Setup notation signing keys

Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
refactor(trustpolicy): jasonthedeveloper -> stefanprodan
2026-04-07 03:26:54 +00:00 · 2024-02-25 12:10:06 +02:00 · 2024-02-09 10:59:44 +11:00 · 2024-02-09 10:47:11 +11:00 · 2024-02-09 10:42:51 +11:00 · 2024-02-09 10:41:19 +11:00
195 changed files with 28990 additions and 1926 deletions
--- a/.cosign/README.md
+++ b/.cosign/README.md
@@ -1,9 +1,10 @@
 # Podinfo signed releases
-Podinfo deployment manifests are published to GitHub Container Registry as OCI artifacts
+Podinfo release assets (container image, Helm chart, Flux artifact, Timoni module)
-and are signed using [cosign](https://github.com/sigstore/cosign).
+are published to GitHub Container Registry and are signed with
 [Cosign v2](https://github.com/sigstore/cosign) keyless & GitHub Actions OIDC.
-## Verify the artifacts with cosign
+## Verify podinfo with cosign
 Install the [cosign](https://github.com/sigstore/cosign) CLI:
@@ -11,29 +12,50 @@ Install the [cosign](https://github.com/sigstore/cosign) CLI:
 brew install sigstore/tap/cosign
 ```
-Verify a podinfo release with cosign CLI:
+### Container image
 Verify the podinfo container image hosted on GHCR:
 ```sh
-cosign verify -key https://raw.githubusercontent.com/stefanprodan/podinfo/master/cosign/cosign.pub \
+cosign verify ghcr.io/stefanprodan/podinfo:6.5.0 \
-ghcr.io/stefanprodan/podinfo-deploy:latest
+--certificate-identity-regexp="^https://github.com/stefanprodan/podinfo.*$" \
 --certificate-oidc-issuer=https://token.actions.githubusercontent.com
 ```
-## Download the artifacts with crane
+Verify the podinfo container image hosted on Docker Hub:
 Install the [crane](https://github.com/google/go-containerregistry/tree/main/cmd/crane) CLI:
 ```sh
-brew install crane
+cosign verify docker.io/stefanprodan/podinfo:6.5.0 \
 --certificate-identity-regexp="^https://github.com/stefanprodan/podinfo.*$" \
 --certificate-oidc-issuer=https://token.actions.githubusercontent.com
 ```
-Download the podinfo deployment manifests with crane CLI:
+### Helm chart
-```console
+Verify the podinfo [Helm](https://helm.sh) chart hosted on GHCR:
 $ crane export ghcr.io/stefanprodan/podinfo-deploy:latest -| tar -xf - 
-$ ls -1
+```sh
-deployment.yaml
+cosign verify ghcr.io/stefanprodan/charts/podinfo:6.5.0 \
-hpa.yaml
+--certificate-identity-regexp="^https://github.com/stefanprodan/podinfo.*$" \
-kustomization.yaml
+--certificate-oidc-issuer=https://token.actions.githubusercontent.com
-service.yaml
+```
 ### Flux artifact
 Verify the podinfo [Flux](https://fluxcd.io) artifact hosted on GHCR:
 ```sh
 cosign verify ghcr.io/stefanprodan/manifests/podinfo:6.5.0 \
 --certificate-identity-regexp="^https://github.com/stefanprodan/podinfo.*$" \
 --certificate-oidc-issuer=https://token.actions.githubusercontent.com
 ```
 ### Timoni module
 Verify the podinfo [Timoni](https://timoni.sh) module hosted on GHCR:
 ```sh
 cosign verify ghcr.io/stefanprodan/modules/podinfo:6.5.0 \
 --certificate-identity-regexp="^https://github.com/stefanprodan/podinfo.*$" \
 --certificate-oidc-issuer=https://token.actions.githubusercontent.com
 ```
--- a/.gitattributes
+++ b/.gitattributes
@@ -0,0 +1 @@
 timoni/podinfo/cue.mod/** linguist-vendored
--- a/.github/FUNDING.yml
+++ b/.github/FUNDING.yml
@@ -0,0 +1 @@
 github: stefanprodan
--- a/.github/actions/helm/action.yml
+++ b/.github/actions/helm/action.yml
@@ -1,33 +0,0 @@
 name: Setup Helm CLI
 description: A GitHub Action for running Helm commands
 author: Stefan Prodan
 branding:
  color: blue
  icon: command
 inputs:
  version:
    description: "Helm version"
    required: true
 runs:
  using: composite
  steps:
    - name: "Download helm binary to tmp"
      shell: bash
      run: |
        VERSION=${{ inputs.version }}
        BIN_URL="https://get.helm.sh/helm-v${VERSION}-linux-amd64.tar.gz"
        curl -sL ${BIN_URL} -o /tmp/helm.tar.gz
        mkdir -p /tmp/helm
        tar -C /tmp/helm/ -zxvf /tmp/helm.tar.gz
    - name: "Add helm binary to /usr/local/bin"
      shell: bash
      run: |
        sudo cp /tmp/helm/linux-amd64/helm /usr/local/bin
    - name: "Cleanup tmp"
      shell: bash
      run: |
        rm -rf /tmp/helm/ /tmp/helm.tar.gz
    - name: "Verify correct installation of binary"
      shell: bash
      run: |
        helm version
--- a/.github/actions/kubeconform/action.yml
+++ b/.github/actions/kubeconform/action.yml
@@ -0,0 +1,38 @@
 name: Setup kubeconform
 description: A GitHub Action for running kubeconform commands
 author: Stefan Prodan
 branding:
  color: blue
  icon: command
 inputs:
  version:
    description: "kubeconform version e.g. 0.5.0 (defaults to latest stable release)"
    required: false
  arch:
    description: "arch can be amd64 or arm64"
    required: true
    default: "amd64"
 runs:
  using: composite
  steps:
    - name: "Download binary to the GH runner cache"
      shell: bash
      run: |  
        ARCH=${{ inputs.arch }}
        VERSION=${{ inputs.version }}
        if [ -z $VERSION ]; then
          VERSION=$(curl https://api.github.com/repos/yannh/kubeconform/releases/latest -sL | grep tag_name | sed -E 's/.*"([^"]+)".*/\1/' | cut -c 2-)
        fi
        BIN_URL="https://github.com/yannh/kubeconform/releases/download/v${VERSION}/kubeconform-linux-${ARCH}.tar.gz"
        BIN_DIR=$RUNNER_TOOL_CACHE/kubeconform/$VERSION/$ARCH
        if [[ ! -x "$BIN_DIR/kind" ]]; then
          mkdir -p $BIN_DIR
          cd $BIN_DIR
          curl -sL $BIN_URL | tar xz
          chmod +x kubeconform
        fi
        echo "$BIN_DIR" >> "$GITHUB_PATH"
--- a/.github/policy/kubernetes.rego
+++ b/.github/policy/kubernetes.rego
@@ -1,51 +0,0 @@
 package kubernetes
 name = input.metadata.name
 kind = input.kind
 is_service {
 	input.kind = "Service"
 }
 is_deployment {
 	input.kind = "Deployment"
 }
 is_pod {
 	input.kind = "Pod"
 }
 split_image(image) = [image, "latest"] {
 	not contains(image, ":")
 }
 split_image(image) = [image_name, tag] {
 	[image_name, tag] = split(image, ":")
 }
 pod_containers(pod) = all_containers {
 	keys = {"containers", "initContainers"}
 	all_containers = [c | keys[k]; c = pod.spec[k][_]]
 }
 containers[container] {
 	pods[pod]
 	all_containers = pod_containers(pod)
 	container = all_containers[_]
 }
 containers[container] {
 	all_containers = pod_containers(input)
 	container = all_containers[_]
 }
 pods[pod] {
 	is_deployment
 	pod = input.spec.template
 }
 pods[pod] {
 	is_pod
 	pod = input
 }
--- a/.github/policy/rules.rego
+++ b/.github/policy/rules.rego
@@ -1,43 +0,0 @@
 package main
 import data.kubernetes
 name = input.metadata.name
 # Deny containers with latest image tag
 deny[msg] {
 	kubernetes.containers[container]
 	[image_name, "latest"] = kubernetes.split_image(container.image)
 	msg = sprintf("%s in the %s %s has an image %s, using the latest tag", [container.name, kubernetes.kind, kubernetes.name, image_name])
 }
 # Deny services without app label selector
 service_labels {
  input.spec.selector["app"]
 }
 deny[msg] {
  kubernetes.is_service
  not service_labels
  msg = sprintf("Service %s should set app label selector", [name])
 }
 # Deny deployments without app label selector
 match_labels {
  input.spec.selector.matchLabels["app"]
 }
 deny[msg] {
  kubernetes.is_deployment
  not match_labels
  msg = sprintf("Service %s should set app label selector", [name])
 }
 # Warn if deployments have no prometheus pod annotations
 annotations {
  input.spec.template.metadata.annotations["prometheus.io/scrape"]
  input.spec.template.metadata.annotations["prometheus.io/port"]
 }
 warn[msg] {
  kubernetes.is_deployment
  not annotations
  msg = sprintf("Deployment %s should set prometheus.io/scrape and prometheus.io/port pod annotations", [name])
 }
--- a/.github/workflows/cve-scan.yml
+++ b/.github/workflows/cve-scan.yml
@@ -3,20 +3,23 @@ name: cve-scan
 on:
  push:
    branches:
-      - 'master'
+      - "master"
 permissions:
  contents: read
 jobs:
  trivy:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout
-        uses: actions/checkout@v2
+        uses: actions/checkout@v3
      - name: Build image
        id: build
        run: |
          IMAGE=test/podinfo:${GITHUB_SHA}
          docker build -t ${IMAGE} .
-          echo "::set-output name=image::$IMAGE"
+          echo "image=$IMAGE" >> $GITHUB_OUTPUT
      - name: Run Trivy vulnerability scanner
        uses: aquasecurity/trivy-action@master
        with:
--- a/.github/workflows/e2e.yml
+++ b/.github/workflows/e2e.yml
@@ -6,28 +6,28 @@ on:
    branches:
      - 'master'
 permissions:
  contents: read
 jobs:
  kind-helm:
    strategy:
      matrix:
        helm-version:
          - 3.9.0
    runs-on: ubuntu-latest
    steps:
      - name: Checkout
-        uses: actions/checkout@v2
+        uses: actions/checkout@v4
      - name: Setup Kubernetes
-        uses: engineerd/setup-kind@v0.5.0
+        uses: helm/kind-action@v1.8.0
        with:
-          version: v0.11.1
+          version: v0.20.0
          cluster_name: kind
      - name: Build container image
        run: |
          ./test/build.sh
          kind load docker-image test/podinfo:latest
      - name: Setup Helm
-        uses: ./.github/actions/helm
+        uses: azure/setup-helm@v3
        with:
-          version: ${{ matrix.helm-version }}
+          version: v3.12.3
      - name: Deploy
        run: ./test/deploy.sh
      - name: Run integration tests
@@ -36,3 +36,45 @@ jobs:
        if: failure()
        run: |
          kubectl logs -l app=podinfo || true
  kind-timoni:
    runs-on: ubuntu-latest
    services:
      registry:
        image: registry:2
        ports:
          - 5000:5000
    env:
      PODINFO_IMAGE_URL: "test/podinfo"
      PODINFO_MODULE_URL: "oci://localhost:5000/podinfo"
      PODINFO_VERSION: "0.0.0-devel"
    steps:
      - name: Checkout
        uses: actions/checkout@v4
      - name: Setup Timoni
        uses: stefanprodan/timoni/actions/setup@main
      - name: Setup Kubernetes
        uses: helm/kind-action@v1.8.0
        with:
          version: v0.20.0
          cluster_name: kind
      - name: Build container
        run: |
          docker build -t ${PODINFO_IMAGE_URL}:${PODINFO_VERSION} --build-arg "REVISION=${GITHUB_SHA}"  -f Dockerfile.xx .
          kind load docker-image ${PODINFO_IMAGE_URL}:${PODINFO_VERSION}
      - name: Vet module
        run: |
          timoni mod vet ./timoni/podinfo --debug
      - name: Build module
        run: |
          timoni mod push ./timoni/podinfo ${PODINFO_MODULE_URL} -v ${PODINFO_VERSION}
      - name: Apply bundle
        run: |
          timoni bundle apply -f ./timoni/bundles/test.podinfo.cue --runtime-from-env
      - name: Verify status
        run: |
          timoni -n podinfo status backend
          timoni -n podinfo status frontend
      - name: Debug failure
        if: failure()
        run: |
          kubectl -n podinfo get all || true
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -6,36 +6,55 @@ on:
      - '*'
 permissions:
-  contents: write # needed to write releases
+  contents: read
  id-token: write # needed for keyless signing
  packages: write # needed for ghcr access
 jobs:
  release:
    runs-on: ubuntu-latest
    permissions:
      contents: write # needed to write releases
      id-token: write # needed for keyless signing
      packages: write # needed for ghcr access
    steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v4
-      - uses: imjasonh/setup-crane@v0.1
+      - uses: sigstore/cosign-installer@v3
-      - uses: sigstore/cosign-installer@main
+      - uses: fluxcd/flux2/action@main
-      - name: Setup Helm
+      - uses: stefanprodan/timoni/actions/setup@main
-        uses: ./.github/actions/helm
+      - name: Setup Notation CLI
        uses: notaryproject/notation-action/setup@v1
        with:
-          version: 3.8.1
+          version: "1.0.0"
      - name: Setup Notation signing keys
        run: |
          mkdir -p ~/.config/notation/localkeys/
          cp ./.notation/signingkeys.json ~/.config/notation/
          cp ./.notation/notation.crt ~/.config/notation/localkeys/
          echo "$NOTATION_KEY" > ~/.config/notation/localkeys/notation.key
        env:
          NOTATION_KEY: ${{ secrets.NOTATION_SIGNING_KEY }}
      - name: Setup Go
        uses: actions/setup-go@v4
        with:
          go-version: 1.21.x
      - name: Setup Helm
        uses: azure/setup-helm@v3
        with:
          version: v3.12.3
      - name: Setup QEMU
-        uses: docker/setup-qemu-action@v1
+        uses: docker/setup-qemu-action@v3
        with:
          platforms: all
      - name: Setup Docker Buildx
        id: buildx
-        uses: docker/setup-buildx-action@v1
+        uses: docker/setup-buildx-action@v3
      - name: Login to GitHub Container Registry
-        uses: docker/login-action@v1
+        uses: docker/login-action@v3
        with:
          registry: ghcr.io
-          username: ${{ secrets.DOCKER_USERNAME }}
+          username: ${{ github.actor }}
-          password: ${{ secrets.GHCR_TOKEN }}
+          password: ${{ secrets.GITHUB_TOKEN }}
      - name: Login to Docker Hub
-        uses: docker/login-action@v1
+        uses: docker/login-action@v3
        with:
          username: ${{ secrets.DOCKER_USERNAME }}
          password: ${{ secrets.DOCKER_PASSWORD }}
@@ -46,43 +65,68 @@ jobs:
          if [[ $GITHUB_REF == refs/tags/* ]]; then
            VERSION=${GITHUB_REF/refs\/tags\//}
          fi
-          echo ::set-output name=BUILD_DATE::$(date -u +'%Y-%m-%dT%H:%M:%SZ')
+          echo "BUILD_DATE=$(date -u +'%Y-%m-%dT%H:%M:%SZ')" >> $GITHUB_OUTPUT
-          echo ::set-output name=VERSION::${VERSION}
+          echo "VERSION=${VERSION}" >> $GITHUB_OUTPUT
-      - name: Publish multi-arch image
+          echo "REVISION=${GITHUB_SHA}" >> $GITHUB_OUTPUT
-        uses: docker/build-push-action@v2
+      - name: Generate images meta
        id: meta
        uses: docker/metadata-action@v5
        with:
          images: |
            docker.io/stefanprodan/podinfo
            ghcr.io/stefanprodan/podinfo
          tags: |
            type=raw,value=${{ steps.prep.outputs.VERSION }}
            type=raw,value=latest
      - name: Publish multi-arch image
        uses: docker/build-push-action@v5
        with:
          sbom: true
          provenance: true
          push: true
          builder: ${{ steps.buildx.outputs.name }}
          context: .
          file: ./Dockerfile.xx
          build-args: |
            REVISION=${{ steps.prep.outputs.REVISION }}
          platforms: linux/amd64,linux/arm/v7,linux/arm64
-          tags: |
+          tags: ${{ steps.meta.outputs.tags }}
-            docker.io/stefanprodan/podinfo:${{ steps.prep.outputs.VERSION }}
+          labels: ${{ steps.meta.outputs.labels }}
-            docker.io/stefanprodan/podinfo:latest
+      - name: Publish Timoni module to GHCR
-            ghcr.io/stefanprodan/podinfo:${{ steps.prep.outputs.VERSION }}
+        run: |
-          labels: |
+          timoni mod push ./timoni/podinfo oci://ghcr.io/stefanprodan/modules/podinfo \
-            org.opencontainers.image.title=${{ github.event.repository.name }}
+          --sign cosign \
-            org.opencontainers.image.description=${{ github.event.repository.description }}
+          --version ${{ steps.prep.outputs.VERSION }} \
-            org.opencontainers.image.source=${{ github.event.repository.html_url }}
+          -a 'org.opencontainers.image.source=https://github.com/stefanprodan/podinfo' \
-            org.opencontainers.image.url=${{ github.event.repository.html_url }}
+          -a 'org.opencontainers.image.licenses=Apache-2.0' \
-            org.opencontainers.image.revision=${{ github.sha }}
+          -a 'org.opencontainers.image.description=A timoni.sh module for deploying Podinfo.' \
-            org.opencontainers.image.version=${{ steps.prep.outputs.VERSION }}
+          -a 'org.opencontainers.image.documentation=https://github.com/stefanprodan/podinfo/blob/main/timoni/podinfo/README.md'
            org.opencontainers.image.created=${{ steps.prep.outputs.BUILD_DATE }}
      - name: Publish Helm chart to GHCR
        run: |
          helm package charts/podinfo
          helm push podinfo-${{ steps.prep.outputs.VERSION }}.tgz oci://ghcr.io/stefanprodan/charts
          rm podinfo-${{ steps.prep.outputs.VERSION }}.tgz
-      - name: Sign images
+      - name: Publish Flux OCI artifact to GHCR
        run: |
          flux push artifact oci://ghcr.io/stefanprodan/manifests/podinfo:${{ steps.prep.outputs.VERSION }} \
            --path="./kustomize" \
            --source="${{ github.event.repository.html_url }}" \
            --revision="${GITHUB_REF_NAME}/${GITHUB_SHA}"
          flux tag artifact oci://ghcr.io/stefanprodan/manifests/podinfo:${{ steps.prep.outputs.VERSION }} --tag latest
      - name: Sign OCI artifacts
        env:
          COSIGN_EXPERIMENTAL: 1
        run: |
-          cosign sign docker.io/stefanprodan/podinfo:${{ steps.prep.outputs.VERSION }}
+          cosign sign docker.io/stefanprodan/podinfo:${{ steps.prep.outputs.VERSION }} --yes
-          cosign sign docker.io/stefanprodan/podinfo:latest
+          cosign sign ghcr.io/stefanprodan/podinfo:${{ steps.prep.outputs.VERSION }} --yes
-          cosign sign ghcr.io/stefanprodan/podinfo:${{ steps.prep.outputs.VERSION }}
+          cosign sign ghcr.io/stefanprodan/charts/podinfo:${{ steps.prep.outputs.VERSION }} --yes
-          cosign sign ghcr.io/stefanprodan/charts/podinfo:${{ steps.prep.outputs.VERSION }}
+          cosign sign ghcr.io/stefanprodan/manifests/podinfo:${{ steps.prep.outputs.VERSION }} --yes
          notation sign --signature-format cose docker.io/stefanprodan/podinfo:${{ steps.prep.outputs.VERSION }}
          notation sign --signature-format cose ghcr.io/stefanprodan/podinfo:${{ steps.prep.outputs.VERSION }}
          notation sign --signature-format cose ghcr.io/stefanprodan/charts/podinfo:${{ steps.prep.outputs.VERSION }}
          notation sign --signature-format cose ghcr.io/stefanprodan/manifests/podinfo:${{ steps.prep.outputs.VERSION }}
      - name: Publish base image
-        uses: docker/build-push-action@v2
+        uses: docker/build-push-action@v5
        with:
          push: true
          builder: ${{ steps.buildx.outputs.name }}
@@ -96,16 +140,18 @@ jobs:
          token: ${{ secrets.GITHUB_TOKEN }}
      - name: Publish config artifact
        run: |
-          cd kustomize
+          flux push artifact oci://ghcr.io/stefanprodan/podinfo-deploy:${{ steps.prep.outputs.VERSION }} \
-          tar -cf config.tar * --numeric-owner --owner=0 --group=0
+            --path="./kustomize" \
-          crane append -f config.tar -t ghcr.io/stefanprodan/podinfo-deploy:${{ steps.prep.outputs.VERSION }}
+            --source="${{ github.event.repository.html_url }}" \
-          crane tag ghcr.io/stefanprodan/podinfo-deploy:${{ steps.prep.outputs.VERSION }} latest
+            --revision="${GITHUB_REF_NAME}/${GITHUB_SHA}"
-          rm config.tar
+          flux tag artifact oci://ghcr.io/stefanprodan/podinfo-deploy:${{ steps.prep.outputs.VERSION }} --tag latest
      - name: Sign config artifact
        run: |
          echo "$COSIGN_KEY" > /tmp/cosign.key
-          cosign sign -key /tmp/cosign.key ghcr.io/stefanprodan/podinfo-deploy:${{ steps.prep.outputs.VERSION }}
+          cosign sign -key /tmp/cosign.key ghcr.io/stefanprodan/podinfo-deploy:${{ steps.prep.outputs.VERSION }} --yes
-          cosign sign -key /tmp/cosign.key ghcr.io/stefanprodan/podinfo-deploy:latest
+          cosign sign -key /tmp/cosign.key ghcr.io/stefanprodan/podinfo-deploy:latest --yes
          notation sign --signature-format cose ghcr.io/stefanprodan/podinfo-deploy:${{ steps.prep.outputs.VERSION }}
          notation sign --signature-format cose ghcr.io/stefanprodan/podinfo-deploy:latest
        env:
          COSIGN_PASSWORD: ${{secrets.COSIGN_PASSWORD}}
          COSIGN_KEY: ${{secrets.COSIGN_KEY}}
@@ -115,7 +161,7 @@ jobs:
          echo 'CHANGELOG' > /tmp/release.txt
          github-release-notes -org stefanprodan -repo podinfo -since-latest-release >> /tmp/release.txt
      - name: Publish release
-        uses: goreleaser/goreleaser-action@v1
+        uses: goreleaser/goreleaser-action@v5
        with:
          version: latest
          args: release --release-notes=/tmp/release.txt --skip-validate
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -6,32 +6,52 @@ on:
    branches:
      - 'master'
 permissions:
  contents: read
 env:
  KUBERNETES_VERSION: 1.26.0
 jobs:
  test:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout
-        uses: actions/checkout@v2
+        uses: actions/checkout@v4
      - name: Restore Go cache
        uses: actions/cache@v1
        with:
          path: ~/go/pkg/mod
          key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}
          restore-keys: ${{ runner.os }}-go-
      - name: Setup Go
-        uses: actions/setup-go@v2
+        uses: actions/setup-go@v4
        with:
-          go-version: 1.18.x
+          go-version: 1.21.x
          cache-dependency-path: |
            **/go.sum
            **/go.mod
      - name: Setup kubectl
        uses: azure/setup-kubectl@v3
        with:
          version: v${{ env.KUBERNETES_VERSION }}
      - name: Setup kubeconform
        uses: ./.github/actions/kubeconform
      - name: Setup Helm
        uses: azure/setup-helm@v3
        with:
          version: v3.10.3
      - name: Setup CUE
-        uses: cue-lang/setup-cue@main
+        uses: cue-lang/setup-cue@v1.0.0
      - name: Setup Timoni
        uses: stefanprodan/timoni/actions/setup@main
      - name: Run unit tests
        run: make test
-      - name: Generate CUE definitions
+      - name: Validate Helm chart
        run: make cue-mod
      - name: Verify CUE formatting
        working-directory: ./cue
        run: |
-          cue fmt .
+          helm lint ./charts/podinfo/
          helm template ./charts/podinfo/ | kubeconform -strict -summary -kubernetes-version ${{ env.KUBERNETES_VERSION }}
      - name: Validate Kustomize overlay
        run: |
          kubectl kustomize ./kustomize/ | kubeconform -strict -summary -kubernetes-version ${{ env.KUBERNETES_VERSION }}
      - name: Verify CUE formatting
        working-directory: ./timoni/podinfo
        run: |
          cue fmt ./..
          status=$(git status . --porcelain)
          [[ -z "$status" ]] || {
            echo "CUE files are not correctly formatted"
@@ -39,27 +59,14 @@ jobs:
            git diff
            exit 1
          }
-      - name: Validate CUE
+      - name: Validate Timoni module
-        working-directory: ./cue
+        working-directory: ./timoni/podinfo
-        run: cue vet --all-errors --concrete .
+        run: |
          timoni mod lint . 
          timoni build podinfo . -f test_values.cue | kubeconform -strict -summary -skip=ServiceMonitor -kubernetes-version ${{ env.KUBERNETES_VERSION }}
      - name: Check if working tree is dirty
        run: |
          if [[ $(git diff --stat) != '' ]]; then
            echo 'run make test and commit changes'
            exit 1
          fi
      - name: Validate Helm chart
        uses: stefanprodan/kube-tools@v1
        with:
          kubectl: 1.19.11
          helm: 2.17.0
          helmv3: 3.6.0
          command: |
            helmv3 template ./charts/podinfo | kubeval --strict --kubernetes-version 1.19.11 --schema-location https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master
      - name: Validate kustomization
        uses: stefanprodan/kube-tools@v1
        with:
          kubectl: 1.19.11
          command: |
            kustomize build ./kustomize | kubeval --strict --kubernetes-version 1.19.11 --schema-location https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master
            kustomize build ./kustomize | conftest test -p .github/policy -
--- a/.gitignore
+++ b/.gitignore
@@ -21,3 +21,8 @@ gcloud/
 dist/
 bin/
 cue/cue.mod/gen/
 cue/go.mod
 cue/go.sum
 .notation/podinfo.csr
 .notation/podinfo.key
--- a/.notation/README.md
+++ b/.notation/README.md
@@ -0,0 +1,15 @@
 # Podinfo signed releases
 Podinfo release assets such as the Helm chart and the Flux artifact
 are published to GitHub Container Registry and are signed with
 [Notation](https://github.com/notaryproject/notation).
 ## Generate signing keys
 Generate a new signing key pair:
 ```sh
 openssl genrsa -out podinfo.key 2048
 openssl req -new -key podinfo.key -out podinfo.csr -config codesign.cnf
 openssl x509 -req -days 1826 -in podinfo.csr -signkey podinfo.key -out notation.crt -extensions v3_req -extfile codesign.cnf
 ```
--- a/.notation/codesign.cnf
+++ b/.notation/codesign.cnf
@@ -0,0 +1,18 @@
 [ req ]
 default_bits           = 2048
 default_keyfile        = privatekey.pem
 distinguished_name     = req_distinguished_name
 req_extensions         = v3_req
 prompt                 = no
 [ req_distinguished_name ]
 C                      = RO
 ST                     = BU
 L                      = Bucharest
 O                      = Notary
 CN                     = stefanprodan.com
 [ v3_req ]
 keyUsage               = critical,digitalSignature
 extendedKeyUsage       = critical,codeSigning
 #subjectKeyIdentifier  = hash
--- a/.notation/notation.crt
+++ b/.notation/notation.crt
@@ -0,0 +1,21 @@
 -----BEGIN CERTIFICATE-----
 MIIDbDCCAlSgAwIBAgIUP7zhmTw5XTWLcgBGkBEsErMOkz4wDQYJKoZIhvcNAQEL
 BQAwWjELMAkGA1UEBhMCUk8xCzAJBgNVBAgMAkJVMRIwEAYDVQQHDAlCdWNoYXJl
 c3QxDzANBgNVBAoMBk5vdGFyeTEZMBcGA1UEAwwQc3RlZmFucHJvZGFuLmNvbTAe
 Fw0yNDAyMjUxMDAyMzZaFw0yOTAyMjQxMDAyMzZaMFoxCzAJBgNVBAYTAlJPMQsw
 CQYDVQQIDAJCVTESMBAGA1UEBwwJQnVjaGFyZXN0MQ8wDQYDVQQKDAZOb3Rhcnkx
 GTAXBgNVBAMMEHN0ZWZhbnByb2Rhbi5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IB
 DwAwggEKAoIBAQDtH4oPi3SyX/DGv6NdjIvmApvD9eeSgsmHdwpAly8T9D2me+fx
 Z+wRNJmq4aq/A1anX+Sg28iwHzV+1WKpsHnjYzDAJSEYP2S8A5H1nGRKUoibdijw
 C3QBh5C75rjF/tmZVSX/Vgbf3HJJEsF4WUxWabLxoV2QLo7UlEsQd9+bSeKNMncx
 1+E6FdbRCrYo90iobvZJ8K/S2zCWq/JTeHfTnmSEDhx6nMJcaSjvMPn3zyauWcQw
 dDpkcaGiJ64fEJRT2OFxXv9u+vDmIMKzo/Wjbd+IzFj6YY4VisK88aU7tmDelnk5
 gQB9eu62PFoaVsYJp4VOhblFKvGJpQwbWB9BAgMBAAGjKjAoMA4GA1UdDwEB/wQE
 AwIHgDAWBgNVHSUBAf8EDDAKBggrBgEFBQcDAzANBgkqhkiG9w0BAQsFAAOCAQEA
 6x+C6hAIbLwMvkNx4K5p7Qe/pLQR0VwQFAw10yr/5KSN+YKFpon6pQ0TebL7qll+
 uBGZvtQhN6v+DlnVqB7lvJKd+89isgirkkews5KwuXg7Gv5UPIugH0dXISZU8DMJ
 7J4oKREv5HzdFmfsUfNlQcfyVTjKL6UINXfKGdqNNxXxR9b4a1TY2JcmEhzBTHaq
 ZqX6HK784a0dB7aHgeFrFwPCCP4M684Hs7CFbk3jo2Ef4ljnB5AyWpe8pwCLMdRt
 UjSjL5xJWVQvRU+STQsPr6SvpokPCG4rLQyjgeYYk4CCj5piSxbSUZFavq8v1y7Y
 m91USVqfeUX7ZzjDxPHE2A==
 -----END CERTIFICATE-----
--- a/.notation/signingkeys.json
+++ b/.notation/signingkeys.json
@@ -0,0 +1,10 @@
 {
    "default": "stefanprodan.com",
    "keys": [
        {
            "name": "stefanprodan.com",
            "keyPath": "/home/runner/.config/notation/localkeys/notation.key",
            "certPath": "/home/runner/.config/notation/localkeys/notation.crt"
        }
    ]
 }
--- a/.notation/trustpolicy.json
+++ b/.notation/trustpolicy.json
@@ -0,0 +1,19 @@
 {
    "version": "1.0",
    "trustPolicies": [
        {
            "name": "stefanprodan.com",
            "registryScopes": [
                "ghcr.io/stefanprodan/podinfo-deploy",
                "ghcr.io/stefanprodan/charts/podinfo"
            ],
            "signatureVerification": {
                "level" : "strict"
            },
            "trustStores": [ "ca:stefanprodan.com" ],
            "trustedIdentities": [
                "x509.subject: C=RO, ST=BU, L=Bucharest, O=Notary, CN=stefanprodan.com"
            ]
        }
    ]
 }
--- a/4
+++ b/4
@@ -1,4 +1,4 @@
-FROM golang:1.18-alpine as builder
+FROM golang:1.21-alpine as builder
 ARG REVISION
@@ -18,7 +18,7 @@ RUN CGO_ENABLED=0 go build -ldflags "-s -w \
    -X github.com/stefanprodan/podinfo/pkg/version.REVISION=${REVISION}" \
    -a -o bin/podcli cmd/podcli/*
-FROM alpine:3.16
+FROM alpine:3.19
 ARG BUILD_DATE
 ARG VERSION
--- a/Dockerfile.base
+++ b/Dockerfile.base
@@ -1,4 +1,4 @@
-FROM golang:1.18
+FROM golang:1.21
 WORKDIR /workspace
--- a/Dockerfile.xx
+++ b/Dockerfile.xx
@@ -1,5 +1,5 @@
-ARG GO_VERSION=1.18
+ARG GO_VERSION=1.21
-ARG XX_VERSION=1.1.0
+ARG XX_VERSION=1.3.0
 FROM --platform=$BUILDPLATFORM tonistiigi/xx:${XX_VERSION} AS xx
@@ -28,7 +28,7 @@ RUN xx-go build -ldflags "-s -w \
    -X github.com/stefanprodan/podinfo/pkg/version.REVISION=${REVISION}" \
    -a -o bin/podcli cmd/podcli/*
-FROM alpine:3.16
+FROM alpine:3.19
 ARG BUILD_DATE
 ARG VERSION
--- a/26
+++ b/26
@@ -24,7 +24,10 @@ build:
 	GIT_COMMIT=$$(git rev-list -1 HEAD) && CGO_ENABLED=0 go build  -ldflags "-s -w -X github.com/stefanprodan/podinfo/pkg/version.REVISION=$(GIT_COMMIT)" -a -o ./bin/podcli ./cmd/podcli/*
 tidy:
-	rm -f go.sum; go mod tidy -compat=1.17
+	rm -f go.sum; go mod tidy -compat=1.21
 vet:
 	go vet ./...
 fmt:
 	gofmt -l -s -w ./
@@ -79,22 +82,19 @@ version-set:
 	/usr/bin/sed -i '' "s/podinfo:$$current/podinfo:$$next/g" deploy/webapp/backend/deployment.yaml && \
 	/usr/bin/sed -i '' "s/podinfo:$$current/podinfo:$$next/g" deploy/bases/frontend/deployment.yaml && \
 	/usr/bin/sed -i '' "s/podinfo:$$current/podinfo:$$next/g" deploy/bases/backend/deployment.yaml && \
-	/usr/bin/sed -i '' "s/$$current/$$next/g" cue/main.cue && \
+	/usr/bin/sed -i '' "s/$$current/$$next/g" timoni/podinfo/values.cue && \
-	echo "Version $$next set in code, deployment, chart and kustomize"
+	echo "Version $$next set in code, deployment, module, chart and kustomize"
 release:
-	git tag $(VERSION)
+	git tag -s -m $(VERSION) $(VERSION)
 	git push origin $(VERSION)
 swagger:
-	go get github.com/swaggo/swag/cmd/swag
+	go install github.com/swaggo/swag/cmd/swag@latest
 	go get github.com/swaggo/swag/gen@latest
 	go get github.com/swaggo/swag/cmd/swag@latest
 	cd pkg/api && $$(go env GOPATH)/bin/swag init -g server.go
-.PHONY: cue-mod
+.PHONY: timoni-build
-cue-mod:
+timoni-build:
-	@cd cue && cue get go k8s.io/api/...
+	@timoni build podinfo ./timoni/podinfo -f ./timoni/podinfo/debug_values.cue
 .PHONY: cue-gen
 cue-gen:
 	@cd cue && cue fmt ./... && cue vet --all-errors --concrete ./...
 	@cd cue && cue gen
--- a/README.md
+++ b/README.md
@@ -20,11 +20,11 @@ Specifications:
 * 12-factor app with viper
 * Fault injection (random errors and latency)
 * Swagger docs
-* CUE, Helm and Kustomize installers
+* Timoni, Helm and Kustomize installers
 * End-to-End testing with Kubernetes Kind and Helm
 * Kustomize testing with GitHub Actions and Open Policy Agent
 * Multi-arch container image with Docker buildx and Github Actions
 * Container image signing with Sigstore cosign
 * SBOMs and SLSA Provenance embedded in the container image
 * CVE scanning with Trivy
 Web API:
@@ -66,16 +66,23 @@ To access the Swagger UI open `<podinfo-host>/swagger/index.html` in a browser.
 ### Guides
-* [GitOps Progressive Deliver with Flagger, Helm v3 and Linkerd](https://helm.workshop.flagger.dev/intro/)
+* [Getting started with Timoni](https://timoni.sh/quickstart/)
-* [GitOps Progressive Deliver on EKS with Flagger and AppMesh](https://eks.handson.flagger.dev/prerequisites/)
+* [Getting started with Flux](https://fluxcd.io/flux/get-started/)
-* [Automated canary deployments with Flagger and Istio](https://medium.com/google-cloud/automated-canary-deployments-with-flagger-and-istio-ac747827f9d1)
+* [Progressive Deliver with Flagger and Linkerd](https://docs.flagger.app/tutorials/linkerd-progressive-delivery)
-* [Kubernetes autoscaling with Istio metrics](https://medium.com/google-cloud/kubernetes-autoscaling-with-istio-metrics-76442253a45a)
+* [Automated canary deployments with Kubernetes Gateway API](https://docs.flagger.app/tutorials/gatewayapi-progressive-delivery)
 * [Autoscaling EKS on Fargate with custom metrics](https://aws.amazon.com/blogs/containers/autoscaling-eks-on-fargate-with-custom-metrics/)
 * [Managing Helm releases the GitOps way](https://medium.com/google-cloud/managing-helm-releases-the-gitops-way-207a6ac6ff0e)
 * [Securing EKS Ingress With Contour And Let’s Encrypt The GitOps Way](https://aws.amazon.com/blogs/containers/securing-eks-ingress-contour-lets-encrypt-gitops/)
 ### Install
 To install Podinfo on Kubernetes the minimum required version is **Kubernetes v1.23**.
 #### Timoni
 Install with [Timoni](https://timoni.sh):
 ```bash
 timoni -n default apply podinfo oci://ghcr.io/stefanprodan/modules/podinfo
 ```
 #### Helm
 Install from github.io:
@@ -89,7 +96,7 @@ helm upgrade --install --wait frontend \
 --set backend=http://backend-podinfo:9898/echo \
 podinfo/podinfo
-helm test frontend
+helm test frontend --namespace test
 helm upgrade --install --wait backend \
 --namespace test \
--- a/charts/podinfo/Chart.yaml
+++ b/charts/podinfo/Chart.yaml
@@ -1,6 +1,6 @@
 apiVersion: v1
-version: 6.1.6
+version: 6.5.4
-appVersion: 6.1.6
+appVersion: 6.5.4
 name: podinfo
 engine: gotpl
 description: Podinfo Helm chart for Kubernetes
@@ -10,4 +10,4 @@ maintainers:
  name: stefanprodan
 sources:
 - https://github.com/stefanprodan/podinfo
-kubeVersion: ">=1.19.0-0"
+kubeVersion: ">=1.23.0-0"
--- a/charts/podinfo/README.md
+++ b/charts/podinfo/README.md
@@ -9,7 +9,23 @@ for end-to-end testing and workshops.
 ## Installing the Chart
-To install the chart with the release name `my-release`:
+The Podinfo charts are published to
 [GitHub Container Registry](https://github.com/stefanprodan/podinfo/pkgs/container/charts%2Fpodinfo)
 and signed with [Cosign](https://github.com/sigstore/cosign) & GitHub Actions OIDC.
 To install the chart with the release name `my-release` from GHCR:
 ```console
 $ helm upgrade -i my-release oci://ghcr.io/stefanprodan/charts/podinfo
 ```
 To verify a chart with Cosign:
 ```console
 $ cosign verify ghcr.io/stefanprodan/charts/podinfo:<VERSION>
 ```
 Alternatively, you can install the chart from GitHub pages:
 ```console
 $ helm repo add podinfo https://stefanprodan.github.io/podinfo
@@ -34,60 +50,62 @@ The command removes all the Kubernetes components associated with the chart and
 The following tables lists the configurable parameters of the podinfo chart and their default values.
