxzbyBzdXBwb3J0cyBkYXRhIGF0IHJlc3QgZW5jcnlwdGlvbiBmb3IgTXlTUUwgOC40LCBsZXZlcmFnaW5nIHRoZSBga2V5cmluZ192YXVsdGAgKmNvbXBvbmVudCouCgpUaGlzIGVuaGFuY2VtZW50IGVuYWJsZXMgeW91IHRvIGJlbmVmaXQgZnJvbSB0aGUgcmljaCBmZWF0dXJlIHNldCBvZiB0aGUgbGF0ZXN0IG1ham9yIHZlcnNpb24gb2YgUGVyY29uYSBYdHJhREIgQ2x1c3RlciA4LjQgd2hpbGUgZW5zdXJpbmcgeW91ciBzZW5zaXRpdmUgZGF0YSBpcyBzZWN1cmVkLiBJbiBkb2luZyBzbywgeW91IGNhbiBtZWV0IGNvbXBsaWFuY2UgcmVxdWlyZW1lbnRzIGFuZCBwcm90ZWN0IGNyaXRpY2FsIGluZm9ybWF0aW9uIHdpdGhvdXQgYWRkZWQgb3BlcmF0aW9uYWwgY29tcGxleGl0eS4gTGVhcm4gaG93IHRvIFtjb25maWd1cmUgZGF0YSBhdCByZXN0IGVuY3J5cHRpb24gZm9yIFBlcmNvbmEgWHRyYURCIENsdXN0ZXIgOC40XShodHRwczovL2RvY3MucGVyY29uYS5jb20vcGVyY29uYS1vcGVyYXRvci1mb3ItbXlzcWwvcHhjL2VuY3J5cHRpb24tc2V0dXAuaHRtbCkuCgojIyMjIyBQZXJjb25hIFh0cmFEQiBDbHVzdGVyIDguNCBpcyBub3cgZnVsbHkgc3VwcG9ydGVkCgpQZXJjb25hIFh0cmFEQiBDbHVzdGVyIDguNCBpcyBub3cgZnVsbHkgc3VwcG9ydGVkIGFuZCByZWNvbW1lbmRlZCBmb3IgcHJvZHVjdGlvbiBkZXBsb3ltZW50cy4gU3RhcnRpbmcgd2l0aCB0aGlzIHJlbGVhc2UsIGl0IGJlY29tZXMgdGhlIGRlZmF1bHQgdmVyc2lvbiBmb3IgYWxsIG5ldyBkYXRhYmFzZSBjbHVzdGVyIGRlcGxveW1lbnRzIHVzaW5nIHRoZSBPcGVyYXRvci4gVGhpcyBzdXBwb3J0IGVuYWJsZXMgeW91IHRvIGJlbmVmaXQgZnJvbSBpdHMgbGF0ZXN0IGZlYXR1cmVzLCBwZXJmb3JtYW5jZSBpbXByb3ZlbWVudHMsIGFuZCBlbmhhbmNlZCBzZWN1cml0eS4KCiMjIyMjIFVzZSB5b3VyIG93biBDQSBjZXJ0aWZpY2F0ZXMgZm9yIFRMUyB2ZXJpZmljYXRpb24KCllvdSBjYW4gbm93IHVzZSB5b3VyIG9yZ2FuaXphdGlvbuKAmXMgY3VzdG9tIENlcnRpZmljYXRlIEF1dGhvcml0eSAoQ0EpIHRvIHNlY3VyZWx5IHZlcmlmeSBUTFMgY29tbXVuaWNhdGlvbiB3aXRoIFMzIHN0b3JhZ2UgZHVyaW5nIGJhY2t1cHMgYW5kIHJlc3RvcmVzLgoKVGhlIGNvbmZpZ3VyYXRpb24gaXMgc3RyYWlnaHRmb3J3YXJkOiBjcmVhdGUgdGhlIFNlY3JldCB0aGF0IHN0b3JlcyB5b3VyIGN1c3RvbSBDQSBhbmQgY2VydGlmaWNhdGVzIHRvIGF1dGhvcml6ZSBpbiB0aGUgUzMgc3RvcmFnZS4gVGhlbiByZWZlcmVuY2UgdGhpcyBTZWNyZXQgYW5kIHNwZWNpZnkgdGhlIENBIGNlcnRpZmljYXRlIGluIHRoZSBgY2FCdW5kbGVgIG9wdGlvbiBpbiB0aGUgT3BlcmF0b3IgQ3VzdG9tIFJlc291cmNlLiBUaGUgT3BlcmF0b3Igd2lsbCB2ZXJpZnkgVExTIGNvbW11bmljYXRpb24gYWdhaW5zdCBpdC4KCkhlcmUncyB0aGUgZXhhbXBsZSBjb25maWd1cmF0aW9uOgoKYGBgeW1sCnN0b3JhZ2VzOgogIG1pbmlvLXMzOgogICAgdHlwZTogczMKICAgIHZlcmlmeVRMUzogdHJ1ZQogICAgczM6CiAgICAgIGNhQnVuZGxlOgogICAgICAgICBuYW1lOiBtaW5pby1jYS1idW5kbGUKICAgICAgICAga2V5OiB0bHMuY3J0CmBgYAoKV2l0aCB0aGlzIGltcHJvdmVtZW50LCB5b3UgZW5zdXJlIHRoZSBmb2xsb3dpbmc6CgotIFNlY3VyaXR5IHdpdGhvdXQgY29tcHJvbWlzZSDigJMgbm8gbW9yZSBieXBhc3NpbmcgaWRlbnRpdHkgY2hlY2tzLgotIEFsaWdubWVudCB3aXRoIHlvdXIgaW50ZXJuYWwgc3RhbmRhcmRzIOKAkyB1c2UgdGhlIENBIHlvdXIgY29tcGFueSBhbHJlYWR5IHRydXN0cy4KLSBDb25maWRlbmNlIGluIGJhY2t1cCBhbmQgcmVzdG9yZSBmbG93cyDigJMgZXZlcnkgUzMgaW50ZXJhY3Rpb24gaXMgcHJvcGVybHkgdmVyaWZpZWQuCgpSZWFkIG1vcmUgYWJvdXQgdGhlIHVzZSBvZiBvd24gQ0EgY2VydGlmaWNhdGVzIGluIG91ciBbZG9jdW1lbnRhdGlvbl0oaHR0cHM6Ly9kb2NzLnBlcmNvbmEuY29tL3BlcmNvbmEtb3BlcmF0b3ItZm9yLW15c3FsL3B4Yy9iYWNrdXBzLXN0b3JhZ2UuaHRtbCNjb25maWd1cmUtdGxzLXZlcmlmaWNhdGlvbi13aXRoLWN1c3RvbS1jZXJ0aWZpY2F0ZXMtZm9yLXMzLXN0b3JhZ2UpCgojIyMjIyBDb25maWd1cmUgZHVyYXRpb24gZm9yIGNlcnRpZmljYXRlcyBpc3N1ZWQgYnkgY2VydC1tYW5hZ2VyCgpCeSBkZWZhdWx0LCB0aGUgYGNlcnQtbWFuYWdlcmAgZ2VuZXJhdGVzIGNlcnRpZmljYXRlcyB2YWxpZCBmb3IgOTAgZGF5cy4gWW91IG5vdyBoYXZlIG1vcmUgY29udHJvbCBvdmVyIGNlcnRpZmljYXRlIGxpZmV0aW1lcyBhbmQgY2FuIGNvbmZpZ3VyZSB0aGVpciBjdXN0b20gZHVyYXRpb24gd2hlbiB5b3UgY3JlYXRlIGEgbmV3IGNsdXN0ZXIuIFRoaXMgd2F5IHlvdSBjYW4gYWxpZ24gd2l0aCB5b3VyIG9yZ2FuaXphdGlvbidzIHNlY3VyaXR5IGFuZCBjb21wbGlhbmNlIHBvbGljaWVzLgoKVXNlIHRoZSBmb2xsb3dpbmcgQ3VzdG9tIFJlc291cmNlIG9wdGlvbnMgdG8gY29uZmlndXJlIGNlcnRpZmljYXRlIGR1cmF0aW9uOgoKLSBgLnNwZWMudGxzLmNlcnRWYWxpZGl0eUR1cmF0aW9uYCDigJMgdmFsaWRpdHkgcGVyaW9kIGZvciBnZW5lcmF0ZWQgY2VydGlmaWNhdGVzCi0gYC5zcGVjLnRscy5jYVZhbGlkaXR5RHVyYXRpb25gIOKAkyB2YWxpZGl0eSBwZXJpb2QgZm9yIHRoZSBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkgKENBKQoKYGBgeWFtbAogIHRsczoKICAgIGVuYWJsZWQ6IHRydWUKICAgIGNlcnRWYWxpZGl0eUR1cmF0aW9uOiAyMTYwaAogICAgY2FWYWxpZGl0eUR1cmF0aW9uOiAyNjI4MGgKYGBgCgpOb3RlIHRoYXQgdGhlIE9wZXJhdG9yIGVuZm9yY2VzIG1pbmltdW0gZHVyYXRpb25zIHRvIGNlcnRpZmljYXRlczoKCi0gRm9yIFRMUyBjZXJ0aWZpY2F0ZXMg4oCTIDEgaG91cgotIEZvciBDQSBjZXJ0aWZpY2F0ZSDigJMgNzMwIGhvdXJzLgoKQWxzbywgd2UgZG9uJ3QgcmVjb21tZW5kIHNldHRpbmcgZHVyYXRpb24gdG8gZXhhY3RseSAxIGhvdXIgdG8gcHJldmVudCBjZXJ0aWZpY2F0ZSBnZW5lcmF0aW9uIGlzc3Vlcy4gUmVhZCBtb3JlIGFib3V0IHJ1bGVzIGFuZCBsaW1pdGF0aW9ucyBhYm91dCBjZXJ0aWZpY2F0ZSBkdXJhdGlvbiBjb25maWd1cmF0aW9uIGluIG91ciBbZG9jdW1lbnRhdGlvbl0oaHR0cHM6Ly9kb2NzLnBlcmNvbmEuY29tL3BlcmNvbmEtb3BlcmF0b3ItZm9yLW15c3FsL3B4Yy90bHMtY2VydC1tYW5hZ2VyLmh0bWwjY3VzdG9taXplLWNlcnRpZmljYXRlLWR1cmF0aW9uLWZvci1jZXJ0LW1hbmFnZXIpLgoKVGhpcyBpbXByb3ZlbWVudCBlbXBvd2VycyB5b3UgdG8gZmluZS10dW5lIGNlcnRpZmljYXRlIGxpZmV0aW1lcyB3aGlsZSBrZWVwaW5nIHlvdXIgY2x1c3RlciBzZWN1cmUgYW5kIHN0YWJsZS4KCiMjIyMjIFNlY3VyaXR5IGNvbnRleHQgZm9yIFByb3h5U1FMIHNpZGVjYXIgY29udGFpbmVycwoKWW91IGNhbiBub3cgZGVmaW5lIHRoZSBzZWN1cml0eSBjb250ZXh0IGZvciBQcm94eVNRTCBzaWRlY2FyIGNvbnRhaW5lcnMgaW4gdGhlIE9wZXJhdG9yLCByZWR1Y2luZyB0aGUgcmlzayBvZiB1bnNlY3VyZWQgc2lkZWNhcnMgYnlwYXNzaW5nIFBvZCByZXN0cmljdGlvbnMuIFRoaXMgaW1wcm92ZW1lbnQgbGV0cyB5b3Ugc2V0IHVzZXIgSURzLCBwcml2aWxlZ2VzLCBhbmQgZmlsZXN5c3RlbSBhY2Nlc3MgZGlyZWN0bHksIGVuc3VyaW5nIGNvbXBsaWFuY2UgYW5kIHN0cmVuZ3RoZW5pbmcgUG9kIHNlY3VyaXR5LgoKQ29uZmlndXJlIHRoZSBzZWN1cml0eSBjb250ZXh0IGluIHlvdXIgY3VzdG9tIHJlc291cmNlLiBGb3IgZXhhbXBsZToKCmBgYHlhbWwKc3BlYzoKICBwcm94eXNxbDoKICAgICAgIHNpZGVjYXJzOgogICAgICAgICAgc2VjdXJpdHlDb250ZXh0OgogICAgICAgICAgICAgIHByaXZpbGVnZWQ6IGZhbHNlCmBgYAoKV2l0aCB0aGlzIGNoYW5nZSwgeW91IGVuZm9yY2Ugc2FmZXIgZGVmYXVsdHMgYWNyb3NzIHlvdXIgZGVwbG95bWVudHMgYW5kIGNsb3NlIHNlY3VyaXR5IGdhcHMgYXQgdGhlIFBvZCBsZXZlbC4KCiMjIyMjIEltcHJvdmVkIGxvYWQgYmFsYW5jaW5nIHdpdGggUHJveHlTUUwgc2NoZWR1bGVyICh0ZWNoIHByZXZpZXcpCgpUaGUgT3BlcmF0b3Igbm93IGludGVncmF0ZXMgd2l0aCB0aGUgZXh0ZXJuYWwgYHB4Y19zY2hlZHVsZXJfaGFuZGxlcmAgdG9vbCB0byBpbXByb3ZlIHF1ZXJ5IHJvdXRpbmcuIFRoaXMgZmVhdHVyZSBpcyBjdXJyZW50bHkgaW4gdGVjaCBwcmV2aWV3LCBzbyB3ZSByZWNvbW1lbmQgZXhwZXJpbWVudGluZyB3aXRoIGl0IGluIHRlc3Qgb3Igc3RhZ2luZyBlbnZpcm9ubWVudHMgYmVmb3JlIHVzaW5nIGl0IGluIHByb2R1Y3Rpb24uCgpXaXRoIHRoaXMgc2NoZWR1bGVyIHlvdSBnZXQgZmluZXIgY29udHJvbCBvdmVyIGhvdyB5b3VyIFNRTCBxdWVyaWVzIGFyZSByb3V0ZWQgd2l0aGluIHlvdXIgUFhDIGNsdXN0ZXI6CgotIFNFTEVDVCBxdWVyaWVzICh0aGF0IGRvbid0IHVzZSBGT1IgVVBEQVRFKSBhcmUgaW50ZWxsaWdlbnRseSBkaXN0cmlidXRlZCBhY3Jvc3MgYWxsIFBYQyBub2Rlc+KAlG9yIGFsbCBub2RlcyBleGNlcHQgdGhlIHdyaXRlciwgZGVwZW5kaW5nIG9uIHlvdXIgc2V0dGluZ3MuCi0gTm9uLVNFTEVDVCBxdWVyaWVzIGFuZCBTRUxFQ1QgRk9SIFVQREFURSBzdGF0ZW1lbnRzIGFyZSByb3V0ZWQgdG8gdGhlIHdyaXRlciBub2RlLgotIFlvdSBkb24ndCBoYXZlIHRvIG1pY3JvbWFuYWdlIHRoZSB3cml0ZXIgcm9sZTogdGhlIHNjaGVkdWxlciBhdXRvbWF0aWNhbGx5IGVuc3VyZXMgb25seSBvbmUgd3JpdGVyIGlzIGFjdGl2ZSBhdCBhbnkgdGltZS4KClRoaXMgbWVhbnMgeW91IGNvdWxkIHNlZToKCi0gYmV0dGVyIHBlcmZvcm1hbmNlIGFuZCBoaWdoZXIgdGhyb3VnaHB1dCBmcm9tIGRpc3RyaWJ1dGluZyBxdWVyeSBsb2FkcwotIGdyZWF0ZXIgcmVsaWFiaWxpdHkgd2l0aCBubyBzaW5nbGUgcG9pbnQgb2YgZmFpbHVyZQoKKiBJbXByb3ZlZCBjbHVzdGVyIGhlYWx0aCB0aHJvdWdoIGVhcmx5IGRldGVjdGlvbiBvZiByZXBsaWNhdGlvbiBsYWcgYW5kIG5vZGUgaXNzdWVzCgotIG1vcmUgZWZmaWNpZW50IHVzZSBvZiB5b3VyIHJlc291cmNlcyBhbmQgaGFyZHdhcmUKLSBhIHNtb290aGVyLCBtb3JlIHByZWRpY3RhYmxlIGV4cGVyaWVuY2UgZm9yIGV2ZXJ5b25lIHVzaW5nIHRoZSBkYXRhYmFzZQoKU2VlIG91ciBbZG9jdW1lbnRhdGlvbl0oaHR0cHM6Ly9kb2NzLnBlcmNvbmEuY29tL3BlcmNvbmEtb3BlcmF0b3ItZm9yLW15c3FsL3B4Yy9wcm94eXNxbC1jb25mLmh0bWwjcHJveHlzcWwtc2NoZWR1bGVyLXRlY2gtcHJldmlldykgZm9yIGZ1bGwgaW5mb3JtYXRpb24gYWJvdXQgdGhlIHNjaGVkdWxlciBiZWhhdmlvciBhbmQgc2V0dXAuCgpUaGUgcHJldmlvdXMgaW50ZXJuYWwgc2NoZWR1bGVyIHJlbWFpbnMgZW5hYmxlZCBieSBkZWZhdWx0IHRvIG1haW50YWluIGJhY2t3YXJkIGNvbXBhdGliaWxpdHkuIFlvdSBjYW4gc3dpdGNoIHRvIHRoZSBuZXcgb25lIHdoZW4geW91J3JlIHJlYWR5IHRvIGJlbmVmaXQgZnJvbSBzbWFydGVyIHF1ZXJ5IGhhbmRsaW5nLgoKIyMjIyMgQ3VzdG9taXplIEhBUHJveHkgYmFja2VuZCBoZWFsdGggY2hlY2sgaW50ZXJ2YWxzIGFuZCBmYWlsb3ZlciBiZWhhdmlvcgoKWW91IGNhbiBub3cgY29udHJvbCBob3cgcXVpY2tseSBIQVByb3h5IGRldGVjdHMgYW5kIHJlYWN0cyB0byBub2RlIGZhaWx1cmVzLiBJbnN0ZWFkIG9mIHdhaXRpbmcgdGhlIGRlZmF1bHQgMjAgc2Vjb25kcyB3aGlsZSBIQVByb3h5IHBlcmZvcm1zIHRoZSBmYWlsb3ZlciwgeW91IGNhbiB0dW5lIGhlYWx0aCBjaGVja3MgdG8gY3V0IHRoYXQgZG93biB0byBqdXN0IGEgZmV3IHNlY29uZHMuIFRoYXQgbWVhbnMgeW91ciBhcHBsaWNhdGlvbnMgcmVjb3ZlciBmYXN0ZXIsIGFuZCB1c2VycyBkb24ndCBnZXQgc3R1Y2sgd2l0aCBoYW5naW5nIHNlc3Npb25zIHdoZW4gYSBub2RlIGdvZXMgZG93bi4KCllvdSBubyBsb25nZXIgbmVlZCB0byBvdmVycmlkZSB0aGUgZW50aXJlIEhBUHJveHkgY29uZmlndXJhdGlvbiB0byBhY2hpZXZlIHRoaXMg4oCUIHRoZSBvcGVyYXRvciBub3cgZ2l2ZXMgeW91IHNpbXBsZSwgZGlyZWN0IG9wdGlvbnMgaW4gdGhlIEN1c3RvbSBSZXNvdXJjZSBzcGVjaWZpY2F0aW9uOgoKYGBgeWFtbApoYXByb3h5OiAgCiAgIGhlYWx0aENoZWNrOgogICAgICAgaW50ZXJ2YWw6IDEwMDAwCiAgICAgICByaXNlOiAxCiAgICAgICBmYWxsOiAyCmBgYAoKQnkgYWRqdXN0aW5nIGhvdyBvZnRlbiBjaGVja3MgcnVuIGFuZCBob3cgbWFueSBmYWlsdXJlcyBvciBzdWNjZXNzZXMgbWFyayBhIG5vZGUgYXMg4oCcZG93buKAnSBvciDigJx1cCzigJ0geW91IGdldCBmYXN0ZXIgZmFpbG92ZXIsIGNsZWFuZXIgY2xpZW50IGhhbmRsaW5nLCBhbmQgZWFzaWVyIGNvbmZpZ3VyYXRpb24gdGhhdCBpcyBzYWZlIHRvIHVwZ3JhZGUgYW5kIHRhaWxvcmVkIHRvIHlvdXIgZW52aXJvbm1lbnQuCgojIyMjIyBTd2l0Y2ggZnJvbSBIQVByb3h5IHRvIFByb3h5U1FMIGF0IHJ1bnRpbWUKCllvdSBjYW4gbm93IHN3aXRjaCBmcm9tIEhBUHJveHkgdG8gUHJveHlTUUwgd2l0aG91dCByZWRlcGxveWluZyB5b3VyIFBlcmNvbmEgWHRyYURCIENsdXN0ZXIuIFByZXZpb3VzbHksIHlvdSBoYWQgdG8gY2hvb3NlIFByb3h5U1FMIG9ubHkgYXQgc3RhcnR1cC4gTm93IFByb3h5U1FMIGhhcyB0aGUgYGNhY2hpbmdfc2hhMl9wYXNzd29yZGAgYXMgdGhlIGRlZmF1bHQgYXV0aGVudGljYXRpb24gcGx1Z2luLCB3aGljaCBnaXZlcyB5b3UgdGhlIGZsZXhpYmlsaXR5IHRvIHN0YXJ0IHdpdGggSEFQcm94eSBhbmQgbWlncmF0ZSB0byBQcm94eVNRTCBsYXRlciBhcyB5b3VyIG5lZWRzIGV2b2x2ZS4KCldpdGggdGhpcyByZWxlYXNlLCBQcm94eVNRTCBhbHNvIGluY2x1ZGVzIGEgbmV3IFtzY2hlZHVsZXJdKCNpbXByb3ZlZC1sb2FkLWJhbGFuY2luZy13aXRoLXByb3h5c3FsLXNjaGVkdWxlci10ZWNoLXByZXZpZXcpIHRoYXQgZW5oYW