-Parameter | Default | Description
+| Parameter                         | Default                | Description                                                                                                            |
--- | --- | ---
+| --------------------------------- | ---------------------- | ---------------------------------------------------------------------------------------------------------------------- |
-`replicaCount` | `1` | Desired number of pods
+| `replicaCount`                    | `1`                    | Desired number of pods                                                                                                 |
-`logLevel` | `info` | Log level: `debug`, `info`, `warn`, `error`
+| `logLevel`                        | `info`                 | Log level: `debug`, `info`, `warn`, `error`                                                                            |
-`backend` | `None` | Echo backend URL
+| `backend`                         | `None`                 | Echo backend URL                                                                                                       |
-`backends` | `[]` | Array of echo backend URLs
+| `backends`                        | `[]`                   | Array of echo backend URLs                                                                                             |
-`cache` | `None` | Redis address in the format `tcp://<host>:<port>`
+| `cache`                           | `None`                 | Redis address in the format `tcp://<host>:<port>`                                                                      |
-`redis.enabled` | `false` | Create Redis deployment for caching purposes
+| `redis.enabled`                   | `false`                | Create Redis deployment for caching purposes                                                                           |
-`ui.color` | `#34577c` |  UI color
+| `ui.color`                        | `#34577c`              | UI color                                                                                                               |
-`ui.message` | `None` |  UI greetings message
+| `ui.message`                      | `None`                 | UI greetings message                                                                                                   |
-`ui.logo` | `None` |  UI logo
+| `ui.logo`                         | `None`                 | UI logo                                                                                                                |
-`faults.delay` | `false` | Random HTTP response delays between 0 and 5 seconds
+| `faults.delay`                    | `false`                | Random HTTP response delays between 0 and 5 seconds                                                                    |
-`faults.error` | `false` | 1/3 chances of a random HTTP response error
+| `faults.error`                    | `false`                | 1/3 chances of a random HTTP response error                                                                            |
-`faults.unhealthy` | `false` | When set, the healthy state is never reached
+| `faults.unhealthy`                | `false`                | When set, the healthy state is never reached                                                                           |
-`faults.unready` | `false` | When set, the ready state is never reached
+| `faults.unready`                  | `false`                | When set, the ready state is never reached                                                                             |
-`faults.testFail` | `false` | When set, a helm test is included which always fails
+| `faults.testFail`                 | `false`                | When set, a helm test is included which always fails                                                                   |
-`faults.testTimeout` | `false` | When set, a helm test is included which always times out
+| `faults.testTimeout`              | `false`                | When set, a helm test is included which always times out                                                               |
-`image.repository` | `stefanprodan/podinfo` | Image repository
+| `image.repository`                | `stefanprodan/podinfo` | Image repository                                                                                                       |
-`image.tag` | `<VERSION>` | Image tag
+| `image.tag`                       | `<VERSION>`            | Image tag                                                                                                              |
-`image.pullPolicy` | `IfNotPresent` | Image pull policy
+| `image.pullPolicy`                | `IfNotPresent`         | Image pull policy                                                                                                      |
-`service.enabled` | `true` | Create a Kubernetes Service, should be disabled when using [Flagger](https://flagger.app)
+| `service.enabled`                 | `true`                 | Create a Kubernetes Service, should be disabled when using [Flagger](https://flagger.app)                              |
-`service.type` | `ClusterIP` | Type of the Kubernetes Service
+| `service.type`                    | `ClusterIP`            | Type of the Kubernetes Service                                                                                         |
-`service.metricsPort` | `9797` | Prometheus metrics endpoint port
+| `service.metricsPort`             | `9797`                 | Prometheus metrics endpoint port                                                                                       |
-`service.httpPort` | `9898` | Container HTTP port
+| `service.httpPort`                | `9898`                 | Container HTTP port                                                                                                    |
-`service.externalPort` | `9898` | ClusterIP HTTP port
+| `service.externalPort`            | `9898`                 | ClusterIP HTTP port                                                                                                    |
-`service.grpcPort` | `9999` | ClusterIP gPRC port
+| `service.grpcPort`                | `9999`                 | ClusterIP gPRC port                                                                                                    |
-`service.grpcService` | `podinfo` | gPRC service name
+| `service.grpcService`             | `podinfo`              | gPRC service name                                                                                                      |
-`service.nodePort` | `31198` | NodePort for the HTTP endpoint
+| `service.nodePort`                | `31198`                | NodePort for the HTTP endpoint                                                                                         |
-`h2c.enabled` | `false` | Allow upgrading to h2c (non-TLS version of HTTP/2)
+| `h2c.enabled`                     | `false`                | Allow upgrading to h2c (non-TLS version of HTTP/2)                                                                     |
-`hpa.enabled` | `false` | Enables the Kubernetes HPA
+| `hpa.enabled`                     | `false`                | Enables the Kubernetes HPA                                                                                             |
-`hpa.maxReplicas` | `10` | Maximum amount of pods
+| `hpa.maxReplicas`                 | `10`                   | Maximum amount of pods                                                                                                 |
-`hpa.cpu` | `None` | Target CPU usage per pod
+| `hpa.cpu`                         | `None`                 | Target CPU usage per pod                                                                                               |
-`hpa.memory` | `None` | Target memory usage per pod
+| `hpa.memory`                      | `None`                 | Target memory usage per pod                                                                                            |
-`hpa.requests` | `None` | Target HTTP requests per second per pod
+| `hpa.requests`                    | `None`                 | Target HTTP requests per second per pod                                                                                |
-`serviceAccount.enabled` | `false` | Whether a service account should be created
+| `serviceAccount.enabled`          | `false`                | Whether a service account should be created                                                                            |
-`serviceAccount.name` | `None` | The name of the service account to use, if not set and create is true, a name is generated using the fullname template
+| `serviceAccount.name`             | `None`                 | The name of the service account to use, if not set and create is true, a name is generated using the fullname template |
-`securityContext` | `{}` | The security context to be set on the podinfo container
+| `serviceAccount.imagePullSecrets` | `[]`                   | List of image pull secrets if pulling from private registries.                                                         |
-`linkerd.profile.enabled` | `false` | Create Linkerd service profile
+| `securityContext`                 | `{}`                   | The security context to be set on the podinfo container                                                                |
-`serviceMonitor.enabled` | `false` | Whether a Prometheus Operator service monitor should be created
+| `linkerd.profile.enabled`         | `false`                | Create Linkerd service profile                                                                                         |
-`serviceMonitor.interval` | `15s` | Prometheus scraping interval
+| `serviceMonitor.enabled`          | `false`                | Whether a Prometheus Operator service monitor should be created                                                        |
-`serviceMonitor.additionalLabels` | `{}` | Add additional labels to the service monitor |
+| `serviceMonitor.interval`         | `15s`                  | Prometheus scraping interval                                                                                           |
-`ingress.enabled` | `false` | Enables Ingress
+| `serviceMonitor.additionalLabels` | `{}`                   | Add additional labels to the service monitor                                                                           |
-`ingress.className ` | `""` | Use ingressClassName
+| `ingress.enabled`                 | `false`                | Enables Ingress                                                                                                        |
-`ingress.annotations` | `{}` | Ingress annotations
+| `ingress.className `              | `""`                   | Use ingressClassName                                                                                                   |
-`ingress.hosts` | `[]` | Ingress accepted hosts
+| `ingress.additionalLabels`        | `{}`                   | Add additional labels to the ingress                                                                                   |
-`ingress.tls` | `[]` | Ingress TLS configuration
+| `ingress.annotations`             | `{}`                   | Ingress annotations                                                                                                    |
-`resources.requests.cpu` | `1m` | Pod CPU request
+| `ingress.hosts`                   | `[]`                   | Ingress accepted hosts                                                                                                 |
-`resources.requests.memory` | `16Mi` | Pod memory request
+| `ingress.tls`                     | `[]`                   | Ingress TLS configuration                                                                                              |
-`resources.limits.cpu` | `None` | Pod CPU limit
+| `resources.requests.cpu`          | `1m`                   | Pod CPU request                                                                                                        |
-`resources.limits.memory` | `None` | Pod memory limit
+| `resources.requests.memory`       | `16Mi`                 | Pod memory request                                                                                                     |
-`nodeSelector` | `{}` | Node labels for pod assignment
+| `resources.limits.cpu`            | `None`                 | Pod CPU limit                                                                                                          |
-`tolerations` | `[]` | List of node taints to tolerate
+| `resources.limits.memory`         | `None`                 | Pod memory limit                                                                                                       |
-`affinity` | `None` | Node/pod affinities
+| `nodeSelector`                    | `{}`                   | Node labels for pod assignment                                                                                         |
-`podAnnotations` | `{}` | Pod annotations
+| `tolerations`                     | `[]`                   | List of node taints to tolerate                                                                                        |
 | `affinity`                        | `None`                 | Node/pod affinities                                                                                                    |
 | `podAnnotations`                  | `{}`                   | Pod annotations                                                                                                        |
 Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example,
@@ -110,14 +128,3 @@ $ helm install my-release podinfo/podinfo -f values.yaml
 ```
 > **Tip**: You can use the default [values.yaml](values.yaml)
 ## Upgrading the chart
 ### To =< 5.0.0
 Version 5.0.0 is a major update.
 * The chart now follows the new Kubernetes label recommendations:
 <https://kubernetes.io/docs/concepts/overview/working-with-objects/common-labels/>
 The simplest way to update is to do a force upgrade, which recreates the resources by doing a delete and an install.
--- a/charts/podinfo/templates/deployment.yaml
+++ b/charts/podinfo/templates/deployment.yaml
@@ -129,6 +129,22 @@ spec:
              containerPort: {{ .Values.service.grpcPort }}
              protocol: TCP
            {{- end }}
          {{- if .Values.probes.startup.enable }}
          startupProbe:
            exec:
              command:
              - podcli
              - check
              - http
              - localhost:{{ .Values.service.httpPort | default 9898 }}/healthz
            {{- with .Values.probes.startup }}
            initialDelaySeconds: {{ .initialDelaySeconds | default 1 }}
            timeoutSeconds: {{ .timeoutSeconds | default 5 }}
            failureThreshold: {{ .failureThreshold | default 3 }}
            successThreshold: {{ .successThreshold | default 1 }}
            periodSeconds: {{ .periodSeconds | default 10 }}
            {{- end }}
            {{- end }}
          livenessProbe:
            exec:
              command:
@@ -136,8 +152,13 @@ spec:
              - check
              - http
              - localhost:{{ .Values.service.httpPort | default 9898 }}/healthz
-            initialDelaySeconds: 1
+            {{- with .Values.probes.liveness }}
-            timeoutSeconds: 5
+            initialDelaySeconds: {{ .initialDelaySeconds | default 1 }}
            timeoutSeconds: {{ .timeoutSeconds | default 5 }}
            failureThreshold: {{ .failureThreshold | default 3 }}
            successThreshold: {{ .successThreshold | default 1 }}
            periodSeconds: {{ .periodSeconds | default 10 }}
            {{- end }}
          readinessProbe:
            exec:
              command:
@@ -145,8 +166,13 @@ spec:
              - check
              - http
              - localhost:{{ .Values.service.httpPort | default 9898 }}/readyz
-            initialDelaySeconds: 1
+            {{- with .Values.probes.readiness }}
-            timeoutSeconds: 5
+            initialDelaySeconds: {{ .initialDelaySeconds | default 1 }}
            timeoutSeconds: {{ .timeoutSeconds | default 5 }}
            failureThreshold: {{ .failureThreshold | default 3 }}
            successThreshold: {{ .successThreshold | default 1 }}
            periodSeconds: {{ .periodSeconds | default 10 }}
            {{- end }}
          volumeMounts:
          - name: data
            mountPath: /data
--- a/charts/podinfo/templates/hpa.yaml
+++ b/charts/podinfo/templates/hpa.yaml
@@ -1,5 +1,5 @@
 {{- if .Values.hpa.enabled -}}
-apiVersion: autoscaling/v2beta2
+apiVersion: autoscaling/v2
 kind: HorizontalPodAutoscaler
 metadata:
  name: {{ template "podinfo.fullname" . }}
--- a/charts/podinfo/templates/ingress.yaml
+++ b/charts/podinfo/templates/ingress.yaml
@@ -7,6 +7,9 @@ metadata:
  name: {{ $fullName }}
  labels:
    {{- include "podinfo.labels" . | nindent 4 }}
    {{- with .Values.ingress.additionalLabels }}
    {{- toYaml . | nindent 4 }}
    {{- end }}
  {{- with .Values.ingress.annotations }}
  annotations:
    {{- toYaml . | nindent 4 }}
--- a/charts/podinfo/templates/serviceaccount.yaml
+++ b/charts/podinfo/templates/serviceaccount.yaml
@@ -5,4 +5,8 @@ metadata:
  name: {{ template "podinfo.serviceAccountName" . }}
  labels:
    {{- include "podinfo.labels" . | nindent 4 }}
 {{- with .Values.serviceAccount.imagePullSecrets }}
 imagePullSecrets:
  {{- toYaml . | nindent 2 }}
 {{- end -}}
 {{- end -}}
--- a/charts/podinfo/values-prod.yaml
+++ b/charts/podinfo/values-prod.yaml
@@ -8,7 +8,7 @@ backends: []
 image:
  repository: ghcr.io/stefanprodan/podinfo
-  tag: 6.1.6
+  tag: 6.5.4
  pullPolicy: IfNotPresent
 ui:
@@ -83,7 +83,7 @@ cache: ""
 redis:
  enabled: true
  repository: redis
-  tag: 6.0.8
+  tag: 7.0.7
 serviceAccount:
  # Specifies whether a service account should be created
@@ -91,6 +91,8 @@ serviceAccount:
  # The name of the service account to use.
  # If not set and create is true, a name is generated using the fullname template
  name:
  # List of image pull secrets if pulling from private registries
  imagePullSecrets: []
 # set container security context
 securityContext: {}
@@ -98,6 +100,7 @@ securityContext: {}
 ingress:
  enabled: false
  className: ""
  additionalLabels: {}
  annotations: {}
    # kubernetes.io/ingress.class: nginx
    # kubernetes.io/tls-acme: "true"
--- a/charts/podinfo/values.yaml
+++ b/charts/podinfo/values.yaml
@@ -8,7 +8,7 @@ backends: []
 image:
  repository: ghcr.io/stefanprodan/podinfo
-  tag: 6.1.6
+  tag: 6.5.4
  pullPolicy: IfNotPresent
 ui:
@@ -87,7 +87,7 @@ cache: ""
 redis:
  enabled: false
  repository: redis
-  tag: 6.0.8
+  tag: 7.0.7
 serviceAccount:
  # Specifies whether a service account should be created
@@ -95,6 +95,8 @@ serviceAccount:
  # The name of the service account to use.
  # If not set and create is true, a name is generated using the fullname template
  name:
  # List of image pull secrets if pulling from private registries
  imagePullSecrets: []
 # set container security context
 securityContext: {}
@@ -102,6 +104,7 @@ securityContext: {}
 ingress:
  enabled: false
  className: ""
  additionalLabels: {}
  annotations: {}
    # kubernetes.io/ingress.class: nginx
    # kubernetes.io/tls-acme: "true"
@@ -138,3 +141,25 @@ tolerations: []
 affinity: {}
 podAnnotations: {}
 # https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
 probes:
  readiness:
    initialDelaySeconds: 1
    timeoutSeconds: 5
    failureThreshold: 3
    successThreshold: 1
    periodSeconds: 10
  liveness:
    initialDelaySeconds: 1
    timeoutSeconds: 5
    failureThreshold: 3
    successThreshold: 1
    periodSeconds: 10
  startup:
    enable: false
    initialDelaySeconds: 10
    timeoutSeconds: 5
    failureThreshold: 20
    successThreshold: 1
    periodSeconds: 10
--- a/cmd/podinfo/main.go
+++ b/cmd/podinfo/main.go
@@ -2,7 +2,6 @@ package main
 import (
 	"fmt"
 	"io/ioutil"
 	"os"
 	"path/filepath"
 	"strconv"
@@ -18,6 +17,7 @@ import (
 	"github.com/stefanprodan/podinfo/pkg/grpc"
 	"github.com/stefanprodan/podinfo/pkg/signals"
 	"github.com/stefanprodan/podinfo/pkg/version"
 	go_grpc "google.golang.org/grpc"
 )
 func main() {
@@ -33,7 +33,7 @@ func main() {
 	fs.StringSlice("backend-url", []string{}, "backend service URL")
 	fs.Duration("http-client-timeout", 2*time.Minute, "client timeout duration")
 	fs.Duration("http-server-timeout", 30*time.Second, "server read and write timeout duration")
-	fs.Duration("http-server-shutdown-timeout", 5*time.Second, "server graceful shutdown timeout duration")
+	fs.Duration("server-shutdown-timeout", 5*time.Second, "server graceful shutdown timeout duration")
 	fs.String("data-path", "/data", "data local path")
 	fs.String("config-path", "", "config dir path")
 	fs.String("cert-path", "/data/cert", "certificate path for HTTPS port")
@@ -135,9 +135,10 @@ func main() {
 	}
 	// start gRPC server
 	var grpcServer *go_grpc.Server
 	if grpcCfg.Port > 0 {
 		grpcSrv, _ := grpc.NewServer(&grpcCfg, logger)
-		go grpcSrv.ListenAndServe()
+		grpcServer = grpcSrv.ListenAndServe()
 	}
 	// load HTTP server config
@@ -155,8 +156,12 @@ func main() {
 	// start HTTP server
 	srv, _ := api.NewServer(&srvCfg, logger)
 	httpServer, httpsServer, healthy, ready := srv.ListenAndServe()
 	// graceful shutdown
 	stopCh := signals.SetupSignalHandler()
-	srv.ListenAndServe(stopCh)
+	sd, _ := signals.NewShutdown(srvCfg.ServerShutdownTimeout, logger)
 	sd.Graceful(stopCh, httpServer, httpsServer, grpcServer, healthy, ready)
 }
 func initZap(logLevel string) (*zap.Logger, error) {
@@ -238,12 +243,12 @@ func beginStressTest(cpus int, mem int, logger *zap.Logger) {
 			logger.Error("memory stress failed", zap.Error(err))
 		}
-		stressMemoryPayload, err = ioutil.ReadFile(path)
+		stressMemoryPayload, err = os.ReadFile(path)
 		f.Close()
 		os.Remove(path)
 		if err != nil {
 			logger.Error("memory stress failed", zap.Error(err))
 		}
-		logger.Info("starting CPU stress", zap.Int("memory", len(stressMemoryPayload)))
+		logger.Info("starting MEMORY stress", zap.Int("memory", len(stressMemoryPayload)))
 	}
 }
--- a/cue/README.md
+++ b/cue/README.md
@@ -1,58 +0,0 @@
 # Podinfo CUE module
 This directory contains a [CUE](https://cuelang.org/docs/) module and tooling
 for generating podinfo's Kubernetes resources.
 The module contains a `podinfo.#Application` definition which takes `podinfo.#Config` as input.
 ## Prerequisites
 Install CUE with:
 ```shell
 brew install cue
 ```
 Generate the Kubernetes API definitions required by this module with:
 ```shell
 cue get go k8s.io/api/...
 ```
 ## Configuration
 Configure the application in `main.cue`:
 ```cue
 app: podinfo.#Application & {
 	config: {
 		meta: {
 			name:      "podinfo"
 			namespace: "default"
 		}
 		image: tag: "6.1.3"
 		resources: requests: {
 			cpu:    "100m"
 			memory: "16Mi"
 		}
 		hpa: {
 			enabled:     true
 			maxReplicas: 3
 		}
 		ingress: {
 			enabled:   true
 			className: "nginx"
 			host:      "podinfo.example.com"
 			tls:       true
 			annotations: "cert-manager.io/cluster-issuer": "letsencrypt"
 		}
 		serviceMonitor: enabled: true
 	}
 }
 ```
 ## Generate the manifests
 ```shell
 cue gen
 ```
--- a/cue/cue.mod/module.cue
+++ b/cue/cue.mod/module.cue
@@ -1 +0,0 @@
 module: "github.com/stefanprodan/podinfo/cue"
--- a/cue/go.mod
+++ b/cue/go.mod
@@ -1,23 +0,0 @@
 module github.com/stefanprodan/podinfo/cue
 go 1.17
 require (
 	github.com/go-logr/logr v1.2.0 // indirect
 	github.com/gogo/protobuf v1.3.2 // indirect
 	github.com/google/go-cmp v0.5.5 // indirect
 	github.com/google/gofuzz v1.1.0 // indirect
 	github.com/json-iterator/go v1.1.12 // indirect
 	github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
 	github.com/modern-go/reflect2 v1.0.2 // indirect
 	golang.org/x/net v0.0.0-20211209124913-491a49abca63 // indirect
 	golang.org/x/text v0.3.7 // indirect
 	gopkg.in/inf.v0 v0.9.1 // indirect
 	gopkg.in/yaml.v2 v2.4.0 // indirect
 	k8s.io/api v0.23.5 // indirect
 	k8s.io/apimachinery v0.23.5 // indirect
 	k8s.io/klog/v2 v2.30.0 // indirect
 	k8s.io/utils v0.0.0-20211116205334-6203023598ed // indirect
 	sigs.k8s.io/json v0.0.0-20211020170558-c049b76a60c6 // indirect
 	sigs.k8s.io/structured-merge-diff/v4 v4.2.1 // indirect
 )
--- a/cue/go.sum
+++ b/cue/go.sum
@@ -1,231 +0,0 @@
 cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw=
 github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU=
 github.com/NYTimes/gziphandler v0.0.0-20170623195520-56545f4a5d46/go.mod h1:3wb06e3pkSAbeQ52E9H9iFoQsEEwGN64994WTCIhntQ=
 github.com/PuerkitoBio/purell v1.1.1/go.mod h1:c11w/QuzBsJSee3cPx9rAFu61PvFxuPbtSwDGJws/X0=
 github.com/PuerkitoBio/urlesc v0.0.0-20170810143723-de5bf2ad4578/go.mod h1:uGdkoq3SwY9Y+13GIhn11/XLaGBb4BfwItxLd5jeuXE=
 github.com/asaskevich/govalidator v0.0.0-20190424111038-f61b66f89f4a/go.mod h1:lB+ZfQJz7igIIfQNfa7Ml4HSf2uFQQRzpGGRXenZAgY=
 github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU=
 github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw=
 github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E=
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/docopt/docopt-go v0.0.0-20180111231733-ee0de3bc6815/go.mod h1:WwZ+bS3ebgob9U8Nd0kOddGdZWjyMGR8Wziv+TBNwSE=
 github.com/elazarl/goproxy v0.0.0-20180725130230-947c36da3153/go.mod h1:/Zj4wYkgs4iZTTu3o/KG3Itv/qCCa8VVMlb3i9OVuzc=
 github.com/emicklei/go-restful v0.0.0-20170410110728-ff4f55a20633/go.mod h1:otzb+WCGbkyDHkqmQmT5YD2WR4BBwUdeQoFo8l/7tVs=
 github.com/envoyproxy/go-control-plane v0.9.1-0.20191026205805-5f8ba28d4473/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4=
 github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c=
 github.com/evanphx/json-patch v4.12.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk=
 github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo=
 github.com/fsnotify/fsnotify v1.4.9/go.mod h1:znqG4EE+3YCdAaPaxE2ZRY/06pZUdp0tY4IgpuI1SZQ=
 github.com/getkin/kin-openapi v0.76.0/go.mod h1:660oXbgy5JFMKreazJaQTw7o+X00qeSyhcnluiMv+Xg=
 github.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04=
 github.com/go-logr/logr v0.1.0/go.mod h1:ixOQHD9gLJUVQQ2ZOR7zLEifBX6tGkNJF4QyIY7sIas=
 github.com/go-logr/logr v0.2.0/go.mod h1:z6/tIYblkpsD+a4lm/fGIIU9mZ+XfAiaFtq7xTgseGU=
 github.com/go-logr/logr v1.2.0 h1:QK40JKJyMdUDz+h+xvCsru/bJhvG0UxvePV0ufL/AcE=
 github.com/go-logr/logr v1.2.0/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A=
 github.com/go-openapi/jsonpointer v0.19.3/go.mod h1:Pl9vOtqEWErmShwVjC8pYs9cog34VGT37dQOVbmoatg=
 github.com/go-openapi/jsonpointer v0.19.5/go.mod h1:Pl9vOtqEWErmShwVjC8pYs9cog34VGT37dQOVbmoatg=
 github.com/go-openapi/jsonreference v0.19.3/go.mod h1:rjx6GuL8TTa9VaixXglHmQmIL98+wF9xc8zWvFonSJ8=
 github.com/go-openapi/swag v0.19.5/go.mod h1:POnQmlKehdgb5mhVOsnJFsivZCEZ/vjK9gh66Z9tfKk=
 github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q=
 github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q=
 github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q=
 github.com/golang/mock v1.1.1/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A=
 github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
 github.com/golang/protobuf v1.3.2/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
 github.com/golang/protobuf v1.4.0-rc.1/go.mod h1:ceaxUfeHdC40wWswd/P6IGgMaK3YpKi5j83Wpe3EHw8=
 github.com/golang/protobuf v1.4.0-rc.1.0.20200221234624-67d41d38c208/go.mod h1:xKAWHe0F5eneWXFV3EuXVDTCmh+JuBKY0li0aMyXATA=
 github.com/golang/protobuf v1.4.0-rc.2/go.mod h1:LlEzMj4AhA7rCAGe4KMBDvJI+AwstrUpVNzEA03Pprs=
 github.com/golang/protobuf v1.4.0-rc.4.0.20200313231945-b860323f09d0/go.mod h1:WU3c8KckQ9AFe+yFwt9sWVRKCVIyN9cPHBJSNnbL67w=
 github.com/golang/protobuf v1.4.0/go.mod h1:jodUvKwWbYaEsadDk5Fwe5c77LiNKVO9IDvqG2KuDX0=
 github.com/golang/protobuf v1.4.1/go.mod h1:U8fpvMrcmy5pZrNK1lt4xCsGvpyWQ/VVv6QDs8UjoX8=
 github.com/golang/protobuf v1.4.2/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI=
 github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaSAoJOfIk=
 github.com/golang/protobuf v1.5.2/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY=
 github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5aqRK0M=
 github.com/google/go-cmp v0.3.0/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU=
 github.com/google/go-cmp v0.3.1/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU=
 github.com/google/go-cmp v0.4.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
 github.com/google/go-cmp v0.5.5 h1:Khx7svrCpmxxtHBq5j2mp/xVjsi8hQMfNLvJFAlrGgU=
 github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
 github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
 github.com/google/gofuzz v1.1.0 h1:Hsa8mG0dQ46ij8Sl2AYJDUv1oA9/d6Vk+3LG99Oe02g=
 github.com/google/gofuzz v1.1.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
 github.com/google/uuid v1.1.2/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
 github.com/googleapis/gnostic v0.5.1/go.mod h1:6U4PtQXGIEt/Z3h5MAT7FNofLnw9vXk2cUuW7uA/OeU=
 github.com/googleapis/gnostic v0.5.5/go.mod h1:7+EbHbldMins07ALC74bsA81Ovc97DwqyJO1AENw9kA=
 github.com/gorilla/mux v1.8.0/go.mod h1:DVbg23sWSpFRCP0SfiEN6jmj59UnW/n46BH5rLB71So=
 github.com/gorilla/websocket v1.4.2/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE=
 github.com/hpcloud/tail v1.0.0/go.mod h1:ab1qPbhIpdTxEkNHXyeSf5vhxWSCs/tWer42PpOxQnU=
 github.com/json-iterator/go v1.1.6/go.mod h1:+SdeFBvtyEkXs7REEP0seUULqWtbJapLOCVDaaPEHmU=
 github.com/json-iterator/go v1.1.12 h1:PV8peI4a0ysnczrg+LtxykD8LfKY9ML6u2jnxaEnrnM=
 github.com/json-iterator/go v1.1.12/go.mod h1:e30LSqwooZae/UwlEbR2852Gd8hjQvJoHmT4TnhNGBo=
 github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI2bnpBCr8=
 github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck=
 github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo=
 github.com/kr/pretty v0.2.0/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI=
 github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=
 github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI=
 github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE=
 github.com/mailru/easyjson v0.0.0-20190614124828-94de47d64c63/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc=
 github.com/mailru/easyjson v0.0.0-20190626092158-b2ccc519800e/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc=
 github.com/mitchellh/mapstructure v1.1.2/go.mod h1:FVVH3fgwuzCH5S8UJGiWEs2h04kUh9fWfEaFds41c1Y=
 github.com/moby/spdystream v0.2.0/go.mod h1:f7i0iNDQJ059oMTcWxx8MA/zKFIuD/lY+0GqbN2Wy8c=
 github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
 github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd h1:TRLaZ9cD/w8PVh93nsPXa1VrQ6jlwL5oN8l14QlcNfg=
 github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
 github.com/modern-go/reflect2 v1.0.1/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0=
 github.com/modern-go/reflect2 v1.0.2 h1:xBagoLtFs94CBntxluKeaWgTMpvLxC4ur3nMaC9Gz0M=
 github.com/modern-go/reflect2 v1.0.2/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjYzDa0/r8luk=
 github.com/munnerz/goautoneg v0.0.0-20120707110453-a547fc61f48d/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ=
 github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f/go.mod h1:ZdcZmHo+o7JKHSa8/e818NopupXU1YMK5fe1lsApnBw=
 github.com/niemeyer/pretty v0.0.0-20200227124842-a10e7caefd8e/go.mod h1:zD1mROLANZcx1PVRCS0qkT7pwLkGfwJo4zjcN/Tysno=
 github.com/nxadm/tail v1.4.4/go.mod h1:kenIhsEOeOJmVchQTgglprH7qJGnHDVpk1VPCcaMI8A=
 github.com/onsi/ginkgo v0.0.0-20170829012221-11459a886d9c/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE=
 github.com/onsi/ginkgo v1.6.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE=
 github.com/onsi/ginkgo v1.12.1/go.mod h1:zj2OWP4+oCPe1qIXoGWkgMRwljMUYCdkwsT2108oapk=
 github.com/onsi/ginkgo v1.14.0/go.mod h1:iSB4RoI2tjJc9BBv4NKIKWKya62Rps+oPG/Lv9klQyY=
 github.com/onsi/gomega v0.0.0-20170829124025-dcabb60a477c/go.mod h1:C1qb7wdrVGGVU+Z6iS04AVkA3Q65CEZX59MT0QO5uiA=
 github.com/onsi/gomega v1.7.1/go.mod h1:XdKZgCCFLUoM/7CFJVPcG8C1xQ1AJ0vpAezJrB7JYyY=
 github.com/onsi/gomega v1.10.1/go.mod h1:iN09h71vgCQne3DLsj+A5owkum+a2tYe+TOCB1ybHNo=
 github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
 github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
 github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
 github.com/spf13/afero v1.2.2/go.mod h1:9ZxEEn6pIJ8Rxe320qSDBk6AsU0r9pR7Q4OcevTdifk=
 github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg=
 github.com/stoewer/go-strcase v1.2.0/go.mod h1:IBiWB2sKIp3wVVQ3Y035++gc+knqhUQag1KpM8ahLw8=
 github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
 github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
 github.com/stretchr/testify v1.5.1/go.mod h1:5W2xD1RspED5o8YsWQXVCued0rvSQ+mT+I5cxcmMvtA=
 github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
 github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
 github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
 github.com/yuin/goldmark v1.3.5/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k=
 golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
 golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
 golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
 golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE=
 golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU=
 golang.org/x/lint v0.0.0-20190313153728-d0100b6bd8b3/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc=
 golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
 golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
 golang.org/x/mod v0.4.2/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
 golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20180906233101-161cd47e91fd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20190213061140-3a22650c66bd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
 golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
 golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20190827160401-ba9fcec4b297/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20200520004742-59133d7f0dd7/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A=
 golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
 golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4/go.mod h1:p54w0d4576C0XHj96bSt6lcn1PtDYWL6XObtHCRCNQM=
 golang.org/x/net v0.0.0-20211209124913-491a49abca63 h1:iocB37TsdFuN6IBRZ+ry36wrkoV51/tl5vOWqkcPGvY=
 golang.org/x/net v0.0.0-20211209124913-491a49abca63/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
 golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
 golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20180909124046-d0be0721c37e/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20190904154756-749cb33beabd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20191005200804-aed5e4c7ecf9/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20191120155948-bd437916bb0e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200323222414-85ca7c5b95cd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200519105757-fe76b779f299/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210330210617-4fbd30eecc44/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210510120138-977fb7262007/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20210831042530-f4d43177bf5e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk=
 golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.3.5/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.3.7 h1:olpwvP2KacW1ZWvsR7uQhoyTYvKAupfQrRGBFM352Gk=
 golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ=
 golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
 golang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
 golang.org/x/tools v0.0.0-20190226205152-f727befe758c/go.mod h1:9Yl7xja0Znq3iFh3HoIrodX9oNMXvdceNzlUR8zjMvY=
 golang.org/x/tools v0.0.0-20190311212946-11955173bddd/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
 golang.org/x/tools v0.0.0-20190524140312-2c0ae7006135/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q=
 golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
 golang.org/x/tools v0.0.0-20200505023115-26f46d2f7ef8/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
 golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
 golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
 golang.org/x/tools v0.1.5/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
 golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM=
 google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
 google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc=
 google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc=
 google.golang.org/genproto v0.0.0-20200526211855-cb27e3aa2013/go.mod h1:NbSheEEYHJ7i3ixzK3sjbqSGDJWnxyFXZblF3eUsNvo=
 google.golang.org/genproto v0.0.0-20201019141844-1ed22bb0c154/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
 google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c=
 google.golang.org/grpc v1.23.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg=
 google.golang.org/grpc v1.27.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk=
 google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8=
 google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0=
 google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM=
 google.golang.org/protobuf v1.20.1-0.20200309200217-e05f789c0967/go.mod h1:A+miEFZTKqfCUM6K7xSMQL9OKL/b6hQv+e19PK+JZNE=
 google.golang.org/protobuf v1.21.0/go.mod h1:47Nbq4nVaFHyn7ilMalzfO3qCViNmqZ2kzikPIcrTAo=
 google.golang.org/protobuf v1.22.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU=
 google.golang.org/protobuf v1.23.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU=
 google.golang.org/protobuf v1.23.1-0.20200526195155-81db48ad09cc/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU=
 google.golang.org/protobuf v1.24.0/go.mod h1:r/3tXBNzIEhYS9I1OUVjXDlt8tc493IdKGjtUeSXeh4=
 google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw=
 google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc=
 google.golang.org/protobuf v1.27.1/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/check.v1 v1.0.0-20200227125254-8fa46927fb4f/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/fsnotify.v1 v1.4.7/go.mod h1:Tz8NjZHkW78fSQdbUxIjBTcgA1z1m8ZHf0WmKUhAMys=
 gopkg.in/inf.v0 v0.9.1 h1:73M5CoZyi3ZLMOyDlQh031Cx6N9NDJ2Vvfl76EDAgDc=
 gopkg.in/inf.v0 v0.9.1/go.mod h1:cWUDdTG/fYaXco+Dcufb5Vnc6Gp2YChqWtbxRZE0mXw=
 gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7/go.mod h1:dt/ZhP58zS4L8KSrWDmTeBkI65Dw0HsyUHuEVlX15mw=
 gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 gopkg.in/yaml.v2 v2.2.4/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 gopkg.in/yaml.v2 v2.3.0/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY=
 gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ=
 gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
 gopkg.in/yaml.v3 v3.0.0-20200615113413-eeeca48fe776/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
 gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
 honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
 honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
 k8s.io/api v0.23.5 h1:zno3LUiMubxD/V1Zw3ijyKO3wxrhbUF1Ck+VjBvfaoA=
 k8s.io/api v0.23.5/go.mod h1:Na4XuKng8PXJ2JsploYYrivXrINeTaycCGcYgF91Xm8=
 k8s.io/apimachinery v0.23.5 h1:Va7dwhp8wgkUPWsEXk6XglXWU4IKYLKNlv8VkX7SDM0=
 k8s.io/apimachinery v0.23.5/go.mod h1:BEuFMMBaIbcOqVIJqNZJXGFTP4W6AycEpb5+m/97hrM=
 k8s.io/gengo v0.0.0-20210813121822-485abfe95c7c/go.mod h1:FiNAH4ZV3gBg2Kwh89tzAEV2be7d5xI0vBa/VySYy3E=
 k8s.io/klog/v2 v2.0.0/go.mod h1:PBfzABfn139FHAV07az/IF9Wp1bkk3vpT2XSJ76fSDE=
 k8s.io/klog/v2 v2.2.0/go.mod h1:Od+F08eJP+W3HUb4pSrPpgp9DGU4GzlpG/TmITuYh/Y=
 k8s.io/klog/v2 v2.30.0 h1:bUO6drIvCIsvZ/XFgfxoGFQU/a4Qkh0iAlvUR7vlHJw=
 k8s.io/klog/v2 v2.30.0/go.mod h1:y1WjHnz7Dj687irZUWR/WLkLc5N1YHtjLdmgWjndZn0=
 k8s.io/kube-openapi v0.0.0-20211115234752-e816edb12b65/go.mod h1:sX9MT8g7NVZM5lVL/j8QyCCJe8YSMW30QvGZWaCIDIk=
 k8s.io/utils v0.0.0-20210802155522-efc7438f0176/go.mod h1:jPW/WVKK9YHAvNhRxK0md/EJ228hCsBRufyofKtW8HA=
 k8s.io/utils v0.0.0-20211116205334-6203023598ed h1:ck1fRPWPJWsMd8ZRFsWc6mh/zHp5fZ/shhbrgPUxDAE=
 k8s.io/utils v0.0.0-20211116205334-6203023598ed/go.mod h1:jPW/WVKK9YHAvNhRxK0md/EJ228hCsBRufyofKtW8HA=
 sigs.k8s.io/json v0.0.0-20211020170558-c049b76a60c6 h1:fD1pz4yfdADVNfFmcP2aBEtudwUQ1AlLnRBALr33v3s=
 sigs.k8s.io/json v0.0.0-20211020170558-c049b76a60c6/go.mod h1:p4QtZmO4uMYipTQNzagwnNoseA6OxSUutVw05NhYDRs=
 sigs.k8s.io/structured-merge-diff/v4 v4.0.2/go.mod h1:bJZC9H9iH24zzfZ/41RGcq60oK1F7G282QMXDPYydCw=
 sigs.k8s.io/structured-merge-diff/v4 v4.2.1 h1:bKCqE9GvQ5tiVHn5rfn1r+yao3aLQEaLzkkmAkf+A6Y=
 sigs.k8s.io/structured-merge-diff/v4 v4.2.1/go.mod h1:j/nl6xW8vLS49O8YvXW1ocPhZawJtm+Yrr7PPRQ0Vg4=
 sigs.k8s.io/yaml v1.2.0/go.mod h1:yfXDCHCao9+ENCvLSE62v9VSji2MKu5jeNfTrofGhJc=
--- a/cue/main.cue
+++ b/cue/main.cue
@@ -1,33 +0,0 @@
 package main
 import (
 	podinfo "github.com/stefanprodan/podinfo/cue/podinfo"
 )
 app: podinfo.#Application & {
 	config: {
 		meta: {
 			name:      "podinfo"
 			namespace: "default"
 		}
 		image: tag: "6.1.6"
 		resources: requests: {
 			cpu:    "100m"
 			memory: "16Mi"
 		}
 		hpa: {
 			enabled:     true
 			maxReplicas: 3
 		}
 		ingress: {
 			enabled:   true
 			className: "nginx"
 			host:      "podinfo.example.com"
 			tls:       true
 			annotations: "cert-manager.io/cluster-issuer": "letsencrypt"
 		}
 		serviceMonitor: enabled: true
 	}
 }
 objects: app.objects
--- a/cue/main_tool.cue
+++ b/cue/main_tool.cue
@@ -1,12 +0,0 @@
 package main
 import (
 	"tool/cli"
 	"encoding/yaml"
 )
 command: gen: {
 	task: print: cli.Print & {
 		text: yaml.MarshalStream([ for x in objects {x}])
 	}
 }
--- a/cue/podinfo/app.cue
+++ b/cue/podinfo/app.cue
@@ -1,26 +0,0 @@
 package podinfo
 #Application: {
 	config: #Config
 	objects: {
 		service:    #Service & {_config:        config}
 		account:    #ServiceAccount & {_config: config}
 		deployment: #Deployment & {
 			_config:         config
 			_serviceAccount: account.metadata.name
 		}
 	}
 	if config.hpa.enabled == true {
 		objects: hpa: #HorizontalPodAutoscaler & {_config: config}
 	}
 	if config.ingress.enabled == true {
 		objects: ingress: #Ingress & {_config: config}
 	}
 	if config.serviceMonitor.enabled == true {
 		objects: serviceMonitor: #ServiceMonitor & {_config: config}
 	}
 }
--- a/cue/podinfo/config.cue
+++ b/cue/podinfo/config.cue
@@ -1,41 +0,0 @@
 package podinfo
 import (
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	corev1 "k8s.io/api/core/v1"
 )
 #Config: {
 	meta:           metav1.#ObjectMeta
 	hpa:            #hpaConfig
 	ingress:        #ingressConfig
 	service:        #serviceConfig
 	serviceMonitor: #serviceMonConfig
 	image: {
 		repository: *"ghcr.io/stefanprodan/podinfo" | string
 		pullPolicy: *"IfNotPresent" | string
 		tag:        string
 	}
 	cache?: string & =~"^tcp://"
 	backends: [...string]
 	logLevel: *"info" | string
 	replicas: *1 | int
 	resources: *{
 		requests: {
 			cpu:    "1m"
 			memory: "16Mi"
 		}
 		limits: memory: "128Mi"
 	} | corev1.#ResourceRequirements
 	selectorLabels: *{"app.kubernetes.io/name": meta.name} | {[ string]: string}
 	meta: annotations: *{"app.kubernetes.io/version": "\(image.tag)"} | {[ string]: string}
 	meta: labels:      *selectorLabels | {[ string]:  string}
 	securityContext?: corev1.#PodSecurityContext
 	affinity?:        corev1.#Affinity
 	tolerations?: [ ...corev1.#Toleration]
 }
--- a/cue/podinfo/deployment.cue
+++ b/cue/podinfo/deployment.cue
@@ -1,110 +0,0 @@
 package podinfo
 import (
 	appsv1 "k8s.io/api/apps/v1"
 	corev1 "k8s.io/api/core/v1"
 )
 #Deployment: appsv1.#Deployment & {
 	_config:         #Config
 	_serviceAccount: string
 	apiVersion:      "apps/v1"
 	kind:            "Deployment"
 	metadata:        _config.meta
 	spec:            appsv1.#DeploymentSpec & {
 		if !_config.hpa.enabled {
 			replicas: _config.replicas
 		}
 		strategy: {
 			type: "RollingUpdate"
 			rollingUpdate: maxUnavailable: 1
 		}
 		selector: matchLabels: _config.selectorLabels
 		template: {
 			metadata: {
 				labels: _config.selectorLabels
 				if !_config.serviceMonitor.enabled {
 					annotations: {
 						"prometheus.io/scrape": "true"
 						"prometheus.io/port":   "\(_config.service.metricsPort)"
 					}
 				}
 			}
 			spec: corev1.#PodSpec & {
 				terminationGracePeriodSeconds: 15
 				serviceAccountName:            _serviceAccount
 				containers: [
 					{
 						name:            "podinfo"
 						image:           "\(_config.image.repository):\(_config.image.tag)"
 						imagePullPolicy: _config.image.pullPolicy
 						command: [
 							"./podinfo",
 							"--port=\(_config.service.httpPort)",
 							"--port-metrics=\(_config.service.metricsPort)",
 							"--grpc-port=\(_config.service.grpcPort)",
 							"--level=\(_config.logLevel)",
 							if _config.cache != _|_ {
 								"--cache-server=\(_config.cache)"
 							},
 							for b in _config.backends {
 								"--backend-url=\(b)"
 							},
 						]
 						ports: [
 							{
 								name:          "http"
 								containerPort: _config.service.httpPort
 								protocol:      "TCP"
 							},
 							{
 								name:          "http-metrics"
 								containerPort: _config.service.metricsPort
 								protocol:      "TCP"
 							},
 							{
 								name:          "grpc"
 								containerPort: _config.service.grpcPort
 								protocol:      "TCP"
 							},
 						]
 						livenessProbe: {
 							httpGet: {
 								path: "/healthz"
 								port: "http"
 							}
 						}
 						readinessProbe: {
 							httpGet: {
 								path: "/readyz"
 								port: "http"
 							}
 						}
 						volumeMounts: [
 							{
 								name:      "data"
 								mountPath: "/data"
 							},
 						]
 						resources: _config.resources
 						if _config.securityContext != _|_ {
 							securityContext: _config.securityContext
 						}
 					},
 				]
 				if _config.affinity != _|_ {
 					affinity: _config.affinity
 				}
 				if _config.tolerations != _|_ {
 					tolerations: _config.tolerations
 				}
 				volumes: [
 					{
 						name: "data"
 						emptyDir: {}
 					},
 				]
 			}
 		}
 	}
 }
--- a/cue/podinfo/service.cue
+++ b/cue/podinfo/service.cue
@@ -1,44 +0,0 @@
 package podinfo
 import (
 	corev1 "k8s.io/api/core/v1"
 )
 #serviceConfig: {
 	type:         *"ClusterIP" | string
 	externalPort: *9898 | int
 	httpPort:     *9898 | int
 	metricsPort:  *9797 | int
 	grpcPort:     *9999 | int
 }
 #Service: corev1.#Service & {
 	_config:    #Config
 	apiVersion: "v1"
 	kind:       "Service"
 	metadata:   _config.meta
 	spec:       corev1.#ServiceSpec & {
 		type:     _config.service.type
 		selector: _config.selectorLabels
 		ports: [
 			{
 				name:       "http"
 				port:       _config.service.externalPort
 				targetPort: "\(name)"
 				protocol:   "TCP"
 			},
 			{
 				name:       "http-metrics"
 				port:       _config.service.metricsPort
 				targetPort: "\(name)"
 				protocol:   "TCP"
 			},
 			{
 				name:       "grpc"
 				port:       _config.service.grpcPort
 				targetPort: "\(name)"
 				protocol:   "TCP"
 			},
 		]
 	}
 }
--- a/cue/podinfo/servicemonitor.cue
+++ b/cue/podinfo/servicemonitor.cue
@@ -1,22 +0,0 @@
 package podinfo
 #serviceMonConfig: {
 	enabled:  *false | bool
 	interval: *"15s" | string
 }
 #ServiceMonitor: {
 	_config:    #Config
 	apiVersion: "monitoring.coreos.com/v1"
 	kind:       "ServiceMonitor"
 	metadata:   _config.meta
 	spec: {
 		endpoints: [{
 			path:     "/metrics"
 			port:     "http-metrics"
 			interval: _config.serviceMonitor.interval
 		}]
 		namespaceSelector: matchNames: _config.meta.namespace
 		selector: matchLabels:         _config.meta.labels
 	}
 }
--- a/deploy/bases/backend/deployment.yaml
+++ b/deploy/bases/backend/deployment.yaml
@@ -23,7 +23,7 @@ spec:
    spec:
      containers:
      - name: backend
-        image: ghcr.io/stefanprodan/podinfo:6.1.6
+        image: ghcr.io/stefanprodan/podinfo:6.5.4
        imagePullPolicy: IfNotPresent
        ports:
        - name: http
--- a/deploy/bases/backend/hpa.yaml
+++ b/deploy/bases/backend/hpa.yaml
@@ -1,4 +1,4 @@
-apiVersion: autoscaling/v2beta2
+apiVersion: autoscaling/v2
 kind: HorizontalPodAutoscaler
 metadata:
  name: backend
--- a/deploy/bases/cache/deployment.yaml
+++ b/deploy/bases/cache/deployment.yaml
@@ -13,7 +13,7 @@ spec:
    spec:
      containers:
        - name: redis
-          image: redis:6.0.1
+          image: redis:7.0.7
          imagePullPolicy: IfNotPresent
          command:
            - redis-server
--- a/deploy/bases/frontend/deployment.yaml
+++ b/deploy/bases/frontend/deployment.yaml
@@ -23,7 +23,7 @@ spec:
    spec:
      containers:
      - name: frontend
-        image: ghcr.io/stefanprodan/podinfo:6.1.6
+        image: ghcr.io/stefanprodan/podinfo:6.5.4
        imagePullPolicy: IfNotPresent
        ports:
        - name: http
--- a/deploy/bases/frontend/hpa.yaml
+++ b/deploy/bases/frontend/hpa.yaml
@@ -1,4 +1,4 @@
-apiVersion: autoscaling/v2beta2
+apiVersion: autoscaling/v2
 kind: HorizontalPodAutoscaler
 metadata:
  name: frontend
--- a/deploy/secure/backend/hpa.yaml
+++ b/deploy/secure/backend/hpa.yaml
@@ -1,4 +1,4 @@
-apiVersion: autoscaling/v2beta2
+apiVersion: autoscaling/v2
 kind: HorizontalPodAutoscaler
 metadata:
  name: backend
--- a/deploy/secure/frontend/hpa.yaml
+++ b/deploy/secure/frontend/hpa.yaml
@@ -1,4 +1,4 @@
-apiVersion: autoscaling/v2beta2
+apiVersion: autoscaling/v2
 kind: HorizontalPodAutoscaler
 metadata:
  name: frontend
--- a/deploy/webapp/backend/deployment.yaml
+++ b/deploy/webapp/backend/deployment.yaml
@@ -25,7 +25,7 @@ spec:
      serviceAccountName: webapp
      containers:
      - name: backend
-        image: ghcr.io/stefanprodan/podinfo:6.1.6
+        image: ghcr.io/stefanprodan/podinfo:6.5.4
        imagePullPolicy: IfNotPresent
        ports:
        - name: http
--- a/deploy/webapp/backend/hpa.yaml
+++ b/deploy/webapp/backend/hpa.yaml
@@ -1,4 +1,4 @@
-apiVersion: autoscaling/v2beta2
+apiVersion: autoscaling/v2
 kind: HorizontalPodAutoscaler
 metadata:
  name: backend
--- a/deploy/webapp/frontend/deployment.yaml
+++ b/deploy/webapp/frontend/deployment.yaml
@@ -25,7 +25,7 @@ spec:
      serviceAccountName: webapp
      containers:
      - name: frontend
-        image: ghcr.io/stefanprodan/podinfo:6.1.6
+        image: ghcr.io/stefanprodan/podinfo:6.5.4
        imagePullPolicy: IfNotPresent
        ports:
        - name: http
--- a/deploy/webapp/frontend/hpa.yaml
+++ b/deploy/webapp/frontend/hpa.yaml
@@ -1,4 +1,4 @@
-apiVersion: autoscaling/v2beta2
+apiVersion: autoscaling/v2
 kind: HorizontalPodAutoscaler
 metadata:
  name: frontend
--- a/go.mod
+++ b/go.mod
@@ -1,86 +1,89 @@
 module github.com/stefanprodan/podinfo
-go 1.18
+go 1.21
 require (
-	github.com/alecthomas/template v0.0.0-20190718012654-fb15b899a751
+	github.com/chzyer/readline v1.5.1
-	github.com/chzyer/readline v1.5.0
+	github.com/fatih/color v1.16.0
-	github.com/dgrijalva/jwt-go/v4 v4.0.0-preview1
+	github.com/fsnotify/fsnotify v1.7.0
-	github.com/fatih/color v1.13.0
+	github.com/golang-jwt/jwt/v4 v4.5.0
-	github.com/fsnotify/fsnotify v1.5.4
+	github.com/gomodule/redigo v1.8.9
-	github.com/gomodule/redigo v1.8.8
+	github.com/gorilla/mux v1.8.1
-	github.com/gorilla/mux v1.8.0
+	github.com/gorilla/websocket v1.5.1
-	github.com/gorilla/websocket v1.5.0
+	github.com/prometheus/client_golang v1.17.0
-	github.com/prometheus/client_golang v1.12.2
+	github.com/spf13/cobra v1.8.0
 	github.com/spf13/cobra v1.4.0
 	github.com/spf13/pflag v1.0.5
-	github.com/spf13/viper v1.12.0
+	github.com/spf13/viper v1.18.1
-	github.com/swaggo/http-swagger v1.2.8
+	github.com/swaggo/http-swagger v1.3.4
-	github.com/swaggo/swag v1.8.2
+	github.com/swaggo/swag v1.16.2
-	go.opentelemetry.io/contrib/instrumentation/github.com/gorilla/mux/otelmux v0.32.0
+	go.opentelemetry.io/contrib/instrumentation/github.com/gorilla/mux/otelmux v0.46.1
-	go.opentelemetry.io/contrib/instrumentation/net/http/httptrace/otelhttptrace v0.32.0
+	go.opentelemetry.io/contrib/instrumentation/net/http/httptrace/otelhttptrace v0.46.1
-	go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.32.0
+	go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.46.1
-	go.opentelemetry.io/contrib/propagators/aws v1.7.0
+	go.opentelemetry.io/contrib/propagators/aws v1.21.1
-	go.opentelemetry.io/contrib/propagators/b3 v1.7.0
+	go.opentelemetry.io/contrib/propagators/b3 v1.21.1
-	go.opentelemetry.io/contrib/propagators/jaeger v1.7.0
+	go.opentelemetry.io/contrib/propagators/jaeger v1.21.1
-	go.opentelemetry.io/contrib/propagators/ot v1.7.0
+	go.opentelemetry.io/contrib/propagators/ot v1.21.1
-	go.opentelemetry.io/otel v1.7.0
+	go.opentelemetry.io/otel v1.21.0
-	go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.7.0
+	go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.21.0
-	go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.7.0
+	go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.21.0
-	go.opentelemetry.io/otel/sdk v1.7.0
+	go.opentelemetry.io/otel/sdk v1.21.0
-	go.opentelemetry.io/otel/trace v1.7.0
+	go.opentelemetry.io/otel/trace v1.21.0
-	go.uber.org/zap v1.21.0
+	go.uber.org/zap v1.26.0
-	golang.org/x/net v0.0.0-20220526153639-5463443f8c37
+	golang.org/x/net v0.19.0
-	google.golang.org/grpc v1.46.2
+	google.golang.org/grpc v1.60.0
 )
 // Fix CVE-2022-32149
 replace golang.org/x/text => golang.org/x/text v0.14.0
 // Fix CVE-2022-28948
-replace gopkg.in/yaml.v3 => gopkg.in/yaml.v3 v3.0.0
+replace gopkg.in/yaml.v3 => gopkg.in/yaml.v3 v3.0.1
 require (
 	github.com/KyleBanks/depth v1.2.1 // indirect
 	github.com/beorn7/perks v1.0.1 // indirect
-	github.com/cenkalti/backoff/v4 v4.1.3 // indirect
+	github.com/cenkalti/backoff/v4 v4.2.1 // indirect
-	github.com/cespare/xxhash/v2 v2.1.2 // indirect
+	github.com/cespare/xxhash/v2 v2.2.0 // indirect
-	github.com/felixge/httpsnoop v1.0.2 // indirect
+	github.com/felixge/httpsnoop v1.0.4 // indirect
-	github.com/go-logr/logr v1.2.3 // indirect
+	github.com/go-logr/logr v1.3.0 // indirect
 	github.com/go-logr/stdr v1.2.2 // indirect
 	github.com/go-openapi/jsonpointer v0.19.5 // indirect
 	github.com/go-openapi/jsonreference v0.20.0 // indirect
-	github.com/go-openapi/spec v0.20.5 // indirect
+	github.com/go-openapi/spec v0.20.6 // indirect
 	github.com/go-openapi/swag v0.19.15 // indirect
-	github.com/golang/protobuf v1.5.2 // indirect
+	github.com/golang/protobuf v1.5.3 // indirect
-	github.com/grpc-ecosystem/grpc-gateway/v2 v2.7.0 // indirect
+	github.com/grpc-ecosystem/grpc-gateway/v2 v2.16.0 // indirect
 	github.com/hashicorp/hcl v1.0.0 // indirect
-	github.com/inconshreveable/mousetrap v1.0.0 // indirect
+	github.com/inconshreveable/mousetrap v1.1.0 // indirect
 	github.com/josharian/intern v1.0.0 // indirect
-	github.com/magiconair/properties v1.8.6 // indirect
+	github.com/magiconair/properties v1.8.7 // indirect
 	github.com/mailru/easyjson v0.7.6 // indirect
-	github.com/mattn/go-colorable v0.1.12 // indirect
+	github.com/mattn/go-colorable v0.1.13 // indirect
-	github.com/mattn/go-isatty v0.0.14 // indirect
+	github.com/mattn/go-isatty v0.0.20 // indirect
-	github.com/matttproud/golang_protobuf_extensions v1.0.1 // indirect
+	github.com/matttproud/golang_protobuf_extensions v1.0.4 // indirect
 	github.com/mitchellh/mapstructure v1.5.0 // indirect
-	github.com/pelletier/go-toml v1.9.5 // indirect
+	github.com/pelletier/go-toml/v2 v2.1.0 // indirect
-	github.com/pelletier/go-toml/v2 v2.0.1 // indirect
+	github.com/prometheus/client_model v0.4.1-0.20230718164431-9a2bf3000d16 // indirect
-	github.com/prometheus/client_model v0.2.0 // indirect
+	github.com/prometheus/common v0.44.0 // indirect
-	github.com/prometheus/common v0.32.1 // indirect
+	github.com/prometheus/procfs v0.11.1 // indirect
-	github.com/prometheus/procfs v0.7.3 // indirect
+	github.com/sagikazarmark/locafero v0.4.0 // indirect
-	github.com/spf13/afero v1.8.2 // indirect
+	github.com/sagikazarmark/slog-shim v0.1.0 // indirect
-	github.com/spf13/cast v1.5.0 // indirect
+	github.com/sourcegraph/conc v0.3.0 // indirect
-	github.com/spf13/jwalterweatherman v1.1.0 // indirect
+	github.com/spf13/afero v1.11.0 // indirect
-	github.com/subosito/gotenv v1.3.0 // indirect
+	github.com/spf13/cast v1.6.0 // indirect
-	github.com/swaggo/files v0.0.0-20210815190702-a29dd2bc99b2 // indirect
+	github.com/subosito/gotenv v1.6.0 // indirect
-	go.opentelemetry.io/otel/exporters/otlp/internal/retry v1.7.0 // indirect
+	github.com/swaggo/files v0.0.0-20220610200504-28940afbdbfe // indirect
-	go.opentelemetry.io/otel/metric v0.30.0 // indirect
+	go.opentelemetry.io/otel/metric v1.21.0 // indirect
-	go.opentelemetry.io/proto/otlp v0.16.0 // indirect
+	go.opentelemetry.io/proto/otlp v1.0.0 // indirect
-	go.uber.org/atomic v1.7.0 // indirect
+	go.uber.org/multierr v1.11.0 // indirect
-	go.uber.org/multierr v1.8.0 // indirect
+	golang.org/x/exp v0.0.0-20230905200255-921286631fa9 // indirect
-	golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a // indirect
+	golang.org/x/sys v0.15.0 // indirect
-	golang.org/x/text v0.3.7 // indirect
+	golang.org/x/text v0.14.0 // indirect
-	golang.org/x/tools v0.1.10 // indirect
+	golang.org/x/tools v0.13.0 // indirect
-	google.golang.org/genproto v0.0.0-20220519153652-3a47de7e79bd // indirect
+	google.golang.org/genproto/googleapis/api v0.0.0-20231106174013-bbf56f31fb17 // indirect
-	google.golang.org/protobuf v1.28.0 // indirect
+	google.golang.org/genproto/googleapis/rpc v0.0.0-20231120223509-83a465c0220f // indirect
-	gopkg.in/ini.v1 v1.66.4 // indirect
+	google.golang.org/protobuf v1.31.0 // indirect
 	gopkg.in/ini.v1 v1.67.0 // indirect
 	gopkg.in/yaml.v2 v2.4.0 // indirect
-	gopkg.in/yaml.v3 v3.0.0 // indirect
+	gopkg.in/yaml.v3 v3.0.1 // indirect
 )
--- a/go.sum
+++ b/go.sum
@@ -1,123 +1,34 @@
 cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw=
 cloud.google.com/go v0.34.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw=
 cloud.google.com/go v0.38.0/go.mod h1:990N+gfupTy94rShfmMCWGDn0LpTmnzTp2qbd1dvSRU=
 cloud.google.com/go v0.44.1/go.mod h1:iSa0KzasP4Uvy3f1mN/7PiObzGgflwredwwASm/v6AU=
 cloud.google.com/go v0.44.2/go.mod h1:60680Gw3Yr4ikxnPRS/oxxkBccT6SA1yMk63TGekxKY=
 cloud.google.com/go v0.44.3/go.mod h1:60680Gw3Yr4ikxnPRS/oxxkBccT6SA1yMk63TGekxKY=
 cloud.google.com/go v0.45.1/go.mod h1:RpBamKRgapWJb87xiFSdk4g1CME7QZg3uwTez+TSTjc=
 cloud.google.com/go v0.46.3/go.mod h1:a6bKKbmY7er1mI7TEI4lsAkts/mkhTSZK8w33B4RAg0=
 cloud.google.com/go v0.50.0/go.mod h1:r9sluTvynVuxRIOHXQEHMFffphuXHOMZMycpNR5e6To=
 cloud.google.com/go v0.52.0/go.mod h1:pXajvRH/6o3+F9jDHZWQ5PbGhn+o8w9qiu/CffaVdO4=
 cloud.google.com/go v0.53.0/go.mod h1:fp/UouUEsRkN6ryDKNW/Upv/JBKnv6WDthjR6+vze6M=
 cloud.google.com/go v0.54.0/go.mod h1:1rq2OEkV3YMf6n/9ZvGWI3GWw0VoqH/1x2nd8Is/bPc=
 cloud.google.com/go v0.56.0/go.mod h1:jr7tqZxxKOVYizybht9+26Z/gUq7tiRzu+ACVAMbKVk=
 cloud.google.com/go v0.57.0/go.mod h1:oXiQ6Rzq3RAkkY7N6t3TcE6jE+CIBBbA36lwQ1JyzZs=
 cloud.google.com/go v0.62.0/go.mod h1:jmCYTdRCQuc1PHIIJ/maLInMho30T/Y0M4hTdTShOYc=
 cloud.google.com/go v0.65.0/go.mod h1:O5N8zS7uWy9vkA9vayVHs65eM1ubvY4h553ofrNHObY=
 cloud.google.com/go v0.72.0/go.mod h1:M+5Vjvlc2wnp6tjzE102Dw08nGShTscUx2nZMufOKPI=
 cloud.google.com/go v0.74.0/go.mod h1:VV1xSbzvo+9QJOxLDaJfTjx5e+MePCpCWwvftOeQmWk=
 cloud.google.com/go v0.75.0/go.mod h1:VGuuCn7PG0dwsd5XPVm2Mm3wlh3EL55/79EKB6hlPTY=
 cloud.google.com/go/bigquery v1.0.1/go.mod h1:i/xbL2UlR5RvWAURpBYZTtm/cXjCha9lbfbpx4poX+o=
 cloud.google.com/go/bigquery v1.3.0/go.mod h1:PjpwJnslEMmckchkHFfq+HTD2DmtT67aNFKH1/VBDHE=
 cloud.google.com/go/bigquery v1.4.0/go.mod h1:S8dzgnTigyfTmLBfrtrhyYhwRxG72rYxvftPBK2Dvzc=
 cloud.google.com/go/bigquery v1.5.0/go.mod h1:snEHRnqQbz117VIFhE8bmtwIDY80NLUZUMb4Nv6dBIg=
 cloud.google.com/go/bigquery v1.7.0/go.mod h1://okPTzCYNXSlb24MZs83e2Do+h+VXtc4gLoIoXIAPc=
 cloud.google.com/go/bigquery v1.8.0/go.mod h1:J5hqkt3O0uAFnINi6JXValWIb1v0goeZM77hZzJN/fQ=
 cloud.google.com/go/datastore v1.0.0/go.mod h1:LXYbyblFSglQ5pkeyhO+Qmw7ukd3C+pD7TKLgZqpHYE=
 cloud.google.com/go/datastore v1.1.0/go.mod h1:umbIZjpQpHh4hmRpGhH4tLFup+FVzqBi1b3c64qFpCk=
 cloud.google.com/go/pubsub v1.0.1/go.mod h1:R0Gpsv3s54REJCy4fxDixWD93lHJMoZTyQ2kNxGRt3I=
 cloud.google.com/go/pubsub v1.1.0/go.mod h1:EwwdRX2sKPjnvnqCa270oGRyludottCI76h+R3AArQw=
 cloud.google.com/go/pubsub v1.2.0/go.mod h1:jhfEVHT8odbXTkndysNHCcx0awwzvfOlguIAii9o8iA=
 cloud.google.com/go/pubsub v1.3.1/go.mod h1:i+ucay31+CNRpDW4Lu78I4xXG+O1r/MAHgjpRVR+TSU=
 cloud.google.com/go/storage v1.0.0/go.mod h1:IhtSnM/ZTZV8YYJWCY8RULGVqBDmpoyjwiyrjsg+URw=
 cloud.google.com/go/storage v1.5.0/go.mod h1:tpKbwo567HUNpVclU5sGELwQWBDZ8gh0ZeosJ0Rtdos=
 cloud.google.com/go/storage v1.6.0/go.mod h1:N7U0C8pVQ/+NIKOBQyamJIeKQKkZ+mxpohlUTyfDhBk=
 cloud.google.com/go/storage v1.8.0/go.mod h1:Wv1Oy7z6Yz3DshWRJFhqM/UCfaWIRTdp0RXyy7KQOVs=
 cloud.google.com/go/storage v1.10.0/go.mod h1:FLPqc6j+Ki4BU591ie1oL6qBQGu2Bl/tZ9ullr3+Kg0=
 cloud.google.com/go/storage v1.14.0/go.mod h1:GrKmX003DSIwi9o29oFT7YDnHYwZoctc3fOKtUw0Xmo=
 dmitri.shuralyov.com/gpu/mtl v0.0.0-20190408044501-666a987793e9/go.mod h1:H6x//7gZCb22OMCxBHrMx7a5I7Hp++hsVxbQ4BYO7hU=
 github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU=
 github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo=
 github.com/KyleBanks/depth v1.2.1 h1:5h8fQADFrWtarTdtDudMmGsC7GPbOAu6RVB3ffsVFHc=
 github.com/KyleBanks/depth v1.2.1/go.mod h1:jzSb9d0L43HxTQfT+oSA1EEp2q+ne2uh6XgeJcm8brE=
 github.com/OneOfOne/xxhash v1.2.2/go.mod h1:HSdplMjZKSmBqAxg5vPj2TmRDmfkzw+cTzAElWljhcU=
 github.com/PuerkitoBio/purell v1.1.1/go.mod h1:c11w/QuzBsJSee3cPx9rAFu61PvFxuPbtSwDGJws/X0=
 github.com/PuerkitoBio/urlesc v0.0.0-20170810143723-de5bf2ad4578/go.mod h1:uGdkoq3SwY9Y+13GIhn11/XLaGBb4BfwItxLd5jeuXE=
 github.com/alecthomas/template v0.0.0-20160405071501-a0175ee3bccc/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc=
 github.com/alecthomas/template v0.0.0-20190718012654-fb15b899a751 h1:JYp7IbQjafoB+tBA3gMyHYHrpOtNuDiK/uB5uXxq5wM=
 github.com/alecthomas/template v0.0.0-20190718012654-fb15b899a751/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc=
 github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0=
 github.com/alecthomas/units v0.0.0-20190717042225-c3de453c63f4/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0=
 github.com/alecthomas/units v0.0.0-20190924025748-f65c72e2690d/go.mod h1:rBZYJk541a8SKzHPHnH3zbiI+7dagKZ0cgpgrD7Fyho=
 github.com/antihax/optional v1.0.0/go.mod h1:uupD/76wgC+ih3iEmQUL+0Ugr19nfwCT1kdvxnR2qWY=
 github.com/benbjohnson/clock v1.1.0 h1:Q92kusRqC1XV2MjkWETPvjJVqKetz1OzxZB7mHJLju8=
 github.com/benbjohnson/clock v1.1.0/go.mod h1:J11/hYXuz8f4ySSvYwY0FKfm+ezbsZBKZxNJlLklBHA=
 github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q=
 github.com/beorn7/perks v1.0.0/go.mod h1:KWe93zE9D1o94FZ5RNwFwVgaQK1VOXiVxmqh+CedLV8=
 github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM=
 github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw=
-github.com/cenkalti/backoff/v4 v4.1.3 h1:cFAlzYUlVYDysBEH2T5hyJZMh3+5+WCBvSnK6Q8UtC4=
+github.com/cenkalti/backoff/v4 v4.2.1 h1:y4OZtCnogmCPw98Zjyt5a6+QwPLGkiQsYW5oUqylYbM=
-github.com/cenkalti/backoff/v4 v4.1.3/go.mod h1:scbssz8iZGpm3xbr14ovlUdkxfGXNInqkPWOWmG2CLw=
+github.com/cenkalti/backoff/v4 v4.2.1/go.mod h1:Y3VNntkOUPxTVeUxJ/G5vcM//AlwfmyYozVcomhLiZE=
-github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU=
+github.com/cespare/xxhash/v2 v2.2.0 h1:DC2CZ1Ep5Y4k3ZQ899DldepgrayRUGE6BBZ/cd9Cj44=
-github.com/cespare/xxhash v1.1.0/go.mod h1:XrSqR1VqqWfGrhpAt58auRo0WTKS1nRRg3ghfAqPWnc=
+github.com/cespare/xxhash/v2 v2.2.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
-github.com/cespare/xxhash/v2 v2.1.1/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
+github.com/chzyer/logex v1.2.1 h1:XHDu3E6q+gdHgsdTPH6ImJMIp436vR6MPtH8gP05QzM=
-github.com/cespare/xxhash/v2 v2.1.2 h1:YRXhKfTDauu4ajMg1TPgFO5jnlC2HCbmLXMcTG5cbYE=
+github.com/chzyer/logex v1.2.1/go.mod h1:JLbx6lG2kDbNRFnfkgvh4eRJRPX1QCoOIWomwysCBrQ=
-github.com/cespare/xxhash/v2 v2.1.2/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
+github.com/chzyer/readline v1.5.1 h1:upd/6fQk4src78LMRzh5vItIt361/o4uq553V8B5sGI=
-github.com/chzyer/logex v1.1.10/go.mod h1:+Ywpsq7O8HXn0nuIou7OrIPyXbp3wmkHB+jjWRnGsAI=
+github.com/chzyer/readline v1.5.1/go.mod h1:Eh+b79XXUwfKfcPLepksvw2tcLE/Ct21YObkaSkeBlk=
-github.com/chzyer/logex v1.2.0 h1:+eqR0HfOetur4tgnC8ftU5imRnhi4te+BadWS95c5AM=
+github.com/chzyer/test v1.0.0 h1:p3BQDXSxOhOG0P9z6/hGnII4LGiEPOYBhs8asl/fC04=
-github.com/chzyer/logex v1.2.0/go.mod h1:9+9sk7u7pGNWYMkh0hdiL++6OeibzJccyQU4p4MedaY=
+github.com/chzyer/test v1.0.0/go.mod h1:2JlltgoNkt4TW/z9V/IzDdFaMTM2JPIi26O1pF38GC8=
-github.com/chzyer/readline v0.0.0-20180603132655-2972be24d48e/go.mod h1:nSuG5e5PlCu98SY8svDHJxuZscDgtXS6KTTbou5AhLI=
+github.com/cpuguy83/go-md2man/v2 v2.0.3/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o=
 github.com/chzyer/readline v1.5.0 h1:lSwwFrbNviGePhkewF1az4oLmcwqCZijQ2/Wi3BGHAI=
 github.com/chzyer/readline v1.5.0/go.mod h1:x22KAscuvRqlLoK9CsoYsmxoXZMMFVyOl86cAH8qUic=
 github.com/chzyer/test v0.0.0-20180213035817-a1ea475d72b1/go.mod h1:Q3SI9o4m/ZMnBNeIyt5eFwwo7qiLfzFZmjNmxjkiQlU=
 github.com/chzyer/test v0.0.0-20210722231415-061457976a23 h1:dZ0/VyGgQdVGAss6Ju0dt5P0QltE0SFY5Woh6hbIfiQ=
 github.com/chzyer/test v0.0.0-20210722231415-061457976a23/go.mod h1:Q3SI9o4m/ZMnBNeIyt5eFwwo7qiLfzFZmjNmxjkiQlU=
 github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw=
 github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc=
 github.com/cncf/udpa/go v0.0.0-20200629203442-efcf912fb354/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk=
 github.com/cncf/udpa/go v0.0.0-20201120205902-5459f2c99403/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk=
 github.com/cncf/udpa/go v0.0.0-20210930031921-04548b0d99d4/go.mod h1:6pvJx4me5XPnfI9Z40ddWsdw2W/uZgQLFXToKeRcDiI=
 github.com/cncf/xds/go v0.0.0-20210312221358-fbca930ec8ed/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs=
 github.com/cncf/xds/go v0.0.0-20210805033703-aa0b78936158/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs=
 github.com/cncf/xds/go v0.0.0-20210922020428-25de7278fc84/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs=
 github.com/cncf/xds/go v0.0.0-20211001041855-01bcc9b48dfe/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs=
 github.com/cncf/xds/go v0.0.0-20211011173535-cb28da3451f1/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs=
 github.com/cpuguy83/go-md2man/v2 v2.0.1/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o=
 github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E=
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
-github.com/dgrijalva/jwt-go/v4 v4.0.0-preview1 h1:CaO/zOnF8VvUfEbhRatPcwKVWamvbYd8tQGRWacE9kU=
+github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc h1:U9qPSI2PIWSS1VwoXQT9A3Wy9MM3WgvqSxFWenqJduM=
-github.com/dgrijalva/jwt-go/v4 v4.0.0-preview1/go.mod h1:+hnT3ywWDTAFrW5aE+u2Sa/wT555ZqwoCS+pk3p6ry4=
+github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
-github.com/envoyproxy/go-control-plane v0.9.0/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4=
+github.com/fatih/color v1.16.0 h1:zmkK9Ngbjj+K0yRhTVONQh1p/HknKYSlNT+vZCzyokM=
-github.com/envoyproxy/go-control-plane v0.9.1-0.20191026205805-5f8ba28d4473/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4=
+github.com/fatih/color v1.16.0/go.mod h1:fL2Sau1YI5c0pdGEVCbKQbLXB6edEj1ZgiY4NijnWvE=
-github.com/envoyproxy/go-control-plane v0.9.4/go.mod h1:6rpuAdCZL397s3pYoYcLgu1mIlRU8Am5FuJP05cCM98=
+github.com/felixge/httpsnoop v1.0.4 h1:NFTV2Zj1bL4mc9sqWACXbQFVBBg2W3GPvqp8/ESS2Wg=
-github.com/envoyproxy/go-control-plane v0.9.7/go.mod h1:cwu0lG7PUMfa9snN8LXBig5ynNVH9qI8YYLbd1fK2po=
+github.com/felixge/httpsnoop v1.0.4/go.mod h1:m8KPJKqk1gH5J9DgRY2ASl2lWCfGKXixSwevea8zH2U=
-github.com/envoyproxy/go-control-plane v0.9.9-0.20201210154907-fd9021fe5dad/go.mod h1:cXg6YxExXjJnVBQHBLXeUAgxn2UodCpnH306RInaBQk=
+github.com/frankban/quicktest v1.14.6 h1:7Xjx+VpznH+oBnejlPUj8oUpdxnVs4f8XU8WnHkI4W8=
-github.com/envoyproxy/go-control-plane v0.9.9-0.20210512163311-63b5d3c536b0/go.mod h1:hliV/p42l8fGbc6Y9bQ70uLwIvmJyVE5k4iMKlh8wCQ=
+github.com/frankban/quicktest v1.14.6/go.mod h1:4ptaffx2x8+WTWXmUCuVU6aPUX1/Mz7zb5vbUoiM6w0=
-github.com/envoyproxy/go-control-plane v0.9.10-0.20210907150352-cf90f659a021/go.mod h1:AFq3mo9L8Lqqiid3OhADV3RfLJnjiw63cSpi+fDTRC0=
+github.com/fsnotify/fsnotify v1.7.0 h1:8JEhPFa5W2WU7YfeZzPNqzMP6Lwt7L2715Ggo0nosvA=
-github.com/envoyproxy/go-control-plane v0.10.2-0.20220325020618-49ff273808a1/go.mod h1:KJwIaB5Mv44NWtYuAOFCVOjcI94vtpEz2JU/D2v6IjE=
+github.com/fsnotify/fsnotify v1.7.0/go.mod h1:40Bi/Hjc2AVfZrqy+aj+yEI+/bRxZnMJyTJwOpGvigM=
 github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c=
 github.com/fatih/color v1.13.0 h1:8LOYc1KYPPmyKMuN8QV2DNRWNbLo6LZ0iLs8+mlH53w=
 github.com/fatih/color v1.13.0/go.mod h1:kLAiJbzzSOZDVNGyDpeOxJ47H46qBXwg5ILebYFFOfk=
 github.com/felixge/httpsnoop v1.0.2 h1:+nS9g82KMXccJ/wp0zyRW9ZBHFETmMGtkk+2CTTrW4o=
 github.com/felixge/httpsnoop v1.0.2/go.mod h1:m8KPJKqk1gH5J9DgRY2ASl2lWCfGKXixSwevea8zH2U=
 github.com/frankban/quicktest v1.14.3 h1:FJKSZTDHjyhriyC81FLQ0LY93eSai0ZyR/ZIkd3ZUKE=
 github.com/fsnotify/fsnotify v1.5.4 h1:jRbGcIw6P2Meqdwuo0H1p6JVLbL5DHKAKlYndzMwVZI=
 github.com/fsnotify/fsnotify v1.5.4/go.mod h1:OVB6XrOHzAwXMpEM7uPOzcehqUV2UqJxmVXmkdnm1bU=
 github.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04=
 github.com/go-gl/glfw v0.0.0-20190409004039-e6da0acd62b1/go.mod h1:vR7hzQXu2zJy9AVAgeJqvqgH9Q5CA+iKCZ2gyEVpxRU=
 github.com/go-gl/glfw/v3.3/glfw v0.0.0-20191125211704-12ad95a8df72/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8=
 github.com/go-gl/glfw/v3.3/glfw v0.0.0-20200222043503-6f7a984d4dc4/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8=
 github.com/go-kit/kit v0.8.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as=
 github.com/go-kit/kit v0.9.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as=
 github.com/go-kit/log v0.1.0/go.mod h1:zbhenjAZHb184qTLMA9ZjW7ThYL0H2mk7Q6pNt4vbaY=
 github.com/go-logfmt/logfmt v0.3.0/go.mod h1:Qt1PoO58o5twSAckw1HlFXLmHsOX5/0LbT9GBnD5lWE=
 github.com/go-logfmt/logfmt v0.4.0/go.mod h1:3RMwSq7FuexP4Kalkev3ejPJsZTpXXBr9+V4qmtdjCk=
 github.com/go-logfmt/logfmt v0.5.0/go.mod h1:wCYkCAKZfumFQihp8CzCvQ3paCTfi41vtzG1KdI/P7A=
 github.com/go-logr/logr v1.2.2/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A=
-github.com/go-logr/logr v1.2.3 h1:2DntVwHkVopvECVRSlL5PSo9eG+cAkDCuckLubN+rq0=
+github.com/go-logr/logr v1.3.0 h1:2y3SDp0ZXuc6/cjLSZ+Q3ir+QB9T/iG5yYRXqsagWSY=
-github.com/go-logr/logr v1.2.3/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A=
+github.com/go-logr/logr v1.3.0/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY=
 github.com/go-logr/stdr v1.2.2 h1:hSWxHoqTgW2S2qGc0LTAI563KZ5YKYRhT3MFKZMbjag=
 github.com/go-logr/stdr v1.2.2/go.mod h1:mMo/vtBO5dYbehREoey6XUKy/eSumjCCveDpRre4VKE=
 github.com/go-openapi/jsonpointer v0.19.3/go.mod h1:Pl9vOtqEWErmShwVjC8pYs9cog34VGT37dQOVbmoatg=
@@ -125,622 +36,208 @@ github.com/go-openapi/jsonpointer v0.19.5 h1:gZr+CIYByUqjcgeLXnQu2gHYQC9o73G2XUe
 github.com/go-openapi/jsonpointer v0.19.5/go.mod h1:Pl9vOtqEWErmShwVjC8pYs9cog34VGT37dQOVbmoatg=
 github.com/go-openapi/jsonreference v0.20.0 h1:MYlu0sBgChmCfJxxUKZ8g1cPWFOB37YSZqewK7OKeyA=
 github.com/go-openapi/jsonreference v0.20.0/go.mod h1:Ag74Ico3lPc+zR+qjn4XBUmXymS4zJbYVCZmcgkasdo=
-github.com/go-openapi/spec v0.20.5 h1:skHa8av4VnAtJU5zyAUXrrdK/NDiVX8lchbG+BfcdrE=
+github.com/go-openapi/spec v0.20.6 h1:ich1RQ3WDbfoeTqTAb+5EIxNmpKVJZWBNah9RAT0jIQ=
-github.com/go-openapi/spec v0.20.5/go.mod h1:QbfOSIVt3/sac+a1wzmKbbcLXm5NdZnyBZYtCijp43o=
+github.com/go-openapi/spec v0.20.6/go.mod h1:2OpW+JddWPrpXSCIX8eOx7lZ5iyuWj3RYR6VaaBKcWA=
 github.com/go-openapi/swag v0.19.5/go.mod h1:POnQmlKehdgb5mhVOsnJFsivZCEZ/vjK9gh66Z9tfKk=
 github.com/go-openapi/swag v0.19.15 h1:D2NRCBzS9/pEY3gP9Nl8aDqGUcPFrwG2p+CNFrLyrCM=
 github.com/go-openapi/swag v0.19.15/go.mod h1:QYRuS/SOXUCsnplDa677K7+DxSOj6IPNl/eQntq43wQ=
-github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/melR3HDY=
+github.com/golang-jwt/jwt/v4 v4.5.0 h1:7cYmW1XlMY7h7ii7UhUyChSgS5wUJEnm9uZVTGqOWzg=
-github.com/gogo/protobuf v1.1.1/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ=
+github.com/golang-jwt/jwt/v4 v4.5.0/go.mod h1:m21LjoU+eqJr34lmDMbreY2eSTRJ1cv77w39/MY0Ch0=
-github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q=
+github.com/golang/glog v1.1.2 h1:DVjP2PbBOzHyzA+dn3WhHIq4NdVu3Q+pvivFICf/7fo=
-github.com/golang/glog v1.0.0 h1:nfP3RFugxnNRyKgeWd4oI1nYvXpxrx8ck8ZrcizshdQ=
+github.com/golang/glog v1.1.2/go.mod h1:zR+okUeTbrL6EL3xHUDxZuEtGv04p5shwip1+mL/rLQ=
 github.com/golang/glog v1.0.0/go.mod h1:EWib/APOK0SL3dFbYqvxE3UYd8E6s1ouQ7iEp/0LWV4=
 github.com/golang/groupcache v0.0.0-20190702054246-869f871628b6/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
 github.com/golang/groupcache v0.0.0-20191227052852-215e87163ea7/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
 github.com/golang/groupcache v0.0.0-20200121045136-8c9f03a8e57e/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
 github.com/golang/mock v1.1.1/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A=
 github.com/golang/mock v1.2.0/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A=
 github.com/golang/mock v1.3.1/go.mod h1:sBzyDLLjw3U8JLTeZvSv8jJB+tU5PVekmnlKIyFUx0Y=
 github.com/golang/mock v1.4.0/go.mod h1:UOMv5ysSaYNkG+OFQykRIcU/QvvxJf3p21QfJ2Bt3cw=
 github.com/golang/mock v1.4.1/go.mod h1:UOMv5ysSaYNkG+OFQykRIcU/QvvxJf3p21QfJ2Bt3cw=
 github.com/golang/mock v1.4.3/go.mod h1:UOMv5ysSaYNkG+OFQykRIcU/QvvxJf3p21QfJ2Bt3cw=
 github.com/golang/mock v1.4.4/go.mod h1:l3mdAwkq5BuhzHwde/uurv3sEJeZMXNpwsxVWU71h+4=
 github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
 github.com/golang/protobuf v1.3.1/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
 github.com/golang/protobuf v1.3.2/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
 github.com/golang/protobuf v1.3.3/go.mod h1:vzj43D7+SQXF/4pzW/hwtAqwc6iTitCiVSaWz5lYuqw=
 github.com/golang/protobuf v1.3.4/go.mod h1:vzj43D7+SQXF/4pzW/hwtAqwc6iTitCiVSaWz5lYuqw=
 github.com/golang/protobuf v1.3.5/go.mod h1:6O5/vntMXwX2lRkT1hjjk0nAC1IDOTvTlVgjlRvqsdk=
 github.com/golang/protobuf v1.4.0-rc.1/go.mod h1:ceaxUfeHdC40wWswd/P6IGgMaK3YpKi5j83Wpe3EHw8=
 github.com/golang/protobuf v1.4.0-rc.1.0.20200221234624-67d41d38c208/go.mod h1:xKAWHe0F5eneWXFV3EuXVDTCmh+JuBKY0li0aMyXATA=
 github.com/golang/protobuf v1.4.0-rc.2/go.mod h1:LlEzMj4AhA7rCAGe4KMBDvJI+AwstrUpVNzEA03Pprs=
 github.com/golang/protobuf v1.4.0-rc.4.0.20200313231945-b860323f09d0/go.mod h1:WU3c8KckQ9AFe+yFwt9sWVRKCVIyN9cPHBJSNnbL67w=
 github.com/golang/protobuf v1.4.0/go.mod h1:jodUvKwWbYaEsadDk5Fwe5c77LiNKVO9IDvqG2KuDX0=
 github.com/golang/protobuf v1.4.1/go.mod h1:U8fpvMrcmy5pZrNK1lt4xCsGvpyWQ/VVv6QDs8UjoX8=
 github.com/golang/protobuf v1.4.2/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI=
 github.com/golang/protobuf v1.4.3/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI=
 github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaSAoJOfIk=
-github.com/golang/protobuf v1.5.2 h1:ROPKBNFfQgOUMifHyP+KYbvpjbdoFNs+aK7DXlji0Tw=
+github.com/golang/protobuf v1.5.3 h1:KhyjKVUg7Usr/dYsdSqoFveMYd5ko72D+zANwlG1mmg=
-github.com/golang/protobuf v1.5.2/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY=
+github.com/golang/protobuf v1.5.3/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY=
-github.com/gomodule/redigo v1.8.8 h1:f6cXq6RRfiyrOJEV7p3JhLDlmawGBVBBP1MggY8Mo4E=
+github.com/gomodule/redigo v1.8.9 h1:Sl3u+2BI/kk+VEatbj0scLdrFhjPmbxOc1myhDP41ws=
-github.com/gomodule/redigo v1.8.8/go.mod h1:7ArFNvsTjH8GMMzB4uy1snslv2BwmginuMs06a1uzZE=
+github.com/gomodule/redigo v1.8.9/go.mod h1:7ArFNvsTjH8GMMzB4uy1snslv2BwmginuMs06a1uzZE=
 github.com/google/btree v0.0.0-20180813153112-4030bb1f1f0c/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ=
 github.com/google/btree v1.0.0/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ=
 github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5aqRK0M=
 github.com/google/go-cmp v0.3.0/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU=
 github.com/google/go-cmp v0.3.1/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU=
 github.com/google/go-cmp v0.4.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
 github.com/google/go-cmp v0.4.1/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
 github.com/google/go-cmp v0.5.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
 github.com/google/go-cmp v0.5.1/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
 github.com/google/go-cmp v0.5.2/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
 github.com/google/go-cmp v0.5.4/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
 github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
-github.com/google/go-cmp v0.5.6/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
+github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI=
-github.com/google/go-cmp v0.5.7/go.mod h1:n+brtR0CgQNWTVd5ZUFpTBC8YFBDLK/h/bpaJ8/DtOE=
+github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
-github.com/google/go-cmp v0.5.8 h1:e6P7q2lk1O+qJJb4BtCQXlK8vWEO8V1ZeuEdJNOqZyg=
+github.com/gorilla/mux v1.8.1 h1:TuBL49tXwgrFYWhqrNgrUNEY92u81SPhu7sTdzQEiWY=
-github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
+github.com/gorilla/mux v1.8.1/go.mod h1:AKf9I4AEqPTmMytcMc0KkNouC66V3BtZ4qD5fmWSiMQ=
-github.com/google/martian v2.1.0+incompatible/go.mod h1:9I4somxYTbIHy5NJKHRl3wXiIaQGbYVAs8BPL6v8lEs=
+github.com/gorilla/websocket v1.5.1 h1:gmztn0JnHVt9JZquRuzLw3g4wouNVzKL15iLr/zn/QY=
-github.com/google/martian/v3 v3.0.0/go.mod h1:y5Zk1BBys9G+gd6Jrk0W3cC1+ELVxBWuIGO+w/tUAp0=
+github.com/gorilla/websocket v1.5.1/go.mod h1:x3kM2JMyaluk02fnUJpQuwD2dCS5NDG2ZHL0uE0tcaY=
-github.com/google/martian/v3 v3.1.0/go.mod h1:y5Zk1BBys9G+gd6Jrk0W3cC1+ELVxBWuIGO+w/tUAp0=
+github.com/grpc-ecosystem/grpc-gateway/v2 v2.16.0 h1:YBftPWNWd4WwGqtY2yeZL2ef8rHAxPBD8KFhJpmcqms=
-github.com/google/pprof v0.0.0-20181206194817-3ea8567a2e57/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc=
+github.com/grpc-ecosystem/grpc-gateway/v2 v2.16.0/go.mod h1:YN5jB8ie0yfIUg6VvR9Kz84aCaG7AsGZnLjhHbUqwPg=
 github.com/google/pprof v0.0.0-20190515194954-54271f7e092f/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc=
 github.com/google/pprof v0.0.0-20191218002539-d4f498aebedc/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM=
 github.com/google/pprof v0.0.0-20200212024743-f11f1df84d12/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM=