5jZXMgU1FMIGF3YXJlbmVzcywgYXV0b21hdGVzIHJlYWQvd3JpdGUgc3BsaXR0aW5nLCBhbmQgaGFuZGxlcyBmYWlsb3ZlcnMgbW9yZSBpbnRlbGxpZ2VudGx5LiBUaGlzIGxlYWRzIHRvIGZhc3RlciBxdWVyaWVzLCBpbmNyZWFzZWQgcmVsaWFiaWxpdHksIGFuZCBtb3JlIGVmZmljaWVudCBjbHVzdGVyIHJlc291cmNlIHVzYWdlLgoKKipXaGljaCBwcm94eSBzaG91bGQgeW91IGNob29zZT8qKgoKLSAqKkhBUHJveHk6KiogQ2hvb3NlIEhBUHJveHkgaWYgeW91IG5lZWQgYSBsaWdodHdlaWdodCwgVENQLWxldmVsIGxvYWQgYmFsYW5jZXIgd2l0aCBtaW5pbWFsIGNvbmZpZ3VyYXRpb24uIE5vdGUgdGhhdCBmb3IgcmVhZC93cml0ZSBzcGxpdHRpbmcsIHlvdXIgY2xpZW50cyBtdXN0IGNvbm5lY3QgdG8gZGlmZmVyZW50IEhBUHJveHkgcG9ydHMgYmFzZWQgb24gdGhlIHF1ZXJ5IHR5cGUuCi0gKipQcm94eVNRTDoqKiBPcHQgZm9yIFByb3h5U1FMIGlmIHlvdSB3YW50IGJ1aWx0LWluIHJlYWQvd3JpdGUgc3BsaXR0aW5nLCBhZHZhbmNlZCBxdWVyeS1sZXZlbCBjb250cm9sLCBhbmQgYXV0b21hdGVkIGZhaWxvdmVyIGxvZ2ljIHJpZ2h0IG91dCBvZiB0aGUgYm94LgoKRWFjaCBwcm94eSBicmluZ3MgaXRzIG93biByZXNvdXJjZSByZXF1aXJlbWVudHMgYW5kIGFkdmFudGFnZXMuIFdlIG9mZmVyIFthZGRpdGlvbmFsIGd1aWRhbmNlXShodHRwczovL2RvY3MucGVyY29uYS5jb20vcGVyY29uYS1vcGVyYXRvci1mb3ItbXlzcWwvcHhjL2xvYWQtYmFsYW5jaW5nLmh0bWwjd2hhdC1sb2FkLWJhbGFuY2VyLXRvLXVzZSkgb24gc2VsZWN0aW5nIHRoZSByaWdodCBwcm94eSBmb3IgeW91ciBlbnZpcm9ubWVudCwgcGx1cyBbZGV0YWlsZWQgcmVjb21tZW5kYXRpb25zXShodHRwczovL2RvY3MucGVyY29uYS5jb20vcGVyY29uYS1vcGVyYXRvci1mb3ItbXlzcWwvcHhjL3Byb3h5LXN3aXRjaGluZy5odG1sKSBvbiByZXNvdXJjZSBwbGFubmluZyBhbmQgYmVzdCBwcmFjdGljZXMuIFJldmlldyB0aGVzZSBjYXJlZnVsbHkgdG8gZW5zdXJlIHlvdXIgY2hvaWNlIGZpdHMgeW91ciBvcGVyYXRpb25hbCBhbmQgcGVyZm9ybWFuY2UgbmVlZHMuCgpUbyBzd2l0Y2ggYmV0d2VlbiBwcm94aWVzLCB1cGRhdGUgeW91ciBDdXN0b20gUmVzb3VyY2UgdG8gc2V0IGBoYXByb3h5LmVuYWJsZWRgIHRvIGBmYWxzZWAgYW5kIGBwcm94eXNxbC5lbmFibGVkYCB0byBgdHJ1ZWAuIEFwcGx5IHRoZSBjaGFuZ2VzLCBhbmQgdGhlIE9wZXJhdG9yIHdpbGwgaGFuZGxlIHRoZSB0cmFuc2l0aW9uIGZvciB5b3UgYnkgcmVzdGFydGluZyB0aGUgcmVsZXZhbnQgcHJveHkgUG9kcy4KCldpdGggdGhpcyBpbXByb3ZlbWVudCB5b3Ugbm93IGNvbnRyb2wgeW91ciBwcm94eSBjaG9pY2UgYXQgcnVudGltZSwgYW5kIFByb3h5U1FMIGJyaW5ncyBzbWFydGVyIHJvdXRpbmcgYW5kIHJlc2lsaWVuY2UgcmlnaHQgaW50byB0aGUgT3BlcmF0b3IuCgojIyMjIyBQcm94eVNRTCAzIHN1cHBvcnQKCllvdSBjYW4gbm93IGRlcGxveSBQcm94eVNRTCAzIHdpdGggUGVyY29uYSBPcGVyYXRvciBmb3IgTXlTUUwuIFRoaXMgZ2l2ZXMgeW91IG1vcmUgZmxleGliaWxpdHkgYW5kIGNvbnRyb2wgb3ZlciBob3cgeW91ciBhcHBsaWNhdGlvbnMgY29ubmVjdCB0byBNeVNRTCBpbnNpZGUgS3ViZXJuZXRlcy4gSGVyZeKAmXMgd2hhdCB5b3UgZ2V0OgoKLSBEdWFs4oCRcGFzc3dvcmQgc3VwcG9ydCBlbmFibGVzIHlvdSB0byBpbnRyb2R1Y2UgYSBuZXcgcGFzc3dvcmQgd2hpbGUgdGhlIG9sZCBvbmUgaXMgc3RpbGwgdmFsaWQuIEFzIGEgcmVzdWx0LCB5b3UgY2FuIHJvdGF0ZSBwYXNzd29yZHMgd2l0aG91dCBkb3dudGltZQotIEVuaGFuY2VkIGV2ZW50IGFuZCBxdWVyeSBsb2dnaW5nIGdpdmVzIHlvdSByZWFs4oCRdGltZSB2aXNpYmlsaXR5IGludG8gcXVlcnkgYmVoYXZpb3IgYW5kIGFwcGxpY2F0aW9uIHRyYWZmaWMuCi0gUHJveHlTUUwgbm93IGxvZ3MgdGhlIGFjdHVhbCB2YWx1ZXMgYm91bmQgdG8gcHJlcGFyZWQgc3RhdGVtZW50cy4gVGhpcyBoZWxwcyB5b3UgZGVidWcgcXVlcmllcyBtb3JlIGVmZmVjdGl2ZWx5LCBzaW5jZSB5b3Ugc2VlIHdoYXQgZGF0YSB3YXMgcGFzc2VkIGluc3RlYWQgb2YganVzdCBwbGFjZWhvbGRlcnMKLSBFdmVudCBsb2dzIG5vdyBpbmNsdWRlIG1ldGFkYXRhIGFib3V0IFByb3h5U1FMIHZlcnNpb24gYW5kIGZvcm1hdC4gVGhpcyBtYWtlcyBpdCBlYXNpZXIgdG8gdHJhY2sgYW5kIGF1ZGl0IGxvZ3MgYWNyb3NzIHVwZ3JhZGVzIGluIHlvdXIgT3BlcmF0b3LigJFtYW5hZ2VkIGRlcGxveW1lbnRzLgoKIyMjIyMgRGlyZWN0LWFjY2VzcyBiYWNrdXBzOiBJbXByb3ZlZCBwZXJmb3JtYW5jZSBhbmQgcmVsaWFiaWxpdHkgd2l0aCBzaWRlY2FycyAodGVjaCBwcmV2aWV3KQoKQnkgZGVmYXVsdCwgdGhlIE9wZXJhdG9yIG1ha2VzIGJhY2t1cHMgdXNpbmcgdGhlIFNTVCBtZXRob2QuIFRoaXMgY3JlYXRlcyBhIHNlcGFyYXRlIGJhY2t1cCBQb2Qgd2l0aCBQZXJjb25hIFh0cmFCYWNrdXAsIHdoaWxlIHRoZSBkYXRhYmFzZSBub2RlIGVudGVycyBEb25vciBzdGF0ZSBhbmQgc3RvcHMgc2VydmluZyBjbGllbnQgcmVxdWVzdHMuIFNTVCBiYWNrdXBzIGNhbiBhbHNvIGZhaWwgd2l0aCBjcnlwdGljIG5ldHdvcmsgZXJyb3JzLCBtYWtpbmcgcm9vdCBjYXVzZSBhbmFseXNpcyBhbmQgcmVjb3ZlcnkgZGlmZmljdWx0LgoKU3RhcnRpbmcgd2l0aCB2ZXJzaW9uIDEuMTkuMCwgeW91IGNhbiBtYWtlIGJhY2t1cHMgdmlhIHRoZSBYdHJhQmFja3VwIHNpZGVjYXIgY29udGFpbmVyLiBUaGUgT3BlcmF0b3IgZGVwbG95cyBhIHNpZGVjYXIgd2l0aCBYdHJhQmFja3VwIGluc2lkZSBlYWNoIFBlcmNvbmEgWHRyYURCIENsdXN0ZXIgUG9kLiBUaGlzIHNpZGVjYXIgbWFrZXMgYSBiYWNrdXAgYW5kIHVwbG9hZHMgaXQgdG8gdGhlIHJlbW90ZSBiYWNrdXAgc3RvcmFnZS4gVGhlIGRhdGFiYXNlIFBvZCBkb2VzbuKAmXQgY2hhbmdlIGl0cyBzdGF0ZSB0byBEb25vciBhbmQga2VlcHMgYWNjZXB0aW5nIGNsaWVudCByZXF1ZXN0cy4KClVzaW5nIHRoZSBzaWRlY2FyIG1ldGhvZCBwcm92aWRlcyBhIGRpcmVjdCBhY2Nlc3MgdG8gZGF0YSB0aHVzIGJvb3N0aW5nIGJhY2t1cCBwZXJmb3JtYW5jZS4gVGhlIHNpZGVjYXIgY29udGFpbmVyIGNvbnN0YW50bHkgcnVucyBpbiB0aGUgZGF0YWJhc2UgUG9kLCBzbyB5b3UgaGF2ZSBjb25zdGFudCBhY2Nlc3MgdG8gbG9ncyBhbmQgc3RhdHVzLCB3aGljaCBzaW1wbGlmaWVzIHRyb3VibGVzaG9vdGluZy4KClRvIGVuYWJsZSB0aGUgWHRyYUJhY2t1cCBzaWRlY2FyIGNvbnRhaW5lciBiYWNrdXAgbWV0aG9kLCBzZXQgYFBYQ09fRkVBVFVSRV9HQVRFUz1YdHJhYmFja3VwU2lkZWNhcj10cnVlYCBlbnZpcm9ubWVudCB2YXJpYWJsZSBpbiB0aGUgT3BlcmF0b3IgRGVwbG95bWVudC4KVGhpcyBmdW5jdGlvbmFsaXR5IGlzIGluIHRoZSB0ZWNoIHByZXZpZXcgc3RhZ2UgYW5kIGN1cnJlbnRseSBzdXBwb3J0cyBvbmx5IGNsb3VkIHN0b3JhZ2VzLiBXZSBlbmNvdXJhZ2UgeW91IHRvIHRyeSBpdCBvdXQgaW4geW91ciB0ZXN0aW5nIG9yIHN0YWdpbmcgZW52aXJvbm1lbnRzIGFuZCBsZWF2ZSB5b3VyIGZlZWRiYWNrLgoKRnV0dXJlIGVuaGFuY2VtZW50cyBzdWNoIGFzIHN1cHBvcnQgb2YgUFZDIHZvbHVtZXMsIGJhY2t1cCBlbmNyeXB0aW9uIGFuZCBpbmNyZW1lbnRhbCBiYWNrdXBzIGFyZSBwbGFubmVkIGZvciBmdXR1cmUgcmVsZWFzZXMuCgpUbyBsZWFybiBtb3JlIGFib3V0IFh0cmFCYWNrdXAgc2lkZWNhciBjb250YWluZXIgYmFja3VwIG1ldGhvZCwgc2VlIG91ciBbZG9jdW1lbnRhdGlvbl0oaHR0cHM6Ly9kb2NzLnBlcmNvbmEuY29tL3BlcmNvbmEtb3BlcmF0b3ItZm9yLW15c3FsL3B4Yy9iYWNrdXBzLmh0bWwjeHRyYWJhY2t1cC1zaWRlY2FyLW1ldGhvZC10ZWNoLXByZXZpZXcpLgoKIyMjIyMgRW5zdXJlIG9ubHkgdXAgdG8gZGF0ZSBkYXRhIGlzIHNlcnZlZCBkdXJpbmcgYmFja3VwcwoKV2hlbiBhIG5vZGUgZG9uYXRlcyBkYXRhIGR1cmluZyBiYWNrdXBzIG9yIFNTVCwgaXQgZW50ZXJzIGludG8gdGhlIERPTk9SIHN0YXRlLiBBdCB0aGlzIHBvaW50LCB0aGUgbm9kZSBzaG91bGQgbm8gbG9uZ2VyIGhhbmRsZSBjbGllbnQgY29ubmVjdGlvbnMuIEhBUHJveHkncyBleHRlcm5hbCBjaGVjayBjb3JyZWN0bHkgYmxvY2tlZCBuZXcgY29ubmVjdGlvbnMgdG8gdGhlIERvbm9yIG5vZGUgYnV0IGFsbG93ZWQgZXhpc3Rpbmcgc2Vzc2lvbnMgdG8gcmVtYWluIGFjdGl2ZS4gVGhvc2UgbGluZ2VyaW5nIHNlc3Npb25zIGNvdWxkIHJldHVybiBzbG93IG9yIG91dGRhdGVkIHJlc3VsdHMuCgpUaGUgSEFQcm94eSBkZWZhdWx0IGNvbmZpZ3VyYXRpb24gbm93IGluY2x1ZGVzIHRoZSBgb24tbWFya2VkLWRvd24gc2h1dGRvd24tc2Vzc2lvbnNgIGRpcmVjdGl2ZS4gQXMgc29vbiBhcyBIQVByb3h5IG1hcmtzIGEgbm9kZSBhcyBkb3duLCBhbGwgYWN0aXZlIGNvbm5lY3Rpb25zIGFyZSBpbW1lZGlhdGVseSBjbG9zZWQgYW5kIGNsaWVudHMgcmVjb25uZWN0IHRvIHJlbWFpbmluZyBhY3RpdmUgbm9kZXMuIFRoaXMgZW5zdXJlcyB0aGF0IG9ubHkgZnJlc2gsIHVwIHRvIGRhdGUgZGF0YSBpcyBzZXJ2ZWQgZHVyaW5nIGJhY2t1cHMuCgojIyMjIyBBdXRvbWF0aWMgY2xlYW51cCBvZiBiYWNrdXAgYW5kIHJlc3RvcmUgSm9icyBhbmQgYXNzb2NpYXRlZCBQb2RzCgpUaGUgT3BlcmF0b3IgY3JlYXRlcyBhIGRlZGljYXRlZCBKb2IgYW5kIFBvZCBmb3IgZXZlcnkgYmFja3VwIGFuZCByZXN0b3JlIG9wZXJhdGlvbi4gUHJldmlvdXNseSwgdGhlc2UgSm9icyBhbmQgUG9kcyByZW1haW5lZCBpbiB0aGUgY2x1c3RlciBldmVuIGFmdGVyIHRoZSBvcGVyYXRpb24gd2FzIGZpbmlzaGVkLCBhbmQgeW91IGhhZCB0byBtYW51YWxseSBkZWxldGUgdGhlbSB0byBmcmVlIHVwIHJlc291cmNlcy4KCk5vdywgeW91IGNhbiBvZmZsb2FkIHRoaXMgdGFzayB0byB0aGUgT3BlcmF0b3IuIFNwZWNpZnkgYSB0aW1lLXRvLWxpdmUgKFRUTCkgZm9yIGJhY2t1cCBhbmQgcmVzdG9yZSBKb2JzIG9uY2UgdGhlIG9wZXJhdGlvbiBpcyBmaW5pc2hlZC4gV2hlbiB0aGUgVFRMIGV4cGlyZXMsIHRoZSBPcGVyYXRvciBhdXRvbWF0aWNhbGx5IGRlbGV0ZXMgdGhlIEpvYiBhbmQgaXRzIGFzc29jaWF0ZWQgUG9kLgoKTW9kaWZ5IHlvdXIgQ3VzdG9tIFJlc291cmNlIGFzIGZvbGxvd3M6CgpgYGB5YW1sCmJhY2t1cDoKICBpbWFnZTogcGVyY29uYWxhYi9wZXJjb25hLXh0cmFkYi1jbHVzdGVyLW9wZXJhdG9yOm1haW4tcHhjOC4wLWJhY2t1cAogIHR0bFNlY29uZHNBZnRlckZpbmlzaGVkOiAzNjAwCmBgYAoKVGhpcyBzZXR0aW5nIGlzIGdsb2JhbC4gSXQgYXBwbGllcyB0byBhbGwgb24tZGVtYW5kIGFuZCBzY2hlZHVsZWQgYmFja3VwcywgYW5kIGFsbCByZXN0b3Jlcy4KClRoZSBPcGVyYXRvciBhbHNvIGVuc3VyZXMgcmVsaWFiaWxpdHk6IGlmIGEgYmFja3VwIG9yIHJlc3RvcmUgdGFrZXMgbG9uZ2VyIHRoYW4gdGhlIGNvbmZpZ3VyZWQgVFRMLCBpdCBhcHBsaWVzIHRoZSBgaW50ZXJuYWwucGVyY29uYS5jb20va2VlcC1qb2JgIGZpbmFsaXplciB0byBhbGxvdyB0aGUgb3BlcmF0aW9uIHRvIGZpbmlzaC4gQWZ0ZXIgdGhlIG9wZXJhdGlvbiBjb21wbGV0ZXMgZWl0aGVyIHdpdGggdGhlIGBTdWNjZWVkZWRgIG9yIHRoZSBgRmFpbGVkYCBzdGF0dXMsIHRoZSBmaW5hbGl6ZXIgaXMgcmVtb3ZlZCBhbmQgdGhlIEpvYiBpcyBjbGVhbmVkIHVwLgoKVGhpcyBpbXByb3ZlbWVudCByZWR1Y2VzIG1hbnVhbCBtYWludGVuYW5jZSBvdmVyaGVhZCwgZ2l2ZXMgeW91IGNvbnRyb2wgb3ZlciB0aGUgcHJvY2Vzc2VzIGxpZmV0aW1lIGZvciBkZWJ1Z2dpbmcgb3IgYXVkaXRpbmcgcHVycG9zZXMgYW5kIGhlbHBzIGtlZXAgeW91ciBjbHVzdGVyIGhlYWx0aHkgYW5kIGVmZmljaWVudC4gQnkgcmVkdWNpbmcgdW5uZWNlc3NhcnkgcmVzb3VyY2UgYnVpbGR1cCwgeW91IGdhaW4gc21vb3RoZXIgb3BlcmF0aW9ucywgbG93ZXIgbWFpbnRlbmFuY2Ugb3ZlcmhlYWQgYW5kIGltcHJvdmVkIHJlbGlhYmlsaXR5IGluIHByb2R1Y3Rpb24gZW52aXJvbm1lbnRzLgoKIyMjIyMgSW1wcm92ZWQgYmFja3VwIGlkZW50aWZpY2F0aW9uIGZvciBwb2ludC1pbi10aW1lIHJlY292ZXJ5IHJlYWRpbmVzcwoKV2hlbiBhIGJhY2t1cCBjb250YWlucyBiaW5sb2cgZ2FwcywgdGhlIE9wZXJhdG9yIG5vdyBjcmVhdGVzIGEgYDxiYWNrdXAtbmFtZT4ucGl0ci1ub3QtcmVhZHlgIGZpbGUgaW4gdGhlIGJhY2t1cCBzdG9yYWdlLiBUaGlzIGZpbGUgbWFrZXMgaXQgZWFzeSB0byBpZGVudGlmeSB3aGljaCBiYWNrdXBzIGFyZSBhcHByb3ByaWF0ZSBmb3IgcG9pbnQgaW4gdGltZSByZWNvdmVyeSBib3RoIGluIHRoZSBzdG9yYWdlIGFuZCB3aGVuIGxpc3RpbmcgYmFja3VwIG9iamVjdHMuCgpCZWZvcmUgc3RhcnRpbmcgYSByZXN0b3JlLCB0aGUgT3BlcmF0b3IgY2hlY2tzIGZvciB0aGlzIG1hcmtlciBmaWxlIGFuZCBibG9ja3MgdW5zYWZlIHJlc3RvcmVzLCBwcm90ZWN0aW5nIHlvdSBmcm9tIGluY29tcGxldGUgcmVjb3ZlcnkgYXR0ZW1wdHMuIElmIG5lZWRlZCwgeW91IGNhbiBvdmVycmlkZSB0aGlzIHNhZmVndWFyZCBieSBhZGRpbmcgdGhlIGBwZXJjb25hLmNvbS91bnNhZmUtcGl0cmAgYW5ub3RhdGlvbiB0byB0aGUgUmVzdG9yZSBvYmplY3QuIFVzZSB0aGlzIG92ZXJyaWRlIHdpdGggY2F1dGlvbiwgYXMgdGhpcyBpcyBhbiB1bnNhZmUgY29uZmlndXJhdGlvbi4KCiMjIyMjIEF0dGFjaCBleHRlcm5hbCBQVkNzIGZvciBzaGFyZWQgZGF0YSBhY2Nlc3MgYWNyb3NzIGFwcGxpY2F0aW9ucyBhbmQgdGhlIGRhdGFiYXNlIGNsdXN0ZXIKClNvbWV0aW1lcyB5b3VyIGRhdGFiYXNlIG5lZWRzIG1vcmUgdGhhbiBpdHMgb3duIGludGVybmFsIHN0b3JhZ2UuIEZvciBleGFtcGxlLCBpdCBuZWVkcyBhY2Nlc3MgdG8gcmVmZXJlbmNlIGZpbGVzLCBzaGFyZWQgY29uZmlndXJhdGlvbiBmaWxlcyBvciBsb29rdXAgdGFibGVzIGdlbmVyYXRlZCBvdXRzaWRlIHRoZSBkYXRhYmFzZSBidXQgc3RpbGwgZXNzZW50aWFsIGZvciBxdWVyaWVzIGFuZCBwcm9jZWR1cmVzLgoKWW91IGNhbiBub3cgYXR0YWNoIGF1eGlsaWFyeSBwcmUtZXhpc3RpbmcgUFZDcyBhbmQgbW91bnQgdGhhdCBleHRlcm5hbCBkYXRhIGRpcmVjdGx5IGludG8geW91ciBkYXRhYmFzZSwgUHJveHlTUUwgb3IgSEFQcm94eSBwb2RzIGluIGEgY2xlYW4sIGRlY2xhcmF0aXZlIHdheSB1c2luZyB0aGUgQ3VzdG9tIFJlc291cmNlLgoKVGhpcyBleGFtcGxlIGNvbmZpZ3VyYXRpb24gc2hvd3MgaG93IHRvIGF0dGFjaCBleHRlcm5hbCBQVkMgdG8gdGhlIFh0cmFEQiBDbHVzdGVyIFBvZHM6CgpgYGB5YW1sCnB4YzoKICBleHRyYVBWQ3M6CiAgICAtIG5hbWU6IGV4dHJhLWRhdGEtdm9sdW1lCiAgICAgIGNsYWltTmFtZTogbXktZXh0cmEtc3RvcmFnZQogICAgICBtb3VudFBhdGg6IC92YXIvbGliL215c3FsLWV4dHJhCiAgICAgIHJlYWRPbmx5OiBmYWxzZQpgYGAKClRoaXMgaW1wcm92ZW1lbnQgZ2l2ZXMgeW91IGEgcmVsaWFibGUgd2F5IHRvIHNlcGFyYXRlIGludGVybmFsIGRhdGFiYXNlIHN0b3JhZ2UgZnJvbSBleHRlcm5hbCBkb21haW4gZGF0YSwgdXBkYXRlIHNoYXJlZCBkYXRhc2V0cyBpbmRlcGVuZGVudGx5LCBhbmQgc3RpbGwgYmVuZWZpdCBmcm9tIHRoZSBPcGVyYXRvcuKAmXMgYXV0b21hdGlvbiBhbmQgcmVzaWxpZW5jZS4KCiMjIyMjIEN1c3RvbWl6ZSBwYXNzd29yZCBnZW5lcmF0aW9uIGJ5IHRoZSBPcGVyYXRvcgoKQnkgZGVmYXVsdCwgdGhlIE9wZXJhdG9yIGdlbmVyYXRlcyB1c2VyIHBhc3N3b3JkcyB1c2luZyBhbHBoYW51bWVyaWMgY2hhcmFjdGVycyBwbHVzIGEgc2V0IG9mIHNwZWNpYWwgc3ltYm9scy4gU29tZSB0b29scyBzdWNoIGFzIE15U1FMIFByb21ldGhldXMgRXhwb3J0ZXIgb3IgbXlzcWxzaCBkb24ndCBzdXBwb3J0IGNlcnRhaW4gc3ltYm9scywgd2hpY2ggY2FuIG1ha2UgdGhvc2UgcGFzc3dvcmRzIGludmFsaWQuCgpUbyBpbXByb3ZlIGNvbXBhdGliaWxpdHkgYW5kIHVzZXIgZXhwZXJpZW5jZSwgeW91IGNhbiBub3cgY3VzdG9taXplIHBhc3N3b3JkIGdlbmVyYXRpb24gcGFyYW1ldGVycyBpbiB0aGUgQ3VzdG9tIFJlc291cmNlOgoKYGBgeWFtbApzcGVjOgogcGFzc3dvcmRHZW5lcmF0aW9uT3B0aW9uczoKICAgc3ltYm9sczogIiEjJCUmKCkqKywtLjw9Pj9AJiM4MjAzO1tdXl97fX4iCiAgIG1heExlbmd0aDogMjAKICAgbWluTGVuZ3RoOiAxNgpgYGAKClRoaXMgZW5oYW5jZW1lbnQgbGV0cyB5b3Uga2VlcCB0aGUgY29udmVuaWVuY2Ugb2YgYXV0b21hdGVkIHBhc3N3b3JkIGdlbmVyYXRpb24gYW5kIGF0IHRoZSBzYW1lIHRpbWUgZW5zdXJlIGNvbXBsaWFuY2Ugd2l0aCB0aGUgdG9vbHMgYW5kIGVudmlyb25tZW50cyB5b3UgaW50ZWdyYXRlIHdpdGggdGhlIE9wZXJhdG9yLgoKIyMjIyMgQ29uZmlndXJlIG1lbW9yeSBhbGxvY2F0b3IgaW4gdGhlIE9wZXJhdG9yCgpCeSBkZWZhdWx0LCBQZXJjb25hIE9wZXJhdG9yIGZvciBYdHJhREIgQ2x1c3RlciB1c2VzIHRoZSBzeXN0ZW0gYWxsb2NhdG9yIChgbGliY2ApIHRvIG1hbmFnZSBtZW1vcnkuIFdoaWxlIHRoaXMgd29ya3MgZm9yIG1vc3QgY2FzZXMsIGFsdGVybmF0aXZlIGFsbG9jYXRvcnMgc3VjaCBhcyBgamVtYWxsb2NgIGFuZCBgdGNtYWxsb2NgIGNhbiBpbXByb3ZlIHBlcmZvcm1hbmNlIGFuZCByZWR1Y2UgZnJhZ21lbnRhdGlvbiBpbiBoaWdoLXRyYWZmaWMgd29ya2xvYWRzLgoKVG8gaGF2ZSBtb3JlIGZsZXhpYmlsaXR5LCB5b3UgY2FuIG5vdyBjb25maWd1cmUgdGhlIG1lbW9yeSBhbGxvY2F0b3IgZGlyZWN0bHkgaW4gdGhlIEN1c3RvbSBSZXNvdXJjZToKCmBgYHlhbWwKc3BlYzoKICAgcHhjOgogICAgIG15c3FsQWxsb2NhdG9yOiBqZW1hbGxvYwpgYGAKClN1cHBvcnRlZCB2YWx1ZXMgYXJlOgoKLSBgamVtYWxsb2NgCi0gYHRjbWFsbG9jYAotIGBsaWJjYCAoZGVmYXVsdCwgdXNlZCB3aGVuIG5vIHZhbHVlIGlzIHNldCkKCklmIHlvdSBoYXZlIGFscmVhZHkgY29uZmlndXJlZCB0aGUgbWVtb3J5IGFsbG9jYXRvciB2aWEgdGhlIGVudmlyb25tZW50IHZhcmlhYmxlLCB0aGUgT3BlcmF0b3Igd2lsbCByZXNwZWN0IHRoYXQgc2V0dGluZyBhbmQgdXNlIGl0IGluc3RlYWQgb2YgdGhlIEN1c3RvbSBSZXNvdXJjZSB2YWx1ZS4KClRoaXMgZW5oYW5jZW1lbnQgbGV0cyB5b3UgZmluZS10dW5lIG1lbW9yeSBtYW5hZ2VtZW50IGZvciB5b3VyIGNsdXN0ZXIgd2hpbGUga2VlcGluZyBjb21wYXRpYmlsaXR5IHdpdGggZXhpc3RpbmcgY29uZmlndXJhdGlvbnMuCgojIyMjIyBEZXByZWNhdGlvbiwgcmVuYW1lLCByZW1vdmFsCgoqKlJlbW92ZWQgaW4gMS4xOS4wOioqCgotIGBwcm94eXNxbC5yZWFkaW5lc3NEZWxheVNlY2AgYW5kIGBwcm94eXNxbC5saXZlbmVzc0RlbGF5U2VjYCBmaWVsZHMgYXJlIHJlbW92ZWQgYXMgcmVkdW5kYW50CgoqKkRlcHJlY2F0ZWQgKHdpbGwgYmUgcmVtb3ZlZCBpbiAxLjIyLjApOioqCgotIGBweGMubGl2ZW5lc3NEZWxheVNlY2AuIFVzZSBbYHB4Yy5saXZlbmVzc1Byb2Jlcy5pbml0aWFsRGVsYXlTZWNvbmRzYF0oaHR0cHM6Ly9kb2NzLnBlcmNvbmEuY29tL3BlcmNvbmEtb3BlcmF0b3ItZm9yLW15c3FsL3B4Yy9vcGVyYXRvci5odG1sI3B4Y2xpdmVuZXNzcHJvYmVzaW5pdGlhbGRlbGF5c2Vjb25kcykKLSBgcHhjLnJlYWRpbmVzc0RlbGF5U2VjYC4gVXNlIFtgcHhjLnJlYWRpbmVzc1Byb2Jlcy5pbml0aWFsRGVsYXlTZWNvbmRzYF0oaHR0cHM6Ly9kb2NzLnBlcmNvbmEuY29tL3BlcmNvbmEtb3BlcmF0b3ItZm9yLW15c3FsL3B4Yy9vcGVyYXRvci5odG1sI3B4Y3JlYWRpbmVzc3Byb2Jlc2luaXRpYWxkZWxheXNlY29uZHMpCi0gYGhhcHJveHkubGl2ZW5lc3NEZWxheVNlY2AuIFVzZSBbYGhhcHJveHkubGl2ZW5lc3NQcm9iZXMuaW5pdGlhbERlbGF5U2Vjb25kc2BdKGh0dHBzOi8vZG9jcy5wZXJjb25hLmNvbS9wZXJjb25hLW9wZXJhdG9yLWZvci1teXNxbC9weGMvb3BlcmF0b3IuaHRtbCNoYXByb3h5bGl2ZW5lc3Nwcm9iZXNpbml0aWFsZGVsYXlzZWNvbmRzKQotIGBoYXByb3h5LnJlYWRpbmVzc0RlbGF5U2VjYC4gVXNlIFtgaGFwcm94eS5yZWFkaW5lc3NQcm9iZXMuaW5pdGlhbERlbGF5U2Vjb25kc2BdKGh0dHBzOi8vZG9jcy5wZXJjb25hLmNvbS9wZXJjb25hLW9wZXJhdG9yLWZvci1teXNxbC9weGMvb3BlcmF0b3IuaHRtbCNoYXByb3h5cmVhZGluZXNzcHJvYmVzaW5pdGlhbGRlbGF5c2Vjb25kcykKCiMjIyMjIENoYW5nZWxvZwoKIyMjIyMgTmV3IEZlYXR1cmVzCgotIFtLOFNQWEMtMTMzMl0oaHR0cHM6Ly9wZXJjb25hZGV2LmF0bGFzc2lhbi5uZXQvYnJvd3NlL0s4U1BYQy0xMzMyKSAtIEFkZGVkIHRoZSBhYmlsaXR5IHRvIGxvYWQgY3VzdG9tIFNTTCBjZXJ0aWZpY2F0ZXMgZm9yIGJhY2t1cCBvcGVyYXRpb25zIHRvIFMzIHN0b3JhZ2UuIFRoaXMgZW5hYmxlcyBzZWN1cmUgY29tbXVuaWNhdGlvbiB3aXRoIFMzLWNvbXBhdGlibGUgc3RvcmFnZSB1c2luZyB0aGUgY2VydGlmaWNhdGVzIGFwcHJvdmVkIGFuZCB0cnVzdGVkIGJ5IHlvdXIgY29tcGFueSAoVGhhbmsgeW91IEF6YW0gQWJkb2VsYmFzaWVyIGZvciBzdWJtaXR0aW5nIHRoaXMgcmVxdWVzdCkuCi0gW0s4U1BYQy0xNDk0XShodHRwczovL3BlcmNvbmFkZXYuYXRsYXNzaWFuLm5ldC9icm93c2UvSzhTUFhDLTE0OTQpIC0gQWRkZWQgdGhlIGFiaWxpdHkgdG8gY29uZmlndXJlIHRoZSBkdXJhdGlvbiBvZiBUTFMgY2VydGlmaWNhdGVzIGNyZWF0ZWQgYnkgYGNlcnQtbWFuYWdlcmAuIFRoaXMgYWxsb3dzIHVzZXJzIHRvIGN1c3RvbWl6ZSBjZXJ0aWZpY2F0ZSBsaWZlY3ljbGVzIHRvIG1lZXQgdGhlaXIgc3BlY2lmaWMgc2VjdXJpdHkgcmVxdWlyZW1lbnRzLgotIFtLOFNQWEMtMTU3Nl0oaHR0cHM6Ly9wZXJjb25hZGV2LmF0bGFzc2lhbi5uZXQvYnJvd3NlL0s4U1BYQy0xNTc2KSAtIEFkZGVkIHRoZSBhYmlsaXR5IHRvIHVzZSB0aGUgWHRyYUJhY2t1cCBzaWRlY2FyIGNvbnRhaW5lciBpbnN0ZWFkIG9mIFNTVCBmb3IgY3JlYXRpbmcgYmFja3Vwcy4gVGhpcyBwcm92aWRlcyBhbiBhbHRlcm5hdGl2ZSwgcG90ZW50aWFsbHkgbW9yZSBlZmZpY2llbnQgYmFja3VwIG1ldGhvZC4KLSBbSzhTUFhDLTE2ODhdKGh0dHBzOi8vcGVyY29uYWRldi5hdGxhc3NpYW4ubmV0L2Jyb3dzZS9LOFNQWEMtMTY4OCkgLSBBZGRlZCBhYmlsaXR5IHRvIG1vdW50IHByZS1leGlzdGluZyBhdXhpbGlhcnkgUFZDcyBhcyB2b2x1bWVzIHRvIGRhdGFiYXNlIGFuZCBwcm94eSBwb2RzLiBUaGlzIGZhY2lsaXRhdGVzIGVhc2llciBpbnRlZ3JhdGlvbiB3aXRoIGV4dGVybmFsIGRhdGEgYW5kIHN0b3JhZ2UgcmVzb3VyY2VzIChUaGFuayB5b3UgRW1pbiBBS1RBUyBmb3Igc3VibWl0dGluZyB0aGUgcmVxdWVzdCBhbmQgY29udHJpYnV0aW5nIHRvIGl0KS4KLSBbSzhTUFhDLTE3MzNdKGh0dHBzOi8vcGVyY29uYWRldi5hdGxhc3NpYW4ubmV0L2Jyb3dzZS9LOFNQWEMtMTczMykgLSBBZGRlZCB0aGUgYWJpbGl0eSB0byBjdXN0b21pemUgcGFzc3dvcmQgZ2VuZXJhdGlvbiBwYXJhbWV0ZXJzLCBzdWNoIGFzIGxlbmd0aCBhbmQgY2hhcmFjdGVyIHNldHMgdmlhIHRoZSBDdXN0b20gUmVzb3VyY2UuIFRoaXMgZW5zdXJlcyBzbW9vdGggb3BlcmF0aW9uIG9mIHRoZSB0b29scyB3aXRoIHNwZWNpZmljIHJlcXVpcmVtZW50cyB0b3dhcmRzIHBhc3N3b3JkIGFuZCBsZXZlcmFnZXMgdGhlIGF1dG9tYXRpYyBwYXNzd29yZCBnZW5lcmF0aW9uIG9mIHRoZSBPcGVyYXRvciAoVGhhbmsgeW91IHVzZXIgZnlkcmFoIGZvciBzdWJtaXR0aW5nIHRoZSByZXF1ZXN0IGFuZCBjb250cmlidXRpbmcgdG8gaXQpLgotIFtLOFNQWEMtMTczNF0oaHR0cHM6Ly9wZXJjb25hZGV2LmF0bGFzc2lhbi5uZXQvYnJvd3NlL0s4U1BYQy0xNzM0KSAtIEludHJvZHVjZWQgY29uZmlndXJhYmxlIEhBUHJveHkgYmFja2VuZCBoZWFsdGggY2hlY2sgcGFyYW1ldGVycyB0aGF0IGNhbiBiZSB0dW5lZCB3aXRob3V0IG92ZXJyaWRpbmcgdGhlIGVudGlyZSBjb25maWd1cmF0aW9uLiBUaGlzIHNpbXBsaWZpZXMgcGVyZm9ybWFuY2UgdHVuaW5nIGZvciBoaWdoLWF2YWlsYWJpbGl0eSBzZXR1cHMgKFRoYW5rIHlvdSBUaW0gU3Rvb3AgZm9yIHN1Ym1pdHRpbmcgdGhlIHJlcXVlc3QgYW5kIGNvbnRyaWJ1dGluZyB0byBpdCkuCgojIyMjIyBJbXByb3ZlbWVudHMKCi0gW0s4U1BYQy03MzVdKGh0dHBzOi8vcGVyY29uYWRldi5hdGxhc3NpYW4ubmV0L2Jyb3dzZS9LOFNQWEMtNzM1KSAtIEFkZGVkIHRoZSBzdXBwb3J0IG9mIHRoZSBgcHhjX3NjaGVkdWxlcl9oYW5kbGVyYCBQcm94eVNRTCBzY2hlZHVsZXIgZm9yIFNRTC1hd2FyZSByb3V0aW5nIGFuZCBlZmZlY3RpdmUgcmVhZC93cml0ZSBzcGxpdHRpbmcuIFRoaXMgYWxsb3dzIGZvciBiZXR0ZXIgdXRpbGl6YXRpb24gb2YgcmVzb3VyY2VzIGJ5IGRpc3RyaWJ1dGluZyByZWFkLW9ubHkgdHJhZmZpYyBhY3Jvc3MgdGhlIGVudGlyZSBjbHVzdGVyIHdoaWxlIHJvdXRpbmcgd3JpdGUgcmVxdWVzdHMgb25seSB0byB0aGUgd3JpdGVyIG5vZGUuCi0gW0s4U1BYQy05OTJdKGh0dHBzOi8vcGVyY29uYWRldi5hdGxhc3NpYW4ubmV0L2Jyb3dzZS9LOFNQWEMtOTkyKSAtIEltcHJvdmVkIGJpbmxvZyBuYW1pbmcgdG8gcHJldmVudCBwb3RlbnRpYWwgY29sbGlzaW9ucyBiZXR3ZWVuIGRpZmZlcmVudCBjb2xsZWN0b3JzLiBUaGUgdXBkYXRlZCBuYW1pbmcgY29udmVudGlvbiBlbnN1cmVzIHVuaXF1ZSBhbmQgY29uc2lzdGVudCBpZGVudGlmaWNhdGlvbiBvZiBiaW5hcnkgbG9nIGZpbGVzIGluIHN0b3JhZ2UuCi0gW0s4U1BYQy0xMTQ0XShodHRwczovL3BlcmNvbmFkZXYuYXRsYXNzaWFuLm5ldC9icm93c2UvSzhTUFhDLTExNDQpIC0gSW50cm9kdWNlZCBhIG1lY2hhbmlzbSB0byBtYXJrIFMzIGJhY2t1cHMgYXMgUElUUi11bnJlYWR5IGlmIGJpbmxvZyBnYXBzIGFyZSBkZXRlY3RlZC4gVGhpcyBwcmV2ZW50cyB1c2VycyBmcm9tIGF0dGVtcHRpbmcgaW52YWxpZCBwb2ludC1pbi10aW1lIHJlY292ZXJpZXMgdXNpbmcgaW5jb25zaXN0ZW50IGJhY2t1cHMuCi0gW0s4U1BYQy0xMjE0XShodHRwczovL3BlcmNvbmFkZXYuYXRsYXNzaWFuLm5ldC9icm93c2UvSzhTUFhDLTEyMTQpIC0gQWRkZWQgYW4gb3B0aW9uIHRvIGF1dG9tYXRpY2FsbHkgY2xlYW4gdXAgY29tcGxldGVkIGJhY2t1cCBhbmQgcmVzdG9yZSBqb2JzIGFuZCB0aGVpciBhc3NvY2lhdGVkIHBvZHMuIFRoaXMgaW1wcm92ZW1lbnQgaGVscHMgcmVkdWNlIHByZXNzdXJlIG9uIHRoZSBLdWJlcm5ldGVzIEFQSSBieSByZW1vdmluZyBzdGFsZSByZXNvdXJjZXMgKFRoYW5rIHlvdSBBbGV4YW5kcmUgQmFydGggZm9yIHJlcG9ydGluZyB0aGlzIGlzc3VlKS4KLSBbSzhTUFhDLTEzMTldKGh0dHBzOi8vcGVyY29uYWRldi5hdGxhc3NpYW4ubmV0L2Jyb3dzZS9LOFNQWEMtMTMxOSkgLSBFbmhhbmNlZCB0aGUgb3BlcmF0b3IgdG8gc3VwcG9ydCBydW5uaW5nIG11bHRpcGxlIGJhY2t1cCByZXN0b3JlcyBmb3IgZGlmZmVyZW50IGNsdXN0ZXJzIGluIHBhcmFsbGVsLiBUaGlzIHJlbW92ZXMgYSBwcmV2aW91cyBsaW1pdGF0aW9uIHRoYXQgYmxvY2tlZCBjb25jdXJyZW50IHJlc3RvcmUgb3BlcmF0aW9ucyBhY3Jvc3MgdGhlIGVudmlyb25tZW50LgotIFtLOFNQWEMtMTMyN10oaHR0cHM6Ly9wZXJjb25hZGV2LmF0bGFzc2lhbi5uZXQvYnJvd3NlL0s4U1BYQy0xMzI3KSAtIEFkZGVkIHRoZSBhYmlsaXR5IHRvIGNoYW5nZSB0aGUgbWVtb3J5IGFsbG9jYXRvciBmb3IgTXlTUUwgdG8gaW1wcm92ZSBtZW1vcnkgbWFuYWdlbWVudCBlZmZpY2llbmN5LiBUaGlzIGNoYW5nZSBoZWxwcyBvcHRpbWl6ZSB0aGUgb3ZlcmFsbCBtZW1vcnkgZm9vdHByaW50IG9mIFBYQyBwb2RzLgotIFtLOFNQWEMtMTM3M10oaHR0cHM6Ly9wZXJjb25hZGV2LmF0bGFzc2lhbi5uZXQvYnJvd3NlL0s4U1BYQy0xMzczKSAtIEltcHJvdmVkIGNvcmUgZHVtcCBoYW5kbGluZyB0byBlbnN1cmUgdGhhdCBjcmFzaGVkIGluc3RhbmNlcyBjYW4gcmVjb3ZlciBtb3JlIHJlbGlhYmx5IGFmdGVyIGFuIFNTVC4gVGhpcyBlbmhhbmNlbWVudCBhaWRzIGluIGRpYWdub3NpbmcgYW5kIHJlY292ZXJpbmcgZnJvbSB1bmV4cGVjdGVkIHNlcnZlciBmYWlsdXJlcy4KLSBbSzhTUFhDLTE0MzFdKGh0dHBzOi8vcGVyY29uYWRldi5hdGxhc3NpYW4ubmV0L2Jyb3dzZS9LOFNQWEMtMTQzMSkgLSBJbXByb3ZlZCB0aGUgZGVsZXRlLWJhY2t1cCBmaW5hbGl6ZXIgbG9naWMgdG8gY29ycmVjdGx5IGhhbmRsZSB0aGUgZGVsZXRpb24gb2Ygb24tZGVtYW5kIGJhY2t1cCBQVkNzLgotIFtLOFNQWEMtMTQ3MF0oaHR0cHM6Ly9wZXJjb25hZGV2LmF0bGFzc2lhbi5uZXQvYnJvd3NlL0s4U1BYQy0xNDcwKSAtIEFkZGVkIHRoZSBhYmlsaXR5IHRvIHN3aXRjaCBiZXR3ZWVuIEhBUHJveHkgYW5kIFByb3h5U1FMIHdpdGhpbiBhbiBleGlzdGluZyBjbHVzdGVyLiBUaGlzIHByb3ZpZGVzIHVzZXJzIHdpdGggbW9yZSBmbGV4aWJpbGl0eSB0byBjaGFuZ2UgdGhlaXIgbG9hZC1iYWxhbmNpbmcgc29sdXRpb24gYXMgdGhlaXIgbmVlZHMgZXZvbHZlLgotIFtLOFNQWEMtMTUxMV0oaHR0cHM6Ly9wZXJjb25hZGV2LmF0bGFzc2lhbi5uZXQvYnJvd3NlL0s4U1BYQy0xNTExKSAtIEFkZGVkIHRoZSBzdXBwb3J0IG9mIGRhdGEgYXQgcmVzdCBlbmNyeXB0aW9uIGZvciBQZXJjb25hIFh0cmFEQiBDbHVzdGVyIDguNCB2aWEgdGhlIGBrZXlyaW5nIHZhdWx0YCBjb21wb25lbnQuIFRoaXMgY2hhbmdlIGVuc3VyZXMgY29tcGF0aWJpbGl0eSB3aXRoIHRoZSBsYXRlc3Qgc2VjdXJpdHkgYXJjaGl0ZWN0dXJlIG9mIE15U1FMIDguNC4KLSBbSzhTUFhDLTE1MjVdKGh0dHBzOi8vcGVyY29uYWRldi5hdGxhc3NpYW4ubmV0L2Jyb3dzZS9LOFNQWEMtMTUyNSkgLSBEZXByZWNhdGVkIGBweGMubGl2ZW5lc3NEZWxheVNlY2Agb3B0aW9uIGluIGZhdm9yIG9mIG1vcmUgY29uc2lzdGVudCBsaXZlbmVzcyBwcm9iZSBwYXJhbWV0ZXJzLiBUaGUgT3BlcmF0b3Igbm93IHByaW9yaXRpemVzIHN0YW5kYXJkIHByb2JlIGNvbmZpZ3VyYXRpb25zIHRvIG1hbmFnZSBQb2QgbGlmZWN5Y2xlLgotIFtLOFNQWEMtMTU2OF0oaHR0cHM6Ly9wZXJjb25hZGV2LmF0bGFzc2lhbi5uZXQvYnJvd3NlL0s4U1BYQy0xNTY4KSAtIFVwZGF0ZWQgdGhlIE9wZXJhdG9yJ3MgcGFzc3dvcmQgZ2VuZXJhdGlvbiBsb2dpYyB0byBwcmV2ZW50IHRoZSAnXConIGNoYXJhY3RlciBmcm9tIGJlaW5nIHVzZWQgYXMgdGhlIGZpcnN0IGNoYXJhY3Rlci4gVGhpcyBhdm9pZHMgcG90ZW50aWFsIGlzc3VlcyB3aXRoIGNlcnRhaW4gYXV0aGVudGljYXRpb24gcGx1Z2lucyBhbmQgY29tbWFuZC1saW5lIHRvb2xzLgotIFtLOFNQWEMtMTU5NF0oaHR0cHM6Ly9wZXJjb25hZGV2LmF0bGFzc2lhbi5uZXQvYnJvd3NlL0s4U1BYQy0xNTk0KSAtIEltcHJvdmVkIHRoZSBkYXRhYmFzZSB1cGdyYWRlIGxvZ2ljIHRvIHByZXZlbnQgdGhlIGNvbnRyb2xsZXIgZnJvbSBiZWluZyBibG9ja2VkIGR1cmluZyB0aGUgb3BlcmF0aW9uLiBUaGlzIGVuc3VyZXMgdGhhdCB0aGUgT3BlcmF0b3IgcmVtYWlucyByZXNwb25zaXZlIHRvIG90aGVyIGNsdXN0ZXIgY2hhbmdlcyB3aGlsZSBhbiB1cGdyYWRlIGlzIGluIHByb2dyZXNzLgotIFtLOFNQWEMtMTYyOF0oaHR0cHM6Ly9wZXJjb25hZGV2LmF0bGFzc2lhbi5uZXQvYnJvd3NlL0s4U1BYQy0xNjI4KSAtIEFkZGVkIHN1cHBvcnQgZm9yIGB0Y21hbGxvY2AgYXMgYW4gYWx0ZXJuYXRpdmUgbWVtb3J5IGFsbG9jYXRvciBpbiBQWEMgaW1hZ2VzLiBUaGlzIGdpdmVzIHVzZXJzIGFkZGl0aW9uYWwgb3B0aW9ucyB0byB0dW5lIGFuZCByZWR1Y2UgdGhlIG1lbW9yeSBmb290cHJpbnQgb2YgdGhlaXIgZGF0YWJhc2Ugd29ya2xvYWRzLgotIFtLOFNQWEMtMTY0N10oaHR0cHM6Ly9wZXJjb25hZGV2LmF0bGFzc2lhbi5uZXQvYnJvd3NlL0s4U1BYQy0xNjQ3KSAtIEltcGxlbWVudGVkIGV4dGVuZGVkIGV4aXQgY29kZXMgZm9yIGdhcmJkIHRvIHByb3ZpZGUgYmV0dGVyIGRpYWdub3N0aWMgaW5mb3JtYXRpb24gZm9yIGRpZmZlcmVudCBmYWlsdXJlIHNjZW5hcmlvcy4gVGhpcyBoZWxwcyB1c2VycyBpZGVudGlmeSB0aGUgcm9vdCBjYXVzZSBvZiBTU1QgYW5kIGpvaW5pbmcgaXNzdWVzIGZhc3Rlci4KLSBbSzhTUFhDLTE2NjhdKGh0dHBzOi8vcGVyY29uYWRldi5hdGxhc3NpYW4ubmV0L2Jyb3dzZS9LOFNQWEMtMTY2OCkgLSBBZGRlZCBzdXBwb3J0IGZvciBQcm94eVNRTCAzLCBwcm92aWRpbmcgdXNlcnMgd2l0aCBhY2Nlc3MgdG8gdGhlIGxhdGVzdCBmZWF0dXJlcyBhbmQgcGVyZm9ybWFuY2UgaW1wcm92ZW1lbnRzIG9mIHRoZSBsb2FkIGJhbGFuY2VyLgotIFtLOFNQWEMtMTY4M10oaHR0cHM6Ly9wZXJjb25hZGV2LmF0bGFzc2lhbi5uZXQvYnJvd3NlL0s4U1BYQy0xNjgzKSAtIEV4cGFuZGVkIHNtYXJ0IHVwZGF0ZSB0ZXN0cyB0byBpbmNsdWRlIFBYQyA4LjQgYW5kIFBNTSAzLCBlbnN1cmluZyBzdGFibGUgdXBncmFkZSBwYXRocyBmb3IgdGhlIGxhdGVzdCB2ZXJzaW9ucy4KLSBbSzhTUFhDLTE3MDNdKGh0dHBzOi8vcGVyY29uYWRldi5hdGxhc3NpYW4ubmV0L2Jyb3dzZS9LOFNQWEMtMTcwMykgLSBBZGRlZCB0aGUgc3VwcG9ydCBvZiB0aGUgYGdlbmVyYXRlRW1iZWRkZWRPYmplY3RNZXRhYCBvcHRpb24sIGltcHJvdmluZyB0aGUgdGVtcGxhdGUgaGFuZGxpbmcgZm9yIHNpZGVjYXJzIGFuZCBleHRyYSBQVkNzIChUaGFuayB5b3UgRW1pbiBBS1RBUyBmb3IgcmVwb3J0aW5nIGFuZCBjb250cmlidXRpbmcgdG8gdGhpcyBpc3N1ZSkuCi0gW0s4U1BYQy0xNzQ4XShodHRwczovL3BlcmNvbmFkZXYuYXRsYXNzaWFuLm5ldC9icm93c2UvSzhTUFhDLTE3NDgpIC0gRWxpbWluYXRlZCBydW50aW1lIENSRUFURSBGVU5DVElPTiBzdGF0ZW1lbnRzIGluIHRoZSBQSVRSIGNvbGxlY3RvciB0byBhdm9pZCB1bm5lY2Vzc2FyeSBHYWxlcmEgVE9JIChUb3RhbCBPcmRlciBJc29sYXRpb24pIGV2ZW50cy4gVGhpcyByZWR1Y2VzIHRoZSBwZXJmb3JtYW5jZSBpbXBhY3Qgb24gdGhlIGNsdXN0ZXIgd2hlbiB0aGUgUElUUiBzaWRlY2FyIHN0YXJ0cyBvciByZXN0YXJ0cy4KCiMjIyMjIEJ1Z3MgRml4ZWQKCi0gW0s4U1BYQy05MjZdKGh0dHBzOi8vcGVyY29uYWRldi5hdGxhc3NpYW4ubmV0L2Jyb3dzZS9LOFNQWEMtOTI2KSAtIEZpeGVkIGFuIGlzc3VlIHdoZXJlIGEgZmFpbGVkIHNtYXJ0IHVwZGF0ZSBvbiBvbmUgY2x1c3RlciBjb3VsZCBibG9jayB0aGUgT3BlcmF0b3IgZnJvbSBtYW5hZ2luZyBvdGhlciBjbHVzdGVycyBpbiBtdWx0aS1jbHVzdGVyIGVudmlyb25tZW50cy4gVGhlIGNvbnRyb2xsZXIgbm93IGhhbmRsZXMgdXBkYXRlIGZhaWx1cmVzIG1vcmUgZ3JhY2VmdWxseSB3aXRob3V0IGltcGFjdGluZyBpbmRlcGVuZGVudCByZXNvdXJjZXMuCi0gW0s4U1BYQy0xMzc5XShodHRwczovL3BlcmNvbmFkZXYuYXRsYXNzaWFuLm5ldC9icm93c2UvSzhTUFhDLTEzNzkpIC0gRml4ZWQgYW4gaXNzdWUgd2hlcmUgbW9uaXQgY29udGFpbmVyIHJlc291cmNlIHZhbHVlcyBpbiBQcm94eVNRTCBwb2RzIGRpZCBub3QgY29ycmVjdGx5IHJlZmxlY3QgdGhlIHZhbHVlcyBzcGVjaWZpZWQgaW4gdGhlIFBYQyBjbHVzdGVyIGRlZmluaXRpb24uIFRoZSBvcGVyYXRvciBub3cgZW5zdXJlcyB0aGF0IFByb3h5U1FMIHJlc291cmNlIGF0dHJpYnV0ZXMgYXJlIHByb3Blcmx5IGFwcGxpZWQgdG8gdGhlIG1vbml0b3Jpbmcgc2lkZWNhciBjb250YWluZXJzLgotIFtLOFNQWEMtMTQyNF0oaHR0cHM6Ly9wZXJjb25hZGV2LmF0bGFzc2lhbi5uZXQvYnJvd3NlL0s4U1BYQy0xNDI0KSAtIFJlc29sdmVkIGEgY2VydGlmaWNhdGUgcmVuZXdhbCBpc3N1ZSB3aGVyZSBDQSBjZXJ0aWZpY2F0ZXMgaW4gVExTIHNlY3JldHMgY291bGQgZXhwaXJlIGJlZm9yZSBzZXJ2ZXIgY2VydGlmaWNhdGVzIHdlcmUgcmVuZXdlZC4gVGhlIE9wZXJhdG9yIGxvZ2ljIHdhcyB1cGRhdGVkIHRvIGFsaWduIHJlbmV3YWwgaW50ZXJ2YWxzIGZvciBDQSBhbmQgc2VydmVyIGNlcnRpZmljYXRlcyB3aGVuIHVzaW5nIGNlcnQtbWFuYWdlci4KLSBbSzhTUFhDLTE1ODFdKGh0dHBzOi8vcGVyY29uYWRldi5hdGxhc3NpYW4ubmV0L2Jyb3dzZS9LOFNQWEMtMTU4MSkgLSBDb3JyZWN0ZWQgdGhlIG9yZGVyIG9mIG9wdGlvbnMgaW4gdGhlIHJlc3RvcmUgcHJlcGFyZSBqb2IgdG8gZW5zdXJlIHRoYXQgYC0tZGVmYXVsdHMtZmlsZWAgaXMgcGFzc2VkIGFzIHRoZSBmaXJzdCBvcHRpb24gdG8geHRyYWJhY2t1cC4gVGhpcyBmaXggZW5zdXJlcyB0aGF0IGN1c3RvbSBjb25maWd1cmF0aW9uIGZpbGVzIGFyZSBjb3JyZWN0bHkgcHJpb3JpdGl6ZWQgZHVyaW5nIHRoZSByZXN0b3JlIHByb2Nlc3MuCi0gW0s4U1BYQy0xNjE3XShodHRwczovL3BlcmNvbmFkZXYuYXRsYXNzaWFuLm5ldC9icm93c2UvSzhTUFhDLTE2MTcpIC0gRml4ZWQgYSBiaW5sb2cgZ2FwIGlzc3VlIGluIFBvaW50LWluLVRpbWUgUmVjb3ZlcnkgKFBJVFIpIHRoYXQgY2F1c2VkIHJlcGVhdGVkIHRlc3QgZmFpbHVyZXMuIFVzZXJzIGFyZSBub3cgYWR2aXNlZCB0byBwZXJmb3JtIGEgZnVsbCBiYWNrdXAgYWZ0ZXIgZWFjaCBQSVRSIHJlc3RvcmUgdG8gZW5zdXJlIGRhdGEgY29uc2lzdGVuY3kgYW5kIHByZXZlbnQgZ2Fwcy4KLSBbSzhTUFhDLTE2MzJdKGh0dHBzOi8vcGVyY29uYWRldi5hdGxhc3NpYW4ubmV0L2Jyb3dzZS9LOFNQWEMtMTYzMikgLSBBZGRlZCBtaXNzaW5nIFNlY3VyaXR5Q29udGV4dCBjb25maWd1cmF0aW9ucyBmb3IgUHJveHlTUUwgc2lkZWNhciBjb250YWluZXJzIHRvIGVuaGFuY2UgcG9kIHNlY3VyaXR5LiBUaGlzIGNoYW5nZSBlbnN1cmVzIHRoYXQgYWxsIHNpZGVjYXJzIGZvbGxvdyB0aGUgZGVmaW5lZCBzZWN1cml0eSBzdGFuZGFyZHMgb2YgdGhlIGNsdXN0ZXIuCi0gW0s4U1BYQy0xNjU1XShodHRwczovL3BlcmNvbmFkZXYuYXRsYXNzaWFuLm5ldC9icm93c2UvSzhTUFhDLTE2NTUpIC0gRml4ZWQgYSBmYWlsdXJlIGluIHh0cmFiYWNrdXAgd2hlbiB1c2luZyBMWjQgY29tcHJlc3Npb24gb24gUkhFTDktYmFzZWQgUGVyY29uYSBYdHJhREIgQ2x1c3RlciBpbWFnZXMuIFRoZSBmaXggYWRkcmVzc2VzIGNvbXBhdGliaWxpdHkgaXNzdWVzIHdpdGggdGhlIGxhdGVzdCBjb21wcmVzc2lvbiBsaWJyYXJpZXMgaW4gdGhlIG9wZXJhdGluZyBzeXN0ZW0gZW52aXJvbm1lbnQuCi0gW0s4U1BYQy0xNjg2XShodHRwczovL3BlcmNvbmFkZXYuYXRsYXNzaWFuLm5ldC9icm93c2UvSzhTUFhDLTE2ODYpIC0gSW1wcm92ZWQgYmFja3VwIGVycm9yIGhhbmRsaW5nIHRvIGVuc3VyZSB0aGF0IHByb3ZpZGluZyBhbiBpbnZhbGlkIFBlcmNvbmEgWHRyYUJhY2t1cCBpbWFnZSByZXN1bHRzIGluIGEgZmFpbGVkIHN0YXR1cy4gQSBuZXcgdGltZW91dCBmaWVsZCB3YXMgaW50cm9kdWNlZCB0byBwcmV2ZW50IGJhY2t1cCBvYmplY3RzIGZyb20gaGFuZ2luZyBpbmRlZmluaXRlbHkgaW4gYSBzdGFydGluZyBzdGF0ZS4KLSBbSzhTUFhDLTE2ODddKGh0dHBzOi8vcGVyY29uYWRldi5hdGxhc3NpYW4ubmV0L2Jyb3dzZS9LOFNQWEMtMTY4NykgLSBGaXhlZCB0aGUgYGNvcHktYmFja3VwLnNoYCBzY3JpcHQgdG8gY29ycmVjdGx5IGhhbmRsZSBhbmQgY29weSBjbG91ZC1iYXNlZCBiYWNrdXBzIHN0b3JlZCBpbiBTMyBvciBBenVyZS4gVGhpcyBlbnN1cmVzIHRoYXQgdGhlIHV0aWxpdHkgc2NyaXB0IHdvcmtzIGNvbnNpc3RlbnRseSBhY3Jvc3MgYWxsIHN1cHBvcnRlZCBzdG9yYWdlIHR5cGVzLgotIFtLOFNQWEMtMTcwMV0oaHR0cHM6Ly9wZXJjb25hZGV2LmF0bGFzc2lhbi5uZXQvYnJvd3NlL0s4U1BYQy0xNzAxKSAtIEVuc3VyZWQgdGhhdCBNeVNRTCBjb25maWd1cmF0aW9ucyBhcmUgY29ycmVjdGx5IG1vdW50ZWQgdG8gdGhlIHJlc3RvcmUgcHJlcGFyZSBqb2IuIFRoaXMgZml4IGFsbG93cyB0aGUgcmVzdG9yZSBwcm9jZXNzIHRvIHVzZSBjdXN0b20gTXlTUUwgc2V0dGluZ3MgZGVmaW5lZCBpbiB0aGUgY2x1c3RlciAoVGhhbmsgeW91IEVtaW4gQUtUQVMgZm9yIHJlcG9ydGluZyBhbmQgY29udHJpYnV0aW5nIHRvIHRoaXMgaXNzdWUpLgotIFtLOFNQWEMtMTcwMl0oaHR0cHM6Ly9wZXJjb25hZGV2LmF0bGFzc2lhbi5uZXQvYnJvd3NlL0s4U1BYQy0xNzAyKSAtIEFkZGVkIHRoZSBhYmlsaXR5IHRvIG92ZXJyaWRlIHRpbWUgem9uZXMgZm9yIGJhY2t1cCBqb2JzLiBUaGlzIHJlc29sdmVzIGlzc3VlcyB3aGVyZSB0aW1lLWRlcGVuZGVudCBvcGVyYXRpb25zIGNvdWxkIGZhaWwgZHVlIHRvIG1pc3NpbmcgdGltZXpvbmUgZGVmaW5pdGlvbnMgKFRoYW5rIHlvdSBFbWluIEFLVEFTIGZvciByZXBvcnRpbmcgYW5kIGNvbnRyaWJ1dGluZyB0byB0aGlzIGlzc3VlKS4KLSBbSzhTUFhDLTE3MjFdKGh0dHBzOi8vcGVyY29uYWRldi5hdGxhc3NpYW4ubmV0L2Jyb3dzZS9LOFNQWEMtMTcyMSkgLSBBZGRlZCBhIHNsZWVwIGludGVydmFsIHRvIHRoZSByZWNvdmVyeSBsb29wIHRvIHByZXZlbnQgaGlnaCBDUFUgdXNhZ2Ugc3Bpa2VzIHdoZW4gY29udGFpbmVycyByZXN0YXJ0LgotIFtLOFNQWEMtMTcyNV0oaHR0cHM6Ly9wZXJjb25hZGV2LmF0bGFzc2lhbi5uZXQvYnJvd3NlL0s4U1BYQy0xNzI1KSAtIEZpeGVkIGEgY29uZGl0aW9uIHdoZXJlIGEgY2x1c3RlciBjb3VsZCByZXR1cm4gc3RhbGxlZCBkYXRhIGR1cmluZyBhIGJhY2t1cCBvciBTU1Qgb3BlcmF0aW9uIGJ5IGFkZGluZyB0aGUgb24tbWFya2VkLWRvd24gc2h1dGRvd24tc2Vzc2lvbnMgZGlyZWN0aXZlIHRvIEhBUHJveHkgZGVmYXVsdCBjb25maWd1cmF0aW9uLiBUaGlzIGVuc3VyZXMgdGhhdCBvbmx5IGZyZXNoLCB1cCB0byBkYXRlIGRhdGEgaXMgc2VydmVkIGR1cmluZyBiYWNrdXBzLgotIFtLOFNQWEMtMTcyNl0oaHR0cHM6Ly9wZXJjb25hZGV2LmF0bGFzc2lhbi5uZXQvYnJvd3NlL0s4U1BYQy0xNzI2KSAtIFJlc29sdmVkIGEgZGVwbG95bWVudCBicmVha2FnZSBpbiB0aGUgT3BlcmF0b3IgdmVyc2lvbiAxLjE4LjAgdmlhIEhlbG0gY2F1c2VkIGJ5IFBNTSAzIGNsaWVudCBpbmNvbXBhdGliaWxpdGllcy4gVGhlIGZpeCBlbnN1cmVzIGEgc21vb3RoZXIgdXBncmFkZSBwYXRoIGZvciB1c2VycyBtaWdyYXRpbmcgdG8gbmV3ZXIgdmVyc2lvbnMgb2YgUE1NIChUaGFuayB5b3UgQW50b25pbyBGYWx6YXJhbm8gZm9yIHJlcG9ydGluZyBhbmQgY29udHJpYnV0aW5nIHRvIHRoaXMgaXNzdWUpLgotIFtLOFNQWEMtMTc2MF0oaHR0cHM6Ly9wZXJjb25hZGV2LmF0bGFzc2lhbi5uZXQvYnJvd3NlL0s4U1BYQy0xNzYwKSAtIEZpeGVkIHRoZSBoYW5kbGluZyBvZiB0aGUgY3JWZXJzaW9uIGZpZWxkIGluIHRoZSBIZWxtIGNoYXJ0IHRlbXBsYXRlcy4gVGhlIE9wZXJhdG9yIG5vdyBjb3JyZWN0bHkgY29uc2lkZXJzIHRoZSB2ZXJzaW9uIGRlZmluZWQgaW4gYHZhbHVlcy55YW1sYCB3aGVuIGdlbmVyYXRpbmcgdGhlIGNsdXN0ZXIgY29uZmlndXJhdGlvbi4KLSBbSzhTUFhDLTE3NzFdKGh0dHBzOi8vcGVyY29uYWRldi5hdGxhc3NpYW4ubmV0L2Jyb3dzZS9LOFNQWEMtMTc3MSkgLSBGaXhlZCB0aGUgaXNzdWUgd2l0aCBleGNlc3NpdmUgbG9nZ2luZyBieSB0aGUgYmFja3VwIGNvbnRyb2xsZXIgd2hlbiBiYWNrdXBzIGFyZSBzdXNwZW5kZWQgb3IgcmVzdW1lZCBkdWUgdG8gYW4gdW5yZWFkeSBjbHVzdGVyLiBUaGlzIGltcHJvdmVzIGxvZyByZWFkYWJpbGl0eSBhbmQgcmVkdWNlcyB1bm5lY2Vzc2FyeSBkaWFnbm9zdGljIG5vaXNlLgotIFtLOFNQWEMtMTc3Ml0oaHR0cHM6Ly9wZXJjb25hZGV2LmF0bGFzc2lhbi5uZXQvYnJvd3NlL0s4U1BYQy0xNzcyKSAtIEZpeGVkIGEgc3RhdGUgdHJhbnNpdGlvbiBidWcgd2hlcmUgdW5zdXNwZW5kZWQgYmFja3VwcyBjb3VsZCBtb3ZlIGRpcmVjdGx5IGZyb20gJ1N0YXJ0aW5nJyB0byAnU3VjY2VlZGVkJyB3aXRob3V0IGVudGVyaW5nIHRoZSAnUnVubmluZycgc3RhdGUuIFRoaXMgZW5zdXJlcyBhY2N1cmF0ZSB0cmFja2luZyBhbmQgdmlzaWJpbGl0eSBvZiB0aGUgYmFja3VwIHByb2Nlc3Mgc3RhdHVzLgoKIyMjIyMgRG9jdW1lbnRhdGlvbiBJbXByb3ZlbWVudHMKCi0gW0s4U1BYQy0xNzQ3XShodHRwczovL3BlcmNvbmFkZXYuYXRsYXNzaWFuLm5ldC9icm93c2UvSzhTUFhDLTE3NDcpIC0gSW1wcm92ZWQgdGhlIGRvY3VtZW50YXRpb24gd2l0aCB0aGUgaW5mb3JtYXRpb24gYWJvdXQgYXZhaWxhYmxlIGVudmlyb25tZW50IHZhcmlhYmxlcyBmb3IgY2x1c3RlciBjb21wb25lbnRzIGFuZCB0aGUgT3BlcmF0b3IuIERvY3VtZW50ZWQgdGhlIGBTM19XT1JLRVJTX0xJTUlUYCBlbnZpcm9ubWVudCB2YXJpYWJsZSB0byBhbGxvdyB0aHJvdHRsaW5nIG9mIGJhY2t1cCBkZWxldGlvbnMuCi0gW0s4U1BYQy0xNjYxXShodHRwczovL3BlcmNvbmFkZXYuYXRsYXNzaWFuLm5ldC9icm93c2UvSzhTUFhDLTE2NjEpIC0gVXBkYXRlZCB0aGUgb3BlcmF0b3IgZG9jdW1lbnRhdGlvbiB0byByZWZsZWN0IHRoYXQgUE1NIDMgdXNlcyBzZXJ2aWNlIGFjY291bnRzIGluc3RlYWQgb2YgQVBJIGtleXMuIFRoaXMgZW5zdXJlcyB0aGF0IHVzZXJzIGNhbiBjb3JyZWN0bHkgY29uZmlndXJlIG1vbml0b3JpbmcgaW50ZWdyYXRpb24gd2l0aCB0aGUgbGF0ZXN0IHZlcnNpb25zIG9mIFBNTS4KLSBbSzhTUFhDLTE2NjNdKGh0dHBzOi8vcGVyY29uYWRldi5hdGxhc3NpYW4ubmV0L2Jyb3dzZS9LOFNQWEMtMTY2MykgLSBJbXByb3ZlZCBkb2N1bWVudGF0aW9uIGZvciBQb2ludC1pbi1UaW1lIFJlY292ZXJ5IHN0ZXBzLiBUaGUgdXBkYXRlZCBkb2N1bWVudGF0aW9uIHByb3Blcmx5IHNlcGFyYXRlcyBhbmQgc2VxdWVuY2VzIHRoZSByZWNvdmVyeSBpbnN0cnVjdGlvbnMgZm9yIGltcHJvdmVkIHJlYWRhYmlsaXR5LgoKIyMjIyMgU3VwcG9ydGVkIFNvZnR3YXJlCgpUaGUgT3BlcmF0b3Igd2FzIGRldmVsb3BlZCBhbmQgdGVzdGVkIHdpdGggdGhlIGZvbGxvd2luZyBzb2Z0d2FyZToKCi0gUGVyY29uYSBYdHJhREIgQ2x1c3RlciB2ZXJzaW9ucyA4LjQuNy03LjEsIDguMC40NC0zNS4xLCBhbmQgNS43LjQ0LTMxLjY1Ci0gUGVyY29uYSBYdHJhQmFja3VwIHZlcnNpb25zIDguNC4wLTUuMSwgOC4wLjM1LTM0LjEsIGFuZCAyLjQuMjkKLSBIQVByb3h5IDIuOC4xNwotIFByb3h5U1FMIDIuNy4zLTEuMiwgMy4wLjEtMS4yCi0gTG9nQ29sbGVjdG9yIGJhc2VkIG9uIGZsdWVudC1iaXQgNC4wLjEtMQotIFBNTSBDbGllbnQgMi40NC4xLTEgYW5kIDMuNS4wCgpPdGhlciBvcHRpb25zIG1heSBhbHNvIHdvcmsgYnV0IGhhdmUgbm90IGJlZW4gdGVzdGVkLgoKIyMjIyMgU3VwcG9ydGVkIFBsYXRmb3JtcwoKUGVyY29uYSBPcGVyYXRvcnMgYXJlIGRlc2lnbmVkIGZvciBjb21wYXRpYmlsaXR5IHdpdGggYWxsIFtDTkNGLWNlcnRpZmllZF0oaHR0cHM6Ly93d3cuY25jZi5pby90cmFpbmluZy9jZXJ0aWZpY2F0aW9uL3NvZnR3YXJlLWNvbmZvcm1hbmNlLykgS3ViZXJuZXRlcyBkaXN0cmlidXRpb25zLiBPdXIgcmVsZWFzZSBwcm9jZXNzIGluY2x1ZGVzIHRhcmdldGVkIHRlc3RpbmcgYW5kIHZhbGlkYXRpb24gb24gbWFqb3IgY2xvdWQgcHJvdmlkZXIgcGxhdGZvcm1zIGFuZCBPcGVuU2hpZnQsIGFzIGRldGFpbGVkIGJlbG93OgoKLSBbR29vZ2xlIEt1YmVybmV0ZXMgRW5naW5lIChHS0UpXShodHRwczovL2Nsb3VkLmdvb2dsZS5jb20va3ViZXJuZXRlcy1lbmdpbmUpIDEuMzEgLSAxLjMzCi0gW0FtYXpvbiBFbGFzdGljIENvbnRhaW5lciBTZXJ2aWNlIGZvciBLdWJlcm5ldGVzIChFS1MpXShodHRwczovL2F3cy5hbWF6b24uY29tKSAxLjMyIC0gMS4zNAotIFtBenVyZSBLdWJlcm5ldGVzIFNlcnZpY2UgKEFLUyldKGh0dHBzOi8vYXp1cmUubWljcm9zb2Z0LmNvbS9lbi11cy9zZXJ2aWNlcy9rdWJlcm5ldGVzLXNlcnZpY2UvKSAxLjMyIC0gMS4zNAotIFtPcGVuU2hpZnRdKGh0dHBzOi8vd3d3LnJlZGhhdC5jb20vZW4vdGVjaG5vbG9naWVzL2Nsb3VkLWNvbXB1dGluZy9vcGVuc2hpZnQpIDQuMTcgLSA0LjIwCi0gW01pbmlrdWJlXShodHRwczovL21pbmlrdWJlLnNpZ3MuazhzLmlvL2RvY3MvKSAxLjM3LjAgYmFzZWQgb24gS3ViZXJuZXRlcyAxLjM0LjAKClRoaXMgbGlzdCBvbmx5IGluY2x1ZGVzIHRoZSBwbGF0Zm9ybXMgdGhhdCB0aGUgUGVyY29uYSBPcGVyYXRvcnMgYXJlIHNwZWNpZmljYWxseSB0ZXN0ZWQgb24gYXMgcGFydCBvZiB0aGUgcmVsZWFzZSBwcm9jZXNzLiBPdGhlciBLdWJlcm5ldGVzIGZsYXZvcnMgYW5kIHZlcnNpb25zIGRlcGVuZCBvbiB0aGUgYmFja3dhcmQgY29tcGF0aWJpbGl0eSBvZmZlcmVkIGJ5IEt1YmVybmV0ZXMgaXRzZWxmLgoKIyMjIFtgdjEuMTguMGBdKGh0dHBzOi8vcmVkaXJlY3QuZ2l0aHViLmNvbS9wZXJjb25hL3BlcmNvbmEteHRyYWRiLWNsdXN0ZXItb3BlcmF0b3IvcmVsZWFzZXMvdGFnL3YxLjE4LjApCgpbQ29tcGFyZSBTb3VyY2VdKGh0dHBzOi8vcmVkaXJlY3QuZ2l0aHViLmNvbS9wZXJjb25hL3BlcmNvbmEteHRyYWRiLWNsdXN0ZXItb3BlcmF0b3IvY29tcGFyZS92MS4xNy4wLi4udjEuMTguMCkKCiMjIyMjIFJlbGVhc2UgSGlnaGxpZ2h0cwoKVGhpcyByZWxlYXNlIG9mIFBlcmNvbmEgT3BlcmF0b3IgZm9yIE15U1FMIGJhc2VkIG9uIFBlcmNvbmEgWHRyYURCIENsdXN0ZXIgaW5jbHVkZXMgdGhlIGZvbGxvd2luZyBuZXcgZmVhdHVyZXMgYW5kIGltcHJvdmVtZW50czoKCiMjIyMjIFBNTTMgc3VwcG9ydAoKVGhlIE9wZXJhdG9yIGlzIG5hdGl2ZWx5IGludGVncmF0ZWQgd2l0aCBbUE1NIDNdKGh0dHBzOi8vd3d3LnBlcmNvbmEuY29tL2RvYy9wZXJjb25hLW1vbml0b3JpbmctYW5kLW1hbmFnZW1lbnQvMy9pbmRleC5odG1sKSwgZW5hYmxpbmcgeW91IHRvIG1vbml0b3IgdGhlIGhlYWx0aCBhbmQgcGVyZm9ybWFuY2Ugb2YgeW91ciBQZXJjb25hIERpc3RyaWJ1dGlvbiBmb3IgTXlTUUwgZGVwbG95bWVudCBhbmQgYXQgdGhlIHNhbWUgdGltZSBlbmpveSBlbmhhbmNlZCBwZXJmb3JtYW5jZSwgbmV3IGZlYXR1cmVzLCBhbmQgaW1wcm92ZWQgc2VjdXJpdHkgdGhhdCBQTU0gMyBwcm92aWRlcy4KCk5vdGUgdGhhdCB0aGUgT3BlcmF0b3Igc3VwcG9ydHMgYm90aCBQTU0yIGFuZCBQTU0zLiBUaGUgZGVjaXNpb24gb24gd2hhdCBQTU0gdmVyc2lvbiBpcyB1c2VkIGRlcGVuZHMgb24gdGhlIGF1dGhlbnRpY2F0aW9uIG1ldGhvZCB5b3UgcHJvdmlkZSBpbiB0aGUgT3BlcmF0b3IgY29uZmlndXJhdGlvbjogUE1NMiB1c2VzIEFQSSBrZXlzIHdoaWxlIFBNTTMgdXNlcyBzZXJ2aWNlIGFjY291bnQgdG9rZW4uIElmIHRoZSBPcGVyYXRvciBjb25maWd1cmF0aW9uIGNvbnRhaW5zIGJvdGggYXV0aGVudGljYXRpb24gbWV0aG9kcyB3aXRoIG5vbi1lbXB0eSB2YWx1ZXMsIFBNTTMgdGFrZXMgdGhlIHByaW9yaXR5LgoKVG8gdXNlIFBNTSwgZW5zdXJlIHRoYXQgdGhlIFBNTSBjbGllbnQgaW1hZ2UgaXMgY29tcGF0aWJsZSB3aXRoIHRoZSBQTU0gU2VydmVyIHZlcnNpb24uIENoZWNrIFtQZXJjb25hIGNlcnRpZmllZCBpbWFnZXNdKGh0dHBzOi8vZG9jcy5wZXJjb25hLmNvbS9wZXJjb25hLW9wZXJhdG9yLWZvci1teXNxbC9weGMvaW1hZ2VzLmh0bWwpIGZvciB0aGUgY29ycmVjdCBjbGllbnQgaW1hZ2UuCgpGb3IgaG93IHRvIGNvbmZpZ3VyZSBtb25pdG9yaW5nIHdpdGggUE1NLCBzZWUgdGhlIFtkb2N1bWVudGF0aW9uXShodHRwczovL2RvY3MucGVyY29uYS5jb20vcGVyY29uYS1vcGVyYXRvci1mb3ItbXlzcWwvcHhjL21vbml0b3JpbmcuaHRtbCkuCgojIyMjIyBJbXByb3ZlZCBtb25pdG9yaW5nIGZvciBjbHVzdGVycyBpbiBtdWx0aS1yZWdpb24gb3IgbXVsdGktbmFtZXNwYWNlIGRlcGxveW1lbnRzIGluIFBNTQoKTm93IHlvdSBjYW4gZGVmaW5lIGEgY3VzdG9tIG5hbWUgZm9yIHlvdXIgY2x1c3RlcnMgZGVwbG95ZWQgaW4gZGlmZmVyZW50IGRhdGEgY2VudGVycy4gVGhpcyBuYW1lIGhlbHBzIFBlcmNvbmEgTWFuYWdlbWVudCBhbmQgTW9uaXRvcmluZyAoUE1NKSBTZXJ2ZXIgdG8gY29ycmVjdGx5IHJlY29nbml6ZSBjbHVzdGVycyBhcyBjb25uZWN0ZWQgYW5kIG1vbml0b3IgdGhlbSBhcyBvbmUgZGVwbG95bWVudC4gU2ltaWxhcmx5LCBQTU0gU2VydmVyIGlkZW50aWZpZXMgY2x1c3RlcnMgZGVwbG95ZWQgd2l0aCB0aGUgc2FtZSBuYW1lcyBpbiBkaWZmZXJlbnQgbmFtZXNwYWNlcyBhcyBzZXBhcmF0ZSBvbmVzIGFuZCBjb3JyZWN0bHkgZGlzcGxheXMgcGVyZm9ybWFuY2UgbWV0cmljcyBmb3IgeW91IG9uIGRhc2hib2FyZHMuCgpUbyBhc3NpZ24gYSBjdXN0b20gbmFtZSwgZGVmaW5lIHRoaXMgY29uZmlndXJhdGlvbiBpbiB0aGUgQ3VzdG9tIFJlc291cmNlIG1hbmlmZXN0IGZvciB5b3VyIGNsdXN0ZXI6CgpgYGB5YW1sCnNwZWM6CiAgcG1tOgogICAgY3VzdG9tQ2x1c3Rlck5hbWU6IHRlc3RDbHVzdGVyTmFtZQpgYGAKCiMjIyMjIE1vcmUgcmVzaWxpZW50IGRhdGFiYXNlIHJlc3RvcmVzIHdpdGhvdXQgbWF0Y2hpbmcgdXNlciBTZWNyZXRzCgpZb3Ugbm8gbG9uZ2VyIG5lZWQgbWF0Y2hpbmcgdXNlciBTZWNyZXRzIGJldHdlZW4geW91ciBiYWNrdXAgYW5kIHlvdXIgdGFyZ2V0IGNsdXN0ZXIgdG8gcGVyZm9ybSBhIHJlc3RvcmUuIFRoZSBPcGVyYXRvciBub3cgaGFzIGEgcG9zdC1yZXN0b3JlIHN0ZXAgdGhhdCBjaGFuZ2VzIHVzZXIgcGFzc3dvcmRzIGluIHRoZSByZXN0b3JlZCBkYXRhYmFzZSB0byB0aGUgb25lcyBmcm9tIHRoZSBsb2NhbCBTZWNyZXQuIEFsc28sIGl0IGNyZWF0ZXMgbWlzc2luZyBzeXN0ZW0gdXNlcnMgYW5kIGFkZHMgbWlzc2luZyBncmFudHMuCgpUaGlzIGZsb3cgaXMgdGhlIHNhbWUgcmVnYXJkbGVzcyBvZiB3aGV0aGVyIHlvdSByZXN0b3JlIHRvIHRoZSBzYW1lIGNsdXN0ZXIgb3IgdG8gYSBjb21wbGV0ZWx5IG5ldyBvbmUuCgpUaGUgcmVtb3ZhbCBvZiB0aGlzIG1ham9yIHJvYWRibG9jayB0byBoYXZlIGEgU2VjcmV0IGZvciByZXN0b3JlcyBtYWtlcyB5b3VyIGRpc2FzdGVyIHJlY292ZXJ5IHByb2Nlc3Mgc21vb3RoZXIgYW5kIG1vcmUgcmVsaWFibGUuIFRoaXMgZW5oYW5jZW1lbnQgbWFrZXMgbWFuYWdpbmcgZGF0YWJhc2VzIG9uIEt1YmVybmV0ZXMgbW9yZSByb2J1c3QgYW5kIG9wZXJhdG9yLWZyaWVuZGx5LgoKIyMjIyMgSW1wcm92ZWQgYmFja3VwIHJldGVudGlvbiBmb3Igc3RyZWFtbGluZWQgbWFuYWdlbWVudCBvZiBzY2hlZHVsZWQgYmFja3VwcyBpbiBjbG91ZCBzdG9yYWdlCgpBIG5ldyBiYWNrdXAgcmV0ZW50aW9uIGNvbmZpZ3VyYXRpb24gZ2l2ZXMgeW91IG1vcmUgY29udHJvbCBvdmVyIGhvdyBiYWNrdXBzIGFyZSBtYW5hZ2VkIGluIHN0b3JhZ2UgYW5kIHJldGFpbmVkIGluIEt1YmVybmV0ZXMuCgpXaXRoIHRoZSBgZGVsZXRlRnJvbVN0b3JhZ2VgIGZsYWcgLCB5b3UgY2FuIGRpc2FibGUgYXV0b21hdGljIGRlbGV0aW9uIGZyb20gQVdTIFMzIG9yIEF6dXJlIEJsb2Igc3RvcmFnZSBhbmQgaW5zdGVhZCByZWx5IG9uIG5hdGl2ZSBjbG91ZCBsaWZlY3ljbGUgcG9saWNpZXMuIFRoaXMgbWFrZXMgYmFja3VwIGNsZWFudXAgbW9yZSBlZmZpY2llbnQgYW5kIGJldHRlciBhbGlnbmVkIHdpdGggZmxleGlibGUgc3RvcmFnZSBzdHJhdGVnaWVzLgoKVGhlIGxlZ2FjeSBga2VlcGAgb3B0aW9uIGlzIG5vdyBkZXByZWNhdGVkIGFuZCBtYXBwZWQgdG8gdGhlIG5ldyBgcmV0ZW50aW9uYCBibG9jayBmb3IgY29tcGF0aWJpbGl0eS4gV2UgZW5jb3VyYWdlIHlvdSB0byBzdGFydCB1c2luZyB0aGUgYGJhY2t1cC5zY2hlZHVsZS5yZXRlbnRpb25gIGNvbmZpZ3VyYXRpb246CgpgYGB5YW1sCnNjaGVkdWxlOgogIC0gbmFtZTogInNhdC1uaWdodC1iYWNrdXAiCiAgICBzY2hlZHVsZTogIjAgMCAqICogNiIKICAgIHJldGVudGlvbjoKICAgICAgY291bnQ6IDMKICAgICAgdHlwZTogY291bnQKICAgICAgZGVsZXRlRnJvbVN0b3JhZ2U6IHRydWUKICAgIHN0b3JhZ2VOYW1lOiBzMy11cy13ZXN0CmBgYAoKTm90ZSB0aGF0IGlmIHlvdSBoYXZlIGJvdGggYGJhY2t1cC5zY2hlZHVsZS5rZWVwYCAgYW5kIGBiYWNrdXAuc2NoZWR1bGUucmV0ZW50aW9