 github.com/google/pprof v0.0.0-20200229191704-1ebb73c60ed3/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM=
 github.com/google/pprof v0.0.0-20200430221834-fc25d7d30c6d/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM=
 github.com/google/pprof v0.0.0-20200708004538-1a94d8640e99/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM=
 github.com/google/pprof v0.0.0-20201023163331-3e6fc7fc9c4c/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE=
 github.com/google/pprof v0.0.0-20201203190320-1bf35d6f28c2/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE=
 github.com/google/pprof v0.0.0-20201218002935-b9804c9f04c2/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE=
 github.com/google/renameio v0.1.0/go.mod h1:KWCgfxg9yswjAJkECMjeO8J8rahYeXnNhOm40UhjYkI=
 github.com/google/uuid v1.1.2/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
 github.com/googleapis/gax-go/v2 v2.0.4/go.mod h1:0Wqv26UfaUD9n4G6kQubkQ+KchISgw+vpHVxEJEs9eg=
 github.com/googleapis/gax-go/v2 v2.0.5/go.mod h1:DWXyrwAJ9X0FpwwEdw+IPEYBICEFu5mhpdKc/us6bOk=
 github.com/googleapis/google-cloud-go-testing v0.0.0-20200911160855-bcd43fbb19e8/go.mod h1:dvDLG8qkwmyD9a/MJJN3XJcT3xFxOKAvTZGvuZmac9g=
 github.com/gorilla/mux v1.8.0 h1:i40aqfkR1h2SlN9hojwV5ZA91wcXFOvkdNIeFDP5koI=
 github.com/gorilla/mux v1.8.0/go.mod h1:DVbg23sWSpFRCP0SfiEN6jmj59UnW/n46BH5rLB71So=
 github.com/gorilla/websocket v1.5.0 h1:PPwGk2jz7EePpoHN/+ClbZu8SPxiqlu12wZP/3sWmnc=
 github.com/gorilla/websocket v1.5.0/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE=
 github.com/grpc-ecosystem/grpc-gateway v1.16.0/go.mod h1:BDjrQk3hbvj6Nolgz8mAMFbcEtjT1g+wF4CSlocrBnw=
 github.com/grpc-ecosystem/grpc-gateway/v2 v2.7.0 h1:BZHcxBETFHIdVyhyEfOvn/RdU/QGdLI4y34qQGjGWO0=
 github.com/grpc-ecosystem/grpc-gateway/v2 v2.7.0/go.mod h1:hgWBS7lorOAVIJEQMi4ZsPv9hVvWI6+ch50m39Pf2Ks=
 github.com/hashicorp/golang-lru v0.5.0/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8=
 github.com/hashicorp/golang-lru v0.5.1/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8=
 github.com/hashicorp/hcl v1.0.0 h1:0Anlzjpi4vEasTeNFn2mLJgTSwt0+6sfsiTG8qcWGx4=
 github.com/hashicorp/hcl v1.0.0/go.mod h1:E5yfLk+7swimpb2L/Alb/PJmXilQ/rhwaUYs4T20WEQ=
-github.com/ianlancetaylor/demangle v0.0.0-20181102032728-5e5cf60278f6/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc=
+github.com/inconshreveable/mousetrap v1.1.0 h1:wN+x4NVGpMsO7ErUn/mUI3vEoE6Jt13X2s0bqwp9tc8=
-github.com/ianlancetaylor/demangle v0.0.0-20200824232613-28f6c0f3b639/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc=
+github.com/inconshreveable/mousetrap v1.1.0/go.mod h1:vpF70FUmC8bwa3OWnCshd2FqLfsEA9PFc4w1p2J65bw=
 github.com/inconshreveable/mousetrap v1.0.0 h1:Z8tu5sraLXCXIcARxBp/8cbvlwVa7Z1NHg9XEKhtSvM=
 github.com/inconshreveable/mousetrap v1.0.0/go.mod h1:PxqpIevigyE2G7u3NXJIT2ANytuPF1OarO4DADm73n8=
 github.com/josharian/intern v1.0.0 h1:vlS4z54oSdjm0bgjRigI+G1HpF+tI+9rE5LLzOg8HmY=
 github.com/josharian/intern v1.0.0/go.mod h1:5DoeVV0s6jJacbCEi61lwdGj/aVlrQvzHFFd8Hwg//Y=
 github.com/jpillora/backoff v1.0.0/go.mod h1:J/6gKK9jxlEcS3zixgDgUAsiuZ7yrSoa/FX5e0EB2j4=
 github.com/json-iterator/go v1.1.6/go.mod h1:+SdeFBvtyEkXs7REEP0seUULqWtbJapLOCVDaaPEHmU=
 github.com/json-iterator/go v1.1.10/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4=
 github.com/json-iterator/go v1.1.11/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4=
 github.com/json-iterator/go v1.1.12/go.mod h1:e30LSqwooZae/UwlEbR2852Gd8hjQvJoHmT4TnhNGBo=
 github.com/jstemmer/go-junit-report v0.0.0-20190106144839-af01ea7f8024/go.mod h1:6v2b51hI/fHJwM22ozAgKL4VKDeJcHhJFhtBdhmNjmU=
 github.com/jstemmer/go-junit-report v0.9.1/go.mod h1:Brl9GWCQeLvo8nXZwPNNblvFj/XSXhF0NWZEnDohbsk=
 github.com/julienschmidt/httprouter v1.2.0/go.mod h1:SYymIcj16QtmaHHD7aYtjjsJG7VTCxuUUipMqKk8s4w=
 github.com/julienschmidt/httprouter v1.3.0/go.mod h1:JR6WtHb+2LUe8TCKY3cZOxFyyO8IZAc4RVcycCCAKdM=
 github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck=
 github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
 github.com/konsorten/go-windows-terminal-sequences v1.0.3/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
 github.com/kr/fs v0.1.0/go.mod h1:FFnZGqtBN9Gxj7eW1uZ42v5BccTP0vu6NEaFoC2HwRg=
 github.com/kr/logfmt v0.0.0-20140226030751-b84e30acd515/go.mod h1:+0opPa2QZZtGFBFZlji/RkVcI2GknAs/DXo4wKdlNEc=
 github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo=
-github.com/kr/pretty v0.3.0 h1:WgNl7dwNpEZ6jJ9k1snq4pZsg7DOEN8hP9Xw0Tsjwk0=
+github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE=
 github.com/kr/pretty v0.3.1/go.mod h1:hoEshYVHaxMs3cyo3Yncou5ZscifuDolrwPKZanG3xk=
 github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=
 github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI=
 github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY=
 github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE=
-github.com/magiconair/properties v1.8.6 h1:5ibWZ6iY0NctNGWo87LalDlEZ6R41TqbbDamhfG/Qzo=
+github.com/magiconair/properties v1.8.7 h1:IeQXZAiQcpL9mgcAe1Nu6cX9LLw6ExEHKjN0VQdvPDY=
-github.com/magiconair/properties v1.8.6/go.mod h1:y3VJvCyxH9uVvJTWEGAELF3aiYNyPKd5NZ3oSwXrF60=
+github.com/magiconair/properties v1.8.7/go.mod h1:Dhd985XPs7jluiymwWYZ0G4Z61jb3vdS329zhj2hYo0=
 github.com/mailru/easyjson v0.0.0-20190614124828-94de47d64c63/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc=
 github.com/mailru/easyjson v0.0.0-20190626092158-b2ccc519800e/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc=
 github.com/mailru/easyjson v0.7.6 h1:8yTIVnZgCoiM1TgqoeTl+LfU5Jg6/xL3QhGQnimLYnA=
 github.com/mailru/easyjson v0.7.6/go.mod h1:xzfreul335JAWq5oZzymOObrkdz5UnU4kGfJJLY9Nlc=
-github.com/mattn/go-colorable v0.1.9/go.mod h1:u6P/XSegPjTcexA+o6vUJrdnUu04hMope9wVRipJSqc=
+github.com/mattn/go-colorable v0.1.13 h1:fFA4WZxdEF4tXPZVKMLwD8oUnCTTo08duU7wxecdEvA=
-github.com/mattn/go-colorable v0.1.12 h1:jF+Du6AlPIjs2BiUiQlKOX0rt3SujHxPnksPKZbaA40=
+github.com/mattn/go-colorable v0.1.13/go.mod h1:7S9/ev0klgBDR4GtXTXX8a3vIGJpMovkB8vQcUbaXHg=
-github.com/mattn/go-colorable v0.1.12/go.mod h1:u5H1YNBxpqRaxsYJYSkiCWKzEfiAb1Gb520KVy5xxl4=
+github.com/mattn/go-isatty v0.0.16/go.mod h1:kYGgaQfpe5nmfYZH+SKPsOc2e4SrIfOl2e/yFXSvRLM=
-github.com/mattn/go-isatty v0.0.12/go.mod h1:cbi8OIDigv2wuxKPP5vlRcQ1OAZbq2CE4Kysco4FUpU=
+github.com/mattn/go-isatty v0.0.20 h1:xfD0iDuEKnDkl03q4limB+vH+GxLEtL/jb4xVJSWWEY=
-github.com/mattn/go-isatty v0.0.14 h1:yVuAays6BHfxijgZPzw+3Zlu5yQgKGP2/hcQbHb7S9Y=
+github.com/mattn/go-isatty v0.0.20/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y=
-github.com/mattn/go-isatty v0.0.14/go.mod h1:7GGIvUiUoEMVVmxf/4nioHXj79iQHKdU27kJ6hsGG94=
+github.com/matttproud/golang_protobuf_extensions v1.0.4 h1:mmDVorXM7PCGKw94cs5zkfA9PSy5pEvNWRP0ET0TIVo=
-github.com/matttproud/golang_protobuf_extensions v1.0.1 h1:4hp9jkHxhMHkqkrB3Ix0jegS5sx/RkqARlsWZ6pIwiU=
+github.com/matttproud/golang_protobuf_extensions v1.0.4/go.mod h1:BSXmuO+STAnVfrANrmjBb36TMTDstsz7MSK+HVaYKv4=
 github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0=
 github.com/mitchellh/mapstructure v1.5.0 h1:jeMsZIYE/09sWLaz43PL7Gy6RuMjD2eJVyuac5Z2hdY=
 github.com/mitchellh/mapstructure v1.5.0/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo=
 github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
 github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
 github.com/modern-go/reflect2 v0.0.0-20180701023420-4b7aa43c6742/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0=
 github.com/modern-go/reflect2 v1.0.1/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0=
 github.com/modern-go/reflect2 v1.0.2/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjYzDa0/r8luk=
 github.com/mwitkow/go-conntrack v0.0.0-20161129095857-cc309e4a2223/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U=
 github.com/mwitkow/go-conntrack v0.0.0-20190716064945-2f068394615f/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U=
 github.com/niemeyer/pretty v0.0.0-20200227124842-a10e7caefd8e h1:fD57ERR4JtEqsWbfPhv4DMiApHyliiK5xCTNVSPiaAs=
 github.com/niemeyer/pretty v0.0.0-20200227124842-a10e7caefd8e/go.mod h1:zD1mROLANZcx1PVRCS0qkT7pwLkGfwJo4zjcN/Tysno=
-github.com/pelletier/go-toml v1.9.5 h1:4yBQzkHv+7BHq2PQUZF3Mx0IYxG7LsP222s7Agd3ve8=
+github.com/pelletier/go-toml/v2 v2.1.0 h1:FnwAJ4oYMvbT/34k9zzHuZNrhlz48GB3/s6at6/MHO4=
-github.com/pelletier/go-toml v1.9.5/go.mod h1:u1nR/EPcESfeI/szUZKdtJ0xRNbUoANCkoOuaOx1Y+c=
+github.com/pelletier/go-toml/v2 v2.1.0/go.mod h1:tJU2Z3ZkXwnxa4DPO899bsyIoywizdUvyaeZurnPPDc=
 github.com/pelletier/go-toml/v2 v2.0.1 h1:8e3L2cCQzLFi2CR4g7vGFuFxX7Jl1kKX8gW+iV0GUKU=
 github.com/pelletier/go-toml/v2 v2.0.1/go.mod h1:r9LEWfGN8R5k0VXJ+0BkIe7MYkRdwZOjgMj2KwnJFUo=
 github.com/pkg/errors v0.8.0/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
 github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
 github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4=
 github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
 github.com/pkg/sftp v1.13.1/go.mod h1:3HaPG6Dq1ILlpPZRO0HVMrsydcdLt6HRDccSgb87qRg=
 github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
 github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
-github.com/prometheus/client_golang v0.9.1/go.mod h1:7SWBe2y4D6OKWSNQJUaRYU/AaXPKyh/dDVn+NZz0KFw=
+github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 h1:Jamvg5psRIccs7FGNTlIRMkT8wgtp5eCXdBlqhYGL6U=
-github.com/prometheus/client_golang v1.0.0/go.mod h1:db9x61etRT2tGnBNRi70OPL5FsnadC4Ky3P0J6CfImo=
+github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
-github.com/prometheus/client_golang v1.7.1/go.mod h1:PY5Wy2awLA44sXw4AOSfFBetzPP4j5+D6mVACh+pe2M=
+github.com/prometheus/client_golang v1.17.0 h1:rl2sfwZMtSthVU752MqfjQozy7blglC+1SOtjMAMh+Q=
-github.com/prometheus/client_golang v1.11.0/go.mod h1:Z6t4BnS23TR94PD6BsDNk8yVqroYurpAkEiz0P2BEV0=
+github.com/prometheus/client_golang v1.17.0/go.mod h1:VeL+gMmOAxkS2IqfCq0ZmHSL+LjWfWDUmp1mBz9JgUY=
-github.com/prometheus/client_golang v1.12.2 h1:51L9cDoUHVrXx4zWYlcLQIZ+d+VXHgqnYKkIuq4g/34=
+github.com/prometheus/client_model v0.4.1-0.20230718164431-9a2bf3000d16 h1:v7DLqVdK4VrYkVD5diGdl4sxJurKJEMnODWRJlxV9oM=
-github.com/prometheus/client_golang v1.12.2/go.mod h1:3Z9XVyYiZYEO+YQWt3RD2R3jrbd179Rt297l4aS6nDY=
+github.com/prometheus/client_model v0.4.1-0.20230718164431-9a2bf3000d16/go.mod h1:oMQmHW1/JoDwqLtg57MGgP/Fb1CJEYF2imWWhWtMkYU=
-github.com/prometheus/client_model v0.0.0-20180712105110-5c3871d89910/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo=
+github.com/prometheus/common v0.44.0 h1:+5BrQJwiBB9xsMygAB3TNvpQKOwlkc25LbISbrdOOfY=
-github.com/prometheus/client_model v0.0.0-20190129233127-fd36f4220a90/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
+github.com/prometheus/common v0.44.0/go.mod h1:ofAIvZbQ1e/nugmZGz4/qCb9Ap1VoSTIO7x0VV9VvuY=
-github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
+github.com/prometheus/procfs v0.11.1 h1:xRC8Iq1yyca5ypa9n1EZnWZkt7dwcoRPQwX/5gwaUuI=
-github.com/prometheus/client_model v0.2.0 h1:uq5h0d+GuxiXLJLNABMgp2qUWDPiLvgCzz2dUR+/W/M=
+github.com/prometheus/procfs v0.11.1/go.mod h1:eesXgaPo1q7lBpVMoMy0ZOFTth9hBn4W/y0/p/ScXhY=
-github.com/prometheus/client_model v0.2.0/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
+github.com/rogpeppe/go-internal v1.10.0 h1:TMyTOH3F/DB16zRVcYyreMH6GnZZrwQVAoYjRBZyWFQ=
-github.com/prometheus/common v0.4.1/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4=
+github.com/rogpeppe/go-internal v1.10.0/go.mod h1:UQnix2H7Ngw/k4C5ijL5+65zddjncjaFoBhdsK/akog=
 github.com/prometheus/common v0.10.0/go.mod h1:Tlit/dnDKsSWFlCLTWaA1cyBgKHSMdTB80sz/V91rCo=
 github.com/prometheus/common v0.26.0/go.mod h1:M7rCNAaPfAosfx8veZJCuw84e35h3Cfd9VFqTh1DIvc=
 github.com/prometheus/common v0.32.1 h1:hWIdL3N2HoUx3B8j3YN9mWor0qhY/NlEKZEaXxuIRh4=
 github.com/prometheus/common v0.32.1/go.mod h1:vu+V0TpY+O6vW9J44gczi3Ap/oXXR10b+M/gUGO4Hls=
 github.com/prometheus/procfs v0.0.0-20181005140218-185b4288413d/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk=
 github.com/prometheus/procfs v0.0.2/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA=
 github.com/prometheus/procfs v0.1.3/go.mod h1:lV6e/gmhEcM9IjHGsFOCxxuZ+z1YqCvr4OA4YeYWdaU=
 github.com/prometheus/procfs v0.6.0/go.mod h1:cz+aTbrPOrUb4q7XlbU9ygM+/jj0fzG6c1xBZuNvfVA=
 github.com/prometheus/procfs v0.7.3 h1:4jVXhlkAyzOScmCkXBTOLRLTz8EeU+eyjrwB/EPq0VU=
 github.com/prometheus/procfs v0.7.3/go.mod h1:cz+aTbrPOrUb4q7XlbU9ygM+/jj0fzG6c1xBZuNvfVA=
 github.com/rogpeppe/fastuuid v1.2.0/go.mod h1:jVj6XXZzXRy/MSR5jhDC/2q6DgLz+nrA6LYCDYWNEvQ=
 github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4=
 github.com/rogpeppe/go-internal v1.6.1 h1:/FiVV8dS/e+YqF2JvO3yXRFbBLTIuSDkuC7aBOAvL+k=
 github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=
-github.com/sirupsen/logrus v1.2.0/go.mod h1:LxeOpSwHxABJmUn/MG1IvRgCAasNZTLOkJPxbbu5VWo=
+github.com/sagikazarmark/locafero v0.4.0 h1:HApY1R9zGo4DBgr7dqsTH/JJxLTTsOt7u6keLGt6kNQ=
-github.com/sirupsen/logrus v1.4.2/go.mod h1:tLMulIdttU9McNUspp0xgXVQah82FyeX6MwdIuYE2rE=
+github.com/sagikazarmark/locafero v0.4.0/go.mod h1:Pe1W6UlPYUk/+wc/6KFhbORCfqzgYEpgQ3O5fPuL3H4=
-github.com/sirupsen/logrus v1.6.0/go.mod h1:7uNnSEd1DgxDLC74fIahvMZmmYsHGZGEOFrfsX/uA88=
+github.com/sagikazarmark/slog-shim v0.1.0 h1:diDBnUNK9N/354PgrxMywXnAwEr1QZcOr6gto+ugjYE=
-github.com/spaolacci/murmur3 v0.0.0-20180118202830-f09979ecbc72/go.mod h1:JwIasOWyU6f++ZhiEuf87xNszmSA2myDM2Kzu9HwQUA=
+github.com/sagikazarmark/slog-shim v0.1.0/go.mod h1:SrcSrq8aKtyuqEI1uvTDTK1arOWRIczQRv+GVI1AkeQ=
-github.com/spf13/afero v1.8.2 h1:xehSyVa0YnHWsJ49JFljMpg1HX19V6NDZ1fkm1Xznbo=
+github.com/sourcegraph/conc v0.3.0 h1:OQTbbt6P72L20UqAkXXuLOj79LfEanQ+YQFNpLA9ySo=
-github.com/spf13/afero v1.8.2/go.mod h1:CtAatgMJh6bJEIs48Ay/FOnkljP3WeGUG0MC1RfAqwo=
+github.com/sourcegraph/conc v0.3.0/go.mod h1:Sdozi7LEKbFPqYX2/J+iBAM6HpqSLTASQIKqDmF7Mt0=
-github.com/spf13/cast v1.5.0 h1:rj3WzYc11XZaIZMPKmwP96zkFEnnAmV8s6XbB2aY32w=
+github.com/spf13/afero v1.11.0 h1:WJQKhtpdm3v2IzqG8VMqrr6Rf3UYpEF239Jy9wNepM8=
-github.com/spf13/cast v1.5.0/go.mod h1:SpXXQ5YoyJw6s3/6cMTQuxvgRl3PCJiyaX9p6b155UU=
+github.com/spf13/afero v1.11.0/go.mod h1:GH9Y3pIexgf1MTIWtNGyogA5MwRIDXGUr+hbWNoBjkY=
-github.com/spf13/cobra v1.4.0 h1:y+wJpx64xcgO1V+RcnwW0LEHxTKRi2ZDPSBjWnrg88Q=
+github.com/spf13/cast v1.6.0 h1:GEiTHELF+vaR5dhz3VqZfFSzZjYbgeKDpBxQVS4GYJ0=
-github.com/spf13/cobra v1.4.0/go.mod h1:Wo4iy3BUC+X2Fybo0PDqwJIv3dNRiZLHQymsfxlB84g=
+github.com/spf13/cast v1.6.0/go.mod h1:ancEpBxwJDODSW/UG4rDrAqiKolqNNh2DX3mk86cAdo=
-github.com/spf13/jwalterweatherman v1.1.0 h1:ue6voC5bR5F8YxI5S67j9i582FU4Qvo2bmqnqMYADFk=
+github.com/spf13/cobra v1.8.0 h1:7aJaZx1B85qltLMc546zn58BxxfZdR/W22ej9CFoEf0=
-github.com/spf13/jwalterweatherman v1.1.0/go.mod h1:aNWZUN0dPAAO/Ljvb5BEdw96iTZ0EXowPYD95IqWIGo=
+github.com/spf13/cobra v1.8.0/go.mod h1:WXLWApfZ71AjXPya3WOlMsY9yMs7YeiHhFVlvLyhcho=
 github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA=
 github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg=
-github.com/spf13/viper v1.12.0 h1:CZ7eSOd3kZoaYDLbXnmzgQI5RlciuXBMA+18HwHRfZQ=
+github.com/spf13/viper v1.18.1 h1:rmuU42rScKWlhhJDyXZRKJQHXFX02chSVW1IvkPGiVM=
-github.com/spf13/viper v1.12.0/go.mod h1:b6COn30jlNxbm/V2IqWiNWkJ+vZNiMNksliPCiuKtSI=
+github.com/spf13/viper v1.18.1/go.mod h1:EKmWIqdnk5lOcmR72yw6hS+8OPYcwD0jteitLMVB+yk=
 github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
-github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
+github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw=
-github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs=
+github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo=
 github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
 github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4=
 github.com/stretchr/testify v1.5.1/go.mod h1:5W2xD1RspED5o8YsWQXVCued0rvSQ+mT+I5cxcmMvtA=
 github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
 github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
 github.com/stretchr/testify v1.7.1 h1:5TQK59W5E3v0r2duFAb7P95B6hEeOyEnHRa8MjYSMTY=
 github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
-github.com/subosito/gotenv v1.3.0 h1:mjC+YW8QpAdXibNi+vNWgzmgBH4+5l5dCXv8cNysBLI=
+github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU=
-github.com/subosito/gotenv v1.3.0/go.mod h1:YzJjq/33h7nrwdY+iHMhEOEEbW0ovIz0tB6t6PwAXzs=
+github.com/stretchr/testify v1.8.4 h1:CcVxjf3Q8PM0mHUKJCdn+eZZtm5yQwehR5yeSVQQcUk=
-github.com/swaggo/files v0.0.0-20210815190702-a29dd2bc99b2 h1:+iNTcqQJy0OZ5jk6a5NLib47eqXK8uYcPX+O4+cBpEM=
+github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo=
-github.com/swaggo/files v0.0.0-20210815190702-a29dd2bc99b2/go.mod h1:lKJPbtWzJ9JhsTN1k1gZgleJWY/cqq0psdoMmaThG3w=
+github.com/subosito/gotenv v1.6.0 h1:9NlTDc1FTs4qu0DDq7AEtTPNw6SVm7uBMsUCUjABIf8=
-github.com/swaggo/http-swagger v1.2.8 h1:TVjxLU7qoqofJ9qynJazmpTGs/p4Kx9FTp7YYwOkJb0=
+github.com/subosito/gotenv v1.6.0/go.mod h1:Dk4QP5c2W3ibzajGcXpNraDfq2IrhjMIvMSWPKKo0FU=
-github.com/swaggo/http-swagger v1.2.8/go.mod h1:FrQwV7rx+A5t11PIX8d+tFJa2GKx11RdAXQptllPQHg=
+github.com/swaggo/files v0.0.0-20220610200504-28940afbdbfe h1:K8pHPVoTgxFJt1lXuIzzOX7zZhZFldJQK/CgKx9BFIc=
-github.com/swaggo/swag v1.8.2 h1:D4aBiVS2a65zhyk3WFqOUz7Rz0sOaUcgeErcid5uGL4=
+github.com/swaggo/files v0.0.0-20220610200504-28940afbdbfe/go.mod h1:lKJPbtWzJ9JhsTN1k1gZgleJWY/cqq0psdoMmaThG3w=
-github.com/swaggo/swag v1.8.2/go.mod h1:jMLeXOOmYyjk8PvHTsXBdrubsNd9gUJTTCzL5iBnseg=
+github.com/swaggo/http-swagger v1.3.4 h1:q7t/XLx0n15H1Q9/tk3Y9L4n210XzJF5WtnDX64a5ww=
-github.com/yuin/goldmark v1.1.25/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
+github.com/swaggo/http-swagger v1.3.4/go.mod h1:9dAh0unqMBAlbp1uE2Uc2mQTxNMU/ha4UbucIg1MFkQ=
-github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
+github.com/swaggo/swag v1.16.2 h1:28Pp+8DkQoV+HLzLx8RGJZXNGKbFqnuvSbAAtoxiY04=
-github.com/yuin/goldmark v1.1.32/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
+github.com/swaggo/swag v1.16.2/go.mod h1:6YzXnDcpr0767iOejs318CwYkCQqyGer6BizOg03f+E=
-github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
+github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY=
-github.com/yuin/goldmark v1.3.5/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k=
+go.opentelemetry.io/contrib/instrumentation/github.com/gorilla/mux/otelmux v0.46.1 h1:Ifzy1lucGMQJh6wPRxusde8bWaDhYjSNOqDyn6Hb4TM=
-go.opencensus.io v0.21.0/go.mod h1:mSImk1erAIZhrmZN+AvHh14ztQfjbGwt4TtuofqLduU=
+go.opentelemetry.io/contrib/instrumentation/github.com/gorilla/mux/otelmux v0.46.1/go.mod h1:YfFNem80G9UZ/mL5zd5GGXZSy95eXK+RhzIWBkLjLSc=
-go.opencensus.io v0.22.0/go.mod h1:+kGneAE2xo2IficOXnaByMWTGM9T73dGwxeWcUqIpI8=
+go.opentelemetry.io/contrib/instrumentation/net/http/httptrace/otelhttptrace v0.46.1 h1:gbhw/u49SS3gkPWiYweQNJGm/uJN5GkI/FrosxSHT7A=
-go.opencensus.io v0.22.2/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw=
+go.opentelemetry.io/contrib/instrumentation/net/http/httptrace/otelhttptrace v0.46.1/go.mod h1:GnOaBaFQ2we3b9AGWJpsBa7v1S5RlQzlC3O7dRMxZhM=
-go.opencensus.io v0.22.3/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw=
+go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.46.1 h1:aFJWCqJMNjENlcleuuOkGAPH82y0yULBScfXcIEdS24=
-go.opencensus.io v0.22.4/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw=
+go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.46.1/go.mod h1:sEGXWArGqc3tVa+ekntsN65DmVbVeW+7lTKTjZF3/Fo=
-go.opencensus.io v0.22.5/go.mod h1:5pWMHQbX5EPX2/62yrJeAkowc+lfs/XD7Uxpq3pI6kk=
+go.opentelemetry.io/contrib/propagators/aws v1.21.1 h1:uQIQIDWb0gzyvon2ICnghpLAf9w7ADOCUiIiwCQgR2o=
-go.opentelemetry.io/contrib/instrumentation/github.com/gorilla/mux/otelmux v0.32.0 h1:xRGljfNWjmGcfdnnGFLNdcoJ+7z0vTij7wCp7CBcdnE=
+go.opentelemetry.io/contrib/propagators/aws v1.21.1/go.mod h1:kCcto3ACQxm+VrkQX/NK/TkDmAd99MQhvffzyTKhzL4=
-go.opentelemetry.io/contrib/instrumentation/github.com/gorilla/mux/otelmux v0.32.0/go.mod h1:bocgccAIT/xbRn5l+86i+om91IMTTjBBzA1+vRXW3DY=
+go.opentelemetry.io/contrib/propagators/b3 v1.21.1 h1:WPYiUgmw3+b7b3sQ1bFBFAf0q+Di9dvNc3AtYfnT4RQ=
-go.opentelemetry.io/contrib/instrumentation/net/http/httptrace/otelhttptrace v0.32.0 h1:b4wYdYXQVQsRbA/ch5rrLK5WxlxKr1kZimHwUgKVb4s=
+go.opentelemetry.io/contrib/propagators/b3 v1.21.1/go.mod h1:EmzokPoSqsYMBVK4nRnhsfm5mbn8J1eDuz/U1UaQaWg=
-go.opentelemetry.io/contrib/instrumentation/net/http/httptrace/otelhttptrace v0.32.0/go.mod h1:97B1n1oku3Ki3C5QcyYFRgm4xN4le52NNcB3d8ILHLw=
+go.opentelemetry.io/contrib/propagators/jaeger v1.21.1 h1:f4beMGDKiVzg9IcX7/VuWVy+oGdjx3dNJ72YehmtY5k=
-go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.32.0 h1:mac9BKRqwaX6zxHPDe3pvmWpwuuIM0vuXv2juCnQevE=
+go.opentelemetry.io/contrib/propagators/jaeger v1.21.1/go.mod h1:U9jhkEl8d1LL+QXY7q3kneJWJugiN3kZJV2OWz3hkBY=
-go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.32.0/go.mod h1:5eCOqeGphOyz6TsY3ZDNjE33SM/TFAK3RGuCL2naTgY=
+go.opentelemetry.io/contrib/propagators/ot v1.21.1 h1:3TN5vkXjKYWp0YdMcnUEC/A+pBPvqz9V3nCS2xmcurk=
-go.opentelemetry.io/contrib/propagators/aws v1.7.0 h1:hzLtX+K4YhsrBabA35uBYxCENb5rS/9Z9X8MToTlA3k=
+go.opentelemetry.io/contrib/propagators/ot v1.21.1/go.mod h1:oy0MYCbS/b3cqUDW37wBWtlwBIsutngS++Lklpgh+fc=
-go.opentelemetry.io/contrib/propagators/aws v1.7.0/go.mod h1:h/ql5T6e1XLRFplWNNdzLHp8eb0dkBu+xYOCYxerh0Q=
+go.opentelemetry.io/otel v1.21.0 h1:hzLeKBZEL7Okw2mGzZ0cc4k/A7Fta0uoPgaJCr8fsFc=
-go.opentelemetry.io/contrib/propagators/b3 v1.7.0 h1:oRAenUhj+GFttfIp3gj7HYVzBhPOHgq/dWPDSmLCXSY=
+go.opentelemetry.io/otel v1.21.0/go.mod h1:QZzNPQPm1zLX4gZK4cMi+71eaorMSGT3A4znnUvNNEo=
-go.opentelemetry.io/contrib/propagators/b3 v1.7.0/go.mod h1:gXx7AhL4xXCF42gpm9dQvdohoDa2qeyEx4eIIxqK+h4=
+go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.21.0 h1:cl5P5/GIfFh4t6xyruOgJP5QiA1pw4fYYdv6nc6CBWw=
-go.opentelemetry.io/contrib/propagators/jaeger v1.7.0 h1:x2mXKtONfOJFfNFSx4QXFx1fms6bKIPVvWvgdiaPdRI=
+go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.21.0/go.mod h1:zgBdWWAu7oEEMC06MMKc5NLbA/1YDXV1sMpSqEeLQLg=
-go.opentelemetry.io/contrib/propagators/jaeger v1.7.0/go.mod h1:kt2lNImfxV6dETRsDCENd6jU6G0mPRS+P0qlNuvtkTE=
+go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.21.0 h1:tIqheXEFWAZ7O8A7m+J0aPTmpJN3YQ7qetUAdkkkKpk=
-go.opentelemetry.io/contrib/propagators/ot v1.7.0 h1:KPPToDRxyY/HI3qD4RqwWRbaQ65RIpF8uKWDqWkFHDA=
+go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.21.0/go.mod h1:nUeKExfxAQVbiVFn32YXpXZZHZ61Cc3s3Rn1pDBGAb0=
-go.opentelemetry.io/contrib/propagators/ot v1.7.0/go.mod h1:5qxBZR730yb71uXc3bazxt2Si8o8LQK3iJTnSLca/BU=
+go.opentelemetry.io/otel/metric v1.21.0 h1:tlYWfeo+Bocx5kLEloTjbcDwBuELRrIFxwdQ36PlJu4=
-go.opentelemetry.io/otel v1.7.0 h1:Z2lA3Tdch0iDcrhJXDIlC94XE+bxok1F9B+4Lz/lGsM=
+go.opentelemetry.io/otel/metric v1.21.0/go.mod h1:o1p3CA8nNHW8j5yuQLdc1eeqEaPfzug24uvsyIEJRWM=
-go.opentelemetry.io/otel v1.7.0/go.mod h1:5BdUoMIz5WEs0vt0CUEMtSSaTSHBBVwrhnz7+nrD5xk=
+go.opentelemetry.io/otel/sdk v1.21.0 h1:FTt8qirL1EysG6sTQRZ5TokkU8d0ugCj8htOgThZXQ8=
-go.opentelemetry.io/otel/exporters/otlp/internal/retry v1.7.0 h1:7Yxsak1q4XrJ5y7XBnNwqWx9amMZvoidCctv62XOQ6Y=
+go.opentelemetry.io/otel/sdk v1.21.0/go.mod h1:Nna6Yv7PWTdgJHVRD9hIYywQBRx7pbox6nwBnZIxl/E=
-go.opentelemetry.io/otel/exporters/otlp/internal/retry v1.7.0/go.mod h1:M1hVZHNxcbkAlcvrOMlpQ4YOO3Awf+4N2dxkZL3xm04=
+go.opentelemetry.io/otel/trace v1.21.0 h1:WD9i5gzvoUPuXIXH24ZNBudiarZDKuekPqi/E8fpfLc=
-go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.7.0 h1:cMDtmgJ5FpRvqx9x2Aq+Mm0O6K/zcUkH73SFz20TuBw=
+go.opentelemetry.io/otel/trace v1.21.0/go.mod h1:LGbsEB0f9LGjN+OZaQQ26sohbOmiMR+BaslueVtS/qQ=
-go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.7.0/go.mod h1:ceUgdyfNv4h4gLxHR0WNfDiiVmZFodZhZSbOLhpxqXE=
+go.opentelemetry.io/proto/otlp v1.0.0 h1:T0TX0tmXU8a3CbNXzEKGeU5mIVOdf0oykP+u2lIVU/I=
-go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.7.0 h1:MFAyzUPrTwLOwCi+cltN0ZVyy4phU41lwH+lyMyQTS4=
+go.opentelemetry.io/proto/otlp v1.0.0/go.mod h1:Sy6pihPLfYHkr3NkUbEhGHFhINUSI/v80hjKIs5JXpM=
-go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.7.0/go.mod h1:E+/KKhwOSw8yoPxSSuUHG6vKppkvhN+S1Jc7Nib3k3o=
+go.uber.org/goleak v1.3.0 h1:2K3zAYmnTNqV73imy9J1T3WC+gmCePx2hEGkimedGto=
-go.opentelemetry.io/otel/metric v0.30.0 h1:Hs8eQZ8aQgs0U49diZoaS6Uaxw3+bBE3lcMUKBFIk3c=
+go.uber.org/goleak v1.3.0/go.mod h1:CoHD4mav9JJNrW/WLlf7HGZPjdw8EucARQHekz1X6bE=
-go.opentelemetry.io/otel/metric v0.30.0/go.mod h1:/ShZ7+TS4dHzDFmfi1kSXMhMVubNoP0oIaBp70J6UXU=
+go.uber.org/multierr v1.11.0 h1:blXXJkSxSSfBVBlC76pxqeO+LN3aDfLQo+309xJstO0=
-go.opentelemetry.io/otel/sdk v1.7.0 h1:4OmStpcKVOfvDOgCt7UriAPtKolwIhxpnSNI/yK+1B0=
+go.uber.org/multierr v1.11.0/go.mod h1:20+QtiLqy0Nd6FdQB9TLXag12DsQkrbs3htMFfDN80Y=
-go.opentelemetry.io/otel/sdk v1.7.0/go.mod h1:uTEOTwaqIVuTGiJN7ii13Ibp75wJmYUDe374q6cZwUU=
+go.uber.org/zap v1.26.0 h1:sI7k6L95XOKS281NhVKOFCUNIvv9e0w4BF8N3u+tCRo=
-go.opentelemetry.io/otel/trace v1.7.0 h1:O37Iogk1lEkMRXewVtZ1BBTVn5JEp8GrJvP92bJqC6o=
+go.uber.org/zap v1.26.0/go.mod h1:dtElttAiwGvoJ/vj4IwHBS/gXsEu/pZ50mUIRWuG0so=
 go.opentelemetry.io/otel/trace v1.7.0/go.mod h1:fzLSB9nqR2eXzxPXb2JW9IKE+ScyXA48yyE4TNvoHqU=
 go.opentelemetry.io/proto/otlp v0.7.0/go.mod h1:PqfVotwruBrMGOCsRd/89rSnXhoiJIqeYNgFYFoEGnI=
 go.opentelemetry.io/proto/otlp v0.16.0 h1:WHzDWdXUvbc5bG2ObdrGfaNpQz7ft7QN9HHmJlbiB1E=
 go.opentelemetry.io/proto/otlp v0.16.0/go.mod h1:H7XAot3MsfNsj7EXtrA2q5xSNQ10UqI405h3+duxN4U=
 go.uber.org/atomic v1.7.0 h1:ADUqmZGgLDDfbSL9ZmPxKTybcoEYHgpYfELNoN+7hsw=
 go.uber.org/atomic v1.7.0/go.mod h1:fEN4uk6kAWBTFdckzkM89CLk9XfWZrxpCo0nPH17wJc=
 go.uber.org/goleak v1.1.11/go.mod h1:cwTWslyiVhfpKIDGSZEM2HlOvcqm+tG4zioyIeLoqMQ=
 go.uber.org/goleak v1.1.12 h1:gZAh5/EyT/HQwlpkCy6wTpqfH9H8Lz8zbm3dZh+OyzA=
 go.uber.org/goleak v1.1.12/go.mod h1:cwTWslyiVhfpKIDGSZEM2HlOvcqm+tG4zioyIeLoqMQ=
 go.uber.org/multierr v1.6.0/go.mod h1:cdWPpRnG4AhwMwsgIHip0KRBQjJy5kYEpYjJxpXp9iU=
 go.uber.org/multierr v1.8.0 h1:dg6GjLku4EH+249NNmoIciG9N/jURbDG+pFlTkhzIC8=
 go.uber.org/multierr v1.8.0/go.mod h1:7EAYxJLBy9rStEaz58O2t4Uvip6FSURkq8/ppBp95ak=
 go.uber.org/zap v1.21.0 h1:WefMeulhovoZ2sYXz7st6K0sLj7bBhpiFaud4r4zST8=
 go.uber.org/zap v1.21.0/go.mod h1:wjWOCqI0f2ZZrJF/UufIOkiC8ii6tm1iqIsLo76RfJw=
 golang.org/x/crypto v0.0.0-20180904163835-0709b304e793/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
 golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
-golang.org/x/crypto v0.0.0-20190510104115-cbcb75029529/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
+golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
-golang.org/x/crypto v0.0.0-20190605123033-f99c8df09eb5/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
+golang.org/x/exp v0.0.0-20230905200255-921286631fa9 h1:GoHiUyI/Tp2nVkLI2mCxVkOjsbSXD66ic0XW0js0R9g=
-golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
+golang.org/x/exp v0.0.0-20230905200255-921286631fa9/go.mod h1:S2oDrQGGwySpoQPVqRShND87VCbxmc6bL1Yd2oYrm6k=
-golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
+golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4=
-golang.org/x/crypto v0.0.0-20210421170649-83a5a9bb288b/go.mod h1:T9bdIzuCu7OtxOm1hfPfRQxPLYneinmdGuTeoZ9dtd4=
+golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs=
-golang.org/x/crypto v0.0.0-20211108221036-ceb1ce70b4fa/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
+golang.org/x/mod v0.12.0 h1:rmsUpXtvNzj340zd98LZ4KntptpfRHwpFOHG188oHXc=
-golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
+golang.org/x/mod v0.12.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs=
 golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8=
 golang.org/x/exp v0.0.0-20190829153037-c13cbed26979/go.mod h1:86+5VVa7VpoJ4kLfm080zCjGlMRFzhUhsZKEZO7MGek=
 golang.org/x/exp v0.0.0-20191030013958-a1ab85dbe136/go.mod h1:JXzH8nQsPlswgeRAPE3MuO9GYsAcnJvJ4vnMwN/5qkY=
 golang.org/x/exp v0.0.0-20191129062945-2f5052295587/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4=
 golang.org/x/exp v0.0.0-20191227195350-da58074b4299/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4=
 golang.org/x/exp v0.0.0-20200119233911-0405dc783f0a/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4=
 golang.org/x/exp v0.0.0-20200207192155-f17229e696bd/go.mod h1:J/WKrq2StrnmMY6+EHIKF9dgMWnmCNThgcyBT1FY9mM=
 golang.org/x/exp v0.0.0-20200224162631-6cc2880d07d6/go.mod h1:3jZMyOhIsHpP37uCMkUooju7aAi5cS1Q23tOzKc+0MU=
 golang.org/x/image v0.0.0-20190227222117-0694c2d4d067/go.mod h1:kZ7UVZpmo3dzQBMxlp+ypCbDeSB+sBbTgSJuh5dn5js=
 golang.org/x/image v0.0.0-20190802002840-cff245a6509b/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0=
 golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE=
 golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU=
 golang.org/x/lint v0.0.0-20190301231843-5614ed5bae6f/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE=
 golang.org/x/lint v0.0.0-20190313153728-d0100b6bd8b3/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc=
 golang.org/x/lint v0.0.0-20190409202823-959b441ac422/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc=
 golang.org/x/lint v0.0.0-20190909230951-414d861bb4ac/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc=
 golang.org/x/lint v0.0.0-20190930215403-16217165b5de/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc=
 golang.org/x/lint v0.0.0-20191125180803-fdd1cda4f05f/go.mod h1:5qLYkcX4OjUUV8bRuDixDT3tpyyb+LUpUlRWLxfhWrs=
 golang.org/x/lint v0.0.0-20200130185559-910be7a94367/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY=
 golang.org/x/lint v0.0.0-20200302205851-738671d3881b/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY=
 golang.org/x/lint v0.0.0-20201208152925-83fdc39ff7b5/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY=
 golang.org/x/mobile v0.0.0-20190312151609-d3739f865fa6/go.mod h1:z+o9i4GpDbdi3rU15maQ/Ox0txvL9dWGYEHz965HBQE=
 golang.org/x/mobile v0.0.0-20190719004257-d2bd2a29d028/go.mod h1:E/iHnbuqvinMTCcRqshq8CkpyQDoeVncDDYHnLhea+o=
 golang.org/x/mod v0.0.0-20190513183733-4bf6d317e70e/go.mod h1:mXi4GBBbnImb6dmsKGUJ2LatrhH/nqhxcFungHvyanc=
 golang.org/x/mod v0.1.0/go.mod h1:0QHyrYULN0/3qlju5TqG8bIK38QM8yzMo5ekMj3DlcY=
 golang.org/x/mod v0.1.1-0.20191105210325-c90efee705ee/go.mod h1:QqPTAvyqsEbceGzBzNggFXnrqF1CaUcvgkdR5Ot7KZg=
 golang.org/x/mod v0.1.1-0.20191107180719-034126e5016b/go.mod h1:QqPTAvyqsEbceGzBzNggFXnrqF1CaUcvgkdR5Ot7KZg=
 golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
 golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
 golang.org/x/mod v0.4.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
 golang.org/x/mod v0.4.1/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
 golang.org/x/mod v0.4.2/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
 golang.org/x/mod v0.6.0-dev.0.20220106191415-9b9b3d81d5e3 h1:kQgndtyPBW/JIYERgdxfwMYh3AVStj88WQTlNDi2a+o=
 golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20181114220301-adae6a3d119a/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20190108225652-1e06a53dbb7e/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20190213061140-3a22650c66bd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
 golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
 golang.org/x/net v0.0.0-20190501004415-9ce7a6920f09/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
 golang.org/x/net v0.0.0-20190503192946-f4e77d36d62c/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
 golang.org/x/net v0.0.0-20190603091049-60506f45cf65/go.mod h1:HSz+uSET+XFnRR8LxR5pz3Of3rY3CfYBVs4xY44aLks=
 golang.org/x/net v0.0.0-20190613194153-d28f0bde5980/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20190628185345-da137c7871d7/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20190724013045-ca1201d0de80/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20191209160850-c0dbc17a3553/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20200114155413-6afb5195e5aa/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20200202094626-16171245cfb2/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20200222125558-5a598a2470a0/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20200301022130-244492dfa37a/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20200324143707-d3edc9973b7e/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A=
 golang.org/x/net v0.0.0-20200501053045-e0ff5e5a1de5/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A=
 golang.org/x/net v0.0.0-20200506145744-7e3656a0809f/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A=
 golang.org/x/net v0.0.0-20200513185701-a91f0712d120/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A=
 golang.org/x/net v0.0.0-20200520182314-0ba52f642ac2/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A=
 golang.org/x/net v0.0.0-20200625001655-4c5254603344/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA=
 golang.org/x/net v0.0.0-20200707034311-ab3426394381/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA=
 golang.org/x/net v0.0.0-20200822124328-c89045814202/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA=
 golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
 golang.org/x/net v0.0.0-20201031054903-ff519b6c9102/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
 golang.org/x/net v0.0.0-20201209123823-ac852fbbde11/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
 golang.org/x/net v0.0.0-20201224014010-6772e930b67b/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
 golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
 golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4/go.mod h1:p54w0d4576C0XHj96bSt6lcn1PtDYWL6XObtHCRCNQM=
 golang.org/x/net v0.0.0-20210421230115-4e50805a0758/go.mod h1:72T/g9IO56b78aLF+1Kcs5dz7/ng1VjMUvfKvpfy+jM=
 golang.org/x/net v0.0.0-20210525063256-abc453219eb5/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
 golang.org/x/net v0.0.0-20210805182204-aaa1db679c0d/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
-golang.org/x/net v0.0.0-20220526153639-5463443f8c37 h1:lUkvobShwKsOesNfWWlCS5q7fnbG1MEliIzwu886fn8=
+golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c=
-golang.org/x/net v0.0.0-20220526153639-5463443f8c37/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c=
+golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs=
-golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
+golang.org/x/net v0.19.0 h1:zTwKpTd2XuCqf8huc7Fo2iSy+4RHPd10s4KzeTnVr1c=
-golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
+golang.org/x/net v0.19.0/go.mod h1:CfAk/cbD4CthTvqiEl8NpboMuiuOYsAr/7NOjZJtv1U=
 golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
 golang.org/x/oauth2 v0.0.0-20191202225959-858c2ad4c8b6/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
 golang.org/x/oauth2 v0.0.0-20200107190931-bf48bf16ab8d/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
 golang.org/x/oauth2 v0.0.0-20200902213428-5d25da1a8d43/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
 golang.org/x/oauth2 v0.0.0-20201109201403-9fd604954f58/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
 golang.org/x/oauth2 v0.0.0-20201208152858-08078c50e5b5/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
 golang.org/x/oauth2 v0.0.0-20210218202405-ba52d332ba99/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
 golang.org/x/oauth2 v0.0.0-20210514164344-f6687ab2804c/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
 golang.org/x/oauth2 v0.0.0-20211104180415-d3ed0bb246c8/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
 golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20190227155943-e225da77a7e6/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.0.0-20200317015054-43a5402ce75a/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20200625203802-6e8e738ad208/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20201207232520-09787c993a3a/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20181116152217-5ac8a444bdc5/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20190312061237-fead79001313/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20190422165155-953cdadca894/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20190502145724-3ef323f4f1fd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20190507160741-ecd444e8653b/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20190606165138-5da285871e9c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20190624142023-c5567b49c5d0/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20190726091711-fc99dfbffb4e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20191001151750-bb3f8db39f24/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20191204072324-ce4227a45e2e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20191228213918-04cbcbbfeed8/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200106162015-b016eb3dc98e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200113162924-86b910548bc1/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200116001909-b77594299b42/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200122134326-e047566fdf82/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200202164722-d101bd2416d5/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200212091648-12a6c2dcc1e4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200223170610-d5e6a3e2c0ae/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200302150141-5c8b2ff67527/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200323222414-85ca7c5b95cd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200331124033-c3d80250170d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200501052902-10377860bb8e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200511232937-7e40ca221e25/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200515095857-1151b9dac4a9/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200523222454-059865788121/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200615200032-f1bc736245b1/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200625212154-ddb9806d33ae/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200803210538-64077c9b5642/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200905004654-be1d3432aa8f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20201201145000-ef89a241ccb3/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210104204734-6f8348627aad/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210119212857-b64e53b001e4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210124154548-22da62e12c0c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210225134936-a50acf3fe073/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210330210617-4fbd30eecc44/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210420072515-93ed5bcd2bfe/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210423185535-09eb48e85fd7/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210510120138-977fb7262007/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20210603081109-ebe580a85c40/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20210630005230-0f9fa26af87c/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20210927094055-39ccf1dd6fa6/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220114195835-da31bd327af9/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220310020820-b874c991c1a5/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220412211240-33da011f77ad/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a h1:dGzPydgVsqGcTRVwiLJ1jVbufYwmzD3LfVPLKsKg+0k=
 golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.15.0 h1:h48lPFYpsTvQJZF4EKyI4aLHaev3CxivZmv7yZig9pc=
 golang.org/x/sys v0.15.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
-golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
+golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
-golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
+golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k=
-golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
+golang.org/x/text v0.14.0 h1:ScX5w1eTa3QqT8oi6+ziP7dTV1S2+ALU0bI+0zXKWiQ=
-golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk=
+golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU=
 golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.3.4/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.3.5/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.3.7 h1:olpwvP2KacW1ZWvsR7uQhoyTYvKAupfQrRGBFM352Gk=
 golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ=
 golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
 golang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
 golang.org/x/tools v0.0.0-20190226205152-f727befe758c/go.mod h1:9Yl7xja0Znq3iFh3HoIrodX9oNMXvdceNzlUR8zjMvY=
 golang.org/x/tools v0.0.0-20190311212946-11955173bddd/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
 golang.org/x/tools v0.0.0-20190312151545-0bb0c0a6e846/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
 golang.org/x/tools v0.0.0-20190312170243-e65039ee4138/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
 golang.org/x/tools v0.0.0-20190425150028-36563e24a262/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q=
 golang.org/x/tools v0.0.0-20190506145303-2d16b83fe98c/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q=
 golang.org/x/tools v0.0.0-20190524140312-2c0ae7006135/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q=
 golang.org/x/tools v0.0.0-20190606124116-d0a3d012864b/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc=
 golang.org/x/tools v0.0.0-20190621195816-6e04913cbbac/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc=
 golang.org/x/tools v0.0.0-20190628153133-6cdbf07be9d0/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc=
 golang.org/x/tools v0.0.0-20190816200558-6889da9d5479/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
 golang.org/x/tools v0.0.0-20190911174233-4f2ddba30aff/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
 golang.org/x/tools v0.0.0-20191012152004-8de300cfc20a/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
 golang.org/x/tools v0.0.0-20191113191852-77e3bb0ad9e7/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
 golang.org/x/tools v0.0.0-20191115202509-3a792d9c32b2/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
 golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
-golang.org/x/tools v0.0.0-20191125144606-a911d9008d1f/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
+golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc=
-golang.org/x/tools v0.0.0-20191130070609-6e064ea0cf2d/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
+golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU=
-golang.org/x/tools v0.0.0-20191216173652-a0e659d51361/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
+golang.org/x/tools v0.13.0 h1:Iey4qkscZuv0VvIt8E0neZjtPVQFSc870HQ448QgEmQ=
-golang.org/x/tools v0.0.0-20191227053925-7b8e75db28f4/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
+golang.org/x/tools v0.13.0/go.mod h1:HvlwmtVNQAhOuCjW7xxvovg8wbNq7LwfXh/k7wXUl58=
 golang.org/x/tools v0.0.0-20200117161641-43d50277825c/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
 golang.org/x/tools v0.0.0-20200122220014-bf1340f18c4a/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
 golang.org/x/tools v0.0.0-20200130002326-2f3ba24bd6e7/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
 golang.org/x/tools v0.0.0-20200204074204-1cc6d1ef6c74/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
 golang.org/x/tools v0.0.0-20200207183749-b753a1ba74fa/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
 golang.org/x/tools v0.0.0-20200212150539-ea181f53ac56/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
 golang.org/x/tools v0.0.0-20200224181240-023911ca70b2/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
 golang.org/x/tools v0.0.0-20200227222343-706bc42d1f0d/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
 golang.org/x/tools v0.0.0-20200304193943-95d2e580d8eb/go.mod h1:o4KQGtdN14AW+yjsvvwRTJJuXz8XRtIHtEnmAXLyFUw=
 golang.org/x/tools v0.0.0-20200312045724-11d5b4c81c7d/go.mod h1:o4KQGtdN14AW+yjsvvwRTJJuXz8XRtIHtEnmAXLyFUw=
 golang.org/x/tools v0.0.0-20200331025713-a30bf2db82d4/go.mod h1:Sl4aGygMT6LrqrWclx+PTx3U+LnKx/seiNR+3G19Ar8=
 golang.org/x/tools v0.0.0-20200501065659-ab2804fb9c9d/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
 golang.org/x/tools v0.0.0-20200512131952-2bc93b1c0c88/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
 golang.org/x/tools v0.0.0-20200515010526-7d3b6ebf133d/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
 golang.org/x/tools v0.0.0-20200618134242-20370b0cb4b2/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
 golang.org/x/tools v0.0.0-20200729194436-6467de6f59a7/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA=
 golang.org/x/tools v0.0.0-20200804011535-6c149bb5ef0d/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA=
 golang.org/x/tools v0.0.0-20200825202427-b303f430e36d/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA=
 golang.org/x/tools v0.0.0-20200904185747-39188db58858/go.mod h1:Cj7w3i3Rnn0Xh82ur9kSqwfTHTeVxaDqrfMjpcNT6bE=
 golang.org/x/tools v0.0.0-20201110124207-079ba7bd75cd/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
 golang.org/x/tools v0.0.0-20201201161351-ac6f37ff4c2a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
 golang.org/x/tools v0.0.0-20201208233053-a543418bbed2/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
 golang.org/x/tools v0.0.0-20210105154028-b0ab187a4818/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
 golang.org/x/tools v0.0.0-20210108195828-e2f9c7f1fc8e/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
 golang.org/x/tools v0.1.0/go.mod h1:xkSsbof2nBLbhDlRMhhhyNLN/zl3eTqcnHD5viDpcZ0=
 golang.org/x/tools v0.1.5/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
 golang.org/x/tools v0.1.10 h1:QjFRCZxdOhBJ/UNgnBZLbNV13DlbnK0quyivTnXJM20=
 golang.org/x/tools v0.1.10/go.mod h1:Uh6Zz+xoGYZom868N8YTex3t7RhtHDBrE8Gzo9bV56E=
 golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
-golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
+google.golang.org/genproto v0.0.0-20231106174013-bbf56f31fb17 h1:wpZ8pe2x1Q3f2KyT5f8oP/fa9rHAKgFPr/HZdNuS+PQ=
-golang.org/x/xerrors v0.0.0-20220517211312-f3a8303e98df h1:5Pf6pFKu98ODmgnpvkJ3kFUOQGGLIzLIkbzUHp47618=
+google.golang.org/genproto v0.0.0-20231106174013-bbf56f31fb17/go.mod h1:J7XzRzVy1+IPwWHZUzoD0IccYZIrXILAQpc+Qy9CMhY=
-google.golang.org/api v0.4.0/go.mod h1:8k5glujaEP+g9n7WNsDg8QP6cUVNI86fCNMcbazEtwE=
+google.golang.org/genproto/googleapis/api v0.0.0-20231106174013-bbf56f31fb17 h1:JpwMPBpFN3uKhdaekDpiNlImDdkUAyiJ6ez/uxGaUSo=
-google.golang.org/api v0.7.0/go.mod h1:WtwebWUNSVBH/HAw79HIFXZNqEvBhG+Ra+ax0hx3E3M=
+google.golang.org/genproto/googleapis/api v0.0.0-20231106174013-bbf56f31fb17/go.mod h1:0xJLfVdJqpAPl8tDg1ujOCGzx6LFLttXT5NhllGOXY4=
-google.golang.org/api v0.8.0/go.mod h1:o4eAsZoiT+ibD93RtjEohWalFOjRDx6CVaqeizhEnKg=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20231120223509-83a465c0220f h1:ultW7fxlIvee4HYrtnaRPon9HpEgFk5zYpmfMgtKB5I=
-google.golang.org/api v0.9.0/go.mod h1:o4eAsZoiT+ibD93RtjEohWalFOjRDx6CVaqeizhEnKg=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20231120223509-83a465c0220f/go.mod h1:L9KNLi232K1/xB6f7AlSX692koaRnKaWSR0stBki0Yc=
-google.golang.org/api v0.13.0/go.mod h1:iLdEw5Ide6rF15KTC1Kkl0iskquN2gFfn9o9XIsbkAI=
+google.golang.org/grpc v1.60.0 h1:6FQAR0kM31P6MRdeluor2w2gPaS4SVNrD/DNTxrQ15k=
-google.golang.org/api v0.14.0/go.mod h1:iLdEw5Ide6rF15KTC1Kkl0iskquN2gFfn9o9XIsbkAI=
+google.golang.org/grpc v1.60.0/go.mod h1:OlCHIeLYqSSsLi6i49B5QGdzaMZK9+M7LXN2FKz4eGM=
 google.golang.org/api v0.15.0/go.mod h1:iLdEw5Ide6rF15KTC1Kkl0iskquN2gFfn9o9XIsbkAI=
 google.golang.org/api v0.17.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE=
 google.golang.org/api v0.18.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE=
 google.golang.org/api v0.19.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE=
 google.golang.org/api v0.20.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE=
 google.golang.org/api v0.22.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE=
 google.golang.org/api v0.24.0/go.mod h1:lIXQywCXRcnZPGlsd8NbLnOjtAoL6em04bJ9+z0MncE=
 google.golang.org/api v0.28.0/go.mod h1:lIXQywCXRcnZPGlsd8NbLnOjtAoL6em04bJ9+z0MncE=
 google.golang.org/api v0.29.0/go.mod h1:Lcubydp8VUV7KeIHD9z2Bys/sm/vGKnG1UHuDBSrHWM=
 google.golang.org/api v0.30.0/go.mod h1:QGmEvQ87FHZNiUVJkT14jQNYJ4ZJjdRF23ZXz5138Fc=
 google.golang.org/api v0.35.0/go.mod h1:/XrVsuzM0rZmrsbjJutiuftIzeuTQcEeaYcSk/mQ1dg=
 google.golang.org/api v0.36.0/go.mod h1:+z5ficQTmoYpPn8LCUNVpK5I7hwkpjbcgqA7I34qYtE=
 google.golang.org/api v0.40.0/go.mod h1:fYKFpnQN0DsDSKRVRcQSDQNtqWPfM9i+zNPxepjRCQ8=
 google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM=
 google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
 google.golang.org/appengine v1.5.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
 google.golang.org/appengine v1.6.1/go.mod h1:i06prIuMbXzDqacNJfV5OdTW448YApPu5ww/cMBSeb0=
 google.golang.org/appengine v1.6.5/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc=
 google.golang.org/appengine v1.6.6/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc=
 google.golang.org/appengine v1.6.7/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc=
 google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc=
 google.golang.org/genproto v0.0.0-20190307195333-5fe7a883aa19/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE=
 google.golang.org/genproto v0.0.0-20190418145605-e7d98fc518a7/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE=
 google.golang.org/genproto v0.0.0-20190425155659-357c62f0e4bb/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE=
 google.golang.org/genproto v0.0.0-20190502173448-54afdca5d873/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE=
 google.golang.org/genproto v0.0.0-20190801165951-fa694d86fc64/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc=
 google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc=
 google.golang.org/genproto v0.0.0-20190911173649-1774047e7e51/go.mod h1:IbNlFCBrqXvoKpeg0TB2l7cyZUmoaFKYIwrEpbDKLA8=
 google.golang.org/genproto v0.0.0-20191108220845-16a3f7862a1a/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc=
 google.golang.org/genproto v0.0.0-20191115194625-c23dd37a84c9/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc=
 google.golang.org/genproto v0.0.0-20191216164720-4f79533eabd1/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc=
 google.golang.org/genproto v0.0.0-20191230161307-f3c370f40bfb/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc=
 google.golang.org/genproto v0.0.0-20200115191322-ca5a22157cba/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc=
 google.golang.org/genproto v0.0.0-20200122232147-0452cf42e150/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc=
 google.golang.org/genproto v0.0.0-20200204135345-fa8e72b47b90/go.mod h1:GmwEX6Z4W5gMy59cAlVYjN9JhxgbQH6Gn+gFDQe2lzA=
 google.golang.org/genproto v0.0.0-20200212174721-66ed5ce911ce/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
 google.golang.org/genproto v0.0.0-20200224152610-e50cd9704f63/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
 google.golang.org/genproto v0.0.0-20200228133532-8c2c7df3a383/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
 google.golang.org/genproto v0.0.0-20200305110556-506484158171/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
 google.golang.org/genproto v0.0.0-20200312145019-da6875a35672/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
 google.golang.org/genproto v0.0.0-20200331122359-1ee6d9798940/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
 google.golang.org/genproto v0.0.0-20200430143042-b979b6f78d84/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
 google.golang.org/genproto v0.0.0-20200511104702-f5ebc3bea380/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
 google.golang.org/genproto v0.0.0-20200513103714-09dca8ec2884/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
 google.golang.org/genproto v0.0.0-20200515170657-fc4c6c6a6587/go.mod h1:YsZOwe1myG/8QRHRsmBRE1LrgQY60beZKjly0O1fX9U=
 google.golang.org/genproto v0.0.0-20200526211855-cb27e3aa2013/go.mod h1:NbSheEEYHJ7i3ixzK3sjbqSGDJWnxyFXZblF3eUsNvo=
 google.golang.org/genproto v0.0.0-20200618031413-b414f8b61790/go.mod h1:jDfRM7FcilCzHH/e9qn6dsT145K34l5v+OpcnNgKAAA=
 google.golang.org/genproto v0.0.0-20200729003335-053ba62fc06f/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
 google.golang.org/genproto v0.0.0-20200804131852-c06518451d9c/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
 google.golang.org/genproto v0.0.0-20200825200019-8632dd797987/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
 google.golang.org/genproto v0.0.0-20200904004341-0bd0a958aa1d/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
 google.golang.org/genproto v0.0.0-20201109203340-2640f1f9cdfb/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
 google.golang.org/genproto v0.0.0-20201201144952-b05cb90ed32e/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
 google.golang.org/genproto v0.0.0-20201210142538-e3217bee35cc/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
 google.golang.org/genproto v0.0.0-20201214200347-8c77b98c765d/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
 google.golang.org/genproto v0.0.0-20210108203827-ffc7fda8c3d7/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
 google.golang.org/genproto v0.0.0-20210226172003-ab064af71705/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
 google.golang.org/genproto v0.0.0-20211118181313-81c1377c94b1/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc=
 google.golang.org/genproto v0.0.0-20220519153652-3a47de7e79bd h1:e0TwkXOdbnH/1x5rc5MZ/VYyiZ4v+RdVfrGMqEwT68I=
 google.golang.org/genproto v0.0.0-20220519153652-3a47de7e79bd/go.mod h1:RAyBrSAP7Fh3Nc84ghnVLDPuV51xc9agzmm4Ph6i0Q4=
 google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c=
 google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38=
 google.golang.org/grpc v1.21.1/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM=
 google.golang.org/grpc v1.23.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg=
 google.golang.org/grpc v1.25.1/go.mod h1:c3i+UQWmh7LiEpx4sFZnkU36qjEYZ0imhYfXVyQciAY=
 google.golang.org/grpc v1.26.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk=
 google.golang.org/grpc v1.27.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk=
 google.golang.org/grpc v1.27.1/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk=
 google.golang.org/grpc v1.28.0/go.mod h1:rpkK4SK4GF4Ach/+MFLZUBavHOvF2JJB5uozKKal+60=
 google.golang.org/grpc v1.29.1/go.mod h1:itym6AZVZYACWQqET3MqgPpjcuV5QH3BxFS3IjizoKk=
 google.golang.org/grpc v1.30.0/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak=
 google.golang.org/grpc v1.31.0/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak=
 google.golang.org/grpc v1.31.1/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak=
 google.golang.org/grpc v1.33.1/go.mod h1:fr5YgcSWrqhRRxogOsw7RzIpsmvOZ6IcH4kBYTpR3n0=
 google.golang.org/grpc v1.33.2/go.mod h1:JMHMWHQWaTccqQQlmk3MJZS+GWXOdAesneDmEnv2fbc=
 google.golang.org/grpc v1.34.0/go.mod h1:WotjhfgOW/POjDeRt8vscBtXq+2VjORFy659qA51WJ8=
 google.golang.org/grpc v1.35.0/go.mod h1:qjiiYl8FncCW8feJPdyg3v6XW24KsRHe+dy9BAGRRjU=
 google.golang.org/grpc v1.36.0/go.mod h1:qjiiYl8FncCW8feJPdyg3v6XW24KsRHe+dy9BAGRRjU=
 google.golang.org/grpc v1.40.0/go.mod h1:ogyxbiOoUXAkP+4+xa6PZSE9DZgIHtSpzjDTB9KAK34=
 google.golang.org/grpc v1.42.0/go.mod h1:k+4IHHFw41K8+bbowsex27ge2rCb65oeWqe4jJ590SU=
 google.golang.org/grpc v1.46.0/go.mod h1:vN9eftEi1UMyUsIF80+uQXhHjbXYbm0uXoFCACuMGWk=
 google.golang.org/grpc v1.46.2 h1:u+MLGgVf7vRdjEYZ8wDFhAVNmhkbJ5hmrA1LMWK1CAQ=
 google.golang.org/grpc v1.46.2/go.mod h1:vN9eftEi1UMyUsIF80+uQXhHjbXYbm0uXoFCACuMGWk=
 google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8=
 google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0=
 google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM=
 google.golang.org/protobuf v1.20.1-0.20200309200217-e05f789c0967/go.mod h1:A+miEFZTKqfCUM6K7xSMQL9OKL/b6hQv+e19PK+JZNE=
 google.golang.org/protobuf v1.21.0/go.mod h1:47Nbq4nVaFHyn7ilMalzfO3qCViNmqZ2kzikPIcrTAo=
 google.golang.org/protobuf v1.22.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU=
 google.golang.org/protobuf v1.23.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU=
 google.golang.org/protobuf v1.23.1-0.20200526195155-81db48ad09cc/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU=
 google.golang.org/protobuf v1.24.0/go.mod h1:r/3tXBNzIEhYS9I1OUVjXDlt8tc493IdKGjtUeSXeh4=
 google.golang.org/protobuf v1.25.0/go.mod h1:9JNX74DMeImyA3h4bdi1ymwjUzf21/xIlbajtzgsN7c=
 google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw=
 google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc=
-google.golang.org/protobuf v1.27.1/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc=
+google.golang.org/protobuf v1.31.0 h1:g0LDEJHgrBl9N9r17Ru3sqWhkIx2NB67okBHPwC7hs8=
-google.golang.org/protobuf v1.28.0 h1:w43yiav+6bVFTBQFZX0r7ipe9JQ1QsbMgHwbBziscLw=
+google.golang.org/protobuf v1.31.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I=
 google.golang.org/protobuf v1.28.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I=
 gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLkstjWtayDeSgw=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/check.v1 v1.0.0-20200227125254-8fa46927fb4f h1:BLraFXnmrev5lT+xlilqcH8XK9/i0At2xKjWk4p6zsU=
 gopkg.in/check.v1 v1.0.0-20200227125254-8fa46927fb4f/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
-gopkg.in/errgo.v2 v2.1.0/go.mod h1:hNsd1EY+bozCKY1Ytp96fpM3vjJbqLJn88ws8XvfDNI=
+gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk=
-gopkg.in/ini.v1 v1.66.4 h1:SsAcf+mM7mRZo2nJNGt8mZCjG8ZRaNGMURJw7BsIST4=
+gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q=
-gopkg.in/ini.v1 v1.66.4/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k=
+gopkg.in/ini.v1 v1.67.0 h1:Dgnx+6+nfE+IfzjUEISNeydPJh9AXNNsWbGP9KzCsOA=
-gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
+gopkg.in/ini.v1 v1.67.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k=
 gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 gopkg.in/yaml.v2 v2.2.3/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 gopkg.in/yaml.v2 v2.2.4/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 gopkg.in/yaml.v2 v2.2.5/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 gopkg.in/yaml.v2 v2.3.0/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY=
 gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ=
-gopkg.in/yaml.v3 v3.0.0 h1:hjy8E9ON/egN1tAYqKb61G10WtihqetD4sz2H+8nIeA=
+gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
-gopkg.in/yaml.v3 v3.0.0/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
+gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
 honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
 honnef.co/go/tools v0.0.0-20190106161140-3f1c8253044a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
 honnef.co/go/tools v0.0.0-20190418001031-e561f6794a2a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
 honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
 honnef.co/go/tools v0.0.1-2019.2.3/go.mod h1:a3bituU0lyd329TUQxRnasdCoJDkEUEAqEt0JzvZhAg=
 honnef.co/go/tools v0.0.1-2020.1.3/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k=
 honnef.co/go/tools v0.0.1-2020.1.4/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k=
 rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8=
 rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0=
 rsc.io/sampler v1.3.0/go.mod h1:T1hPZKmBbMNahiBKFy5HrXp6adAjACjK9JXDnKaTXpA=
--- a/kustomize/deployment.yaml
+++ b/kustomize/deployment.yaml
@@ -23,7 +23,7 @@ spec:
    spec:
      containers:
      - name: podinfod
-        image: ghcr.io/stefanprodan/podinfo:6.1.6
+        image: ghcr.io/stefanprodan/podinfo:6.5.4
        imagePullPolicy: IfNotPresent
        ports:
        - name: http
--- a/kustomize/hpa.yaml
+++ b/kustomize/hpa.yaml
@@ -1,4 +1,4 @@
-apiVersion: autoscaling/v2beta2
+apiVersion: autoscaling/v2
 kind: HorizontalPodAutoscaler
 metadata:
  name: podinfo
--- a/pkg/api/cache.go
+++ b/pkg/api/cache.go
@@ -2,7 +2,7 @@ package api
 import (
 	"fmt"
-	"io/ioutil"
+	"io"
 	"net/http"
 	"net/url"
 	"time"
@@ -20,6 +20,7 @@ import (
 // @Tags HTTP API
 // @Accept json
 // @Produce json
 // @Param key path string true "Key to save to"
 // @Router /cache/{key} [post]
 // @Success 202
 func (s *Server) cacheWriteHandler(w http.ResponseWriter, r *http.Request) {
@@ -32,7 +33,7 @@ func (s *Server) cacheWriteHandler(w http.ResponseWriter, r *http.Request) {
 	}
 	key := mux.Vars(r)["key"]
-	body, err := ioutil.ReadAll(r.Body)
+	body, err := io.ReadAll(r.Body)
 	if err != nil {
 		s.ErrorResponse(w, r, span, "reading the request body failed", http.StatusBadRequest)
 		return
@@ -56,6 +57,7 @@ func (s *Server) cacheWriteHandler(w http.ResponseWriter, r *http.Request) {
 // @Tags HTTP API
 // @Accept json
 // @Produce json
 // @Param key path string true "Key to delete"
 // @Router /cache/{key} [delete]
 // @Success 202
 func (s *Server) cacheDeleteHandler(w http.ResponseWriter, r *http.Request) {
@@ -87,6 +89,7 @@ func (s *Server) cacheDeleteHandler(w http.ResponseWriter, r *http.Request) {
 // @Tags HTTP API
 // @Accept json
 // @Produce json
 // @Param key path string true "Key to load from cache"
 // @Router /cache/{key} [get]
 // @Success 200 {string} string value
 func (s *Server) cacheReadHandler(w http.ResponseWriter, r *http.Request) {
@@ -138,7 +141,7 @@ func (s *Server) getCacheConn() (redis.Conn, error) {
 	return redis.Dial("tcp", redisUrl.Host, opts...)
 }
-func (s *Server) startCachePool(ticker *time.Ticker, stopCh <-chan struct{}) {
+func (s *Server) startCachePool(ticker *time.Ticker) {
 	if s.config.CacheServer == "" {
 		return
 	}
@@ -166,8 +169,6 @@ func (s *Server) startCachePool(ticker *time.Ticker, stopCh <-chan struct{}) {
 		setVersion()
 		for {
 			select {
 			case <-stopCh:
 				return
 			case <-ticker.C:
 				setVersion()
 			}
--- a/pkg/api/chunked.go
+++ b/pkg/api/chunked.go
@@ -15,6 +15,7 @@ import (
 // @Tags HTTP API
 // @Accept json
 // @Produce json
 // @Param seconds path int true "seconds to wait for"
 // @Router /chunked/{seconds} [get]
 // @Success 200 {object} api.MapResponse
 func (s *Server) chunkedHandler(w http.ResponseWriter, r *http.Request) {
--- a/pkg/api/delay.go
+++ b/pkg/api/delay.go
@@ -49,6 +49,7 @@ func (m *RandomDelayMiddleware) Handler(next http.Handler) http.Handler {
 // @Tags HTTP API
 // @Accept json
 // @Produce json
 // @Param seconds path int true "seconds to wait for"
 // @Router /delay/{seconds} [get]
 // @Success 200 {object} api.MapResponse
 func (s *Server) delayHandler(w http.ResponseWriter, r *http.Request) {
--- a/pkg/api/docs/docs.go
+++ b/pkg/api/docs/docs.go
@@ -1,22 +1,13 @@
-// GENERATED BY THE COMMAND ABOVE; DO NOT EDIT
+// Package docs Code generated by swaggo/swag. DO NOT EDIT
 // This file was generated by swaggo/swag
 package docs
-import (
+import "github.com/swaggo/swag"
 	"bytes"
 	"encoding/json"
 	"strings"
-	"github.com/alecthomas/template"
+const docTemplate = `{
 	"github.com/swaggo/swag"
 )
 var doc = `{
    "schemes": {{ marshal .Schemes }},
    "swagger": "2.0",
    "info": {
-        "description": "{{.Description}}",
+        "description": "{{escape .Description}}",
        "title": "{{.Title}}",
        "contact": {
            "name": "Source Code",
@@ -110,6 +101,15 @@ var doc = `{
                    "HTTP API"
                ],
                "summary": "Get payload from cache",
                "parameters": [
                    {
                        "type": "string",
                        "description": "Key to load from cache",
                        "name": "key",
                        "in": "path",
                        "required": true
                    }
                ],
                "responses": {
                    "200": {
                        "description": "OK",
@@ -131,9 +131,18 @@ var doc = `{
                    "HTTP API"
                ],
                "summary": "Save payload in cache",
                "parameters": [
                    {
                        "type": "string",
                        "description": "Key to save to",
                        "name": "key",
                        "in": "path",
                        "required": true
                    }
                ],
                "responses": {
                    "202": {
-                        "description": ""
+                        "description": "Accepted"
                    }
                }
            },
@@ -149,9 +158,18 @@ var doc = `{
                    "HTTP API"
                ],
                "summary": "Delete payload from cache",
                "parameters": [
                    {
                        "type": "string",
                        "description": "Key to delete",
                        "name": "key",
                        "in": "path",
                        "required": true
                    }
                ],
                "responses": {
                    "202": {
-                        "description": ""
+                        "description": "Accepted"
                    }
                }
            }
@@ -169,6 +187,15 @@ var doc = `{
                    "HTTP API"
                ],
                "summary": "Chunked transfer encoding",
                "parameters": [
                    {
                        "type": "integer",
                        "description": "seconds to wait for",
                        "name": "seconds",
                        "in": "path",
                        "required": true
                    }
                ],
                "responses": {
                    "200": {
                        "description": "OK",
@@ -192,6 +219,15 @@ var doc = `{
                    "HTTP API"
                ],
                "summary": "Delay",
                "parameters": [
                    {
                        "type": "integer",
                        "description": "seconds to wait for",
                        "name": "seconds",
                        "in": "path",
                        "required": true
                    }
                ],
                "responses": {
                    "200": {
                        "description": "OK",
@@ -303,7 +339,8 @@ var doc = `{
                "tags": [
                    "HTTP API"
                ],
-                "summary": "Panic"
+                "summary": "Panic",
                "responses": {}
            }
        },
        "/readyz": {
@@ -388,6 +425,15 @@ var doc = `{
                    "HTTP API"
                ],
                "summary": "Status code",
                "parameters": [
                    {
                        "type": "integer",
                        "description": "status code to return",
                        "name": "code",
                        "in": "path",
                        "required": true
                    }
                ],
                "responses": {
                    "200": {
                        "description": "OK",
@@ -434,6 +480,15 @@ var doc = `{
                    "HTTP API"
                ],
                "summary": "Download file",
                "parameters": [
                    {
                        "type": "string",
                        "description": "hash value",
                        "name": "hash",
                        "in": "path",
                        "required": true
                    }
                ],
                "responses": {
                    "200": {
                        "description": "file",
@@ -610,49 +665,20 @@ var doc = `{
    }
 }`
 type swaggerInfo struct {
 	Version     string
 	Host        string
 	BasePath    string
 	Schemes     []string
 	Title       string
 	Description string
 }
 // SwaggerInfo holds exported Swagger Info so clients can modify it
-var SwaggerInfo = swaggerInfo{
+var SwaggerInfo = &swag.Spec{
-	Version:     "2.0",
+	Version:          "2.0",
-	Host:        "localhost:9898",
+	Host:             "localhost:9898",
-	BasePath:    "/",
+	BasePath:         "/",
-	Schemes:     []string{"http", "https"},
+	Schemes:          []string{"http", "https"},
-	Title:       "Podinfo API",
+	Title:            "Podinfo API",
-	Description: "Go microservice template for Kubernetes.",
+	Description:      "Go microservice template for Kubernetes.",
-}
+	InfoInstanceName: "swagger",
-
+	SwaggerTemplate:  docTemplate,
-type s struct{}
+	LeftDelim:        "{{",
-
+	RightDelim:       "}}",
 func (s *s) ReadDoc() string {
 	sInfo := SwaggerInfo
 	sInfo.Description = strings.Replace(sInfo.Description, "\n", "\\n", -1)
 	t, err := template.New("swagger_info").Funcs(template.FuncMap{
 		"marshal": func(v interface{}) string {
 			a, _ := json.Marshal(v)
 			return string(a)
 		},
 	}).Parse(doc)
 	if err != nil {
 		return doc
 	}
 	var tpl bytes.Buffer
 	if err := t.Execute(&tpl, sInfo); err != nil {
 		return doc
 	}
 	return tpl.String()
 }
 func init() {
-	swag.Register(swag.Name, &s{})
+	swag.Register(SwaggerInfo.InstanceName(), SwaggerInfo)
 }
--- a/pkg/api/docs/swagger.json
+++ b/pkg/api/docs/swagger.json
@@ -99,6 +99,15 @@
                    "HTTP API"
                ],
                "summary": "Get payload from cache",
                "parameters": [
                    {
                        "type": "string",
                        "description": "Key to load from cache",
                        "name": "key",
                        "in": "path",
                        "required": true
                    }
                ],
                "responses": {
                    "200": {
                        "description": "OK",
@@ -120,9 +129,18 @@
                    "HTTP API"
                ],
                "summary": "Save payload in cache",
                "parameters": [
                    {
                        "type": "string",
                        "description": "Key to save to",
                        "name": "key",
                        "in": "path",
                        "required": true
                    }
                ],
                "responses": {
                    "202": {
-                        "description": ""
+                        "description": "Accepted"
                    }
                }
            },
@@ -138,9 +156,18 @@
                    "HTTP API"
                ],
                "summary": "Delete payload from cache",
                "parameters": [
                    {
                        "type": "string",
                        "description": "Key to delete",
                        "name": "key",
                        "in": "path",
                        "required": true
                    }
                ],
                "responses": {
                    "202": {
-                        "description": ""
+                        "description": "Accepted"
                    }
                }
            }
@@ -158,6 +185,15 @@
                    "HTTP API"
                ],
                "summary": "Chunked transfer encoding",
                "parameters": [
                    {
                        "type": "integer",
                        "description": "seconds to wait for",
                        "name": "seconds",
                        "in": "path",
                        "required": true
                    }
                ],
                "responses": {
                    "200": {
                        "description": "OK",
@@ -181,6 +217,15 @@
                    "HTTP API"
                ],
                "summary": "Delay",
                "parameters": [
                    {
                        "type": "integer",
                        "description": "seconds to wait for",
                        "name": "seconds",
                        "in": "path",
                        "required": true
                    }
                ],
                "responses": {
                    "200": {
                        "description": "OK",
@@ -292,7 +337,8 @@
                "tags": [
                    "HTTP API"
                ],
-                "summary": "Panic"
+                "summary": "Panic",
                "responses": {}
            }
        },
        "/readyz": {
@@ -377,6 +423,15 @@
                    "HTTP API"
                ],
                "summary": "Status code",
                "parameters": [
                    {
                        "type": "integer",
                        "description": "status code to return",
                        "name": "code",
                        "in": "path",
                        "required": true
                    }
                ],
                "responses": {
                    "200": {
                        "description": "OK",
@@ -423,6 +478,15 @@
                    "HTTP API"
                ],
                "summary": "Download file",
                "parameters": [
                    {
                        "type": "string",
                        "description": "hash value",
                        "name": "hash",
                        "in": "path",
                        "required": true
                    }
                ],
                "responses": {
                    "200": {
                        "description": "file",
--- a/pkg/api/docs/swagger.yaml
+++ b/pkg/api/docs/swagger.yaml
@@ -103,11 +103,17 @@ paths:
      consumes:
      - application/json
      description: deletes the key and its value from cache
      parameters:
      - description: Key to delete
        in: path
        name: key
        required: true
        type: string
      produces:
      - application/json
      responses:
        "202":
-          description: ""
+          description: Accepted
      summary: Delete payload from cache
      tags:
      - HTTP API
@@ -115,6 +121,12 @@ paths:
      consumes:
      - application/json
      description: returns the content from cache if key exists
      parameters:
      - description: Key to load from cache
        in: path
        name: key
        required: true
        type: string
      produces:
      - application/json
      responses:
@@ -129,11 +141,17 @@ paths:
      consumes:
      - application/json
      description: writes the posted content in cache
      parameters:
      - description: Key to save to
        in: path
        name: key
        required: true
        type: string
      produces:
      - application/json
      responses:
        "202":
-          description: ""
+          description: Accepted
      summary: Save payload in cache
      tags:
      - HTTP API
@@ -143,6 +161,12 @@ paths:
      - application/json
      description: uses transfer-encoding type chunked to give a partial response
        and then waits for the specified period
      parameters:
      - description: seconds to wait for
        in: path
        name: seconds
        required: true
        type: integer
      produces:
      - application/json
      responses:
@@ -158,6 +182,12 @@ paths:
      consumes:
      - application/json
      description: waits for the specified period
      parameters:
      - description: seconds to wait for
        in: path
        name: seconds
        required: true
        type: integer
      produces:
      - application/json
      responses:
@@ -233,6 +263,7 @@ paths:
  /panic:
    get:
      description: crashes the process with exit code 255
      responses: {}
      summary: Panic
      tags:
      - HTTP API
@@ -287,6 +318,12 @@ paths:
      consumes:
      - application/json
      description: sets the response status code to the specified code
      parameters:
      - description: status code to return
        in: path
        name: code
        required: true
        type: integer
      produces:
      - application/json
      responses:
@@ -318,6 +355,12 @@ paths:
      consumes:
      - application/json
      description: returns the content of the file /data/hash if exists
      parameters:
      - description: hash value
        in: path
        name: hash
        required: true
        type: string
      produces:
      - text/plain
      responses:
--- a/pkg/api/echo.go
+++ b/pkg/api/echo.go
@@ -4,7 +4,7 @@ import (
 	"bytes"
 	"context"
 	"fmt"
-	"io/ioutil"
+	"io"
 	"net/http"
 	"net/http/httptrace"
 	"sync"
@@ -27,7 +27,7 @@ func (s *Server) echoHandler(w http.ResponseWriter, r *http.Request) {
 	ctx, span := s.tracer.Start(r.Context(), "echoHandler")
 	defer span.End()
-	body, err := ioutil.ReadAll(r.Body)
+	body, err := io.ReadAll(r.Body)
 	if err != nil {
 		s.logger.Error("reading the request body failed", zap.Error(err))
 		s.ErrorResponse(w, r, span, "invalid request body", http.StatusBadRequest)
@@ -78,7 +78,7 @@ func (s *Server) echoHandler(w http.ResponseWriter, r *http.Request) {
 				}
 				// forward the received body
-				rbody, err := ioutil.ReadAll(resp.Body)
+				rbody, err := io.ReadAll(resp.Body)
 				if err != nil {
 					s.logger.Error(
 						"reading the backend request body failed",
--- a/pkg/api/echo_test.go
+++ b/pkg/api/echo_test.go
@@ -8,27 +8,41 @@ import (
 )
 func TestEchoHandler(t *testing.T) {
-	expected := `{"test": true}`
+	cases := []struct {
-	req, err := http.NewRequest("POST", "/api/echo", strings.NewReader(expected))
+		url      string
-	if err != nil {
+		method   string
-		t.Fatal(err)
+		expected string
 	}{
 		{url: "/api/echo", method: "POST", expected: `{"test": true}`},
 		{url: "/api/echo", method: "PUT", expected: `{"test": true}`},
 		{url: "/echo", method: "PUT", expected: `{"test": true}`},
 		{url: "/echo/", method: "POST", expected: `{"test": true}`},
 		{url: "/echo/test", method: "POST", expected: `{"test": true}`},
 		{url: "/echo/test/", method: "POST", expected: `{"test": true}`},
 		{url: "/echo/test/test123-test", method: "POST", expected: `{"test": true}`},
 	}
 	rr := httptest.NewRecorder()
 	srv := NewMockServer()
 	handler := http.HandlerFunc(srv.echoHandler)
-	handler.ServeHTTP(rr, req)
+	for _, c := range cases {
 		req, err := http.NewRequest(c.method, c.url, strings.NewReader(c.expected))
 		if err != nil {
 			t.Fatal(err)
 		}
 		rr := httptest.NewRecorder()
 		handler.ServeHTTP(rr, req)
-	// Check the status code is what we expect.
+		// Check the status code is what we expect.
-	if status := rr.Code; status != http.StatusAccepted {
+		if status := rr.Code; status != http.StatusAccepted {
-		t.Errorf("handler returned wrong status code: got %v want %v",
+			t.Errorf("handler returned wrong status code: got %v want %v",
-			status, http.StatusAccepted)
+				status, http.StatusAccepted)
-	}
+		}
-	// Check the response body is what we expect.
+		// Check the response body is what we expect.