uYCAgZGVmaW5lZCwgdGhlIGBiYWNrdXAuc2NoZWR1bGUucmV0ZW50aW9uYCB0YWtlcyBwcmVjZWRlbmNlLgoKIyMjIyMgQWRkZWQgbGFiZWxzIHRvIGlkZW50aWZ5IHRoZSB2ZXJzaW9uIG9mIHRoZSBPcGVyYXRvcgoKQ3VzdG9tIFJlc291cmNlIERlZmluaXRpb24gKENSRCkgaXMgY29tcGF0aWJsZSB3aXRoIHRoZSBsYXN0IHRocmVlIE9wZXJhdG9yIHZlcnNpb25zLiBUbyBrbm93IHdoaWNoIE9wZXJhdG9yIHZlcnNpb24gaXMgYXR0YWNoZWQgdG8gaXQsIHdlJ3ZlIGFkZGVkIGxhYmVscyB0byBhbGwgQ3VzdG9tIFJlc291cmNlIERlZmluaXRpb25zLiBUaGUgbGFiZWxzIGhlbHAgeW91IGlkZW50aWZ5IHRoZSBjdXJyZW50IE9wZXJhdG9yIHZlcnNpb24gYW5kIGRlY2lkZSBpZiB5b3UgbmVlZCB0byB1cGRhdGUgdGhlIENSRC4gVG8gdmlldyB0aGUgbGFiZWxzLCBydW46IGBrdWJlY3RsIGdldCBjcmQgcGVyY29uYXh0cmFkYmNsdXN0ZXJzLnB4Yy5wZXJjb25hLmNvbSAtLXNob3ctbGFiZWxzYC4KCiMjIyMjIENyb3NzLXNpdGUgcmVwbGljYXRpb24gaXMgbm93IHN1cHBvcnRlZCBmb3IgUGVyY29uYSBYdHJhREIgQ2x1c3RlciA4LjQKCkNyb3NzLXNpdGUgcmVwbGljYXRpb24gaXMgbm93IGF2YWlsYWJsZSB3aXRoIFBlcmNvbmEgWHRyYURCIENsdXN0ZXIgOC40LngsIGxpZnRpbmcgb25lIG9mIHRoZSAgbGltaXRhdGlvbnMgaW4gdGhlIE9wZXJhdG9yIGZvciB0aGlzIGRhdGFiYXNlIHZlcnNpb24uIFRoaXMgZW5oYW5jZW1lbnQgbWFya3MgYSBzaWduaWZpY2FudCBzdGVwIHRvd2FyZCBnZW5lcmFsIGF2YWlsYWJpbGl0eSBvZiBQZXJjb25hIFh0cmFEQiBDbHVzdGVyIDguNCBpbiB0aGUgT3BlcmF0b3IgYnkgZW5hYmxpbmcgbXVsdGktc2l0ZSBkZXBsb3ltZW50cyBhbmQgaW1wcm92aW5nIHJlc2lsaWVuY2UgYWNyb3NzIGRpc3RyaWJ1dGVkIGVudmlyb25tZW50cy4KCiMjIyMjIERlcHJlY2F0aW9uLCBSZW5hbWUgYW5kIFJlbW92YWwKCi0gVGhlIGBweGMuZXhwb3NlLmxvYWRCYWxhbmNlcklQYCwgYGhhcHJveHkuZXhwb3NlUHJpbWFyeS5sb2FkQmFsYW5jZXJJUGAsIGBoYXByb3h5LmV4cG9zZVJlcGxpY2FzLmxvYWRCYWxhbmNlcklQYCBhbmQgYHByb3h5c3FsLmV4cG9zZS5sb2FkQmFsYW5jZXJJUGAga2V5cyBhcmUgZGVwcmVjYXRlZC4gVGhlIGBsb2FkQmFsYW5jZXJJUGAgZmllbGQgaXMgYWxzbyBkZXByZWNhdGVkIHVwc3RyZWFtIGluIEt1YmVybmV0ZXMKICBkdWUgdG8gaXRzIGluY29uc2lzdGVudCBiZWhhdmlvciBhY3Jvc3MgY2xvdWQgcHJvdmlkZXJzIGFuZCBsYWNrIG9mIGR1YWwtc3RhY2sgc3VwcG9ydC4gQXMgYSByZXN1bHQsIGl0cyB1c2FnZSBpcyBzdHJvbmdseSBkaXNjb3VyYWdlZC4KCiAgV2UgcmVjb21tZW5kIHVzaW5nIGNsb3VkIHByb3ZpZGVyLXNwZWNpZmljIGFubm90YXRpb25zIGluc3RlYWQsIGFzIHRoZXkgb2ZmZXIgbW9yZSBwcmVkaWN0YWJsZSBhbmQgcG9ydGFibGUgYmVoYXZpb3IgZm9yIG1hbmFnaW5nIGxvYWQgYmFsYW5jZXIgSVAgYXNzaWdubWVudHMuCgogIFRoZSBgcHhjLmV4cG9zZS5sb2FkQmFsYW5jZXJJUGAsIGBoYXByb3h5LmV4cG9zZVByaW1hcnkubG9hZEJhbGFuY2VySVBgLCBgaGFwcm94eS5leHBvc2VSZXBsaWNhcy5sb2FkQmFsYW5jZXJJUGAgYW5kIGBwcm94eXNxbC5leHBvc2UubG9hZEJhbGFuY2VySVBgIGtleXMgYXJlIHNjaGVkdWxlZCBmb3IgcmVtb3ZhbCBpbiBmdXR1cmUgcmVsZWFzZXMuCgotIFRoZSBgYmFja3VwLnNjaGVkdWxlLmtlZXBgIGZpZWxkIGlzIGRlcHJlY2F0ZWQgYW5kIHdpbGwgYmUgcmVtb3ZlZCBhZnRlciByZWxlYXNlIDEuMjEuMC4gV2UgcmVjb21tZW5kIHVzaW5nIHRoZSBgYmFja3VwLnNjaGVkdWxlLnJldGVudGlvbmAgaW5zdGVhZCBhcyBmb2xsb3dzOgoKICBgYGB5YW1sCiAgc2NoZWR1bGU6CiAgICAtIG5hbWU6ICJzYXQtbmlnaHQtYmFja3VwIgogICAgICBzY2hlZHVsZTogIjAgMCAqKiA2IgogICAgICByZXRlbnRpb246CiAgICAgICAgY291bnQ6IDMKICAgICAgICB0eXBlOiBjb3VudAogICAgICAgIGRlbGV0ZUZyb21TdG9yYWdlOiB0cnVlCiAgICAgIHN0b3JhZ2VOYW1lOiBzMy11cy13ZXN0CiAgYGBgCgotIE5ldyByZXBvc2l0b3JpZXMgZm9yIFBlcmNvbmEgWHRyYUJhY2t1cCBhbmQgTG9nY29sbGVjdG9yCgogIE5vdyB0aGUgT3BlcmF0b3IgdXNlcyB0aGUgb2ZmaWNpYWwgUGVyY29uYSBEb2NrZXIgaW1hZ2VzIGZvciB0aGUgYHBlcmNvbmEteHRyYWJhY2t1cGAgYW5kIGBsb2djb2xsZWN0b3JgIGNvbXBvbmVudHMuIFBheSBhdHRlbnRpb24gdG8gdGhlIG5ldyBpbWFnZSByZXBvc2l0b3JpZXMgd2hlbiB5b3UgdXBncmFkZSB0aGUgT3BlcmF0b3IgYW5kIHRoZSBkYXRhYmFzZS4gQ2hlY2sgdGhlIFtQZXJjb25hIGNlcnRpZmllZCBpbWFnZXNdKGh0dHBzOi8vZG9jcy5wZXJjb25hLmNvbS9wZXJjb25hLW9wZXJhdG9yLWZvci1teXNxbC9weGMvaW1hZ2VzLmh0bWwpIGZvciBleGFjdCBpbWFnZSBuYW1lcy4KCi0gQ2hhbmdlcyBmb3IgSGVsbSBjaGFydHM6CgogIC0gUE1NMyBpcyBub3cgdGhlIGRlZmF1bHQuIFRvIGtlZXAgdXNpbmcgUE1NMiwgc2V0IHRoZSBgcG1tLnRhZzogMi40NC4xYAogIC0gSWYgeW91IGluc3RhbGwgb3IgdXBncmFkZSB0aGUgT3BlcmF0b3Igd2l0aCBkZWZhdWx0IG1hbmlmZXN0cyB1c2luZyBIZWxtIGNoYXJ0cyBvbiBPcGVuc2hpZnQgNC4xOSwgeW91IG11c3QgdXNlIHRoZSBgZG9ja2VyLmlvYCByZWdpc3RyeSBwcmVmaXggdG8gZ3VhcmFudGVlIHN1Y2Nlc3NmdWwgZG93bmxvYWQgZnJvbSB0aGUgRG9ja2VySHViIGBwZXJjb25hLXh0cmFkYi1jbHVzdGVyYCByZXBvc2l0b3J5LiBSZWFkIHRoZSBbQ29uc2lkZXJhdGlvbnMgZm9yIHVzaW5nIE9wZW5TaGlmdCA0LjE5XSgjY29uc2lkZXJhdGlvbnMtZm9yLXVzaW5nLW9wZW5zaGlmdC00MTkpIHNlY3Rpb24gZm9yIG1vcmUgaW5mb3JtYXRpb24uCgojIyMjIyBLbm93biBsaW1pdGF0aW9ucwoKIyMjIyMgQ29uc2lkZXJhdGlvbnMgZm9yIHVzaW5nIE9wZW5TaGlmdCA0LjE5CgpTdGFydGluZyB3aXRoIE9wZW5TaGlmdCA0LjE5LCB0aGUgd2F5IGltYWdlcyB3aXRoIG5vdCBmdWxseSBxdWFsaWZpZWQgbmFtZXMgYXJlIHB1bGxlZCBoYXMgY2hhbmdlZCBmb3IgcmVwb3NpdG9yaWVzIHRoYXQgc2hhcmUgdGhlIHNhbWUgcmVwb3NpdG9yeSBuYW1lIG9uIERvY2tlckh1YiBhbmQgUmVkIEhhdCBNYXJrZXRwbGFjZS4gQnkgZGVmYXVsdCB0aGUgdGFncyBhcmUgcHVsbGVkIGZyb20gUmVkIEhhdCBNYXJrZXRwbGFjZS4gU3BlY2lmeWluZyBub3QgZnVsbHkgcXVhbGlmaWVkIGltYWdlIG5hbWVzIG1heSByZXN1bHQgaW4gdGhlIGBJbWFnZVB1bGxCYWNrT2ZmYCBlcnJvci4KCi0gKipPTE0gaW5zdGFsbGF0aW9uOioqIEltYWdlcyBhcmUgcHJvdmlkZWQgd2l0aCB0aGUgZnVsbHkgcXVhbGlmaWVkIG5hbWVzIGFuZCBhcmUgcHVsbGVkIGZyb20gdGhlIFJlZCBIYXQgTWFya2V0cGxhY2UvRG9ja2VySHViIHJlZ2lzdHJ5LgotICoqTWFudWFsIGluc3RhbGwvdXBkYXRlIHdpdGggZGVmYXVsdCBtYW5pZmVzdHM6KiogSW1hZ2VzIG11c3QgdXNlIHRoZSBgZG9ja2VyLmlvYCByZWdpc3RyeSBwcmVmaXggdG8gZ3VhcmFudGVlIHN1Y2Nlc3NmdWwgZG93bmxvYWQgZnJvbSB0aGUgRG9ja2VyaHViIGBwZXJjb25hLXh0cmFkYi1jbHVzdGVyYCByZXBvc2l0b3J5LgoKU2VlIG91ciBkb2N1bWVudGF0aW9uIGZvciBbbWFudWFsIGluc3RhbGxhdGlvbl0oaHR0cHM6Ly9kb2NzLnBlcmNvbmEuY29tL3BlcmNvbmEtb3BlcmF0b3ItZm9yLW15c3FsL3B4Yy9vcGVuc2hpZnQuaHRtbCNpbnN0YWxsLXRoZS1vcGVyYXRvci12aWEtdGhlLWNvbW1hbmQtbGluZS1pbnRlcmZhY2UpIG9yIFt1cGRhdGVdKGh0dHBzOi8vZG9jcy5wZXJjb25hLmNvbS9wZXJjb25hLW9wZXJhdG9yLWZvci1teXNxbC9weGMvdXBkYXRlX29wZW5zaGlmdC5odG1sI3VwZGF0ZS12aWEtdGhlLWNvbW1hbmQtbGluZS1pbnRlcmZhY2UpLgoKIyMjIyMgQ2hhbmdsZW9nCgojIyMjIyBOZXcgRmVhdHVyZXMKCi0gW0s4U1BYQy0xMjg0XShodHRwczovL3BlcmNvbmFkZXYuYXRsYXNzaWFuLm5ldC9icm93c2UvSzhTUFhDLTEyODQpIC0gQWRkIHRoZSBhYmlsaXR5IHRvIGNvbmZpZ3VyZSBwcm90b2NvbCBmb3IgcGVlci1saXN0IEROUyBTUlYgbG9va3VwcwoKLSBbSzhTUFhDLTE1OTldKGh0dHBzOi8vcGVyY29uYWRldi5hdGxhc3NpYW4ubmV0L2Jyb3dzZS9LOFNQWEMtMTU5OSkgLSBBbGxvd2VkIHNldHRpbmcgYGxvYWRCYWxhbmNlckNsYXNzYCBzZXJ2aWNlIHR5cGUgYW5kIHVzaW5nIGEgY3VzdG9tIGltcGxlbWVudGF0aW9uIG9mIGEgbG9hZCBiYWxhbmNlciByYXRoZXIgdGhhbiB0aGUgY2xvdWQgcHJvdmlkZXIgZGVmYXVsdCBvbmUKCiMjIyMjIEltcHJvdmVtZW50cwoKLSBbSzhTUFhDLTEzNzVdKGh0dHBzOi8vcGVyY29uYWRldi5hdGxhc3NpYW4ubmV0L2Jyb3dzZS9LOFNQWEMtMTM3NSkgLSBBZGRlZCBhIG5ldyByZXRlbnRpb24gY29uZmlndXJhdGlvbiB0byBhbGxvdyB1c2VycyB0byBkZWxlZ2F0ZSBiYWNrdXAgY2xlYW51cCB0byBjbG91ZCBsaWZlY3ljbGUgcG9saWNpZXMgKFRoYW5rIHlvdSB1c2VyIFRyaXN0YW4gZm9yIHJlcG9ydGluZyB0aGlzIGlzc3VlKQoKLSBbSzhTUFhDLTEzNzZdKGh0dHBzOi8vcGVyY29uYWRldi5hdGxhc3NpYW4ubmV0L2Jyb3dzZS9LOFNQWEMtMTM3NikgLSBBZGRlZCB0aGUgYWJpbGl0eSB0byByZXN0b3JlIGZyb20gYmFja3VwIHdpdGhvdXQgYSBtYXRjaGluZyBTZWNyZXQgcmVzb3VyY2UKCi0gW0s4U1BYQy0xMzk5XShodHRwczovL3BlcmNvbmFkZXYuYXRsYXNzaWFuLm5ldC9icm93c2UvSzhTUFhDLTEzOTkpIC0gQWRkZWQgYSBkb2N1bWVudGF0aW9uIGhvdyB0byBzZXQgdXAgYSBkaXNhc3RlciByZWNvdmVyeSBzeXN0ZW0gYW5kIHRyYW5zZmVyIHdvcmtsb2FkcyBiZXR3ZWVuIHNpdGVzCgotIFtLOFNQWEMtMTQxNV0oaHR0cHM6Ly9wZXJjb25hZGV2LmF0bGFzc2lhbi5uZXQvYnJvd3NlL0s4U1BYQy0xNDE1KSAtIFVwZGF0ZWQgdGhlIGBwZXJjb25hLXh0cmFiYWNrdXBgIGltYWdlIHRvIHVzZSB0aGUgb2ZmaWNpYWwgYHBlcmNvbmEteHRyYWJhY2t1cGAgRG9ja2VyIGltYWdlCgotIFtLOFNQWEMtMTQzMF0oaHR0cHM6Ly9wZXJjb25hZGV2LmF0bGFzc2lhbi5uZXQvYnJvd3NlL0s4U1BYQy0xNDMwKSAtIEltcHJvdmVkIGhhbmRsaW5nIG9mIGF1dG9nZW5lcmF0ZWQgY2VydGlmaWNhdGVzIGRlcGVuZGluZyBvbiB0aGUgYGRlbGV0ZS1zc2xgIGZpbmFsaXplciBjb25maWd1cmF0aW9uCgotIFtLOFNQWEMtMTQ0OF0oaHR0cHM6Ly9wZXJjb25hZGV2LmF0bGFzc2lhbi5uZXQvYnJvd3NlL0s4U1BYQy0xNDQ4KSwgW0s4U1BYQy0xNDQ5XShodHRwczovL3BlcmNvbmFkZXYuYXRsYXNzaWFuLm5ldC9icm93c2UvSzhTUFhDLTE0NDkpIC0gSW1wcm92ZWQgdGhlIGBwdmMtcmVzaXplYCB0ZXN0IGJ5IHVzaW5nIGEgY3VzdG9tIHN0b3JhZ2UgY2xhc3MgZm9yIEVLUywgcmVkdWNpbmcgZXJyb3JzIGFuZCBpbXByb3ZpbmcgdGhlIHF1b3RhIGhhbmRsaW5nIGR1cmluZyByZXNpemUKCi0gW0s4U1BYQy0xNDUwXShodHRwczovL3BlcmNvbmFkZXYuYXRsYXNzaWFuLm5ldC9icm93c2UvSzhTUFhDLTE0NTApIC0gSW1wcm92ZWQgUFZDIHJlc2l6aW5nIGJlaGF2aW9yIHdoZW4gcmVkdWNpbmcgdGhlIHN0b3JhZ2Ugc2l6ZSBieSByZXZlcnRpbmcgdGhlIHZhbHVlcyB3aGVuIHRoZSBxdW90YSBpcyByZWFjaGVkCgotIFtLOFNQWEMtMTQ3Ml0oaHR0cHM6Ly9wZXJjb25hZGV2LmF0bGFzc2lhbi5uZXQvYnJvd3NlL0s4U1BYQy0xNDcyKSAtIERlcHJlY2F0ZWQgdGhlIGBsb2FkQmFsYW5jZXJJUGAgZmllbGQgZHVlIHRvIGl0cyBkZXByZWNhdGlvbiB1cHN0cmVhbQoKLSBbSzhTUFhDLTE1MTNdKGh0dHBzOi8vcGVyY29uYWRldi5hdGxhc3NpYW4ubmV0L2Jyb3dzZS9LOFNQWEMtMTUxMykgLSBBZGRlZCBQWEMgOC40IHN1cHBvcnQgZm9yIHZlcnNpb24gc2VydmljZQoKLSBbSzhTUFhDLTE1MjldKGh0dHBzOi8vcGVyY29uYWRldi5hdGxhc3NpYW4ubmV0L2Jyb3dzZS9LOFNQWEMtMTUyOSkgLSBBZGRlZCBzdXBwb3J0IGZvciBjcm9zcy1zaXRlIHJlcGxpY2F0aW9uIHdpdGggTXlTUUwgOC40LjAgYnkgYWRkaW5nIHRoZSB1c2Ugb2YgYGF1dGhlbnRpY2F0aW9uX3BvbGljeWAgaW5zdGVhZCBvZiBgZGVmYXVsdF9hdXRoZW50aWNhdGlvbl9wbHVnaW5gCgotIFtLOFNQWEMtMTU1M10oaHR0cHM6Ly9wZXJjb25hZGV2LmF0bGFzc2lhbi5uZXQvYnJvd3NlL0s4U1BYQy0xNTUzKSAtIEFkZGVkIHN1cHBvcnQgZm9yIFBNTSB2MwoKLSBbSzhTUFhDLTE1NjBdKGh0dHBzOi8vcGVyY29uYWRldi5hdGxhc3NpYW4ubmV0L2Jyb3dzZS9LOFNQWEMtMTU2MCkgLSBBZGRlZCB0aGUgd2FybmluZyBhYm91dCBDUkRzIG5vdCBiZWluZyB1cGdyYWRlZCBhdXRvbWF0aWNhbGx5IGFmdGVyIGhlbG0gdXBncmFkZSB0byB0aGUgb3V0cHV0CgotIFtLOFNQWEMtMTU2Nl0oaHR0cHM6Ly9wZXJjb25hZGV2LmF0bGFzc2lhbi5uZXQvYnJvd3NlL0s4U1BYQy0xNTY2KSAtIEltcHJvdmVkIHJlY29uY2lsaWF0aW9uIG9mIHJlcGxpY2F0aW9uQ2hhbm5lbHMgd2l0aG91dCBwcm94eSBQb2RzIGJ5IHN0YXJ0aW5nIHRoZSBkYXRhYmFzZSBQb2QgYnlwYXNzaW5nIHRoZSBwcm94eSAoVGhhbmsgeW91IEp1c3RpbiBSZWFzb25lciBmb3IgY29udHJpYnV0aW5nIHRvIHRoaXMgaXNzdWUpCgotIFtLOFNQWEMtMTU2OV0oaHR0cHM6Ly9wZXJjb25hZGV2LmF0bGFzc2lhbi5uZXQvYnJvd3NlL0s4U1BYQy0xNTY5KSAtIEFkZGVkIExhYmVscyBmb3IgQ3VzdG9tIFJlc291cmNlIERlZmluaXRpb25zIChDUkQpIHRvIGlkZW50aWZ5IHRoZSBPcGVyYXRvciB2ZXJzaW9uIGF0dGFjaGVkIHRvIHRoZW0KCi0gW0s4U1BYQy0xNTk3XShodHRwczovL3BlcmNvbmFkZXYuYXRsYXNzaWFuLm5ldC9icm93c2UvSzhTUFhDLTE1OTcpIC0gSW1wcm92ZSB0aGUgc2NoZWR1bGVkIGJhY2t1cHMgYmVoYXZpb3IgZm9yIGEgY2x1c3RlciBpbiBhbiB1bmhlYWx0aHkgc3RhdGUgYnkgcG9zdHBvbmluZyB0aGUgam9iIHVudGlsIHRoZSBjbHVzdGVyIHJlcG9ydHMgdGhlIGhlYWx0aHkgc3RhdHVzCgotIFtLOFNQWEMtMTYwNV0oaHR0cHM6Ly9wZXJjb25hZGV2LmF0bGFzc2lhbi5uZXQvYnJvd3NlL0s4U1BYQy0xNjA1KSAtIEludHJvZHVjZWQgQXp1cmUgQ0xJIGZvciBjaGVja2luZyBpZiBiYWNrdXAgb2JqZWN0cy9mb2xkZXJzIGV4aXN0IGluIEF6dXJlIHN0b3JhZ2UKCi0gW0s4U1BYQy0xNjEyXShodHRwczovL3BlcmNvbmFkZXYuYXRsYXNzaWFuLm5ldC9icm93c2UvSzhTUFhDLTE2MTIpIC0gQWRkZWQgdGhlIGBpbWFnZVB1bGxTZWNyZXRzYCBmb3IgUE1NIGltYWdlCgotIFtLOFNQWEMtMTYxNV0oaHR0cHM6Ly9wZXJjb25hZGV2LmF0bGFzc2lhbi5uZXQvYnJvd3NlL0s4U1BYQy0xNjE1KSAtIEFkZGVkIHRoZSBhYmlsaXR5IHRvIGRlZmluZSBhIGN1c3RvbSBjbHVzdGVyIG5hbWUgZm9yIGBwbW0tYWRtaW5gIGNvbXBvbmVudAoKLSBbSzhTUFhDLTE2MjRdKGh0dHBzOi8vcGVyY29uYWRldi5hdGxhc3NpYW4ubmV0L2Jyb3dzZS9LOFNQWEMtMTYyNCkgLSBEZWxldGVkIGRlcHJlY2F0ZWQgZmluYWxpemVycyBjb2RlCgotIFtLOFNQWEMtMTY2OV0oaHR0cHM6Ly9wZXJjb25hZGV2LmF0bGFzc2lhbi5uZXQvYnJvd3NlL0s4U1BYQy0xNjY5KSAtIEltcHJvdmUgdGhlIGJhY2t1cCBmbG93IGJ5IGdlbmVyYXRpbmcgYSBkZWZhdWx0IGVuZHBvaW50IFVSTCBmb3IgYSBzdG9yYWdlIGZyb20gYSByZWdpb24gaWYgaXQgaXMgbm90IHByb3ZpZGVkIChUaGFuayB5b3UgQmVybmFyZCBHcnltb25wb24gZm9yIHJlcG9ydGluZyB0aGlzIGlzc3VlKQoKLSBbSzhTUFhDLTE2NzddKGh0dHBzOi8vcGVyY29uYWRldi5hdGxhc3NpYW4ubmV0L2Jyb3dzZS9LOFNQWEMtMTY3NykgLSBEb2N1bWVudCB0aGUgY2hhbmdlZCBiZWhhdmlvciB3aXRoIHB1bGxpbmcgaW1hZ2VzIGZvciBkZWZhdWx0IG1hbmlmZXN0cyBvbiBPcGVuU2hpZnQgNC4xOSBhbmQgdXBkYXRlIGluc3RhbGwgYW5kIHVwZGF0ZSBpbnN0cnVjdGlvbnMKCiMjIyMjIEJ1Z3MgRml4ZWQKCi0gW0s4U1BYQy0xMzEyXShodHRwczovL3BlcmNvbmFkZXYuYXRsYXNzaWFuLm5ldC9icm93c2UvSzhTUFhDLTEzMTIpIC0gRml4ZWQgdGhlIGlzc3VlIHdpdGggbGFiZWxzIG5vdCBiZWluZyB1cGRhdGVkIGF1dG9tYXRpY2FsbHkgZm9yIHBvaW50LWluLXRpbWUgcmVjb3ZlcnkgZGVwbG95bWVudCB1cG9uIEN1c3RvbSBSZXNvdXJjZSBjaGFuZ2VzCgotIFtLOFNQWEMtMTM0N10oaHR0cHM6Ly9wZXJjb25hZGV2LmF0bGFzc2lhbi5uZXQvYnJvd3NlL0s4U1BYQy0xMzQ3KSAtIEZpeGVkIHRoZSBpc3N1ZSB3aXRoIHBvaW50LWluLXRpbWUgcmVjb3ZlcnkgZmFpbGluZyBkdWUgdG8gVExTIGNvbmZpZ3VyYXRpb24gbWlzbWF0Y2ggYmV0d2VlbiB0aGUgc2VydmVyIGFuZCB0aGUgcG9pbnQtaW4tdGltZSByZWNvdmVyeSBqb2IgYnkgY29uZmlndXJpbmcgaXQgdG8gdXNlIFRMUyBpZiBpcyByZXF1aXJlZCBieSB0aGUgc2VydmVyLgoKLSBbSzhTUFhDLTEzODJdKGh0dHBzOi8vcGVyY29uYWRldi5hdGxhc3NpYW4ubmV0L2Jyb3dzZS9LOFNQWEMtMTM4MikgLSBGaXhlZCB0aGUgaXNzdWUgd2l0aCBiYWNrdXAgZmFpbGluZyBvbiBBV1MgaWYgdXNpbmcgSUFNIHByb2ZpbGUgd2l0aG91dCBjcmVkZW50aWFsc1NlY3JldCBieSB1c2luZyBjcmVkZW50aWFsc1NlY3JldCBvbmx5IHdoZW4gZXhwbGljaXRseSBzcGVjaWZpZWQgYW5kIHJlbHlpbmcgb24gSUFNIHJvbGVzIGluc3RlYWQgKFRoYW5rIHlvdSBJdGllbCBPbGVuaWNrIGZvciByZXBvcnRpbmcgdGhpcyBpc3N1ZSkKCi0gW0s4U1BYQy0xNTQxXShodHRwczovL3BlcmNvbmFkZXYuYXRsYXNzaWFuLm5ldC9icm93c2UvSzhTUFhDLTE1NDEpIC0gRml4ZWQgVGVsZW1ldHJ5IG1vZHVsZSB0byB0byBjb25zaWRlciBib3RoIGVtcHR5IHN0cmluZyAiIiBhbmQgY29tbWEgc2VwYXJhdGVkIG5hbWVzcGFjZXMgaW4gY2x1c3Rlci13aWRlIG1vZGUKCi0gW0s4U1BYQy0xNTQ4XShodHRwczovL3BlcmNvbmFkZXYuYXRsYXNzaWFuLm5ldC9icm93c2UvSzhTUFhDLTE1NDgpIEZpeGVkIHRoZSBpc3N1ZSB3aXRoIGRlbGV0aW5nIG9sZCBiYWNrdXBzIG9uIEdvb2dsZSBDbG91ZCBTdG9yYWdlIGJ5IHVybC1kZWNvZGluZyB0aGUgb2JqZWN0IHBhdGggYmVmb3JlIGRlbGV0aW5nIGl0IChUaGFuayB5b3UgTWF0ZXVzeiBHcnVzemtpZXdpY3ogZm9yIHJlcG9ydGluZyB0aGlzIGlzc3VlKQoKLSBbSzhTUFhDLTE2MzFdKGh0dHBzOi8vcGVyY29uYWRldi5hdGxhc3NpYW4ubmV0L2Jyb3dzZS9LOFNQWEMtMTYzMSkgLSBGaXhlZCB0aGUgaXNzdWUgd2l0aCB0aGUgT3BlcmF0b3IgcmVzdGFydGluZyBwb2QtMCBhZnRlciB0aGUgY2x1c3RlciBpcyByZWFkeS4gVGhlIGlzc3VlIGlzIGNhdXNlZCBieSBDb25maWdNYXAgYW5kIFN0YXRlZnVsU2V0IGJlaW5nIGNyZWF0ZWQgdG9vIGNsb3NlIHRvIGVhY2ggb3RoZXIgYW5kIEt1YmVybmV0ZXMgQVBJIGNhbid0IHJldHVybiB0aGUgbmV3bHkgY3JlYXRlZCBDb25maWdNYXAgYmVmb3JlIGNyZWF0aW5nIHRoZSBTdGF0ZWZ1bFNldC4gVGhlIGlzc3VlIGlzIGZpeGVkIGJ5IHJlY29uY2lsaW5nIHRoZSBTdGF0ZWZ1bFNldCBhZnRlciB0aGUgcmVjb25jaWxpYXRpb24gb2YgQ29uZmlnTWFwIGlzIGNvbXBsZXRlZC4KCi0gW0s4U1BYQy0xNjY0XShodHRwczovL3BlcmNvbmFkZXYuYXRsYXNzaWFuLm5ldC9icm93c2UvSzhTUFhDLTE2NjQpIC0gRml4ZWQgdGhlIHVzZSBvZiB0aGUgcHJvcGVyIHNjcmlwdCB0byBjaGVjayBQWEMgbm9kZXMgd2hlbiBhZGRpbmcgdGhlbSBieSBIQVByb3h5CgojIyMjIyBTdXBwb3J0ZWQgU29mdHdhcmUKClRoZSBPcGVyYXRvciB3YXMgZGV2ZWxvcGVkIGFuZCB0ZXN0ZWQgd2l0aCB0aGUgZm9sbG93aW5nIHNvZnR3YXJlOgoKLSBQZXJjb25hIFh0cmFEQiBDbHVzdGVyIHZlcnNpb25zIDguNC41LTUuMSAoVGVjaCBwcmV2aWV3KSwgOC4wLjQyLTMzLjEsIGFuZCA1LjcuNDQtMzEuNjUKLSBQZXJjb25hIFh0cmFCYWNrdXAgdmVyc2lvbnMgOC40LjAtMywgOC4wLjM1LTM0LjEsIGFuZCAyLjQuMjkKLSBIQVByb3h5IDIuOC4xNS0xCi0gUHJveHlTUUwgMi43LjMKLSBMb2dDb2xsZWN0b3IgYmFzZWQgb24gZmx1ZW50LWJpdCA0LjAuMQotIFBNTSBDbGllbnQgMi40NC4xIGFuZCAzLjMuMQoKT3RoZXIgb3B0aW9ucyBtYXkgYWxzbyB3b3JrIGJ1dCBoYXZlIG5vdCBiZWVuIHRlc3RlZC4KCiMjIyMjIFN1cHBvcnRlZCBQbGF0Zm9ybXMKClBlcmNvbmEgT3BlcmF0b3JzIGFyZSBkZXNpZ25lZCBmb3IgY29tcGF0aWJpbGl0eSB3aXRoIGFsbCBbQ05DRi1jZXJ0aWZpZWRdKGh0dHBzOi8vd3d3LmNuY2YuaW8vdHJhaW5pbmcvY2VydGlmaWNhdGlvbi9zb2Z0d2FyZS1jb25mb3JtYW5jZS8pIEt1YmVybmV0ZXMgZGlzdHJpYnV0aW9ucy4gT3VyIHJlbGVhc2UgcHJvY2VzcyBpbmNsdWRlcyB0YXJnZXRlZCB0ZXN0aW5nIGFuZCB2YWxpZGF0aW9uIG9uIG1ham9yIGNsb3VkIHByb3ZpZGVyIHBsYXRmb3JtcyBhbmQgT3BlblNoaWZ0LCBhcyBkZXRhaWxlZCBiZWxvdyBmb3IgT3BlcmF0b3IgdmVyc2lvbiAxLjE2LjA6CgotIFtHb29nbGUgS3ViZXJuZXRlcyBFbmdpbmUgKEdLRSldKGh0dHBzOi8vY2xvdWQuZ29vZ2xlLmNvbS9rdWJlcm5ldGVzLWVuZ2luZSkgMS4zMCAtIDEuMzMKLSBbQW1hem9uIEVsYXN0aWMgQ29udGFpbmVyIFNlcnZpY2UgZm9yIEt1YmVybmV0ZXMgKEVLUyldKGh0dHBzOi8vYXdzLmFtYXpvbi5jb20pIDEuMzAgLSAxLjMzCi0gW0F6dXJlIEt1YmVybmV0ZXMgU2VydmljZSAoQUtTKV0oaHR0cHM6Ly9henVyZS5taWNyb3NvZnQuY29tL2VuLXVzL3NlcnZpY2VzL2t1YmVybmV0ZXMtc2VydmljZS8pIDEuMzAgLSAxLjMzCi0gW09wZW5TaGlmdF0oaHR0cHM6Ly93d3cucmVkaGF0LmNvbS9lbi90ZWNobm9sb2dpZXMvY2xvdWQtY29tcHV0aW5nL29wZW5zaGlmdCkgNC4xNSAtIDQuMTkKLSBbTWluaWt1YmVdKGh0dHBzOi8vbWluaWt1YmUuc2lncy5rOHMuaW8vZG9jcy8pIDEuMzYuMCBiYXNlZCBvbiBLdWJlcm5ldGVzIDEuMzMuMQoKVGhpcyBsaXN0IG9ubHkgaW5jbHVkZXMgdGhlIHBsYXRmb3JtcyB0aGF0IHRoZSBQZXJjb25hIE9wZXJhdG9ycyBhcmUgc3BlY2lmaWNhbGx5IHRlc3RlZCBvbiBhcyBwYXJ0IG9mIHRoZSByZWxlYXNlIHByb2Nlc3MuIE90aGVyIEt1YmVybmV0ZXMgZmxhdm9ycyBhbmQgdmVyc2lvbnMgZGVwZW5kIG9uIHRoZSBiYWNrd2FyZCBjb21wYXRpYmlsaXR5IG9mZmVyZWQgYnkgS3ViZXJuZXRlcyBpdHNlbGYuCgojIyMgW2B2MS4xNy4wYF0oaHR0cHM6Ly9yZWRpcmVjdC5naXRodWIuY29tL3BlcmNvbmEvcGVyY29uYS14dHJhZGItY2x1c3Rlci1vcGVyYXRvci9yZWxlYXNlcy90YWcvdjEuMTcuMCkKCltDb21wYXJlIFNvdXJjZV0oaHR0cHM6Ly9yZWRpcmVjdC5naXRodWIuY29tL3BlcmNvbmEvcGVyY29uYS14dHJhZGItY2x1c3Rlci1vcGVyYXRvci9jb21wYXJlL3YxLjE2LjEuLi52MS4xNy4wKQoKIyMjIyBSZWxlYXNlIEhpZ2hsaWdodHMKCiMjIyMjIEltcHJvdmVkIG9ic2VydmFiaWxpdHkgZm9yIEhBUHJveHkgYW5kIFByb3h5U1FMCgpHZXQgaW5zaWdodHMgaW50byB0aGUgSEFQcm94eSBhbmQgUHJveHlTUUwgcGVyZm9ybWFuY2UgYnkgY29ubmVjdGluZyB0byB0aGVpciBzdGF0aXN0aWNzIHBhZ2VzLiBVc2UgdGhlIGBjbHVzdGVyLW5hbWUtaGFwcm94eTo4MDg0YCBhbmQgYGNsdXN0ZXItbmFtZS1wcm94eXNxbDo2MDcwYCBlbmRwb2ludHMgdG8gZG8gc28uIExlYXJuIGFib3V0IG90aGVyIGF2YWlsYWJsZSBwb3J0cyBpbiB0aGUgW2RvY3VtZW50YXRpb25dKGh0dHBzOi8vZG9jcy5wZXJjb25hLmNvbS9wZXJjb25hLW9wZXJhdG9yLWZvci1teXNxbC9weGMvaGFwcm94eS1jb25mLmh0bWwpLgoKIyMjIyMgSW1wcm92ZWQgY2x1c3RlciBsb2FkIG1hbmFnZW1lbnQgZHVyaW5nIGJhY2t1cHMKCklmIHBhcmFsbGVsIGJhY2t1cHMgb3ZlcmxvYWQgeW91ciBjbHVzdGVyLCB5b3UgY2FuIHR1cm4gb2ZmIHBhcmFsbGVsIGV4ZWN1dGlvbiB0byBwcmV2ZW50IHRoaXMuIFByZXZpb3VzbHksIHRoaXMgbWVhbnQgdGhhdCB5b3UgY291bGQgb25seSBydW4gb25lIGJhY2t1cCBhdCBhIHRpbWUgLSBubyBuZXcgYmFja3VwcyBjb3VsZCBzdGFydCB1bnRpbCB0aGUgY3VycmVudCBvbmUgd2FzIGZpbmlzaGVkLiBOb3csIHRoZSBPcGVyYXRvciBxdWV1ZXMgYmFja3VwcyBhbmQgcnVucyB0aGVtIG9uZSBhZnRlciBhbm90aGVyIGF1dG9tYXRpY2FsbHkuIFlvdSBjYW4gZmluZS10dW5lIHRoZSBiYWNrdXAgc2VxdWVuY2UgYnkgc2V0dGluZyB0aGUgc3RhcnQgdGltZSBmb3IgYWxsIGJhY2t1cHMgb3IgZm9yIGEgc3BlY2lmaWMgb24tZGVtYW5kIG9uZSB1c2luZyB0aGUgW2BzcGVjLmJhY2t1cC5zdGFydGluZ0RlYWRsaW5lU2Vjb25kc2BdKGh0dHBzOi8vZG9jcy5wZXJjb25hLmNvbS9wZXJjb25hLW9wZXJhdG9yLWZvci1teXNxbC9weGMvb3BlcmF0b3IuaHRtbCNiYWNrdXBzdGFydGluZ2RlYWRsaW5lc2Vjb25kcykgQ3VzdG9tIFJlc291cmNlIG9wdGlvbi4gVGhpcyBwcm92aWRlcyBncmVhdGVyIGNvbnRyb2wgb3ZlciBiYWNrdXAgb3BlcmF0aW9ucy4KCkFub3RoZXIgaW1wcm92ZW1lbnQgaXMgZm9yIHRoZSBjYXNlIHdoZW4geW91ciBkYXRhYmFzZSBjbHVzdGVyIGJlY29tZXMgdW5oZWFsdGh5LCBmb3IgZXhhbXBsZSwgd2hlbiBhIFBvZCBjcmFzaGVzIG9yIHJlc3RhcnRzLiBUaGUgT3BlcmF0b3Igc3VzcGVuZHMgcnVubmluZyBiYWNrdXBzIHRvIHJlZHVjZSB0aGUgY2x1c3RlcidzIGxvYWQuIE9uY2UgdGhlIGNsdXN0ZXIgcmVjb3ZlcnMgYW5kIHJlcG9ydHMgYSBSZWFkeSBzdGF0dXMsIHRoZSBPcGVyYXRvciByZXN1bWVzIHRoZSBzdXNwZW5kZWQgYmFja3VwLiBUbyBmdXJ0aGVyIG9mZmxvYWQgdGhlIGNsdXN0ZXIgZHVyaW5nIGFuIHVuaGVhbHRoeSBzdGF0ZSwgeW91IGNhbiBjb25maWd1cmUgaG93IGxvbmcgYSBiYWNrdXAgcmVtYWlucyBzdXNwZW5kZWQgYnkgdXNpbmcgdGhlIFtgc3BlYy5iYWNrdXAuc3VzcGVuZGVkRGVhZGxpbmVTZWNvbmRzYF0oaHR0cHM6Ly9kb2NzLnBlcmNvbmEuY29tL3BlcmNvbmEtb3BlcmF0b3ItZm9yLW15c3FsL3B4Yy9vcGVyYXRvci5odG1sI2JhY2t1cHN1c3BlbmRlZGRlYWRsaW5lc2Vjb25kcykgQ3VzdG9tIFJlc291cmNlIG9wdGlvbi4gSWYgdGhpcyB0aW1lIGV4cGlyZXMgYmVmb3JlIHRoZSBjbHVzdGVyIHJlY292ZXJzLCB0aGUgYmFja3VwIGlzIG1hcmtlZCBhcyAiZmFpbGVkLiIKCiMjIyMjIE1vbml0b3IgUE1NIENsaWVudCBoZWFsdGggYW5kIHN0YXR1cwoKUGVyY29uYSBNb25pdG9yaW5nIGFuZCBNYW5hZ2VtZW50IChQTU0pIGlzIGEgZ3JlYXQgdG9vbCB0byBbbW9uaXRvciB0aGUgaGVhbHRoIG9mIHlvdXIgZGF0YWJhc2UgY2x1c3Rlcl0oaHR0cHM6Ly9kb2NzLnBlcmNvbmEuY29tL3BlcmNvbmEtb3BlcmF0b3ItZm9yLW15c3FsL3B4Yy9tb25pdG9yaW5nLmh0bWwpLiBOb3cgeW91IGNhbiBhbHNvIGxlYXJuIGlmIFBNTSBpdHNlbGYgaXMgaGVhbHRoeSB1c2luZyBwcm9iZXMgLSBhIEt1YmVybmV0ZXMgZGlhZ25vc3RpY3MgbWVjaGFuaXNtIHRvIGNoZWNrIHRoZSBoZWFsdGggYW5kIHN0YXR1cyBvZiBjb250YWluZXJzLiBVc2UgdGhlIFtgc3BlYy5wbW0ucmVhZGluZXNzUHJvYmVzLipgXShodHRwczovL2RvY3MucGVyY29uYS5jb20vcGVyY29uYS1vcGVyYXRvci1mb3ItbXlzcWwvcHhjL29wZXJhdG9yLmh0bWwjcG1tcmVhZGluZXNzcHJvYmVzaW5pdGlhbGRlbGF5c2Vjb25kcykgYW5kIFtgc3BlYy5wbW0ubGl2ZW5lc3NQcm9iZXMuKmBdKGh0dHBzOi8vZG9jcy5wZXJjb25hLmNvbS9wZXJjb25hLW9wZXJhdG9yLWZvci1teXNxbC9weGMvb3BlcmF0b3IuaHRtbCNwbW1saXZlbmVzc3Byb2Jlc2luaXRpYWxkZWxheXNlY29uZHMpIEN1c3RvbSBSZXNvdXJjZSBvcHRpb25zIHRvIGZpbmUtdHVuZSBSZWFkaW5lc3MgYW5kIExpdmVuZXNzIHByb2JlcyBmb3IgUE1NIENsaWVudC4KCiMjIyMjIEltcHJvdmVkIG9ic2VydmFiaWxpdHkgb2YgYmluYXJ5IGxvZyBiYWNrdXBzCgpHZXQgaW5zaWdodHMgaW50byB0aGUgc3VjY2VzcyBhbmQgZmFpbHVyZSByYXRlcyBvZiBiaW5sb2cgb3BlcmF0aW9ucywgdGltZWxpbmVzcyBvZiBwcm9jZXNzaW5nIGFuZCB1cGxvYWRzIGFuZCBwb3RlbnRpYWwgZ2FwcyBvciBpbmNvbnNpc3RlbmNpZXMgaW4gYmlubG9nIGRhdGEgd2l0aCB0aGUgUHJvbWV0aGV1cyBtZXRyaWNzIGFkZGVkIGZvciB0aGUgT3BlcmF0b3IuIEdhdGhlciB0aGlzIGRhdGEgYnkgY29ubmVjdGluZyB0byB0aGUgYDxwaXRyLXBvZC1zZXJ2aWNlPjo4MDgwL21ldHJpY3NgIGVuZHBvaW50LiBMZWFybiBtb3JlIGFib3V0IHRoZSBhdmFpbGFibGUgbWV0cmljcyBpbiB0aGUgW2RvY3VtZW50YXRpb25dKGh0dHBzOi8vZG9jcy5wZXJjb25hLmNvbS9wZXJjb25hLW9wZXJhdG9yLWZvci1teXNxbC9weGMvYmFja3Vwcy1waXRyLmh0bWwjYmluYXJ5LWxvZ3Mtc3RhdGlzdGljcykuCgojIyMjIERlcHJlY2F0aW9uLCBSZW5hbWUgYW5kIFJlbW92YWwKClRoZSBgc3BlYy5oYXByb3h5LmV4cG9zZVByaW1hcnkuZW5hYmxlZGAgZmllbGQgaXMgZGVwcmVjYXRlZC4gSWYgZW5hYmxlZCB2aWEgdGhlIGBzcGVjLmhhcHJveHkuZW5hYmxlZGAsIHRoZSBIQVByb3h5IHByaW1hcnkgc2VydmljZSBpcyBhbHJlYWR5IGV4cG9zZWQuCgojIyMjIE5ldyBGZWF0dXJlcwoKLSBbSzhTUFhDLTc0N10oaHR0cHM6Ly9wZXJjb25hZGV2LmF0bGFzc2lhbi5uZXQvYnJvd3NlL0s4U1BYQy03NDcpLCBbSzhTUFhDLTE0NzNdKGh0dHBzOi8vcGVyY29uYWRldi5hdGxhc3NpYW4ubmV0L2Jyb3dzZS9LOFNQWEMtMTQ3MykgLSBBZGQgdGhlIGFiaWxpdHkgdG8gYWNjZXNzIHRoZSBzdGF0aXN0aWNzIHBhZ2VzIGZvciBIQVByb3h5IGFuZCBQcm94eVNRTAoKLSBbSzhTUFhDLTEzNjZdKGh0dHBzOi8vcGVyY29uYWRldi5hdGxhc3NpYW4ubmV0L2Jyb3dzZS9LOFNQWEMtMTM2NikgLSBBZGQgdGhlIGFiaWxpdHkgdG8gcXVldWUgYmFja3VwcyBhbmQgcnVuIHRoZW0gc2VxdWVudGlhbGx5LCBhbmQgdG8gb3B0aW1pemUgdGhlIGNsdXN0ZXIgbG9hZCB3aXRoIHRoZSBhYmlsaXR5IHRvIHN1c3BlbmQgYmFja3VwcyBmb3IgYW4gdW5oZWFsdGh5IGNsdXN0ZXIuIEEgdXNlciBjYW4gYXNzaWduIHRoZSBzdGFydCB0aW1lIGFuZCBzdXNwZW5zaW9uIHRpbWUgdG8gYmFja3VwcyB0byBtYW5hZ2UgdGhlbSBiZXR0ZXIuCgotIFtLOFNQWEMtMTQzMl0oaHR0cHM6Ly9wZXJjb25hZGV2LmF0bGFzc2lhbi5uZXQvYnJvd3NlL0s4U1BYQy0xNDMyKSAtIEVuYWJsZSB1c2VycyB0byBjb25maWd1cmUgY2x1c3Rlci13aWRlIE9wZXJhdG9yIGRlcGxveW1lbnRzIGluIE9wZW5TaGlmdCBjZXJ0aWZpZWQgY2F0YWxvZyB1c2luZyBPTE0uCgojIyMjIEltcHJvdmVtZW50cwoKLSBbSzhTUFhDLTEzNjddKGh0dHBzOi8vcGVyY29uYWRldi5hdGxhc3NpYW4ubmV0L2Jyb3dzZS9LOFNQWEMtMTM2NykgLSBOb3cgYSB1c2VyIGNhbiBjb25maWd1cmUgUmVhZGluZXNzIGFuZCBMaXZlbmVzcyBwcm9iZXMgZm9yIFBNTSBDbGllbnQgY29udGFpbmVyIHRvIGNoZWNrIGl0cyBoZWFsdGggYW5kIHN0YXR1cwoKLSBbSzhTUFhDLTE0NjFdKGh0dHBzOi8vcGVyY29uYWRldi5hdGxhc3NpYW4ubmV0L2Jyb3dzZS9LOFNQWEMtMTQ2MSkgLSBJbXByb3ZlIGxvZ2dpbmcgZm9yIHJlc2l6aW5nIFBWQyB3aXRoIHRoZSBpbmZvcm1hdGlvbiBhYm91dCBzdWNjZXNzZnVsIGFuZCBmYWlsZWQgUFZDIHJlc2l6ZS4gTG9nIGVycm9ycyBvbiByZXNpemUgYXR0ZW1wdHMgaWYgdGhlIFN0b3JhZ2UgQ2xhc3MgZG9lc24ndCBzdXBwb3J0IHJlc2l6aW5nLgoKLSBbSzhTUFhDLTE0NjZdKGh0dHBzOi8vcGVyY29uYWRldi5hdGxhc3NpYW4ubmV0L2Jyb3dzZS9LOFNQWEMtMTQ2NikgLSBNYXJrIHRoZSBjb250YWluZXJzIHRoYXQgcHJvdmlkZSB0aGUgc2VydmljZSBhcyBkZWZhdWx0IG9uZXMgd2l0aCB0aGUgYW5ub3RhdGlvbi4gVGhpcyBlbmFibGVzIGEgdXNlciB0byBjb25uZWN0IHRvIGEgUG9kIHdpdGhvdXQgZXhwbGljaXRseSBzcGVjaWZ5aW5nIGEgY29udGFpbmVyLgoKLSBbSzhTUFhDLTE0NzNdKGh0dHBzOi8vcGVyY29uYWRldi5hdGxhc3NpYW4ubmV0L2Jyb3dzZS9LOFNQWEMtMTQ3MykgLSBBZGQgdGhlIGFiaWxpdHkgdG8gY29ubmVjdCB0byB0aGUgYnVpbHQtaW4gc3RhdGlzdGljcyBwYWdlcyBmb3IgSEFQcm94eSBhbmQgUHJveHlTUUwgYnkgZXhwb3NpbmcgdGhlIHBvcnRzIGZvciB0aG9zZSBwYWdlcwoKLSBbSzhTUFhDLTE0NzVdKGh0dHBzOi8vcGVyY29uYWRldi5hdGxhc3NpYW4ubmV0L2Jyb3dzZS9LOFNQWEMtMTQ3NSkgLSBVcGRhdGUgdGhlIGJhY2t1cCBpbWFnZSB0byB1c2UgQVdTIENMSSBpbnN0ZWFkIG9mIE1pbklPIENMSSBkdWUgdG8gdGhlIGxpY2Vuc2UgY2hhbmdlCgotIFtLOFNQWEMtMTUxMF0oaHR0cHM6Ly9wZXJjb25hZGV2LmF0bGFzc2lhbi5uZXQvYnJvd3NlL0s4U1BYQy0xNTEwKSAtIEFkZCB0aGUgYWJpbGl0eSB0byBzdXBwcmVzcyBtZXNzYWdlcyBhYm91dCB0aGUgdXNlIG9mIGRlcHJlY2F0ZWQgZmVhdHVyZXMgaW4gTXlTUUwgRXJyb3IgTG9nIGJ5IGFkZGluZyB0aGUgYGxvZ19lcnJvcl9zdXBwcmVzc2lvbl9saXN0YCBrZXkgZnJvbSB0aGUgYG15LmNuZmAgY29uZmlndXJhdGlvbiBmaWxlIGFuZCBkZWZpbmluZyB0aGUgbWVzc2FnZSBudW1iZXIgaW4gdGhlIGBzcGVjLnB4Yy5jb25maWd1cmF0aW9uYCBzdWJzZWN0aW9uIG9mIHRoZSBDdXN0b20gUmVzb3VyY2UgbWFuaWZlc3QuIFNlZSBbaG93IHRvIGNoYW5nZSBNeVNRTCBvcHRpb25zXShodHRwczovL2RvY3MucGVyY29uYS5jb20vcGVyY29uYS1vcGVyYXRvci1mb3ItbXlzcWwvcHhjL29wdGlvbnMuaHRtbCkgZm9yIHN0ZXBzLiBUaGlzIGltcHJvdmVzIHJlYWRhYmlsaXR5IGZvciBNeVNRTCBlcnJvciBsb2cuCgotIFtLOFNQWEMtMTUxMl0oaHR0cHM6Ly9wZXJjb25hZGV2LmF0bGFzc2lhbi5uZXQvYnJvd3NlL0s4U1BYQy0xNTEyKSAtIEZvciBQZXJjb25hIFh0cmFEQiBDbHVzdGVyIHZlcnNpb24gOC40IGFuZCBhYm92ZSwgYmluYXJ5IGxvZyB1c2VyIGRlZmluZWQgZnVuY3Rpb25zIGZvciBwb2ludC1pbi10aW1lIHJlY292ZXJ5IChgYmlubG9nX3V0aWxzX3VkZmApIGFyZSBub3cgaW5zdGFsbGVkIGFzIGEgY29tcG9uZW50IGluc3RlYWQgb2YgYSBwbHVnaW4uIFRoaXMgaW1wcm92ZXMgdGhlaXIgY29tcGF0aWJpbGl0eSBhY3Jvc3MgcGxhdGZvcm1zIGFuZCBwcm92aWRlcyBhdXRvbWF0aWMgZGVwZW5kZW5jeSBoYW5kbGluZy4KCi0gW0s4U1BYQy0xNTQyXShodHRwczovL3BlcmNvbmFkZXYuYXRsYXNzaWFuLm5ldC9icm93c2UvSzhTUFhDLTE1NDIpIC0gSW1wcm92ZSBiaW5sb2cgdXBsb2FkIGZvciBsYXJnZSBmaWxlcyB0byBBenVyZSBibG9iIHN0b3JhZ2Ugd2l0aCB0aGUgYWJpbGl0eSB0byBkZWZpbmUgdGhlIGJsb2NrIHNpemUgYW5kIHRoZSBudW1iZXIgb2YgY29uY3VycmVudCB3cml0ZXJzIGZvciB0aGUgdXBsb2FkIChUaGFua3MgdG8gdXNlciBkY2FwdXRvLWhhcm1vbmkgZm9yIGNvbnRyaWJ1dGlvbikKCi0gW0s4U1BYQy0xNTQzXShodHRwczovL3BlcmNvbmFkZXYuYXRsYXNzaWFuLm5ldC9icm93c2UvSzhTUFhDLTE1NDMpIC0gU2V0IFBJVFIgY29udHJvbGxlciByZWZlcmVuY2UgZm9yIGJpbmxvZy1jb2xsZWN0b3IgZGVwbG95bWVudCB0aGUgc2FtZSB3YXkgYXMgaXQncyBzZXQgZm9yIFBYQyBhbmQgcHJveHkgU3RhdGVmdWxTZXRzLiBUaGlzIGNyZWF0ZXMgYSBjb25uZWN0aW9uIGJldHdlZW4gUElUUiBkZXBsb3ltZW50IGFuZCBjbHVzdGVyIHJlc291cmNlIChUaGFuayB5b3UgVmxhZCBHdXNldiBmb3IgdGhlIGNvbnRyaWJ1dGlvbikKCi0gW0s4U1BYQy0xNTQ0XShodHRwczovL3BlcmNvbmFkZXYuYXRsYXNzaWFuLm5ldC9icm93c2UvSzhTUFhDLTE1NDQpIC0gSW1wcm92ZSBvYnNlcnZhYmlsaXR5IG9mIGJpbmxvZyBjb2xsZWN0b3IgYnkgYWRkaW5nIHRoZSBzdXBwb3J0IG9mIGJhc2ljIFByb21ldGhldXMgbWV0cmljcyAoVGhhbmsgeW91IFZsYWQgR3VzZXYgZm9yIHRoZSBjb250cmlidXRpb24pCgotIFtLOFNQWEMtMTU2N10oaHR0cHM6Ly9wZXJjb25hZGV2LmF0bGFzc2lhbi5uZXQvYnJvd3NlL0s4U1BYQy0xNTY3KSAtIE4KCjwvZGV0YWlscz4KCi0tLQoKIyMjIENvbmZpZ3VyYXRpb24KCvCfk4UgKipTY2hlZHVsZSoqOiBCcmFuY2ggY3JlYXRpb24gLSBBdCBhbnkgdGltZSAobm8gc2NoZWR1bGUgZGVmaW5lZCksIEF1dG9tZXJnZSAtIEF0IGFueSB0aW1lIChubyBzY2hlZHVsZSBkZWZpbmVkKS4KCvCfmqYgKipBdXRvbWVyZ2UqKjogRGlzYWJsZWQgYnkgY29uZmlnLiBQbGVhc2UgbWVyZ2UgdGhpcyBtYW51YWxseSBvbmNlIHlvdSBhcmUgc2F0aXNmaWVkLgoK4pm7ICoqUmViYXNpbmcqKjogV2hlbmV2ZXIgUFIgYmVjb21lcyBjb25mbGljdGVkLCBvciB5b3UgdGljayB0aGUgcmViYXNlL3JldHJ5IGNoZWNrYm94LgoK8J+RuyAqKkltbW9ydGFsKio6IFRoaXMgUFIgd2lsbCBiZSByZWNyZWF0ZWQgaWYgY2xvc2VkIHVubWVyZ2VkLiBHZXQgW2NvbmZpZyBoZWxwXShodHRwczovL3JlZGlyZWN0LmdpdGh1Yi5jb20vcmVub3ZhdGVib3QvcmVub3ZhdGUvZGlzY3Vzc2lvbnMpIGlmIHRoYXQncyB1bmRlc2lyZWQuCgotLS0KCiAtIFsgXSA8IS0tIHJlYmFzZS1jaGVjayAtLT5JZiB5b3Ugd2FudCB0byByZWJhc2UvcmV0cnkgdGhpcyBQUiwgY2hlY2sgdGhpcyBib3gKCi0tLQoKVGhpcyBQUiB3YXMgZ2VuZXJhdGVkIGJ5IFtNZW5kIFJlbm92YXRlXShodHRwczovL21lbmQuaW8vcmVub3ZhdGUvKS4gVmlldyB0aGUgW3JlcG9zaXRvcnkgam9iIGxvZ10oaHR0cHM6Ly9kZXZlbG9wZXIubWVuZC5pby9naXRodWIvdmV4eGhvc3QvYXRtb3NwaGVyZSkuCjwhLS1yZW5vdmF0ZS1kZWJ1ZzpleUpqY21WaGRHVmtTVzVXWlhJaU9pSXpPUzR5TmpRdU1DSXNJblZ3WkdGMFpXUkpibFpsY2lJNklqUXlMamcxTGpFaUxDSjBZWEpuWlhSQ2NtRnVZMmdpT2lKemRHRmliR1V2TWpBeU15NHhJaXdpYkdGaVpXeHpJanBiSW5OcmFYQXRjbVZzWldGelpTMXViM1JsY3lKZGZRPT0tLT4K patchset: 5d635ae7d201989f087661c6356a3703e1026788 pipeline: check playbook_context: playbook_projects: trusted/project_0/vexxhost.dev/zuul-config: canonical_name: vexxhost.dev/zuul-config checkout: main commit: 9052b5a7781b3346e4cffd452a54448cbff54d8b trusted/project_1/opendev.org/zuul/zuul-jobs: canonical_name: opendev.org/zuul/zuul-jobs checkout: master commit: 691c03cc007bee9934da14cf46c86009616a2aef trusted/project_2/github.com/vexxhost/zuul-jobs: canonical_name: github.com/vexxhost/zuul-jobs checkout: main commit: a6e68243e02ef030ce5e75f8b67630880c475f33 untrusted/project_0/github.com/vexxhost/zuul-jobs: canonical_name: github.com/vexxhost/zuul-jobs checkout: main commit: a6e68243e02ef030ce5e75f8b67630880c475f33 untrusted/project_1/vexxhost.dev/zuul-config: canonical_name: vexxhost.dev/zuul-config checkout: main commit: 9052b5a7781b3346e4cffd452a54448cbff54d8b untrusted/project_2/opendev.org/zuul/zuul-jobs: canonical_name: opendev.org/zuul/zuul-jobs checkout: master commit: 691c03cc007bee9934da14cf46c86009616a2aef untrusted/project_3/github.com/vexxhost/atmosphere: canonical_name: github.com/vexxhost/atmosphere checkout: stable/2023.1 commit: 5d635ae7d201989f087661c6356a3703e1026788 untrusted/project_4/opendev.org/openstack/openstack-helm: canonical_name: opendev.org/openstack/openstack-helm checkout: master commit: aed8f582614604caa8594f2652804ec45990f1c0 playbooks: - path: untrusted/project_0/github.com/vexxhost/zuul-jobs/playbooks/molecule/run.yaml roles: - checkout: master checkout_description: project default branch link_name: ansible/playbook_0/role_1/zuul-jobs link_target: untrusted/project_2/opendev.org/zuul/zuul-jobs role_path: ansible/playbook_0/role_1/zuul-jobs/roles - checkout: main checkout_description: playbook branch link_name: ansible/playbook_0/role_2/zuul-jobs link_target: untrusted/project_0/github.com/vexxhost/zuul-jobs role_path: ansible/playbook_0/role_2/zuul-jobs/roles post_review: false post_timeout: null pre_timeout: null project: canonical_hostname: github.com canonical_name: github.com/vexxhost/atmosphere name: vexxhost/atmosphere short_name: atmosphere src_dir: src/github.com/vexxhost/atmosphere projects: github.com/vexxhost/atmosphere: canonical_hostname: github.com canonical_name: github.com/vexxhost/atmosphere checkout: stable/2023.1 checkout_description: zuul branch commit: 5d635ae7d201989f087661c6356a3703e1026788 name: vexxhost/atmosphere required: false short_name: atmosphere src_dir: src/github.com/vexxhost/atmosphere ref: refs/pull/2595/head resources: {} tenant: oss timeout: 1800 topic: null voting: true