-	if rr.Body.String() != expected {
+		if rr.Body.String() != c.expected {
-		t.Fatalf("handler returned unexpected body:\ngot \n%v \nwant \n%s",
+			t.Fatalf("handler returned unexpected body:\ngot \n%v \nwant \n%s",
-			rr.Body.String(), expected)
+				rr.Body.String(), c.expected)
 		}
 	}
 }
--- a/pkg/api/mock.go
+++ b/pkg/api/mock.go
@@ -11,17 +11,17 @@ import (
 func NewMockServer() *Server {
 	config := &Config{
-		Port:                      "9898",
+		Port:                  "9898",
-		HttpServerShutdownTimeout: 5 * time.Second,
+		ServerShutdownTimeout: 5 * time.Second,
-		HttpServerTimeout:         30 * time.Second,
+		HttpServerTimeout:     30 * time.Second,
-		BackendURL:                []string{},
+		BackendURL:            []string{},
-		ConfigPath:                "/config",
+		ConfigPath:            "/config",
-		DataPath:                  "/data",
+		DataPath:              "/data",
-		HttpClientTimeout:         30 * time.Second,
+		HttpClientTimeout:     30 * time.Second,
-		UIColor:                   "blue",
+		UIColor:               "blue",
-		UIPath:                    ".ui",
+		UIPath:                ".ui",
-		UIMessage:                 "Greetings",
+		UIMessage:             "Greetings",
-		Hostname:                  "localhost",
+		Hostname:              "localhost",
 	}
 	logger, _ := zap.NewDevelopment()
--- a/pkg/api/server.go
+++ b/pkg/api/server.go
@@ -14,7 +14,6 @@ import (
 	"github.com/gomodule/redigo/redis"
 	"github.com/gorilla/mux"
 	"github.com/prometheus/client_golang/prometheus/promhttp"
 	"github.com/spf13/viper"
 	_ "github.com/stefanprodan/podinfo/pkg/api/docs"
 	"github.com/stefanprodan/podinfo/pkg/fscache"
 	httpSwagger "github.com/swaggo/http-swagger"
@@ -47,32 +46,32 @@ var (
 )
 type Config struct {
-	HttpClientTimeout         time.Duration `mapstructure:"http-client-timeout"`
+	HttpClientTimeout     time.Duration `mapstructure:"http-client-timeout"`
-	HttpServerTimeout         time.Duration `mapstructure:"http-server-timeout"`
+	HttpServerTimeout     time.Duration `mapstructure:"http-server-timeout"`
-	HttpServerShutdownTimeout time.Duration `mapstructure:"http-server-shutdown-timeout"`
+	ServerShutdownTimeout time.Duration `mapstructure:"server-shutdown-timeout"`
-	BackendURL                []string      `mapstructure:"backend-url"`
+	BackendURL            []string      `mapstructure:"backend-url"`
-	UILogo                    string        `mapstructure:"ui-logo"`
+	UILogo                string        `mapstructure:"ui-logo"`
-	UIMessage                 string        `mapstructure:"ui-message"`
+	UIMessage             string        `mapstructure:"ui-message"`
-	UIColor                   string        `mapstructure:"ui-color"`
+	UIColor               string        `mapstructure:"ui-color"`
-	UIPath                    string        `mapstructure:"ui-path"`
+	UIPath                string        `mapstructure:"ui-path"`
-	DataPath                  string        `mapstructure:"data-path"`
+	DataPath              string        `mapstructure:"data-path"`
-	ConfigPath                string        `mapstructure:"config-path"`
+	ConfigPath            string        `mapstructure:"config-path"`
-	CertPath                  string        `mapstructure:"cert-path"`
+	CertPath              string        `mapstructure:"cert-path"`
-	Host                      string        `mapstructure:"host"`
+	Host                  string        `mapstructure:"host"`
-	Port                      string        `mapstructure:"port"`
+	Port                  string        `mapstructure:"port"`
-	SecurePort                string        `mapstructure:"secure-port"`
+	SecurePort            string        `mapstructure:"secure-port"`
-	PortMetrics               int           `mapstructure:"port-metrics"`
+	PortMetrics           int           `mapstructure:"port-metrics"`
-	Hostname                  string        `mapstructure:"hostname"`
+	Hostname              string        `mapstructure:"hostname"`
-	H2C                       bool          `mapstructure:"h2c"`
+	H2C                   bool          `mapstructure:"h2c"`
-	RandomDelay               bool          `mapstructure:"random-delay"`
+	RandomDelay           bool          `mapstructure:"random-delay"`
-	RandomDelayUnit           string        `mapstructure:"random-delay-unit"`
+	RandomDelayUnit       string        `mapstructure:"random-delay-unit"`
-	RandomDelayMin            int           `mapstructure:"random-delay-min"`
+	RandomDelayMin        int           `mapstructure:"random-delay-min"`
-	RandomDelayMax            int           `mapstructure:"random-delay-max"`
+	RandomDelayMax        int           `mapstructure:"random-delay-max"`
-	RandomError               bool          `mapstructure:"random-error"`
+	RandomError           bool          `mapstructure:"random-error"`
-	Unhealthy                 bool          `mapstructure:"unhealthy"`
+	Unhealthy             bool          `mapstructure:"unhealthy"`
-	Unready                   bool          `mapstructure:"unready"`
+	Unready               bool          `mapstructure:"unready"`
-	JWTSecret                 string        `mapstructure:"jwt-secret"`
+	JWTSecret             string        `mapstructure:"jwt-secret"`
-	CacheServer               string        `mapstructure:"cache-server"`
+	CacheServer           string        `mapstructure:"cache-server"`
 }
 type Server struct {
@@ -101,7 +100,8 @@ func (s *Server) registerHandlers() {
 	s.router.HandleFunc("/", s.indexHandler).HeadersRegexp("User-Agent", "^Mozilla.*").Methods("GET")
 	s.router.HandleFunc("/", s.infoHandler).Methods("GET")
 	s.router.HandleFunc("/version", s.versionHandler).Methods("GET")
-	s.router.HandleFunc("/echo", s.echoHandler).Methods("POST")
+	s.router.HandleFunc("/echo", s.echoHandler)
 	s.router.PathPrefix("/echo/").HandlerFunc(s.echoHandler)
 	s.router.HandleFunc("/env", s.envHandler).Methods("GET", "POST")
 	s.router.HandleFunc("/headers", s.echoHeadersHandler).Methods("GET", "POST")
 	s.router.HandleFunc("/delay/{wait:[0-9]+}", s.delayHandler).Methods("GET").Name("delay")
@@ -120,7 +120,8 @@ func (s *Server) registerHandlers() {
 	s.router.HandleFunc("/token", s.tokenGenerateHandler).Methods("POST")
 	s.router.HandleFunc("/token/validate", s.tokenValidateHandler).Methods("GET")
 	s.router.HandleFunc("/api/info", s.infoHandler).Methods("GET")
-	s.router.HandleFunc("/api/echo", s.echoHandler).Methods("POST")
+	s.router.HandleFunc("/api/echo", s.echoHandler)
 	s.router.PathPrefix("/api/echo/").HandlerFunc(s.echoHandler)
 	s.router.HandleFunc("/ws/echo", s.echoWsHandler)
 	s.router.HandleFunc("/chunked", s.chunkedHandler)
 	s.router.HandleFunc("/chunked/{wait:[0-9]+}", s.chunkedHandler)
@@ -153,7 +154,7 @@ func (s *Server) registerMiddlewares() {
 	}
 }
-func (s *Server) ListenAndServe(stopCh <-chan struct{}) {
+func (s *Server) ListenAndServe() (*http.Server, *http.Server, *int32, *int32) {
 	ctx := context.Background()
 	go s.startMetricsServer()
@@ -183,7 +184,7 @@ func (s *Server) ListenAndServe(stopCh <-chan struct{}) {
 	// start redis connection pool
 	ticker := time.NewTicker(30 * time.Second)
-	s.startCachePool(ticker, stopCh)
+	s.startCachePool(ticker)
 	// create the http server
 	srv := s.startServer()
@@ -199,48 +200,7 @@ func (s *Server) ListenAndServe(stopCh <-chan struct{}) {
 		atomic.StoreInt32(&ready, 1)
 	}
-	// wait for SIGTERM or SIGINT
+	return srv, secureSrv, &healthy, &ready
 	<-stopCh
 	ctx, cancel := context.WithTimeout(ctx, s.config.HttpServerShutdownTimeout)
 	defer cancel()
 	// all calls to /healthz and /readyz will fail from now on
 	atomic.StoreInt32(&healthy, 0)
 	atomic.StoreInt32(&ready, 0)
 	// close cache pool
 	if s.pool != nil {
 		_ = s.pool.Close()
 	}
 	s.logger.Info("Shutting down HTTP/HTTPS server", zap.Duration("timeout", s.config.HttpServerShutdownTimeout))
 	// wait for Kubernetes readiness probe to remove this instance from the load balancer
 	// the readiness check interval must be lower than the timeout
 	if viper.GetString("level") != "debug" {
 		time.Sleep(3 * time.Second)
 	}
 	// stop OpenTelemetry tracer provider
 	if s.tracerProvider != nil {
 		if err := s.tracerProvider.Shutdown(ctx); err != nil {
 			s.logger.Warn("stopping tracer provider", zap.Error(err))
 		}
 	}
 	// determine if the http server was started
 	if srv != nil {
 		if err := srv.Shutdown(ctx); err != nil {
 			s.logger.Warn("HTTP server graceful shutdown failed", zap.Error(err))
 		}
 	}
 	// determine if the secure server was started
 	if secureSrv != nil {
 		if err := secureSrv.Shutdown(ctx); err != nil {
 			s.logger.Warn("HTTPS server graceful shutdown failed", zap.Error(err))
 		}
 	}
 }
 func (s *Server) startServer() *http.Server {
--- a/pkg/api/status.go
+++ b/pkg/api/status.go
@@ -14,6 +14,7 @@ import (
 // @Tags HTTP API
 // @Accept json
 // @Produce json
 // @Param code path int true "status code to return"
 // @Router /status/{code} [get]
 // @Success 200 {object} api.MapResponse
 func (s *Server) statusHandler(w http.ResponseWriter, r *http.Request) {
--- a/pkg/api/store.go
+++ b/pkg/api/store.go
@@ -3,8 +3,9 @@ package api
 import (
 	"crypto/sha1"
 	"encoding/hex"
-	"io/ioutil"
+	"io"
 	"net/http"
 	"os"
 	"path"
 	"github.com/gorilla/mux"
@@ -23,14 +24,14 @@ func (s *Server) storeWriteHandler(w http.ResponseWriter, r *http.Request) {
 	_, span := s.tracer.Start(r.Context(), "storeWriteHandler")
 	defer span.End()
-	body, err := ioutil.ReadAll(r.Body)
+	body, err := io.ReadAll(r.Body)
 	if err != nil {
 		s.ErrorResponse(w, r, span, "reading the request body failed", http.StatusBadRequest)
 		return
 	}
 	hash := hash(string(body))
-	err = ioutil.WriteFile(path.Join(s.config.DataPath, hash), body, 0644)
+	err = os.WriteFile(path.Join(s.config.DataPath, hash), body, 0644)
 	if err != nil {
 		s.logger.Warn("writing file failed", zap.Error(err), zap.String("file", path.Join(s.config.DataPath, hash)))
 		s.ErrorResponse(w, r, span, "writing file failed", http.StatusInternalServerError)
@@ -45,6 +46,7 @@ func (s *Server) storeWriteHandler(w http.ResponseWriter, r *http.Request) {
 // @Tags HTTP API
 // @Accept json
 // @Produce plain
 // @Param hash path string true "hash value"
 // @Router /store/{hash} [get]
 // @Success 200 {string} string "file"
 func (s *Server) storeReadHandler(w http.ResponseWriter, r *http.Request) {
@@ -52,7 +54,7 @@ func (s *Server) storeReadHandler(w http.ResponseWriter, r *http.Request) {
 	defer span.End()
 	hash := mux.Vars(r)["hash"]
-	content, err := ioutil.ReadFile(path.Join(s.config.DataPath, hash))
+	content, err := os.ReadFile(path.Join(s.config.DataPath, hash))
 	if err != nil {
 		s.logger.Warn("reading file failed", zap.Error(err), zap.String("file", path.Join(s.config.DataPath, hash)))
 		s.ErrorResponse(w, r, span, "reading file failed", http.StatusInternalServerError)
--- a/pkg/api/token.go
+++ b/pkg/api/token.go
@@ -2,13 +2,12 @@ package api
 import (
 	"fmt"
 	"io"
 	"net/http"
 	"strings"
 	"time"
-	"io/ioutil"
+	"github.com/golang-jwt/jwt/v4"
 	"github.com/dgrijalva/jwt-go/v4"
 	"go.uber.org/zap"
 )
@@ -29,7 +28,7 @@ func (s *Server) tokenGenerateHandler(w http.ResponseWriter, r *http.Request) {
 	_, span := s.tracer.Start(r.Context(), "tokenGenerateHandler")
 	defer span.End()
-	body, err := ioutil.ReadAll(r.Body)
+	body, err := io.ReadAll(r.Body)
 	if err != nil {
 		s.logger.Error("reading the request body failed", zap.Error(err))
 		s.ErrorResponse(w, r, span, "invalid request body", http.StatusBadRequest)
@@ -47,7 +46,7 @@ func (s *Server) tokenGenerateHandler(w http.ResponseWriter, r *http.Request) {
 		user,
 		jwt.StandardClaims{
 			Issuer:    "podinfo",
-			ExpiresAt: jwt.At(expiresAt),
+			ExpiresAt: expiresAt.Unix(),
 		},
 	}
@@ -60,7 +59,7 @@ func (s *Server) tokenGenerateHandler(w http.ResponseWriter, r *http.Request) {
 	var result = TokenResponse{
 		Token:     t,
-		ExpiresAt: time.Unix(claims.StandardClaims.ExpiresAt.Unix(), 0),
+		ExpiresAt: time.Unix(claims.StandardClaims.ExpiresAt, 0),
 	}
 	s.JSONResponse(w, r, result)
@@ -110,7 +109,7 @@ func (s *Server) tokenValidateHandler(w http.ResponseWriter, r *http.Request) {
 		} else {
 			var result = TokenValidationResponse{
 				TokenName: claims.Name,
-				ExpiresAt: time.Unix(claims.StandardClaims.ExpiresAt.Unix(), 0),
+				ExpiresAt: time.Unix(claims.StandardClaims.ExpiresAt, 0),
 			}
 			s.JSONResponse(w, r, result)
 		}
--- a/pkg/fscache/fscache.go
+++ b/pkg/fscache/fscache.go
@@ -2,8 +2,8 @@ package fscache
 import (
 	"errors"
 	"io/ioutil"
 	"log"
 	"os"
 	"path/filepath"
 	"strings"
 	"sync"
@@ -77,7 +77,7 @@ func (w *Watcher) Watch() {
 // updateCache reads files content and loads them into the cache
 func (w *Watcher) updateCache() error {
 	fileMap := make(map[string]string)
-	files, err := ioutil.ReadDir(w.dir)
+	files, err := os.ReadDir(w.dir)
 	if err != nil {
 		return err
 	}
@@ -86,7 +86,7 @@ func (w *Watcher) updateCache() error {
 	for _, file := range files {
 		name := filepath.Base(file.Name())
 		if !file.IsDir() && !strings.Contains(name, "..") {
-			b, err := ioutil.ReadFile(filepath.Join(w.dir, file.Name()))
+			b, err := os.ReadFile(filepath.Join(w.dir, file.Name()))
 			if err != nil {
 				return err
 			}
--- a/pkg/grpc/server.go
+++ b/pkg/grpc/server.go
@@ -30,7 +30,7 @@ func NewServer(config *Config, logger *zap.Logger) (*Server, error) {
 	return srv, nil
 }
-func (s *Server) ListenAndServe() {
+func (s *Server) ListenAndServe() *grpc.Server {
 	listener, err := net.Listen("tcp", fmt.Sprintf(":%v", s.config.Port))
 	if err != nil {
 		s.logger.Fatal("failed to listen", zap.Int("port", s.config.Port))
@@ -42,7 +42,11 @@ func (s *Server) ListenAndServe() {
 	grpc_health_v1.RegisterHealthServer(srv, server)
 	server.SetServingStatus(s.config.ServiceName, grpc_health_v1.HealthCheckResponse_SERVING)
-	if err := srv.Serve(listener); err != nil {
+	go func() {
-		s.logger.Fatal("failed to serve", zap.Error(err))
+		if err := srv.Serve(listener); err != nil {
-	}
+			s.logger.Fatal("failed to serve", zap.Error(err))
 		}
 	}()
 	return srv
 }
--- a/pkg/signals/shutdown.go
+++ b/pkg/signals/shutdown.go
@@ -0,0 +1,84 @@
 package signals
 import (
 	"context"
 	"net/http"
 	"sync/atomic"
 	"time"
 	"github.com/gomodule/redigo/redis"
 	"github.com/spf13/viper"
 	sdktrace "go.opentelemetry.io/otel/sdk/trace"
 	"go.uber.org/zap"
 	"google.golang.org/grpc"
 )
 type Shutdown struct {
 	logger                *zap.Logger
 	pool                  *redis.Pool
 	tracerProvider        *sdktrace.TracerProvider
 	serverShutdownTimeout time.Duration
 }
 func NewShutdown(serverShutdownTimeout time.Duration, logger *zap.Logger) (*Shutdown, error) {
 	srv := &Shutdown{
 		logger:                logger,
 		serverShutdownTimeout: serverShutdownTimeout,
 	}
 	return srv, nil
 }
 func (s *Shutdown) Graceful(stopCh <-chan struct{}, httpServer *http.Server, httpsServer *http.Server, grpcServer *grpc.Server, healthy *int32, ready *int32) {
 	ctx := context.Background()
 	// wait for SIGTERM or SIGINT
 	<-stopCh
 	ctx, cancel := context.WithTimeout(ctx, s.serverShutdownTimeout)
 	defer cancel()
 	// all calls to /healthz and /readyz will fail from now on
 	atomic.StoreInt32(healthy, 0)
 	atomic.StoreInt32(ready, 0)
 	// close cache pool
 	if s.pool != nil {
 		_ = s.pool.Close()
 	}
 	s.logger.Info("Shutting down HTTP/HTTPS server", zap.Duration("timeout", s.serverShutdownTimeout))
 	// There could be a period where a terminating pod may still receive requests. Implementing a brief wait can mitigate this.
 	// See: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#pod-termination
 	// the readiness check interval must be lower than the timeout
 	if viper.GetString("level") != "debug" {
 		time.Sleep(3 * time.Second)
 	}
 	// stop OpenTelemetry tracer provider
 	if s.tracerProvider != nil {
 		if err := s.tracerProvider.Shutdown(ctx); err != nil {
 			s.logger.Warn("stopping tracer provider", zap.Error(err))
 		}
 	}
 	// determine if the GRPC was started
 	if grpcServer != nil {
 		s.logger.Info("Shutting down GRPC server", zap.Duration("timeout", s.serverShutdownTimeout))
 		grpcServer.GracefulStop()
 	}
 	// determine if the http server was started
 	if httpServer != nil {
 		if err := httpServer.Shutdown(ctx); err != nil {
 			s.logger.Warn("HTTP server graceful shutdown failed", zap.Error(err))
 		}
 	}
 	// determine if the secure server was started
 	if httpsServer != nil {
 		if err := httpsServer.Shutdown(ctx); err != nil {
 			s.logger.Warn("HTTPS server graceful shutdown failed", zap.Error(err))
 		}
 	}
 }
--- a/pkg/signals/signal_posix.go
+++ b/pkg/signals/signal_posix.go
@@ -8,4 +8,4 @@ import (
 	"syscall"
 )
-var shutdownSignals = []os.Signal{os.Interrupt, syscall.SIGTERM}
+var shutdownSignals = []os.Signal{os.Interrupt, syscall.SIGTERM, syscall.SIGINT}
--- a/pkg/version/version.go
+++ b/pkg/version/version.go
@@ -1,4 +1,4 @@
 package version
-var VERSION = "6.1.6"
+var VERSION = "6.5.4"
 var REVISION = "unknown"
--- a/test/deploy.sh
+++ b/test/deploy.sh
@@ -24,4 +24,6 @@ helm upgrade --install podinfo ./charts/podinfo \
    --set image.tag=latest \
    --set tls.enabled=true \
    --set certificate.create=true \
    --set hpa.enabled=true \
    --set hpa.cpu=95 \
    --namespace=default
--- a/timoni/bundles/test.podinfo.cue
+++ b/timoni/bundles/test.podinfo.cue
@@ -0,0 +1,68 @@
 bundle: {
 	apiVersion: "v1alpha1"
 	name:       "podinfo"
 	_modURL: "oci://ghcr.io/stefanprodan/modules/podinfo" @timoni(runtime:string:PODINFO_MODULE_URL)
 	_imgURL: "ghcr.io/stefanprodan/modules/podinfo"       @timoni(runtime:string:PODINFO_IMAGE_URL)
 	_imgTag: "latest"                                     @timoni(runtime:string:PODINFO_VERSION)
 	instances: {
 		backend: {
 			module: url: _modURL
 			namespace: "podinfo"
 			values: {
 				image: {
 					repository: _imgURL
 					tag:        _imgTag
 				}
 				resources: requests: {
 					cpu:    "100m"
 					memory: "128Mi"
 				}
 				autoscaling: {
 					enabled:     true
 					minReplicas: 1
 					maxReplicas: 10
 					cpu:         90
 				}
 				test: enabled: true
 			}
 		}
 		frontend: {
 			module: url: _modURL
 			namespace: "podinfo"
 			values: {
 				image: {
 					repository: _imgURL
 					tag:        _imgTag
 				}
 				ui: backend: "http://backend.podinfo.svc.cluster.local/echo"
 				replicas: 2
 				podSecurityContext: {
 					runAsUser:  100
 					runAsGroup: 101
 					fsGroup:    101
 				}
 				securityContext: {
 					allowPrivilegeEscalation: false
 					readOnlyRootFilesystem:   true
 					runAsNonRoot:             true
 					capabilities: drop: ["ALL"]
 					seccompProfile: type: "RuntimeDefault"
 				}
 				ingress: {
 					enabled:   true
 					className: "nginx"
 					host:      "podinfo.local"
 					tls:       true
 					annotations: {
 						"nginx.ingress.kubernetes.io/ssl-redirect":       "false"
 						"nginx.ingress.kubernetes.io/force-ssl-redirect": "false"
 						"cert-manager.io/cluster-issuer":                 "self-signed"
 					}
 				}
 				test: enabled: true
 			}
 		}
 	}
 }
--- a/timoni/podinfo/README.md
+++ b/timoni/podinfo/README.md
@@ -0,0 +1,140 @@
 # Podinfo
 [Podinfo](https://github.com/stefanprodan/podinfo) is a tiny web application
 made with Go that showcases best practices of running microservices in Kubernetes.
 ## Module Repository
 This module is available on GitHub Container Registry at
 [ghcr.io/stefanprodan/modules/podinfo](https://github.com/stefanprodan/podinfo/pkgs/container/modules%2Fpodinfo).
 ## Install
 To create an instance using the default values:
 ```shell
 timoni -n default apply podinfo oci://ghcr.io/stefanprodan/modules/podinfo
 ```
 To install a specific module version:
 ```shell
 timoni -n default apply podinfo oci://ghcr.io/stefanprodan/modules/podinfo -v 6.5.0
 ```
 To change the [default configuration](#configuration),
 create one or more `values.cue` files and apply them to the instance.
 For example, create a file `my-values.cue` with the following content:
 ```cue
 values: {
 	resources: requests: {
 		cpu:    "100m"
 		memory: "128Mi"
 	}
 }
 ```
 And apply the values with:
 ```shell
 timoni -n default apply podinfo oci://ghcr.io/stefanprodan/modules/podinfo \
 --values ./my-values.cue
 ```
 ## Uninstall
 To uninstall an instance and delete all its Kubernetes resources:
 ```shell
 timoni -n default delete podinfo
 ```
 ## Configuration
 ### General values
 | Key                          | Type                                    | Default                        | Description                                                                                                                                  |
 |------------------------------|-----------------------------------------|--------------------------------|----------------------------------------------------------------------------------------------------------------------------------------------|
 | `image: tag:`                | `string`                                | `<latest version>`             | Container image tag                                                                                                                          |
 | `image: digest:`             | `string`                                | `""`                           | Container image digest, takes precedence over `tag` when specified                                                                           |
 | `image: repository:`         | `string`                                | `ghcr.io/stefanprodan/podinfo` | Container image repository                                                                                                                   |
 | `image: pullPolicy:`         | `string`                                | `IfNotPresent`                 | [Kubernetes image pull policy](https://kubernetes.io/docs/concepts/containers/images/#image-pull-policy)                                     |
 | `metadata: labels:`          | `{[ string]: string}`                   | `{}`                           | Common labels for all resources                                                                                                              |
 | `metadata: annotations:`     | `{[ string]: string}`                   | `{}`                           | Common annotations for all resources                                                                                                         |
 | `podAnnotations:`            | `{[ string]: string}`                   | `{}`                           | Annotations applied to pods                                                                                                                  |
 | `imagePullSecrets:`          | `[...corev1.LocalObjectReference]`      | `[]`                           | [Kubernetes image pull secrets](https://kubernetes.io/docs/concepts/containers/images/#specifying-imagepullsecrets-on-a-pod)                 |
 | `tolerations:`               | `[ ...corev1.#Toleration]`              | `[]`                           | [Kubernetes toleration](https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration)                                        |
 | `affinity:`                  | `corev1.#Affinity`                      | `{}`                           | [Kubernetes affinity and anti-affinity](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity) |
 | `resources:`                 | `corev1.#ResourceRequirements`          | `{}`                           | [Kubernetes resource requests and limits](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers)                     |
 | `topologySpreadConstraints:` | `[...corev1.#TopologySpreadConstraint]` | `[]`                           | [Kubernetes pod topology spread constraints](https://kubernetes.io/docs/concepts/scheduling-eviction/topology-spread-constraints)            |
 | `podSecurityContext:`        | `corev1.#PodSecurityContext`            | `{}`                           | [Kubernetes pod security context](https://kubernetes.io/docs/tasks/configure-pod-container/security-context)                                 |
 | `securityContext:`           | `corev1.#SecurityContext`               | `{}`                           | [Kubernetes container security context](https://kubernetes.io/docs/tasks/configure-pod-container/security-context)                           |
 | `test: enabled:`             | `bool`                                  | `false`                        | Run end-to-end tests at install and upgrades                                                                                                 |
 #### Recommended values
 Comply with the
 restricted [Kubernetes pod security standard](https://kubernetes.io/docs/concepts/security/pod-security-standards/):
 ```cue
 values: {
 	podSecurityContext: {
 		runAsUser:  100
 		runAsGroup: 101
 		fsGroup:    101
 	}
 	securityContext: {
 		allowPrivilegeEscalation: false
 		readOnlyRootFilesystem:   true
 		runAsNonRoot:             true
 		capabilities: drop: ["ALL"]
 		seccompProfile: type: "RuntimeDefault"
 	}
 }
 ```
 ### Autoscaling values
 | Key                         | Type     | Default       | Description                                                                                                  |
 |-----------------------------|----------|---------------|--------------------------------------------------------------------------------------------------------------|
 | `replicas:`                 | `int`    | `1`           | Number of pods when autoscaling is disabled                                                                  |
 | `autoscaling: enabled:`     | `bool`   | `false`       | Enable [Kubernetes HPA](https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/) creation |
 | `autoscaling: minReplicas:` | `int`    | `replicas`    | Minimum number of pods                                                                                       |
 | `autoscaling: maxReplicas:` | `int`    | `minReplicas` | Maximum number of pods                                                                                       |
 | `autoscaling: cpu:`         | `int`    | `99`          | CPU average utilization (percentage)                                                                         |
 | `autoscaling: memory:`      | `string` | `""`          | memory average value (e.g. `1024Mi`)                                                                         |
 ### Ingress values
 | Key                     | Type                  | Default         | Description                                                                                            |
 |-------------------------|-----------------------|-----------------|--------------------------------------------------------------------------------------------------------|
 | `service: port:`        | `int`                 | `80`            | Kubernetes Service ClusterIP port                                                                      |
 | `ingress: enabled:`     | `bool`                | `false`         | Enable [Kubernetes Ingress](https://kubernetes.io/docs/concepts/services-networking/ingress/) creation |
 | `ingress: tls:`         | `bool`                | `false`         | Enable TLS (requires cert-manager)                                                                     |
 | `ingress: host:`        | `string`              | `podinfo.local` | Ingress host                                                                                           |
 | `ingress: className:`   | `string`              | `""`            | Ingress class name                                                                                     |
 | `ingress: annotations:` | `{[ string]: string}` | `{}`            | Annotations applied to ingress                                                                         |
 ### Monitoring values
 | Key                     | Type   | Default | Description                                                                   |
 |-------------------------|--------|---------|-------------------------------------------------------------------------------|
 | `monitoring: enabled:`  | `bool` | `false` | Enable [Prometheus ServiceMonitor](https://prometheus-operator.dev/) creation |
 | `monitoring: interval:` | `int`  | `15`    | Prometheus scrape interval in seconds                                         |
 ### Cashing values
 | Key                  | Type     | Default | Description                                             |
 |----------------------|----------|---------|---------------------------------------------------------|
 | `caching: enabled:`  | `bool`   | `false` | Enable Redis caching                                    |
 | `caching: redisURL:` | `string` | `""`    | Redis URL in the format `tcp://:[password]@host[:port]` |
 ### UI values
 | Key            | Type     | Default   | Description      |
 |----------------|----------|-----------|------------------|
 | `ui: color:`   | `string` | `#34577c` | Background color |
 | `ui: message:` | `string` | `""`      | Greeting message |
 | `ui: backend:` | `string` | `""`      | Backend URL      |
--- a/timoni/podinfo/cue.mod/gen/k8s.io/api/admission/v1/register_go_gen.cue
+++ b/timoni/podinfo/cue.mod/gen/k8s.io/api/admission/v1/register_go_gen.cue
@@ -0,0 +1,7 @@
 // Code generated by cue get go. DO NOT EDIT.
 //cue:generate cue get go k8s.io/api/admission/v1
 package v1
 #GroupName: "admission.k8s.io"
--- a/timoni/podinfo/cue.mod/gen/k8s.io/api/admission/v1/types_go_gen.cue
+++ b/timoni/podinfo/cue.mod/gen/k8s.io/api/admission/v1/types_go_gen.cue
@@ -0,0 +1,172 @@
 // Code generated by cue get go. DO NOT EDIT.
 //cue:generate cue get go k8s.io/api/admission/v1
 package v1
 import (
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/types"
 	authenticationv1 "k8s.io/api/authentication/v1"
 	"k8s.io/apimachinery/pkg/runtime"
 )
 // AdmissionReview describes an admission review request/response.
 #AdmissionReview: {
 	metav1.#TypeMeta
 	// Request describes the attributes for the admission request.
 	// +optional
 	request?: null | #AdmissionRequest @go(Request,*AdmissionRequest) @protobuf(1,bytes,opt)
 	// Response describes the attributes for the admission response.
 	// +optional
 	response?: null | #AdmissionResponse @go(Response,*AdmissionResponse) @protobuf(2,bytes,opt)
 }
 // AdmissionRequest describes the admission.Attributes for the admission request.
 #AdmissionRequest: {
 	// UID is an identifier for the individual request/response. It allows us to distinguish instances of requests which are
 	// otherwise identical (parallel requests, requests when earlier requests did not modify etc)
 	// The UID is meant to track the round trip (request/response) between the KAS and the WebHook, not the user request.
 	// It is suitable for correlating log entries between the webhook and apiserver, for either auditing or debugging.
 	uid: types.#UID @go(UID) @protobuf(1,bytes,opt)
 	// Kind is the fully-qualified type of object being submitted (for example, v1.Pod or autoscaling.v1.Scale)
 	kind: metav1.#GroupVersionKind @go(Kind) @protobuf(2,bytes,opt)
 	// Resource is the fully-qualified resource being requested (for example, v1.pods)
 	resource: metav1.#GroupVersionResource @go(Resource) @protobuf(3,bytes,opt)
 	// SubResource is the subresource being requested, if any (for example, "status" or "scale")
 	// +optional
 	subResource?: string @go(SubResource) @protobuf(4,bytes,opt)
 	// RequestKind is the fully-qualified type of the original API request (for example, v1.Pod or autoscaling.v1.Scale).
 	// If this is specified and differs from the value in "kind", an equivalent match and conversion was performed.
 	//
 	// For example, if deployments can be modified via apps/v1 and apps/v1beta1, and a webhook registered a rule of
 	// `apiGroups:["apps"], apiVersions:["v1"], resources: ["deployments"]` and `matchPolicy: Equivalent`,
 	// an API request to apps/v1beta1 deployments would be converted and sent to the webhook
 	// with `kind: {group:"apps", version:"v1", kind:"Deployment"}` (matching the rule the webhook registered for),
 	// and `requestKind: {group:"apps", version:"v1beta1", kind:"Deployment"}` (indicating the kind of the original API request).
 	//
 	// See documentation for the "matchPolicy" field in the webhook configuration type for more details.
 	// +optional
 	requestKind?: null | metav1.#GroupVersionKind @go(RequestKind,*metav1.GroupVersionKind) @protobuf(13,bytes,opt)
 	// RequestResource is the fully-qualified resource of the original API request (for example, v1.pods).
 	// If this is specified and differs from the value in "resource", an equivalent match and conversion was performed.
 	//
 	// For example, if deployments can be modified via apps/v1 and apps/v1beta1, and a webhook registered a rule of
 	// `apiGroups:["apps"], apiVersions:["v1"], resources: ["deployments"]` and `matchPolicy: Equivalent`,
 	// an API request to apps/v1beta1 deployments would be converted and sent to the webhook
 	// with `resource: {group:"apps", version:"v1", resource:"deployments"}` (matching the resource the webhook registered for),
 	// and `requestResource: {group:"apps", version:"v1beta1", resource:"deployments"}` (indicating the resource of the original API request).
 	//
 	// See documentation for the "matchPolicy" field in the webhook configuration type.
 	// +optional
 	requestResource?: null | metav1.#GroupVersionResource @go(RequestResource,*metav1.GroupVersionResource) @protobuf(14,bytes,opt)
 	// RequestSubResource is the name of the subresource of the original API request, if any (for example, "status" or "scale")
 	// If this is specified and differs from the value in "subResource", an equivalent match and conversion was performed.
 	// See documentation for the "matchPolicy" field in the webhook configuration type.
 	// +optional
 	requestSubResource?: string @go(RequestSubResource) @protobuf(15,bytes,opt)
 	// Name is the name of the object as presented in the request.  On a CREATE operation, the client may omit name and
 	// rely on the server to generate the name.  If that is the case, this field will contain an empty string.
 	// +optional
 	name?: string @go(Name) @protobuf(5,bytes,opt)
 	// Namespace is the namespace associated with the request (if any).
 	// +optional
 	namespace?: string @go(Namespace) @protobuf(6,bytes,opt)
 	// Operation is the operation being performed. This may be different than the operation
 	// requested. e.g. a patch can result in either a CREATE or UPDATE Operation.
 	operation: #Operation @go(Operation) @protobuf(7,bytes,opt)
 	// UserInfo is information about the requesting user
 	userInfo: authenticationv1.#UserInfo @go(UserInfo) @protobuf(8,bytes,opt)
 	// Object is the object from the incoming request.
 	// +optional
 	object?: runtime.#RawExtension @go(Object) @protobuf(9,bytes,opt)
 	// OldObject is the existing object. Only populated for DELETE and UPDATE requests.
 	// +optional
 	oldObject?: runtime.#RawExtension @go(OldObject) @protobuf(10,bytes,opt)
 	// DryRun indicates that modifications will definitely not be persisted for this request.
 	// Defaults to false.
 	// +optional
 	dryRun?: null | bool @go(DryRun,*bool) @protobuf(11,varint,opt)
 	// Options is the operation option structure of the operation being performed.
 	// e.g. `meta.k8s.io/v1.DeleteOptions` or `meta.k8s.io/v1.CreateOptions`. This may be
 	// different than the options the caller provided. e.g. for a patch request the performed
 	// Operation might be a CREATE, in which case the Options will a
 	// `meta.k8s.io/v1.CreateOptions` even though the caller provided `meta.k8s.io/v1.PatchOptions`.
 	// +optional
 	options?: runtime.#RawExtension @go(Options) @protobuf(12,bytes,opt)
 }
 // AdmissionResponse describes an admission response.
 #AdmissionResponse: {
 	// UID is an identifier for the individual request/response.
 	// This must be copied over from the corresponding AdmissionRequest.
 	uid: types.#UID @go(UID) @protobuf(1,bytes,opt)
 	// Allowed indicates whether or not the admission request was permitted.
 	allowed: bool @go(Allowed) @protobuf(2,varint,opt)
 	// Result contains extra details into why an admission request was denied.
 	// This field IS NOT consulted in any way if "Allowed" is "true".
 	// +optional
 	status?: null | metav1.#Status @go(Result,*metav1.Status) @protobuf(3,bytes,opt)
 	// The patch body. Currently we only support "JSONPatch" which implements RFC 6902.
 	// +optional
 	patch?: bytes @go(Patch,[]byte) @protobuf(4,bytes,opt)
 	// The type of Patch. Currently we only allow "JSONPatch".
 	// +optional
 	patchType?: null | #PatchType @go(PatchType,*PatchType) @protobuf(5,bytes,opt)
 	// AuditAnnotations is an unstructured key value map set by remote admission controller (e.g. error=image-blacklisted).
 	// MutatingAdmissionWebhook and ValidatingAdmissionWebhook admission controller will prefix the keys with
 	// admission webhook name (e.g. imagepolicy.example.com/error=image-blacklisted). AuditAnnotations will be provided by
 	// the admission webhook to add additional context to the audit log for this request.
 	// +optional
 	auditAnnotations?: {[string]: string} @go(AuditAnnotations,map[string]string) @protobuf(6,bytes,opt)
 	// warnings is a list of warning messages to return to the requesting API client.
 	// Warning messages describe a problem the client making the API request should correct or be aware of.
 	// Limit warnings to 120 characters if possible.
 	// Warnings over 256 characters and large numbers of warnings may be truncated.
 	// +optional
 	warnings?: [...string] @go(Warnings,[]string) @protobuf(7,bytes,rep)
 }
 // PatchType is the type of patch being used to represent the mutated object
 #PatchType: string // #enumPatchType
 #enumPatchType:
 	#PatchTypeJSONPatch
 #PatchTypeJSONPatch: #PatchType & "JSONPatch"
 // Operation is the type of resource operation being checked for admission control
 #Operation: string // #enumOperation
 #enumOperation:
 	#Create |
 	#Update |
 	#Delete |
 	#Connect
 #Create:  #Operation & "CREATE"
 #Update:  #Operation & "UPDATE"
 #Delete:  #Operation & "DELETE"
 #Connect: #Operation & "CONNECT"
--- a/timoni/podinfo/cue.mod/gen/k8s.io/api/admissionregistration/v1/doc_go_gen.cue
+++ b/timoni/podinfo/cue.mod/gen/k8s.io/api/admissionregistration/v1/doc_go_gen.cue
@@ -0,0 +1,9 @@
 // Code generated by cue get go. DO NOT EDIT.
 //cue:generate cue get go k8s.io/api/admissionregistration/v1
 // Package v1 is the v1 version of the API.
 // AdmissionConfiguration and AdmissionPluginConfiguration are legacy static admission plugin configuration
 // MutatingWebhookConfiguration and ValidatingWebhookConfiguration are for the
 // new dynamic admission controller configuration.
 package v1
--- a/timoni/podinfo/cue.mod/gen/k8s.io/api/admissionregistration/v1/register_go_gen.cue
+++ b/timoni/podinfo/cue.mod/gen/k8s.io/api/admissionregistration/v1/register_go_gen.cue
@@ -0,0 +1,7 @@
 // Code generated by cue get go. DO NOT EDIT.
 //cue:generate cue get go k8s.io/api/admissionregistration/v1
 package v1
 #GroupName: "admissionregistration.k8s.io"
--- a/timoni/podinfo/cue.mod/gen/k8s.io/api/admissionregistration/v1/types_go_gen.cue
+++ b/timoni/podinfo/cue.mod/gen/k8s.io/api/admissionregistration/v1/types_go_gen.cue
@@ -0,0 +1,645 @@
 // Code generated by cue get go. DO NOT EDIT.
 //cue:generate cue get go k8s.io/api/admissionregistration/v1
 package v1
 import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 // Rule is a tuple of APIGroups, APIVersion, and Resources.It is recommended
 // to make sure that all the tuple expansions are valid.
 #Rule: {
 	// APIGroups is the API groups the resources belong to. '*' is all groups.
 	// If '*' is present, the length of the slice must be one.
 	// Required.
 	// +listType=atomic
 	apiGroups?: [...string] @go(APIGroups,[]string) @protobuf(1,bytes,rep)
 	// APIVersions is the API versions the resources belong to. '*' is all versions.
 	// If '*' is present, the length of the slice must be one.
 	// Required.
 	// +listType=atomic
 	apiVersions?: [...string] @go(APIVersions,[]string) @protobuf(2,bytes,rep)
 	// Resources is a list of resources this rule applies to.
 	//
 	// For example:
 	// 'pods' means pods.
 	// 'pods/log' means the log subresource of pods.
 	// '*' means all resources, but not subresources.
 	// 'pods/*' means all subresources of pods.
 	// '*/scale' means all scale subresources.
 	// '*/*' means all resources and their subresources.
 	//
 	// If wildcard is present, the validation rule will ensure resources do not
 	// overlap with each other.
 	//
 	// Depending on the enclosing object, subresources might not be allowed.
 	// Required.
 	// +listType=atomic
 	resources?: [...string] @go(Resources,[]string) @protobuf(3,bytes,rep)
 	// scope specifies the scope of this rule.
 	// Valid values are "Cluster", "Namespaced", and "*"
 	// "Cluster" means that only cluster-scoped resources will match this rule.
 	// Namespace API objects are cluster-scoped.
 	// "Namespaced" means that only namespaced resources will match this rule.
 	// "*" means that there are no scope restrictions.
 	// Subresources match the scope of their parent resource.
 	// Default is "*".
 	//
 	// +optional
 	scope?: null | #ScopeType @go(Scope,*ScopeType) @protobuf(4,bytes,rep)
 }
 // ScopeType specifies a scope for a Rule.
 // +enum
 #ScopeType: string // #enumScopeType
 #enumScopeType:
 	#ClusterScope |
 	#NamespacedScope |
 	#AllScopes
 // ClusterScope means that scope is limited to cluster-scoped objects.
 // Namespace objects are cluster-scoped.
 #ClusterScope: #ScopeType & "Cluster"
 // NamespacedScope means that scope is limited to namespaced objects.
 #NamespacedScope: #ScopeType & "Namespaced"
 // AllScopes means that all scopes are included.
 #AllScopes: #ScopeType & "*"
 // FailurePolicyType specifies a failure policy that defines how unrecognized errors from the admission endpoint are handled.
 // +enum
 #FailurePolicyType: string // #enumFailurePolicyType
 #enumFailurePolicyType:
 	#Ignore |
 	#Fail
 // Ignore means that an error calling the webhook is ignored.
 #Ignore: #FailurePolicyType & "Ignore"
 // Fail means that an error calling the webhook causes the admission to fail.
 #Fail: #FailurePolicyType & "Fail"
 // MatchPolicyType specifies the type of match policy.
 // +enum
 #MatchPolicyType: string // #enumMatchPolicyType
 #enumMatchPolicyType:
 	#Exact |
 	#Equivalent
 // Exact means requests should only be sent to the webhook if they exactly match a given rule.
 #Exact: #MatchPolicyType & "Exact"
 // Equivalent means requests should be sent to the webhook if they modify a resource listed in rules via another API group or version.
 #Equivalent: #MatchPolicyType & "Equivalent"
 // SideEffectClass specifies the types of side effects a webhook may have.
 // +enum
 #SideEffectClass: string // #enumSideEffectClass
 #enumSideEffectClass:
 	#SideEffectClassUnknown |
 	#SideEffectClassNone |
 	#SideEffectClassSome |
 	#SideEffectClassNoneOnDryRun
 // SideEffectClassUnknown means that no information is known about the side effects of calling the webhook.
 // If a request with the dry-run attribute would trigger a call to this webhook, the request will instead fail.
 #SideEffectClassUnknown: #SideEffectClass & "Unknown"
 // SideEffectClassNone means that calling the webhook will have no side effects.
 #SideEffectClassNone: #SideEffectClass & "None"
 // SideEffectClassSome means that calling the webhook will possibly have side effects.
 // If a request with the dry-run attribute would trigger a call to this webhook, the request will instead fail.
 #SideEffectClassSome: #SideEffectClass & "Some"
 // SideEffectClassNoneOnDryRun means that calling the webhook will possibly have side effects, but if the
 // request being reviewed has the dry-run attribute, the side effects will be suppressed.
 #SideEffectClassNoneOnDryRun: #SideEffectClass & "NoneOnDryRun"
 // ValidatingWebhookConfiguration describes the configuration of and admission webhook that accept or reject and object without changing it.
 #ValidatingWebhookConfiguration: {
 	metav1.#TypeMeta
 	// Standard object metadata; More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata.
 	// +optional
 	metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt)
 	// Webhooks is a list of webhooks and the affected resources and operations.
 	// +optional
 	// +patchMergeKey=name
 	// +patchStrategy=merge
 	webhooks?: [...#ValidatingWebhook] @go(Webhooks,[]ValidatingWebhook) @protobuf(2,bytes,rep,name=Webhooks)
 }
 // ValidatingWebhookConfigurationList is a list of ValidatingWebhookConfiguration.
 #ValidatingWebhookConfigurationList: {
 	metav1.#TypeMeta
 	// Standard list metadata.
 	// More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
 	// +optional
 	metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt)
 	// List of ValidatingWebhookConfiguration.
 	items: [...#ValidatingWebhookConfiguration] @go(Items,[]ValidatingWebhookConfiguration) @protobuf(2,bytes,rep)
 }
 // MutatingWebhookConfiguration describes the configuration of and admission webhook that accept or reject and may change the object.
 #MutatingWebhookConfiguration: {
 	metav1.#TypeMeta
 	// Standard object metadata; More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata.
 	// +optional
 	metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt)
 	// Webhooks is a list of webhooks and the affected resources and operations.
 	// +optional
 	// +patchMergeKey=name
 	// +patchStrategy=merge
 	webhooks?: [...#MutatingWebhook] @go(Webhooks,[]MutatingWebhook) @protobuf(2,bytes,rep,name=Webhooks)
 }
 // MutatingWebhookConfigurationList is a list of MutatingWebhookConfiguration.
 #MutatingWebhookConfigurationList: {
 	metav1.#TypeMeta
 	// Standard list metadata.
 	// More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
 	// +optional
 	metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt)
 	// List of MutatingWebhookConfiguration.
 	items: [...#MutatingWebhookConfiguration] @go(Items,[]MutatingWebhookConfiguration) @protobuf(2,bytes,rep)
 }
 // ValidatingWebhook describes an admission webhook and the resources and operations it applies to.
 #ValidatingWebhook: {
 	// The name of the admission webhook.
 	// Name should be fully qualified, e.g., imagepolicy.kubernetes.io, where
 	// "imagepolicy" is the name of the webhook, and kubernetes.io is the name
 	// of the organization.
 	// Required.
 	name: string @go(Name) @protobuf(1,bytes,opt)
 	// ClientConfig defines how to communicate with the hook.
 	// Required
 	clientConfig: #WebhookClientConfig @go(ClientConfig) @protobuf(2,bytes,opt)
 	// Rules describes what operations on what resources/subresources the webhook cares about.
 	// The webhook cares about an operation if it matches _any_ Rule.
 	// However, in order to prevent ValidatingAdmissionWebhooks and MutatingAdmissionWebhooks
 	// from putting the cluster in a state which cannot be recovered from without completely
 	// disabling the plugin, ValidatingAdmissionWebhooks and MutatingAdmissionWebhooks are never called
 	// on admission requests for ValidatingWebhookConfiguration and MutatingWebhookConfiguration objects.
 	rules?: [...#RuleWithOperations] @go(Rules,[]RuleWithOperations) @protobuf(3,bytes,rep)
 	// FailurePolicy defines how unrecognized errors from the admission endpoint are handled -
 	// allowed values are Ignore or Fail. Defaults to Fail.
 	// +optional
 	failurePolicy?: null | #FailurePolicyType @go(FailurePolicy,*FailurePolicyType) @protobuf(4,bytes,opt,casttype=FailurePolicyType)
 	// matchPolicy defines how the "rules" list is used to match incoming requests.
 	// Allowed values are "Exact" or "Equivalent".
 	//
 	// - Exact: match a request only if it exactly matches a specified rule.
 	// For example, if deployments can be modified via apps/v1, apps/v1beta1, and extensions/v1beta1,
 	// but "rules" only included `apiGroups:["apps"], apiVersions:["v1"], resources: ["deployments"]`,
 	// a request to apps/v1beta1 or extensions/v1beta1 would not be sent to the webhook.
 	//
 	// - Equivalent: match a request if modifies a resource listed in rules, even via another API group or version.
 	// For example, if deployments can be modified via apps/v1, apps/v1beta1, and extensions/v1beta1,
 	// and "rules" only included `apiGroups:["apps"], apiVersions:["v1"], resources: ["deployments"]`,
 	// a request to apps/v1beta1 or extensions/v1beta1 would be converted to apps/v1 and sent to the webhook.
 	//
 	// Defaults to "Equivalent"
 	// +optional
 	matchPolicy?: null | #MatchPolicyType @go(MatchPolicy,*MatchPolicyType) @protobuf(9,bytes,opt,casttype=MatchPolicyType)
 	// NamespaceSelector decides whether to run the webhook on an object based
 	// on whether the namespace for that object matches the selector. If the
 	// object itself is a namespace, the matching is performed on
 	// object.metadata.labels. If the object is another cluster scoped resource,
 	// it never skips the webhook.
 	//
 	// For example, to run the webhook on any objects whose namespace is not
 	// associated with "runlevel" of "0" or "1";  you will set the selector as
 	// follows:
 	// "namespaceSelector": {
 	//   "matchExpressions": [
 	//     {
 	//       "key": "runlevel",
 	//       "operator": "NotIn",
 	//       "values": [
 	//         "0",
 	//         "1"
 	//       ]
 	//     }
 	//   ]
 	// }
 	//
 	// If instead you want to only run the webhook on any objects whose
 	// namespace is associated with the "environment" of "prod" or "staging";
 	// you will set the selector as follows:
 	// "namespaceSelector": {
 	//   "matchExpressions": [
 	//     {
 	//       "key": "environment",
 	//       "operator": "In",
 	//       "values": [
 	//         "prod",
 	//         "staging"
 	//       ]
 	//     }
 	//   ]
 	// }
 	//
 	// See
 	// https://kubernetes.io/docs/concepts/overview/working-with-objects/labels
 	// for more examples of label selectors.
 	//
 	// Default to the empty LabelSelector, which matches everything.
 	// +optional
 	namespaceSelector?: null | metav1.#LabelSelector @go(NamespaceSelector,*metav1.LabelSelector) @protobuf(5,bytes,opt)
 	// ObjectSelector decides whether to run the webhook based on if the
 	// object has matching labels. objectSelector is evaluated against both
 	// the oldObject and newObject that would be sent to the webhook, and
 	// is considered to match if either object matches the selector. A null
 	// object (oldObject in the case of create, or newObject in the case of
 	// delete) or an object that cannot have labels (like a
 	// DeploymentRollback or a PodProxyOptions object) is not considered to
 	// match.
 	// Use the object selector only if the webhook is opt-in, because end
 	// users may skip the admission webhook by setting the labels.
 	// Default to the empty LabelSelector, which matches everything.
 	// +optional
 	objectSelector?: null | metav1.#LabelSelector @go(ObjectSelector,*metav1.LabelSelector) @protobuf(10,bytes,opt)
 	// SideEffects states whether this webhook has side effects.
 	// Acceptable values are: None, NoneOnDryRun (webhooks created via v1beta1 may also specify Some or Unknown).
 	// Webhooks with side effects MUST implement a reconciliation system, since a request may be
 	// rejected by a future step in the admission chain and the side effects therefore need to be undone.
 	// Requests with the dryRun attribute will be auto-rejected if they match a webhook with
 	// sideEffects == Unknown or Some.
 	sideEffects?: null | #SideEffectClass @go(SideEffects,*SideEffectClass) @protobuf(6,bytes,opt,casttype=SideEffectClass)
 	// TimeoutSeconds specifies the timeout for this webhook. After the timeout passes,
 	// the webhook call will be ignored or the API call will fail based on the
 	// failure policy.
 	// The timeout value must be between 1 and 30 seconds.
 	// Default to 10 seconds.
 	// +optional
 	timeoutSeconds?: null | int32 @go(TimeoutSeconds,*int32) @protobuf(7,varint,opt)
 	// AdmissionReviewVersions is an ordered list of preferred `AdmissionReview`
 	// versions the Webhook expects. API server will try to use first version in
 	// the list which it supports. If none of the versions specified in this list
 	// supported by API server, validation will fail for this object.
 	// If a persisted webhook configuration specifies allowed versions and does not
 	// include any versions known to the API Server, calls to the webhook will fail
 	// and be subject to the failure policy.
 	admissionReviewVersions: [...string] @go(AdmissionReviewVersions,[]string) @protobuf(8,bytes,rep)
 	// MatchConditions is a list of conditions that must be met for a request to be sent to this
 	// webhook. Match conditions filter requests that have already been matched by the rules,
 	// namespaceSelector, and objectSelector. An empty list of matchConditions matches all requests.
 	// There are a maximum of 64 match conditions allowed.
 	//
 	// The exact matching logic is (in order):
 	//   1. If ANY matchCondition evaluates to FALSE, the webhook is skipped.
 	//   2. If ALL matchConditions evaluate to TRUE, the webhook is called.
 	//   3. If any matchCondition evaluates to an error (but none are FALSE):
 	//      - If failurePolicy=Fail, reject the request
 	//      - If failurePolicy=Ignore, the error is ignored and the webhook is skipped
 	//
 	// This is a beta feature and managed by the AdmissionWebhookMatchConditions feature gate.
 	//
 	// +patchMergeKey=name
 	// +patchStrategy=merge
 	// +listType=map
 	// +listMapKey=name
 	// +featureGate=AdmissionWebhookMatchConditions
 	// +optional
 	matchConditions?: [...#MatchCondition] @go(MatchConditions,[]MatchCondition) @protobuf(11,bytes,opt)
 }
 // MutatingWebhook describes an admission webhook and the resources and operations it applies to.
 #MutatingWebhook: {
 	// The name of the admission webhook.
 	// Name should be fully qualified, e.g., imagepolicy.kubernetes.io, where
 	// "imagepolicy" is the name of the webhook, and kubernetes.io is the name
 	// of the organization.
 	// Required.
 	name: string @go(Name) @protobuf(1,bytes,opt)
 	// ClientConfig defines how to communicate with the hook.
 	// Required
 	clientConfig: #WebhookClientConfig @go(ClientConfig) @protobuf(2,bytes,opt)
 	// Rules describes what operations on what resources/subresources the webhook cares about.
 	// The webhook cares about an operation if it matches _any_ Rule.
 	// However, in order to prevent ValidatingAdmissionWebhooks and MutatingAdmissionWebhooks
 	// from putting the cluster in a state which cannot be recovered from without completely
 	// disabling the plugin, ValidatingAdmissionWebhooks and MutatingAdmissionWebhooks are never called
 	// on admission requests for ValidatingWebhookConfiguration and MutatingWebhookConfiguration objects.
 	rules?: [...#RuleWithOperations] @go(Rules,[]RuleWithOperations) @protobuf(3,bytes,rep)
 	// FailurePolicy defines how unrecognized errors from the admission endpoint are handled -
 	// allowed values are Ignore or Fail. Defaults to Fail.
 	// +optional
 	failurePolicy?: null | #FailurePolicyType @go(FailurePolicy,*FailurePolicyType) @protobuf(4,bytes,opt,casttype=FailurePolicyType)
 	// matchPolicy defines how the "rules" list is used to match incoming requests.
 	// Allowed values are "Exact" or "Equivalent".
 	//
 	// - Exact: match a request only if it exactly matches a specified rule.
 	// For example, if deployments can be modified via apps/v1, apps/v1beta1, and extensions/v1beta1,
 	// but "rules" only included `apiGroups:["apps"], apiVersions:["v1"], resources: ["deployments"]`,
 	// a request to apps/v1beta1 or extensions/v1beta1 would not be sent to the webhook.
 	//
 	// - Equivalent: match a request if modifies a resource listed in rules, even via another API group or version.
 	// For example, if deployments can be modified via apps/v1, apps/v1beta1, and extensions/v1beta1,
 	// and "rules" only included `apiGroups:["apps"], apiVersions:["v1"], resources: ["deployments"]`,
 	// a request to apps/v1beta1 or extensions/v1beta1 would be converted to apps/v1 and sent to the webhook.
 	//
 	// Defaults to "Equivalent"
 	// +optional
 	matchPolicy?: null | #MatchPolicyType @go(MatchPolicy,*MatchPolicyType) @protobuf(9,bytes,opt,casttype=MatchPolicyType)
 	// NamespaceSelector decides whether to run the webhook on an object based
 	// on whether the namespace for that object matches the selector. If the
 	// object itself is a namespace, the matching is performed on
 	// object.metadata.labels. If the object is another cluster scoped resource,
 	// it never skips the webhook.
 	//
 	// For example, to run the webhook on any objects whose namespace is not
 	// associated with "runlevel" of "0" or "1";  you will set the selector as
 	// follows:
 	// "namespaceSelector": {
 	//   "matchExpressions": [
 	//     {
 	//       "key": "runlevel",
 	//       "operator": "NotIn",
 	//       "values": [
 	//         "0",
 	//         "1"
 	//       ]
 	//     }
 	//   ]
 	// }
 	//
 	// If instead you want to only run the webhook on any objects whose
 	// namespace is associated with the "environment" of "prod" or "staging";
 	// you will set the selector as follows:
 	// "namespaceSelector": {
 	//   "matchExpressions": [
 	//     {
 	//       "key": "environment",
 	//       "operator": "In",
 	//       "values": [
 	//         "prod",
 	//         "staging"
 	//       ]
 	//     }
 	//   ]
 	// }
 	//
 	// See
 	// https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/
 	// for more examples of label selectors.
 	//
 	// Default to the empty LabelSelector, which matches everything.
 	// +optional
 	namespaceSelector?: null | metav1.#LabelSelector @go(NamespaceSelector,*metav1.LabelSelector) @protobuf(5,bytes,opt)
 	// ObjectSelector decides whether to run the webhook based on if the
 	// object has matching labels. objectSelector is evaluated against both
 	// the oldObject and newObject that would be sent to the webhook, and
 	// is considered to match if either object matches the selector. A null
 	// object (oldObject in the case of create, or newObject in the case of
 	// delete) or an object that cannot have labels (like a
 	// DeploymentRollback or a PodProxyOptions object) is not considered to
 	// match.
 	// Use the object selector only if the webhook is opt-in, because end
 	// users may skip the admission webhook by setting the labels.
 	// Default to the empty LabelSelector, which matches everything.
 	// +optional
 	objectSelector?: null | metav1.#LabelSelector @go(ObjectSelector,*metav1.LabelSelector) @protobuf(11,bytes,opt)
 	// SideEffects states whether this webhook has side effects.
 	// Acceptable values are: None, NoneOnDryRun (webhooks created via v1beta1 may also specify Some or Unknown).
 	// Webhooks with side effects MUST implement a reconciliation system, since a request may be
 	// rejected by a future step in the admission chain and the side effects therefore need to be undone.
 	// Requests with the dryRun attribute will be auto-rejected if they match a webhook with
 	// sideEffects == Unknown or Some.
 	sideEffects?: null | #SideEffectClass @go(SideEffects,*SideEffectClass) @protobuf(6,bytes,opt,casttype=SideEffectClass)
 	// TimeoutSeconds specifies the timeout for this webhook. After the timeout passes,
 	// the webhook call will be ignored or the API call will fail based on the
 	// failure policy.
 	// The timeout value must be between 1 and 30 seconds.
 	// Default to 10 seconds.
 	// +optional
 	timeoutSeconds?: null | int32 @go(TimeoutSeconds,*int32) @protobuf(7,varint,opt)
 	// AdmissionReviewVersions is an ordered list of preferred `AdmissionReview`
 	// versions the Webhook expects. API server will try to use first version in
 	// the list which it supports. If none of the versions specified in this list
 	// supported by API server, validation will fail for this object.
 	// If a persisted webhook configuration specifies allowed versions and does not
 	// include any versions known to the API Server, calls to the webhook will fail
 	// and be subject to the failure policy.
 	admissionReviewVersions: [...string] @go(AdmissionReviewVersions,[]string) @protobuf(8,bytes,rep)
 	// reinvocationPolicy indicates whether this webhook should be called multiple times as part of a single admission evaluation.
 	// Allowed values are "Never" and "IfNeeded".
 	//
 	// Never: the webhook will not be called more than once in a single admission evaluation.
 	//
 	// IfNeeded: the webhook will be called at least one additional time as part of the admission evaluation
 	// if the object being admitted is modified by other admission plugins after the initial webhook call.
 	// Webhooks that specify this option *must* be idempotent, able to process objects they previously admitted.
 	// Note:
 	// * the number of additional invocations is not guaranteed to be exactly one.
 	// * if additional invocations result in further modifications to the object, webhooks are not guaranteed to be invoked again.
 	// * webhooks that use this option may be reordered to minimize the number of additional invocations.
 	// * to validate an object after all mutations are guaranteed complete, use a validating admission webhook instead.
 	//
 	// Defaults to "Never".
 	// +optional
 	reinvocationPolicy?: null | #ReinvocationPolicyType @go(ReinvocationPolicy,*ReinvocationPolicyType) @protobuf(10,bytes,opt,casttype=ReinvocationPolicyType)
 	// MatchConditions is a list of conditions that must be met for a request to be sent to this
 	// webhook. Match conditions filter requests that have already been matched by the rules,
 	// namespaceSelector, and objectSelector. An empty list of matchConditions matches all requests.
 	// There are a maximum of 64 match conditions allowed.
 	//
 	// The exact matching logic is (in order):
 	//   1. If ANY matchCondition evaluates to FALSE, the webhook is skipped.
 	//   2. If ALL matchConditions evaluate to TRUE, the webhook is called.
 	//   3. If any matchCondition evaluates to an error (but none are FALSE):
 	//      - If failurePolicy=Fail, reject the request
 	//      - If failurePolicy=Ignore, the error is ignored and the webhook is skipped
 	//
 	// This is a beta feature and managed by the AdmissionWebhookMatchConditions feature gate.
 	//
 	// +patchMergeKey=name
 	// +patchStrategy=merge
 	// +listType=map
 	// +listMapKey=name
 	// +featureGate=AdmissionWebhookMatchConditions
 	// +optional
 	matchConditions?: [...#MatchCondition] @go(MatchConditions,[]MatchCondition) @protobuf(12,bytes,opt)
 }
 // ReinvocationPolicyType specifies what type of policy the admission hook uses.
 // +enum
 #ReinvocationPolicyType: string // #enumReinvocationPolicyType
 #enumReinvocationPolicyType:
 	#NeverReinvocationPolicy |
 	#IfNeededReinvocationPolicy
 // NeverReinvocationPolicy indicates that the webhook must not be called more than once in a
 // single admission evaluation.
 #NeverReinvocationPolicy: #ReinvocationPolicyType & "Never"
 // IfNeededReinvocationPolicy indicates that the webhook may be called at least one
 // additional time as part of the admission evaluation if the object being admitted is
 // modified by other admission plugins after the initial webhook call.
 #IfNeededReinvocationPolicy: #ReinvocationPolicyType & "IfNeeded"
 // RuleWithOperations is a tuple of Operations and Resources. It is recommended to make
 // sure that all the tuple expansions are valid.
 #RuleWithOperations: {
 	// Operations is the operations the admission hook cares about - CREATE, UPDATE, DELETE, CONNECT or *
 	// for all of those operations and any future admission operations that are added.
 	// If '*' is present, the length of the slice must be one.
 	// Required.
 	// +listType=atomic
 	operations?: [...#OperationType] @go(Operations,[]OperationType) @protobuf(1,bytes,rep,casttype=OperationType)
 	#Rule
 }
 // OperationType specifies an operation for a request.
 // +enum
 #OperationType: string // #enumOperationType
 #enumOperationType:
 	#OperationAll |
 	#Create |
 	#Update |
 	#Delete |
 	#Connect
 #OperationAll: #OperationType & "*"
 #Create:       #OperationType & "CREATE"
 #Update:       #OperationType & "UPDATE"
 #Delete:       #OperationType & "DELETE"
 #Connect:      #OperationType & "CONNECT"
 // WebhookClientConfig contains the information to make a TLS
 // connection with the webhook
 #WebhookClientConfig: {
 	// `url` gives the location of the webhook, in standard URL form
 	// (`scheme://host:port/path`). Exactly one of `url` or `service`
 	// must be specified.
 	//
 	// The `host` should not refer to a service running in the cluster; use
 	// the `service` field instead. The host might be resolved via external
 	// DNS in some apiservers (e.g., `kube-apiserver` cannot resolve
 	// in-cluster DNS as that would be a layering violation). `host` may
 	// also be an IP address.
 	//
 	// Please note that using `localhost` or `127.0.0.1` as a `host` is
 	// risky unless you take great care to run this webhook on all hosts
 	// which run an apiserver which might need to make calls to this
 	// webhook. Such installs are likely to be non-portable, i.e., not easy
 	// to turn up in a new cluster.
 	//
 	// The scheme must be "https"; the URL must begin with "https://".
 	//
 	// A path is optional, and if present may be any string permissible in
 	// a URL. You may use the path to pass an arbitrary string to the
 	// webhook, for example, a cluster identifier.
 	//
 	// Attempting to use a user or basic auth e.g. "user:password@" is not
 	// allowed. Fragments ("#...") and query parameters ("?...") are not
 	// allowed, either.
 	//
 	// +optional
 	url?: null | string @go(URL,*string) @protobuf(3,bytes,opt)
 	// `service` is a reference to the service for this webhook. Either
 	// `service` or `url` must be specified.
 	//
 	// If the webhook is running within the cluster, then you should use `service`.
 	//
 	// +optional
 	service?: null | #ServiceReference @go(Service,*ServiceReference) @protobuf(1,bytes,opt)
 	// `caBundle` is a PEM encoded CA bundle which will be used to validate the webhook's server certificate.
 	// If unspecified, system trust roots on the apiserver are used.
 	// +optional
 	caBundle?: bytes @go(CABundle,[]byte) @protobuf(2,bytes,opt)
 }
 // ServiceReference holds a reference to Service.legacy.k8s.io
 #ServiceReference: {
 	// `namespace` is the namespace of the service.
 	// Required
 	namespace: string @go(Namespace) @protobuf(1,bytes,opt)
 	// `name` is the name of the service.
 	// Required
 	name: string @go(Name) @protobuf(2,bytes,opt)
 	// `path` is an optional URL path which will be sent in any request to
 	// this service.
 	// +optional
 	path?: null | string @go(Path,*string) @protobuf(3,bytes,opt)
 	// If specified, the port on the service that hosting webhook.
 	// Default to 443 for backward compatibility.
 	// `port` should be a valid port number (1-65535, inclusive).
 	// +optional
 	port?: null | int32 @go(Port,*int32) @protobuf(4,varint,opt)
 }
 // MatchCondition represents a condition which must by fulfilled for a request to be sent to a webhook.
 #MatchCondition: {
 	// Name is an identifier for this match condition, used for strategic merging of MatchConditions,
 	// as well as providing an identifier for logging purposes. A good name should be descriptive of
 	// the associated expression.
 	// Name must be a qualified name consisting of alphanumeric characters, '-', '_' or '.', and
 	// must start and end with an alphanumeric character (e.g. 'MyName',  or 'my.name',  or
 	// '123-abc', regex used for validation is '([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9]') with an
 	// optional DNS subdomain prefix and '/' (e.g. 'example.com/MyName')
 	//
 	// Required.
 	name: string @go(Name) @protobuf(1,bytes,opt)
 	// Expression represents the expression which will be evaluated by CEL. Must evaluate to bool.
 	// CEL expressions have access to the contents of the AdmissionRequest and Authorizer, organized into CEL variables:
 	//
 	// 'object' - The object from the incoming request. The value is null for DELETE requests.
 	// 'oldObject' - The existing object. The value is null for CREATE requests.
 	// 'request' - Attributes of the admission request(/pkg/apis/admission/types.go#AdmissionRequest).
 	// 'authorizer' - A CEL Authorizer. May be used to perform authorization checks for the principal (user or service account) of the request.
 	//   See https://pkg.go.dev/k8s.io/apiserver/pkg/cel/library#Authz
 	// 'authorizer.requestResource' - A CEL ResourceCheck constructed from the 'authorizer' and configured with the
 	//   request resource.
 	// Documentation on CEL: https://kubernetes.io/docs/reference/using-api/cel/
 	//
 	// Required.
 	expression: string @go(Expression) @protobuf(2,bytes,opt)
 }
--- a/timoni/podinfo/cue.mod/gen/k8s.io/api/apps/v1/register_go_gen.cue
+++ b/timoni/podinfo/cue.mod/gen/k8s.io/api/apps/v1/register_go_gen.cue
@@ -0,0 +1,7 @@
 // Code generated by cue get go. DO NOT EDIT.
 //cue:generate cue get go k8s.io/api/apps/v1
 package v1
 #GroupName: "apps"
--- a/timoni/podinfo/cue.mod/gen/k8s.io/api/apps/v1/types_go_gen.cue
+++ b/timoni/podinfo/cue.mod/gen/k8s.io/api/apps/v1/types_go_gen.cue
@@ -0,0 +1,946 @@
 // Code generated by cue get go. DO NOT EDIT.
 //cue:generate cue get go k8s.io/api/apps/v1
 package v1
 import (
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/util/intstr"
 	"k8s.io/api/core/v1"
 	"k8s.io/apimachinery/pkg/runtime"
 )
 #ControllerRevisionHashLabelKey: "controller-revision-hash"
 #StatefulSetRevisionLabel:       "controller-revision-hash"
 #DeprecatedRollbackTo:           "deprecated.deployment.rollback.to"
 #DeprecatedTemplateGeneration:   "deprecated.daemonset.template.generation"
 #StatefulSetPodNameLabel:        "statefulset.kubernetes.io/pod-name"
 #PodIndexLabel:                  "apps.kubernetes.io/pod-index"
 // StatefulSet represents a set of pods with consistent identities.
 // Identities are defined as:
 //   - Network: A single stable DNS and hostname.
 //   - Storage: As many VolumeClaims as requested.
 //
 // The StatefulSet guarantees that a given network identity will always
 // map to the same storage identity.
 #StatefulSet: {
 	metav1.#TypeMeta
 	// Standard object's metadata.
 	// More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
 	// +optional
 	metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt)
 	// Spec defines the desired identities of pods in this set.
 	// +optional
 	spec?: #StatefulSetSpec @go(Spec) @protobuf(2,bytes,opt)
 	// Status is the current status of Pods in this StatefulSet. This data
 	// may be out of date by some window of time.
 	// +optional
 	status?: #StatefulSetStatus @go(Status) @protobuf(3,bytes,opt)
 }
 // PodManagementPolicyType defines the policy for creating pods under a stateful set.
 // +enum
 #PodManagementPolicyType: string // #enumPodManagementPolicyType
 #enumPodManagementPolicyType:
 	#OrderedReadyPodManagement |
 	#ParallelPodManagement
 // OrderedReadyPodManagement will create pods in strictly increasing order on
 // scale up and strictly decreasing order on scale down, progressing only when
 // the previous pod is ready or terminated. At most one pod will be changed
 // at any time.
 #OrderedReadyPodManagement: #PodManagementPolicyType & "OrderedReady"
 // ParallelPodManagement will create and delete pods as soon as the stateful set
 // replica count is changed, and will not wait for pods to be ready or complete
 // termination.
 #ParallelPodManagement: #PodManagementPolicyType & "Parallel"
 // StatefulSetUpdateStrategy indicates the strategy that the StatefulSet
 // controller will use to perform updates. It includes any additional parameters
 // necessary to perform the update for the indicated strategy.
 #StatefulSetUpdateStrategy: {
 	// Type indicates the type of the StatefulSetUpdateStrategy.
 	// Default is RollingUpdate.
 	// +optional
 	type?: #StatefulSetUpdateStrategyType @go(Type) @protobuf(1,bytes,opt,casttype=StatefulSetStrategyType)
 	// RollingUpdate is used to communicate parameters when Type is RollingUpdateStatefulSetStrategyType.
 	// +optional
 	rollingUpdate?: null | #RollingUpdateStatefulSetStrategy @go(RollingUpdate,*RollingUpdateStatefulSetStrategy) @protobuf(2,bytes,opt)
 }
 // StatefulSetUpdateStrategyType is a string enumeration type that enumerates
 // all possible update strategies for the StatefulSet controller.
 // +enum
 #StatefulSetUpdateStrategyType: string // #enumStatefulSetUpdateStrategyType
 #enumStatefulSetUpdateStrategyType:
 	#RollingUpdateStatefulSetStrategyType |
 	#OnDeleteStatefulSetStrategyType
 // RollingUpdateStatefulSetStrategyType indicates that update will be
 // applied to all Pods in the StatefulSet with respect to the StatefulSet
 // ordering constraints. When a scale operation is performed with this
 // strategy, new Pods will be created from the specification version indicated
 // by the StatefulSet's updateRevision.
 #RollingUpdateStatefulSetStrategyType: #StatefulSetUpdateStrategyType & "RollingUpdate"
 // OnDeleteStatefulSetStrategyType triggers the legacy behavior. Version
 // tracking and ordered rolling restarts are disabled. Pods are recreated
 // from the StatefulSetSpec when they are manually deleted. When a scale
 // operation is performed with this strategy,specification version indicated
 // by the StatefulSet's currentRevision.
 #OnDeleteStatefulSetStrategyType: #StatefulSetUpdateStrategyType & "OnDelete"
 // RollingUpdateStatefulSetStrategy is used to communicate parameter for RollingUpdateStatefulSetStrategyType.
 #RollingUpdateStatefulSetStrategy: {
 	// Partition indicates the ordinal at which the StatefulSet should be partitioned
 	// for updates. During a rolling update, all pods from ordinal Replicas-1 to
 	// Partition are updated. All pods from ordinal Partition-1 to 0 remain untouched.
 	// This is helpful in being able to do a canary based deployment. The default value is 0.
 	// +optional
 	partition?: null | int32 @go(Partition,*int32) @protobuf(1,varint,opt)
 	// The maximum number of pods that can be unavailable during the update.
 	// Value can be an absolute number (ex: 5) or a percentage of desired pods (ex: 10%).
 	// Absolute number is calculated from percentage by rounding up. This can not be 0.
 	// Defaults to 1. This field is alpha-level and is only honored by servers that enable the
 	// MaxUnavailableStatefulSet feature. The field applies to all pods in the range 0 to
 	// Replicas-1. That means if there is any unavailable pod in the range 0 to Replicas-1, it
 	// will be counted towards MaxUnavailable.
 	// +optional
 	maxUnavailable?: null | intstr.#IntOrString @go(MaxUnavailable,*intstr.IntOrString) @protobuf(2,varint,opt)
 }
 // PersistentVolumeClaimRetentionPolicyType is a string enumeration of the policies that will determine
 // when volumes from the VolumeClaimTemplates will be deleted when the controlling StatefulSet is
 // deleted or scaled down.
 #PersistentVolumeClaimRetentionPolicyType: string // #enumPersistentVolumeClaimRetentionPolicyType
 #enumPersistentVolumeClaimRetentionPolicyType:
 	#RetainPersistentVolumeClaimRetentionPolicyType |
 	#DeletePersistentVolumeClaimRetentionPolicyType
 // RetainPersistentVolumeClaimRetentionPolicyType is the default
 // PersistentVolumeClaimRetentionPolicy and specifies that
 // PersistentVolumeClaims associated with StatefulSet VolumeClaimTemplates
 // will not be deleted.
 #RetainPersistentVolumeClaimRetentionPolicyType: #PersistentVolumeClaimRetentionPolicyType & "Retain"
 // RetentionPersistentVolumeClaimRetentionPolicyType specifies that
 // PersistentVolumeClaims associated with StatefulSet VolumeClaimTemplates
 // will be deleted in the scenario specified in
 // StatefulSetPersistentVolumeClaimRetentionPolicy.
 #DeletePersistentVolumeClaimRetentionPolicyType: #PersistentVolumeClaimRetentionPolicyType & "Delete"
 // StatefulSetPersistentVolumeClaimRetentionPolicy describes the policy used for PVCs
 // created from the StatefulSet VolumeClaimTemplates.
 #StatefulSetPersistentVolumeClaimRetentionPolicy: {
 	// WhenDeleted specifies what happens to PVCs created from StatefulSet
 	// VolumeClaimTemplates when the StatefulSet is deleted. The default policy
 	// of `Retain` causes PVCs to not be affected by StatefulSet deletion. The
 	// `Delete` policy causes those PVCs to be deleted.
 	whenDeleted?: #PersistentVolumeClaimRetentionPolicyType @go(WhenDeleted) @protobuf(1,bytes,opt,casttype=PersistentVolumeClaimRetentionPolicyType)
 	// WhenScaled specifies what happens to PVCs created from StatefulSet
 	// VolumeClaimTemplates when the StatefulSet is scaled down. The default
 	// policy of `Retain` causes PVCs to not be affected by a scaledown. The
 	// `Delete` policy causes the associated PVCs for any excess pods above
 	// the replica count to be deleted.
 	whenScaled?: #PersistentVolumeClaimRetentionPolicyType @go(WhenScaled) @protobuf(2,bytes,opt,casttype=PersistentVolumeClaimRetentionPolicyType)
 }
 // StatefulSetOrdinals describes the policy used for replica ordinal assignment
 // in this StatefulSet.
 #StatefulSetOrdinals: {
 	// start is the number representing the first replica's index. It may be used
 	// to number replicas from an alternate index (eg: 1-indexed) over the default
 	// 0-indexed names, or to orchestrate progressive movement of replicas from
 	// one StatefulSet to another.
 	// If set, replica indices will be in the range:
 	//   [.spec.ordinals.start, .spec.ordinals.start + .spec.replicas).
 	// If unset, defaults to 0. Replica indices will be in the range:
 	//   [0, .spec.replicas).
 	// +optional
 	start: int32 @go(Start) @protobuf(1,varint,opt)
 }
 // A StatefulSetSpec is the specification of a StatefulSet.
 #StatefulSetSpec: {
 	// replicas is the desired number of replicas of the given Template.
 	// These are replicas in the sense that they are instantiations of the
 	// same Template, but individual replicas also have a consistent identity.
 	// If unspecified, defaults to 1.
 	// TODO: Consider a rename of this field.
 	// +optional
 	replicas?: null | int32 @go(Replicas,*int32) @protobuf(1,varint,opt)
 	// selector is a label query over pods that should match the replica count.
 	// It must match the pod template's labels.
 	// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors
 	selector?: null | metav1.#LabelSelector @go(Selector,*metav1.LabelSelector) @protobuf(2,bytes,opt)
 	// template is the object that describes the pod that will be created if
 	// insufficient replicas are detected. Each pod stamped out by the StatefulSet
 	// will fulfill this Template, but have a unique identity from the rest
 	// of the StatefulSet. Each pod will be named with the format
 	// <statefulsetname>-<podindex>. For example, a pod in a StatefulSet named
 	// "web" with index number "3" would be named "web-3".
 	// The only allowed template.spec.restartPolicy value is "Always".
 	template: v1.#PodTemplateSpec @go(Template) @protobuf(3,bytes,opt)
 	// volumeClaimTemplates is a list of claims that pods are allowed to reference.
 	// The StatefulSet controller is responsible for mapping network identities to
 	// claims in a way that maintains the identity of a pod. Every claim in
 	// this list must have at least one matching (by name) volumeMount in one
 	// container in the template. A claim in this list takes precedence over
 	// any volumes in the template, with the same name.
 	// TODO: Define the behavior if a claim already exists with the same name.
 	// +optional
 	volumeClaimTemplates?: [...v1.#PersistentVolumeClaim] @go(VolumeClaimTemplates,[]v1.PersistentVolumeClaim) @protobuf(4,bytes,rep)
 	// serviceName is the name of the service that governs this StatefulSet.
 	// This service must exist before the StatefulSet, and is responsible for
 	// the network identity of the set. Pods get DNS/hostnames that follow the
 	// pattern: pod-specific-string.serviceName.default.svc.cluster.local
 	// where "pod-specific-string" is managed by the StatefulSet controller.
 	serviceName: string @go(ServiceName) @protobuf(5,bytes,opt)
 	// podManagementPolicy controls how pods are created during initial scale up,
 	// when replacing pods on nodes, or when scaling down. The default policy is
 	// `OrderedReady`, where pods are created in increasing order (pod-0, then
 	// pod-1, etc) and the controller will wait until each pod is ready before
 	// continuing. When scaling down, the pods are removed in the opposite order.
 	// The alternative policy is `Parallel` which will create pods in parallel
 	// to match the desired scale without waiting, and on scale down will delete
 	// all pods at once.
 	// +optional
 	podManagementPolicy?: #PodManagementPolicyType @go(PodManagementPolicy) @protobuf(6,bytes,opt,casttype=PodManagementPolicyType)
 	// updateStrategy indicates the StatefulSetUpdateStrategy that will be
 	// employed to update Pods in the StatefulSet when a revision is made to
 	// Template.
 	updateStrategy?: #StatefulSetUpdateStrategy @go(UpdateStrategy) @protobuf(7,bytes,opt)
 	// revisionHistoryLimit is the maximum number of revisions that will
 	// be maintained in the StatefulSet's revision history. The revision history
 	// consists of all revisions not represented by a currently applied
 	// StatefulSetSpec version. The default value is 10.
 	revisionHistoryLimit?: null | int32 @go(RevisionHistoryLimit,*int32) @protobuf(8,varint,opt)
 	// Minimum number of seconds for which a newly created pod should be ready
 	// without any of its container crashing for it to be considered available.
 	// Defaults to 0 (pod will be considered available as soon as it is ready)
 	// +optional
 	minReadySeconds?: int32 @go(MinReadySeconds) @protobuf(9,varint,opt)
 	// persistentVolumeClaimRetentionPolicy describes the lifecycle of persistent
 	// volume claims created from volumeClaimTemplates. By default, all persistent
 	// volume claims are created as needed and retained until manually deleted. This
 	// policy allows the lifecycle to be altered, for example by deleting persistent
 	// volume claims when their stateful set is deleted, or when their pod is scaled
 	// down. This requires the StatefulSetAutoDeletePVC feature gate to be enabled,
 	// which is alpha.  +optional
 	persistentVolumeClaimRetentionPolicy?: null | #StatefulSetPersistentVolumeClaimRetentionPolicy @go(PersistentVolumeClaimRetentionPolicy,*StatefulSetPersistentVolumeClaimRetentionPolicy) @protobuf(10,bytes,opt)
 	// ordinals controls the numbering of replica indices in a StatefulSet. The
 	// default ordinals behavior assigns a "0" index to the first replica and
 	// increments the index by one for each additional replica requested. Using
 	// the ordinals field requires the StatefulSetStartOrdinal feature gate to be
 	// enabled, which is beta.
 	// +optional
 	ordinals?: null | #StatefulSetOrdinals @go(Ordinals,*StatefulSetOrdinals) @protobuf(11,bytes,opt)
 }
 // StatefulSetStatus represents the current state of a StatefulSet.
 #StatefulSetStatus: {
 	// observedGeneration is the most recent generation observed for this StatefulSet. It corresponds to the
 	// StatefulSet's generation, which is updated on mutation by the API Server.
 	// +optional
 	observedGeneration?: int64 @go(ObservedGeneration) @protobuf(1,varint,opt)
 	// replicas is the number of Pods created by the StatefulSet controller.
 	replicas: int32 @go(Replicas) @protobuf(2,varint,opt)
 	// readyReplicas is the number of pods created for this StatefulSet with a Ready Condition.
 	readyReplicas?: int32 @go(ReadyReplicas) @protobuf(3,varint,opt)
 	// currentReplicas is the number of Pods created by the StatefulSet controller from the StatefulSet version
 	// indicated by currentRevision.
 	currentReplicas?: int32 @go(CurrentReplicas) @protobuf(4,varint,opt)
 	// updatedReplicas is the number of Pods created by the StatefulSet controller from the StatefulSet version
 	// indicated by updateRevision.
 	updatedReplicas?: int32 @go(UpdatedReplicas) @protobuf(5,varint,opt)
 	// currentRevision, if not empty, indicates the version of the StatefulSet used to generate Pods in the
 	// sequence [0,currentReplicas).
 	currentRevision?: string @go(CurrentRevision) @protobuf(6,bytes,opt)
 	// updateRevision, if not empty, indicates the version of the StatefulSet used to generate Pods in the sequence
 	// [replicas-updatedReplicas,replicas)
 	updateRevision?: string @go(UpdateRevision) @protobuf(7,bytes,opt)
 	// collisionCount is the count of hash collisions for the StatefulSet. The StatefulSet controller
 	// uses this field as a collision avoidance mechanism when it needs to create the name for the
 	// newest ControllerRevision.
 	// +optional
 	collisionCount?: null | int32 @go(CollisionCount,*int32) @protobuf(9,varint,opt)
 	// Represents the latest available observations of a statefulset's current state.
 	// +optional
 	// +patchMergeKey=type
 	// +patchStrategy=merge
 	conditions?: [...#StatefulSetCondition] @go(Conditions,[]StatefulSetCondition) @protobuf(10,bytes,rep)
 	// Total number of available pods (ready for at least minReadySeconds) targeted by this statefulset.
 	// +optional
 	availableReplicas: int32 @go(AvailableReplicas) @protobuf(11,varint,opt)
 }
 #StatefulSetConditionType: string
 // StatefulSetCondition describes the state of a statefulset at a certain point.
 #StatefulSetCondition: {
 	// Type of statefulset condition.
 	type: #StatefulSetConditionType @go(Type) @protobuf(1,bytes,opt,casttype=StatefulSetConditionType)
 	// Status of the condition, one of True, False, Unknown.
 	status: v1.#ConditionStatus @go(Status) @protobuf(2,bytes,opt,casttype=k8s.io/api/core/v1.ConditionStatus)
 	// Last time the condition transitioned from one status to another.
 	// +optional
 	lastTransitionTime?: metav1.#Time @go(LastTransitionTime) @protobuf(3,bytes,opt)
 	// The reason for the condition's last transition.
 	// +optional
 	reason?: string @go(Reason) @protobuf(4,bytes,opt)
 	// A human readable message indicating details about the transition.
 	// +optional
 	message?: string @go(Message) @protobuf(5,bytes,opt)
 }
 // StatefulSetList is a collection of StatefulSets.
 #StatefulSetList: {
 	metav1.#TypeMeta
 	// Standard list's metadata.
 	// More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
 	// +optional
 	metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt)
 	// Items is the list of stateful sets.
 	items: [...#StatefulSet] @go(Items,[]StatefulSet) @protobuf(2,bytes,rep)
 }
 // Deployment enables declarative updates for Pods and ReplicaSets.
 #Deployment: {
 	metav1.#TypeMeta
 	// Standard object's metadata.
 	// More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
 	// +optional
 	metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt)
 	// Specification of the desired behavior of the Deployment.
 	// +optional
 	spec?: #DeploymentSpec @go(Spec) @protobuf(2,bytes,opt)
 	// Most recently observed status of the Deployment.
 	// +optional
 	status?: #DeploymentStatus @go(Status) @protobuf(3,bytes,opt)
 }
 // DeploymentSpec is the specification of the desired behavior of the Deployment.
 #DeploymentSpec: {
 	// Number of desired pods. This is a pointer to distinguish between explicit
 	// zero and not specified. Defaults to 1.
 	// +optional
 	replicas?: null | int32 @go(Replicas,*int32) @protobuf(1,varint,opt)
 	// Label selector for pods. Existing ReplicaSets whose pods are
 	// selected by this will be the ones affected by this deployment.
 	// It must match the pod template's labels.
 	selector?: null | metav1.#LabelSelector @go(Selector,*metav1.LabelSelector) @protobuf(2,bytes,opt)
 	// Template describes the pods that will be created.
 	// The only allowed template.spec.restartPolicy value is "Always".
 	template: v1.#PodTemplateSpec @go(Template) @protobuf(3,bytes,opt)
 	// The deployment strategy to use to replace existing pods with new ones.
 	// +optional
 	// +patchStrategy=retainKeys
 	strategy?: #DeploymentStrategy @go(Strategy) @protobuf(4,bytes,opt)
 	// Minimum number of seconds for which a newly created pod should be ready
 	// without any of its container crashing, for it to be considered available.
 	// Defaults to 0 (pod will be considered available as soon as it is ready)
 	// +optional
 	minReadySeconds?: int32 @go(MinReadySeconds) @protobuf(5,varint,opt)
 	// The number of old ReplicaSets to retain to allow rollback.
 	// This is a pointer to distinguish between explicit zero and not specified.
 	// Defaults to 10.
 	// +optional
 	revisionHistoryLimit?: null | int32 @go(RevisionHistoryLimit,*int32) @protobuf(6,varint,opt)
 	// Indicates that the deployment is paused.
 	// +optional
 	paused?: bool @go(Paused) @protobuf(7,varint,opt)
 	// The maximum time in seconds for a deployment to make progress before it
 	// is considered to be failed. The deployment controller will continue to
 	// process failed deployments and a condition with a ProgressDeadlineExceeded
 	// reason will be surfaced in the deployment status. Note that progress will
 	// not be estimated during the time a deployment is paused. Defaults to 600s.
 	progressDeadlineSeconds?: null | int32 @go(ProgressDeadlineSeconds,*int32) @protobuf(9,varint,opt)
 }
 // DefaultDeploymentUniqueLabelKey is the default key of the selector that is added
 // to existing ReplicaSets (and label key that is added to its pods) to prevent the existing ReplicaSets
 // to select new pods (and old pods being select by new ReplicaSet).
 #DefaultDeploymentUniqueLabelKey: "pod-template-hash"
 // DeploymentStrategy describes how to replace existing pods with new ones.
 #DeploymentStrategy: {
 	// Type of deployment. Can be "Recreate" or "RollingUpdate". Default is RollingUpdate.
 	// +optional
 	type?: #DeploymentStrategyType @go(Type) @protobuf(1,bytes,opt,casttype=DeploymentStrategyType)
 	// Rolling update config params. Present only if DeploymentStrategyType =
 	// RollingUpdate.
 	//---
 	// TODO: Update this to follow our convention for oneOf, whatever we decide it
 	// to be.
 	// +optional
 	rollingUpdate?: null | #RollingUpdateDeployment @go(RollingUpdate,*RollingUpdateDeployment) @protobuf(2,bytes,opt)
 }
 // +enum
 #DeploymentStrategyType: string // #enumDeploymentStrategyType
 #enumDeploymentStrategyType:
 	#RecreateDeploymentStrategyType |
 	#RollingUpdateDeploymentStrategyType
 // Kill all existing pods before creating new ones.
 #RecreateDeploymentStrategyType: #DeploymentStrategyType & "Recreate"
 // Replace the old ReplicaSets by new one using rolling update i.e gradually scale down the old ReplicaSets and scale up the new one.
 #RollingUpdateDeploymentStrategyType: #DeploymentStrategyType & "RollingUpdate"
 // Spec to control the desired behavior of rolling update.
 #RollingUpdateDeployment: {
 	// The maximum number of pods that can be unavailable during the update.
 	// Value can be an absolute number (ex: 5) or a percentage of desired pods (ex: 10%).
 	// Absolute number is calculated from percentage by rounding down.
 	// This can not be 0 if MaxSurge is 0.
 	// Defaults to 25%.
 	// Example: when this is set to 30%, the old ReplicaSet can be scaled down to 70% of desired pods
 	// immediately when the rolling update starts. Once new pods are ready, old ReplicaSet
 	// can be scaled down further, followed by scaling up the new ReplicaSet, ensuring
 	// that the total number of pods available at all times during the update is at
 	// least 70% of desired pods.
 	// +optional
 	maxUnavailable?: null | intstr.#IntOrString @go(MaxUnavailable,*intstr.IntOrString) @protobuf(1,bytes,opt)
 	// The maximum number of pods that can be scheduled above the desired number of
 	// pods.
 	// Value can be an absolute number (ex: 5) or a percentage of desired pods (ex: 10%).
 	// This can not be 0 if MaxUnavailable is 0.
 	// Absolute number is calculated from percentage by rounding up.
 	// Defaults to 25%.
 	// Example: when this is set to 30%, the new ReplicaSet can be scaled up immediately when
 	// the rolling update starts, such that the total number of old and new pods do not exceed
 	// 130% of desired pods. Once old pods have been killed,
 	// new ReplicaSet can be scaled up further, ensuring that total number of pods running
 	// at any time during the update is at most 130% of desired pods.
 	// +optional
 	maxSurge?: null | intstr.#IntOrString @go(MaxSurge,*intstr.IntOrString) @protobuf(2,bytes,opt)
 }
 // DeploymentStatus is the most recently observed status of the Deployment.
 #DeploymentStatus: {
 	// The generation observed by the deployment controller.
 	// +optional
 	observedGeneration?: int64 @go(ObservedGeneration) @protobuf(1,varint,opt)
 	// Total number of non-terminated pods targeted by this deployment (their labels match the selector).
 	// +optional
 	replicas?: int32 @go(Replicas) @protobuf(2,varint,opt)
 	// Total number of non-terminated pods targeted by this deployment that have the desired template spec.
 	// +optional
 	updatedReplicas?: int32 @go(UpdatedReplicas) @protobuf(3,varint,opt)
 	// readyReplicas is the number of pods targeted by this Deployment with a Ready Condition.
 	// +optional
 	readyReplicas?: int32 @go(ReadyReplicas) @protobuf(7,varint,opt)
 	// Total number of available pods (ready for at least minReadySeconds) targeted by this deployment.
 	// +optional
 	availableReplicas?: int32 @go(AvailableReplicas) @protobuf(4,varint,opt)
 	// Total number of unavailable pods targeted by this deployment. This is the total number of
 	// pods that are still required for the deployment to have 100% available capacity. They may
 	// either be pods that are running but not yet available or pods that still have not been created.
 	// +optional
 	unavailableReplicas?: int32 @go(UnavailableReplicas) @protobuf(5,varint,opt)
 	// Represents the latest available observations of a deployment's current state.
 	// +patchMergeKey=type
 	// +patchStrategy=merge
 	conditions?: [...#DeploymentCondition] @go(Conditions,[]DeploymentCondition) @protobuf(6,bytes,rep)
 	// Count of hash collisions for the Deployment. The Deployment controller uses this
 	// field as a collision avoidance mechanism when it needs to create the name for the
 	// newest ReplicaSet.
 	// +optional
 	collisionCount?: null | int32 @go(CollisionCount,*int32) @protobuf(8,varint,opt)
 }
 #DeploymentConditionType: string // #enumDeploymentConditionType
 #enumDeploymentConditionType:
 	#DeploymentAvailable |
 	#DeploymentProgressing |
 	#DeploymentReplicaFailure
 // Available means the deployment is available, ie. at least the minimum available
 // replicas required are up and running for at least minReadySeconds.
 #DeploymentAvailable: #DeploymentConditionType & "Available"
 // Progressing means the deployment is progressing. Progress for a deployment is
 // considered when a new replica set is created or adopted, and when new pods scale
 // up or old pods scale down. Progress is not estimated for paused deployments or
 // when progressDeadlineSeconds is not specified.
 #DeploymentProgressing: #DeploymentConditionType & "Progressing"
 // ReplicaFailure is added in a deployment when one of its pods fails to be created
 // or deleted.
 #DeploymentReplicaFailure: #DeploymentConditionType & "ReplicaFailure"
 // DeploymentCondition describes the state of a deployment at a certain point.
 #DeploymentCondition: {
 	// Type of deployment condition.
 	type: #DeploymentConditionType @go(Type) @protobuf(1,bytes,opt,casttype=DeploymentConditionType)
 	// Status of the condition, one of True, False, Unknown.
 	status: v1.#ConditionStatus @go(Status) @protobuf(2,bytes,opt,casttype=k8s.io/api/core/v1.ConditionStatus)
 	// The last time this condition was updated.
 	lastUpdateTime?: metav1.#Time @go(LastUpdateTime) @protobuf(6,bytes,opt)
 	// Last time the condition transitioned from one status to another.
 	lastTransitionTime?: metav1.#Time @go(LastTransitionTime) @protobuf(7,bytes,opt)
 	// The reason for the condition's last transition.
 	reason?: string @go(Reason) @protobuf(4,bytes,opt)
 	// A human readable message indicating details about the transition.
 	message?: string @go(Message) @protobuf(5,bytes,opt)
 }
 // DeploymentList is a list of Deployments.
 #DeploymentList: {
 	metav1.#TypeMeta
 	// Standard list metadata.
 	// +optional
 	metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt)
 	// Items is the list of Deployments.
 	items: [...#Deployment] @go(Items,[]Deployment) @protobuf(2,bytes,rep)
 }
 // DaemonSetUpdateStrategy is a struct used to control the update strategy for a DaemonSet.
 #DaemonSetUpdateStrategy: {
 	// Type of daemon set update. Can be "RollingUpdate" or "OnDelete". Default is RollingUpdate.
 	// +optional
 	type?: #DaemonSetUpdateStrategyType @go(Type) @protobuf(1,bytes,opt)
 	// Rolling update config params. Present only if type = "RollingUpdate".
 	//---
 	// TODO: Update this to follow our convention for oneOf, whatever we decide it
 	// to be. Same as Deployment `strategy.rollingUpdate`.
 	// See https://github.com/kubernetes/kubernetes/issues/35345
 	// +optional
 	rollingUpdate?: null | #RollingUpdateDaemonSet @go(RollingUpdate,*RollingUpdateDaemonSet) @protobuf(2,bytes,opt)
 }
 // +enum
 #DaemonSetUpdateStrategyType: string // #enumDaemonSetUpdateStrategyType
 #enumDaemonSetUpdateStrategyType:
 	#RollingUpdateDaemonSetStrategyType |
 	#OnDeleteDaemonSetStrategyType
 // Replace the old daemons by new ones using rolling update i.e replace them on each node one after the other.
 #RollingUpdateDaemonSetStrategyType: #DaemonSetUpdateStrategyType & "RollingUpdate"
 // Replace the old daemons only when it's killed
 #OnDeleteDaemonSetStrategyType: #DaemonSetUpdateStrategyType & "OnDelete"
 // Spec to control the desired behavior of daemon set rolling update.
 #RollingUpdateDaemonSet: {
 	// The maximum number of DaemonSet pods that can be unavailable during the
 	// update. Value can be an absolute number (ex: 5) or a percentage of total
 	// number of DaemonSet pods at the start of the update (ex: 10%). Absolute
 	// number is calculated from percentage by rounding up.
 	// This cannot be 0 if MaxSurge is 0
 	// Default value is 1.
 	// Example: when this is set to 30%, at most 30% of the total number of nodes
 	// that should be running the daemon pod (i.e. status.desiredNumberScheduled)
 	// can have their pods stopped for an update at any given time. The update
 	// starts by stopping at most 30% of those DaemonSet pods and then brings
 	// up new DaemonSet pods in their place. Once the new pods are available,
 	// it then proceeds onto other DaemonSet pods, thus ensuring that at least
 	// 70% of original number of DaemonSet pods are available at all times during
 	// the update.
 	// +optional
 	maxUnavailable?: null | intstr.#IntOrString @go(MaxUnavailable,*intstr.IntOrString) @protobuf(1,bytes,opt)
 	// The maximum number of nodes with an existing available DaemonSet pod that
 	// can have an updated DaemonSet pod during during an update.
 	// Value can be an absolute number (ex: 5) or a percentage of desired pods (ex: 10%).
 	// This can not be 0 if MaxUnavailable is 0.
 	// Absolute number is calculated from percentage by rounding up to a minimum of 1.
 	// Default value is 0.
 	// Example: when this is set to 30%, at most 30% of the total number of nodes
 	// that should be running the daemon pod (i.e. status.desiredNumberScheduled)
 	// can have their a new pod created before the old pod is marked as deleted.
 	// The update starts by launching new pods on 30% of nodes. Once an updated
 	// pod is available (Ready for at least minReadySeconds) the old DaemonSet pod
 	// on that node is marked deleted. If the old pod becomes unavailable for any
 	// reason (Ready transitions to false, is evicted, or is drained) an updated
 	// pod is immediatedly created on that node without considering surge limits.
 	// Allowing surge implies the possibility that the resources consumed by the
 	// daemonset on any given node can double if the readiness check fails, and
 	// so resource intensive daemonsets should take into account that they may
 	// cause evictions during disruption.
 	// +optional
 	maxSurge?: null | intstr.#IntOrString @go(MaxSurge,*intstr.IntOrString) @protobuf(2,bytes,opt)
 }
 // DaemonSetSpec is the specification of a daemon set.
 #DaemonSetSpec: {
 	// A label query over pods that are managed by the daemon set.
 	// Must match in order to be controlled.
 	// It must match the pod template's labels.
 	// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors
 	selector?: null | metav1.#LabelSelector @go(Selector,*metav1.LabelSelector) @protobuf(1,bytes,opt)
 	// An object that describes the pod that will be created.
 	// The DaemonSet will create exactly one copy of this pod on every node
 	// that matches the template's node selector (or on every node if no node
 	// selector is specified).
 	// The only allowed template.spec.restartPolicy value is "Always".
 	// More info: https://kubernetes.io/docs/concepts/workloads/controllers/replicationcontroller#pod-template
 	template: v1.#PodTemplateSpec @go(Template) @protobuf(2,bytes,opt)
 	// An update strategy to replace existing DaemonSet pods with new pods.
 	// +optional
 	updateStrategy?: #DaemonSetUpdateStrategy @go(UpdateStrategy) @protobuf(3,bytes,opt)
 	// The minimum number of seconds for which a newly created DaemonSet pod should
 	// be ready without any of its container crashing, for it to be considered
 	// available. Defaults to 0 (pod will be considered available as soon as it
 	// is ready).
 	// +optional
 	minReadySeconds?: int32 @go(MinReadySeconds) @protobuf(4,varint,opt)
 	// The number of old history to retain to allow rollback.
 	// This is a pointer to distinguish between explicit zero and not specified.
 	// Defaults to 10.
 	// +optional
 	revisionHistoryLimit?: null | int32 @go(RevisionHistoryLimit,*int32) @protobuf(6,varint,opt)
 }
 // DaemonSetStatus represents the current status of a daemon set.
 #DaemonSetStatus: {
 	// The number of nodes that are running at least 1
 	// daemon pod and are supposed to run the daemon pod.
 	// More info: https://kubernetes.io/docs/concepts/workloads/controllers/daemonset/
 	currentNumberScheduled: int32 @go(CurrentNumberScheduled) @protobuf(1,varint,opt)
 	// The number of nodes that are running the daemon pod, but are
 	// not supposed to run the daemon pod.
 	// More info: https://kubernetes.io/docs/concepts/workloads/controllers/daemonset/
 	numberMisscheduled: int32 @go(NumberMisscheduled) @protobuf(2,varint,opt)
 	// The total number of nodes that should be running the daemon
 	// pod (including nodes correctly running the daemon pod).
 	// More info: https://kubernetes.io/docs/concepts/workloads/controllers/daemonset/
 	desiredNumberScheduled: int32 @go(DesiredNumberScheduled) @protobuf(3,varint,opt)
 	// numberReady is the number of nodes that should be running the daemon pod and have one
 	// or more of the daemon pod running with a Ready Condition.
 	numberReady: int32 @go(NumberReady) @protobuf(4,varint,opt)
 	// The most recent generation observed by the daemon set controller.
 	// +optional
 	observedGeneration?: int64 @go(ObservedGeneration) @protobuf(5,varint,opt)
 	// The total number of nodes that are running updated daemon pod
 	// +optional
 	updatedNumberScheduled?: int32 @go(UpdatedNumberScheduled) @protobuf(6,varint,opt)
 	// The number of nodes that should be running the
 	// daemon pod and have one or more of the daemon pod running and
 	// available (ready for at least spec.minReadySeconds)
 	// +optional
 	numberAvailable?: int32 @go(NumberAvailable) @protobuf(7,varint,opt)
 	// The number of nodes that should be running the
 	// daemon pod and have none of the daemon pod running and available
 	// (ready for at least spec.minReadySeconds)
 	// +optional
 	numberUnavailable?: int32 @go(NumberUnavailable) @protobuf(8,varint,opt)
 	// Count of hash collisions for the DaemonSet. The DaemonSet controller
 	// uses this field as a collision avoidance mechanism when it needs to
 	// create the name for the newest ControllerRevision.
 	// +optional
 	collisionCount?: null | int32 @go(CollisionCount,*int32) @protobuf(9,varint,opt)
 	// Represents the latest available observations of a DaemonSet's current state.
 	// +optional
 	// +patchMergeKey=type
 	// +patchStrategy=merge
 	conditions?: [...#DaemonSetCondition] @go(Conditions,[]DaemonSetCondition) @protobuf(10,bytes,rep)
 }
 #DaemonSetConditionType: string
 // DaemonSetCondition describes the state of a DaemonSet at a certain point.
 #DaemonSetCondition: {
 	// Type of DaemonSet condition.
 	type: #DaemonSetConditionType @go(Type) @protobuf(1,bytes,opt,casttype=DaemonSetConditionType)
 	// Status of the condition, one of True, False, Unknown.
 	status: v1.#ConditionStatus @go(Status) @protobuf(2,bytes,opt,casttype=k8s.io/api/core/v1.ConditionStatus)
 	// Last time the condition transitioned from one status to another.
 	// +optional
 	lastTransitionTime?: metav1.#Time @go(LastTransitionTime) @protobuf(3,bytes,opt)
 	// The reason for the condition's last transition.
 	// +optional
 	reason?: string @go(Reason) @protobuf(4,bytes,opt)
 	// A human readable message indicating details about the transition.
 	// +optional
 	message?: string @go(Message) @protobuf(5,bytes,opt)
 }
 // DaemonSet represents the configuration of a daemon set.
 #DaemonSet: {
 	metav1.#TypeMeta
 	// Standard object's metadata.
 	// More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
 	// +optional
 	metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt)
 	// The desired behavior of this daemon set.
 	// More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
 	// +optional
 	spec?: #DaemonSetSpec @go(Spec) @protobuf(2,bytes,opt)
 	// The current status of this daemon set. This data may be
 	// out of date by some window of time.
 	// Populated by the system.
 	// Read-only.
 	// More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
 	// +optional
 	status?: #DaemonSetStatus @go(Status) @protobuf(3,bytes,opt)
 }
 // DefaultDaemonSetUniqueLabelKey is the default label key that is added
 // to existing DaemonSet pods to distinguish between old and new
 // DaemonSet pods during DaemonSet template updates.
 #DefaultDaemonSetUniqueLabelKey: "controller-revision-hash"
 // DaemonSetList is a collection of daemon sets.
 #DaemonSetList: {
 	metav1.#TypeMeta
 	// Standard list metadata.
 	// More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
 	// +optional
 	metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt)
 	// A list of daemon sets.
 	items: [...#DaemonSet] @go(Items,[]DaemonSet) @protobuf(2,bytes,rep)
 }
 // ReplicaSet ensures that a specified number of pod replicas are running at any given time.
 #ReplicaSet: {
 	metav1.#TypeMeta
 	// If the Labels of a ReplicaSet are empty, they are defaulted to
 	// be the same as the Pod(s) that the ReplicaSet manages.
 	// Standard object's metadata.
 	// More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
 	// +optional
 	metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt)
 	// Spec defines the specification of the desired behavior of the ReplicaSet.
 	// More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
 	// +optional
 	spec?: #ReplicaSetSpec @go(Spec) @protobuf(2,bytes,opt)
 	// Status is the most recently observed status of the ReplicaSet.
 	// This data may be out of date by some window of time.
 	// Populated by the system.
 	// Read-only.
 	// More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
 	// +optional
 	status?: #ReplicaSetStatus @go(Status) @protobuf(3,bytes,opt)
 }
 // ReplicaSetList is a collection of ReplicaSets.
 #ReplicaSetList: {
 	metav1.#TypeMeta
 	// Standard list metadata.
 	// More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
 	// +optional
 	metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt)
 	// List of ReplicaSets.
 	// More info: https://kubernetes.io/docs/concepts/workloads/controllers/replicationcontroller
 	items: [...#ReplicaSet] @go(Items,[]ReplicaSet) @protobuf(2,bytes,rep)
 }
 // ReplicaSetSpec is the specification of a ReplicaSet.
 #ReplicaSetSpec: {
 	// Replicas is the number of desired replicas.
 	// This is a pointer to distinguish between explicit zero and unspecified.
 	// Defaults to 1.
 	// More info: https://kubernetes.io/docs/concepts/workloads/controllers/replicationcontroller/#what-is-a-replicationcontroller
 	// +optional
 	replicas?: null | int32 @go(Replicas,*int32) @protobuf(1,varint,opt)
 	// Minimum number of seconds for which a newly created pod should be ready
 	// without any of its container crashing, for it to be considered available.
 	// Defaults to 0 (pod will be considered available as soon as it is ready)
 	// +optional
 	minReadySeconds?: int32 @go(MinReadySeconds) @protobuf(4,varint,opt)
 	// Selector is a label query over pods that should match the replica count.
 	// Label keys and values that must match in order to be controlled by this replica set.
 	// It must match the pod template's labels.
 	// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors
 	selector?: null | metav1.#LabelSelector @go(Selector,*metav1.LabelSelector) @protobuf(2,bytes,opt)
 	// Template is the object that describes the pod that will be created if
 	// insufficient replicas are detected.
 	// More info: https://kubernetes.io/docs/concepts/workloads/controllers/replicationcontroller#pod-template
 	// +optional
 	template?: v1.#PodTemplateSpec @go(Template) @protobuf(3,bytes,opt)
 }
 // ReplicaSetStatus represents the current status of a ReplicaSet.
 #ReplicaSetStatus: {
 	// Replicas is the most recently observed number of replicas.
 	// More info: https://kubernetes.io/docs/concepts/workloads/controllers/replicationcontroller/#what-is-a-replicationcontroller
 	replicas: int32 @go(Replicas) @protobuf(1,varint,opt)
 	// The number of pods that have labels matching the labels of the pod template of the replicaset.
 	// +optional
 	fullyLabeledReplicas?: int32 @go(FullyLabeledReplicas) @protobuf(2,varint,opt)
 	// readyReplicas is the number of pods targeted by this ReplicaSet with a Ready Condition.
 	// +optional
 	readyReplicas?: int32 @go(ReadyReplicas) @protobuf(4,varint,opt)
 	// The number of available replicas (ready for at least minReadySeconds) for this replica set.
 	// +optional
 	availableReplicas?: int32 @go(AvailableReplicas) @protobuf(5,varint,opt)
 	// ObservedGeneration reflects the generation of the most recently observed ReplicaSet.
 	// +optional
 	observedGeneration?: int64 @go(ObservedGeneration) @protobuf(3,varint,opt)
 	// Represents the latest available observations of a replica set's current state.
 	// +optional
 	// +patchMergeKey=type
 	// +patchStrategy=merge
 	conditions?: [...#ReplicaSetCondition] @go(Conditions,[]ReplicaSetCondition) @protobuf(6,bytes,rep)
 }
 #ReplicaSetConditionType: string // #enumReplicaSetConditionType
 #enumReplicaSetConditionType:
 	#ReplicaSetReplicaFailure
 // ReplicaSetReplicaFailure is added in a replica set when one of its pods fails to be created
 // due to insufficient quota, limit ranges, pod security policy, node selectors, etc. or deleted
 // due to kubelet being down or finalizers are failing.
 #ReplicaSetReplicaFailure: #ReplicaSetConditionType & "ReplicaFailure"
 // ReplicaSetCondition describes the state of a replica set at a certain point.
 #ReplicaSetCondition: {
 	// Type of replica set condition.
 	type: #ReplicaSetConditionType @go(Type) @protobuf(1,bytes,opt,casttype=ReplicaSetConditionType)
 	// Status of the condition, one of True, False, Unknown.
 	status: v1.#ConditionStatus @go(Status) @protobuf(2,bytes,opt,casttype=k8s.io/api/core/v1.ConditionStatus)
 	// The last time the condition transitioned from one status to another.
 	// +optional
 	lastTransitionTime?: metav1.#Time @go(LastTransitionTime) @protobuf(3,bytes,opt)
 	// The reason for the condition's last transition.
 	// +optional
 	reason?: string @go(Reason) @protobuf(4,bytes,opt)
 	// A human readable message indicating details about the transition.
 	// +optional
 	message?: string @go(Message) @protobuf(5,bytes,opt)
 }
 // ControllerRevision implements an immutable snapshot of state data. Clients
 // are responsible for serializing and deserializing the objects that contain
 // their internal state.
 // Once a ControllerRevision has been successfully created, it can not be updated.
 // The API Server will fail validation of all requests that attempt to mutate
 // the Data field. ControllerRevisions may, however, be deleted. Note that, due to its use by both
 // the DaemonSet and StatefulSet controllers for update and rollback, this object is beta. However,
 // it may be subject to name and representation changes in future releases, and clients should not
 // depend on its stability. It is primarily for internal use by controllers.
 #ControllerRevision: {
 	metav1.#TypeMeta
 	// Standard object's metadata.
 	// More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
 	// +optional
 	metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt)
 	// Data is the serialized representation of the state.
 	data?: runtime.#RawExtension @go(Data) @protobuf(2,bytes,opt)
 	// Revision indicates the revision of the state represented by Data.
 	revision: int64 @go(Revision) @protobuf(3,varint,opt)
 }
 // ControllerRevisionList is a resource containing a list of ControllerRevision objects.
 #ControllerRevisionList: {
 	metav1.#TypeMeta
 	// More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
 	// +optional
 	metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt)
 	// Items is the list of ControllerRevisions
 	items: [...#ControllerRevision] @go(Items,[]ControllerRevision) @protobuf(2,bytes,rep)
 }
--- a/timoni/podinfo/cue.mod/gen/k8s.io/api/authentication/v1/register_go_gen.cue
+++ b/timoni/podinfo/cue.mod/gen/k8s.io/api/authentication/v1/register_go_gen.cue
@@ -0,0 +1,7 @@
 // Code generated by cue get go. DO NOT EDIT.
 //cue:generate cue get go k8s.io/api/authentication/v1
 package v1
 #GroupName: "authentication.k8s.io"
--- a/timoni/podinfo/cue.mod/gen/k8s.io/api/authentication/v1/types_go_gen.cue
+++ b/timoni/podinfo/cue.mod/gen/k8s.io/api/authentication/v1/types_go_gen.cue
@@ -0,0 +1,206 @@
 // Code generated by cue get go. DO NOT EDIT.
 //cue:generate cue get go k8s.io/api/authentication/v1
 package v1
 import (
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/types"
 )
 // ImpersonateUserHeader is used to impersonate a particular user during an API server request
 #ImpersonateUserHeader: "Impersonate-User"
 // ImpersonateGroupHeader is used to impersonate a particular group during an API server request.
 // It can be repeated multiplied times for multiple groups.
 #ImpersonateGroupHeader: "Impersonate-Group"
 // ImpersonateUIDHeader is used to impersonate a particular UID during an API server request
 #ImpersonateUIDHeader: "Impersonate-Uid"
 // ImpersonateUserExtraHeaderPrefix is a prefix for any header used to impersonate an entry in the
 // extra map[string][]string for user.Info.  The key will be every after the prefix.
 // It can be repeated multiplied times for multiple map keys and the same key can be repeated multiple
 // times to have multiple elements in the slice under a single key
 #ImpersonateUserExtraHeaderPrefix: "Impersonate-Extra-"
 // TokenReview attempts to authenticate a token to a known user.
 // Note: TokenReview requests may be cached by the webhook token authenticator
 // plugin in the kube-apiserver.
 #TokenReview: {
 	metav1.#TypeMeta
 	// Standard object's metadata.
 	// More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
 	// +optional
 	metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt)
 	// Spec holds information about the request being evaluated
 	spec: #TokenReviewSpec @go(Spec) @protobuf(2,bytes,opt)
 	// Status is filled in by the server and indicates whether the request can be authenticated.
 	// +optional
 	status?: #TokenReviewStatus @go(Status) @protobuf(3,bytes,opt)
 }
 // TokenReviewSpec is a description of the token authentication request.
 #TokenReviewSpec: {
 	// Token is the opaque bearer token.
 	// +optional
 	token?: string @go(Token) @protobuf(1,bytes,opt)
 	// Audiences is a list of the identifiers that the resource server presented
 	// with the token identifies as. Audience-aware token authenticators will
 	// verify that the token was intended for at least one of the audiences in
 	// this list. If no audiences are provided, the audience will default to the
 	// audience of the Kubernetes apiserver.
 	// +optional
 	audiences?: [...string] @go(Audiences,[]string) @protobuf(2,bytes,rep)
 }
 // TokenReviewStatus is the result of the token authentication request.
 #TokenReviewStatus: {
 	// Authenticated indicates that the token was associated with a known user.
 	// +optional
 	authenticated?: bool @go(Authenticated) @protobuf(1,varint,opt)
 	// User is the UserInfo associated with the provided token.
 	// +optional
 	user?: #UserInfo @go(User) @protobuf(2,bytes,opt)
 	// Audiences are audience identifiers chosen by the authenticator that are
 	// compatible with both the TokenReview and token. An identifier is any
 	// identifier in the intersection of the TokenReviewSpec audiences and the
 	// token's audiences. A client of the TokenReview API that sets the
 	// spec.audiences field should validate that a compatible audience identifier
 	// is returned in the status.audiences field to ensure that the TokenReview
 	// server is audience aware. If a TokenReview returns an empty
 	// status.audience field where status.authenticated is "true", the token is
 	// valid against the audience of the Kubernetes API server.
 	// +optional
 	audiences?: [...string] @go(Audiences,[]string) @protobuf(4,bytes,rep)
 	// Error indicates that the token couldn't be checked
 	// +optional
 	error?: string @go(Error) @protobuf(3,bytes,opt)
 }
 // UserInfo holds the information about the user needed to implement the
 // user.Info interface.
 #UserInfo: {
 	// The name that uniquely identifies this user among all active users.
 	// +optional
 	username?: string @go(Username) @protobuf(1,bytes,opt)
 	// A unique value that identifies this user across time. If this user is
 	// deleted and another user by the same name is added, they will have
 	// different UIDs.
 	// +optional
 	uid?: string @go(UID) @protobuf(2,bytes,opt)
 	// The names of groups this user is a part of.
 	// +optional
 	groups?: [...string] @go(Groups,[]string) @protobuf(3,bytes,rep)
 	// Any additional information provided by the authenticator.
 	// +optional
 	extra?: {[string]: #ExtraValue} @go(Extra,map[string]ExtraValue) @protobuf(4,bytes,rep)
 }
 // ExtraValue masks the value so protobuf can generate
 // +protobuf.nullable=true
 // +protobuf.options.(gogoproto.goproto_stringer)=false
 #ExtraValue: [...string]
 // TokenRequest requests a token for a given service account.
 #TokenRequest: {
 	metav1.#TypeMeta
 	// Standard object's metadata.
 	// More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
 	// +optional
 	metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt)
 	// Spec holds information about the request being evaluated
 	spec: #TokenRequestSpec @go(Spec) @protobuf(2,bytes,opt)
 	// Status is filled in by the server and indicates whether the token can be authenticated.
 	// +optional
 	status?: #TokenRequestStatus @go(Status) @protobuf(3,bytes,opt)
 }
 // TokenRequestSpec contains client provided parameters of a token request.
 #TokenRequestSpec: {
 	// Audiences are the intendend audiences of the token. A recipient of a
 	// token must identify themself with an identifier in the list of
 	// audiences of the token, and otherwise should reject the token. A
 	// token issued for multiple audiences may be used to authenticate
 	// against any of the audiences listed but implies a high degree of
 	// trust between the target audiences.
 	audiences: [...string] @go(Audiences,[]string) @protobuf(1,bytes,rep)
 	// ExpirationSeconds is the requested duration of validity of the request. The
 	// token issuer may return a token with a different validity duration so a
 	// client needs to check the 'expiration' field in a response.
 	// +optional
 	expirationSeconds?: null | int64 @go(ExpirationSeconds,*int64) @protobuf(4,varint,opt)
 	// BoundObjectRef is a reference to an object that the token will be bound to.
 	// The token will only be valid for as long as the bound object exists.
 	// NOTE: The API server's TokenReview endpoint will validate the
 	// BoundObjectRef, but other audiences may not. Keep ExpirationSeconds
 	// small if you want prompt revocation.
 	// +optional
 	boundObjectRef?: null | #BoundObjectReference @go(BoundObjectRef,*BoundObjectReference) @protobuf(3,bytes,opt)
 }
 // TokenRequestStatus is the result of a token request.
 #TokenRequestStatus: {
 	// Token is the opaque bearer token.
 	token: string @go(Token) @protobuf(1,bytes,opt)
 	// ExpirationTimestamp is the time of expiration of the returned token.
 	expirationTimestamp: metav1.#Time @go(ExpirationTimestamp) @protobuf(2,bytes,opt)
 }
 // BoundObjectReference is a reference to an object that a token is bound to.
 #BoundObjectReference: {
 	// Kind of the referent. Valid kinds are 'Pod' and 'Secret'.
 	// +optional
 	kind?: string @go(Kind) @protobuf(1,bytes,opt)
 	// API version of the referent.
 	// +optional
 	apiVersion?: string @go(APIVersion) @protobuf(2,bytes,opt)
 	// Name of the referent.
 	// +optional
 	name?: string @go(Name) @protobuf(3,bytes,opt)
 	// UID of the referent.
 	// +optional
 	uid?: types.#UID @go(UID) @protobuf(4,bytes,opt,name=uID,casttype=k8s.io/apimachinery/pkg/types.UID)
 }
 // SelfSubjectReview contains the user information that the kube-apiserver has about the user making this request.
 // When using impersonation, users will receive the user info of the user being impersonated.  If impersonation or
 // request header authentication is used, any extra keys will have their case ignored and returned as lowercase.
 #SelfSubjectReview: {
 	metav1.#TypeMeta
 	// Standard object's metadata.
 	// More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
 	// +optional
 	metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt)
 	// Status is filled in by the server with the user attributes.
 	status?: #SelfSubjectReviewStatus @go(Status) @protobuf(2,bytes,opt)
 }
 // SelfSubjectReviewStatus is filled by the kube-apiserver and sent back to a user.
 #SelfSubjectReviewStatus: {
 	// User attributes of the user making this request.
 	// +optional
 	userInfo?: #UserInfo @go(UserInfo) @protobuf(1,bytes,opt)
 }
--- a/timoni/podinfo/cue.mod/gen/k8s.io/api/authorization/v1/register_go_gen.cue
+++ b/timoni/podinfo/cue.mod/gen/k8s.io/api/authorization/v1/register_go_gen.cue
@@ -0,0 +1,7 @@
 // Code generated by cue get go. DO NOT EDIT.
 //cue:generate cue get go k8s.io/api/authorization/v1
 package v1
 #GroupName: "authorization.k8s.io"
--- a/timoni/podinfo/cue.mod/gen/k8s.io/api/authorization/v1/types_go_gen.cue
+++ b/timoni/podinfo/cue.mod/gen/k8s.io/api/authorization/v1/types_go_gen.cue
@@ -0,0 +1,262 @@
 // Code generated by cue get go. DO NOT EDIT.
 //cue:generate cue get go k8s.io/api/authorization/v1
 package v1
 import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 // SubjectAccessReview checks whether or not a user or group can perform an action.
 #SubjectAccessReview: {
 	metav1.#TypeMeta
 	// Standard list metadata.
 	// More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
 	// +optional
 	metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt)
 	// Spec holds information about the request being evaluated
 	spec: #SubjectAccessReviewSpec @go(Spec) @protobuf(2,bytes,opt)
 	// Status is filled in by the server and indicates whether the request is allowed or not
 	// +optional
 	status?: #SubjectAccessReviewStatus @go(Status) @protobuf(3,bytes,opt)
 }
 // SelfSubjectAccessReview checks whether or the current user can perform an action.  Not filling in a
 // spec.namespace means "in all namespaces".  Self is a special case, because users should always be able
 // to check whether they can perform an action
 #SelfSubjectAccessReview: {
 	metav1.#TypeMeta
 	// Standard list metadata.
 	// More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
 	// +optional
 	metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt)
 	// Spec holds information about the request being evaluated.  user and groups must be empty
 	spec: #SelfSubjectAccessReviewSpec @go(Spec) @protobuf(2,bytes,opt)
 	// Status is filled in by the server and indicates whether the request is allowed or not
 	// +optional
 	status?: #SubjectAccessReviewStatus @go(Status) @protobuf(3,bytes,opt)
 }
 // LocalSubjectAccessReview checks whether or not a user or group can perform an action in a given namespace.
 // Having a namespace scoped resource makes it much easier to grant namespace scoped policy that includes permissions
 // checking.
 #LocalSubjectAccessReview: {
 	metav1.#TypeMeta
 	// Standard list metadata.
 	// More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
 	// +optional
 	metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt)
 	// Spec holds information about the request being evaluated.  spec.namespace must be equal to the namespace
 	// you made the request against.  If empty, it is defaulted.
 	spec: #SubjectAccessReviewSpec @go(Spec) @protobuf(2,bytes,opt)
 	// Status is filled in by the server and indicates whether the request is allowed or not
 	// +optional
 	status?: #SubjectAccessReviewStatus @go(Status) @protobuf(3,bytes,opt)
 }
 // ResourceAttributes includes the authorization attributes available for resource requests to the Authorizer interface
 #ResourceAttributes: {
 	// Namespace is the namespace of the action being requested.  Currently, there is no distinction between no namespace and all namespaces
 	// "" (empty) is defaulted for LocalSubjectAccessReviews
 	// "" (empty) is empty for cluster-scoped resources
 	// "" (empty) means "all" for namespace scoped resources from a SubjectAccessReview or SelfSubjectAccessReview
 	// +optional
 	namespace?: string @go(Namespace) @protobuf(1,bytes,opt)
 	// Verb is a kubernetes resource API verb, like: get, list, watch, create, update, delete, proxy.  "*" means all.
 	// +optional
 	verb?: string @go(Verb) @protobuf(2,bytes,opt)
 	// Group is the API Group of the Resource.  "*" means all.
 	// +optional
 	group?: string @go(Group) @protobuf(3,bytes,opt)
 	// Version is the API Version of the Resource.  "*" means all.
 	// +optional
 	version?: string @go(Version) @protobuf(4,bytes,opt)
 	// Resource is one of the existing resource types.  "*" means all.
 	// +optional
 	resource?: string @go(Resource) @protobuf(5,bytes,opt)
 	// Subresource is one of the existing resource types.  "" means none.
 	// +optional
 	subresource?: string @go(Subresource) @protobuf(6,bytes,opt)
 	// Name is the name of the resource being requested for a "get" or deleted for a "delete". "" (empty) means all.
 	// +optional
 	name?: string @go(Name) @protobuf(7,bytes,opt)
 }
 // NonResourceAttributes includes the authorization attributes available for non-resource requests to the Authorizer interface
 #NonResourceAttributes: {
 	// Path is the URL path of the request
 	// +optional
 	path?: string @go(Path) @protobuf(1,bytes,opt)
 	// Verb is the standard HTTP verb
 	// +optional
 	verb?: string @go(Verb) @protobuf(2,bytes,opt)
 }
 // SubjectAccessReviewSpec is a description of the access request.  Exactly one of ResourceAuthorizationAttributes
 // and NonResourceAuthorizationAttributes must be set
 #SubjectAccessReviewSpec: {
 	// ResourceAuthorizationAttributes describes information for a resource access request
 	// +optional
 	resourceAttributes?: null | #ResourceAttributes @go(ResourceAttributes,*ResourceAttributes) @protobuf(1,bytes,opt)
 	// NonResourceAttributes describes information for a non-resource access request
 	// +optional
 	nonResourceAttributes?: null | #NonResourceAttributes @go(NonResourceAttributes,*NonResourceAttributes) @protobuf(2,bytes,opt)
 	// User is the user you're testing for.
 	// If you specify "User" but not "Groups", then is it interpreted as "What if User were not a member of any groups
 	// +optional
 	user?: string @go(User) @protobuf(3,bytes,opt)
 	// Groups is the groups you're testing for.
 	// +optional
 	groups?: [...string] @go(Groups,[]string) @protobuf(4,bytes,rep)
 	// Extra corresponds to the user.Info.GetExtra() method from the authenticator.  Since that is input to the authorizer
 	// it needs a reflection here.
 	// +optional
 	extra?: {[string]: #ExtraValue} @go(Extra,map[string]ExtraValue) @protobuf(5,bytes,rep)
 	// UID information about the requesting user.
 	// +optional
 	uid?: string @go(UID) @protobuf(6,bytes,opt)
 }
 // ExtraValue masks the value so protobuf can generate
 // +protobuf.nullable=true
 // +protobuf.options.(gogoproto.goproto_stringer)=false
 #ExtraValue: [...string]
 // SelfSubjectAccessReviewSpec is a description of the access request.  Exactly one of ResourceAuthorizationAttributes
 // and NonResourceAuthorizationAttributes must be set
 #SelfSubjectAccessReviewSpec: {
 	// ResourceAuthorizationAttributes describes information for a resource access request
 	// +optional
 	resourceAttributes?: null | #ResourceAttributes @go(ResourceAttributes,*ResourceAttributes) @protobuf(1,bytes,opt)
 	// NonResourceAttributes describes information for a non-resource access request
 	// +optional
 	nonResourceAttributes?: null | #NonResourceAttributes @go(NonResourceAttributes,*NonResourceAttributes) @protobuf(2,bytes,opt)
 }
 // SubjectAccessReviewStatus
 #SubjectAccessReviewStatus: {
 	// Allowed is required. True if the action would be allowed, false otherwise.
 	allowed: bool @go(Allowed) @protobuf(1,varint,opt)
 	// Denied is optional. True if the action would be denied, otherwise
 	// false. If both allowed is false and denied is false, then the
 	// authorizer has no opinion on whether to authorize the action. Denied
 	// may not be true if Allowed is true.
 	// +optional
 	denied?: bool @go(Denied) @protobuf(4,varint,opt)
 	// Reason is optional.  It indicates why a request was allowed or denied.
 	// +optional
 	reason?: string @go(Reason) @protobuf(2,bytes,opt)
 	// EvaluationError is an indication that some error occurred during the authorization check.
 	// It is entirely possible to get an error and be able to continue determine authorization status in spite of it.
 	// For instance, RBAC can be missing a role, but enough roles are still present and bound to reason about the request.
 	// +optional
 	evaluationError?: string @go(EvaluationError) @protobuf(3,bytes,opt)
 }
 // SelfSubjectRulesReview enumerates the set of actions the current user can perform within a namespace.
 // The returned list of actions may be incomplete depending on the server's authorization mode,
 // and any errors experienced during the evaluation. SelfSubjectRulesReview should be used by UIs to show/hide actions,
 // or to quickly let an end user reason about their permissions. It should NOT Be used by external systems to
 // drive authorization decisions as this raises confused deputy, cache lifetime/revocation, and correctness concerns.
 // SubjectAccessReview, and LocalAccessReview are the correct way to defer authorization decisions to the API server.
 #SelfSubjectRulesReview: {
 	metav1.#TypeMeta
 	// Standard list metadata.
 	// More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
 	// +optional
 	metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt)
 	// Spec holds information about the request being evaluated.
 	spec: #SelfSubjectRulesReviewSpec @go(Spec) @protobuf(2,bytes,opt)
 	// Status is filled in by the server and indicates the set of actions a user can perform.
 	// +optional
 	status?: #SubjectRulesReviewStatus @go(Status) @protobuf(3,bytes,opt)
 }
 // SelfSubjectRulesReviewSpec defines the specification for SelfSubjectRulesReview.
 #SelfSubjectRulesReviewSpec: {
 	// Namespace to evaluate rules for. Required.
 	namespace?: string @go(Namespace) @protobuf(1,bytes,opt)
 }
 // SubjectRulesReviewStatus contains the result of a rules check. This check can be incomplete depending on
 // the set of authorizers the server is configured with and any errors experienced during evaluation.
 // Because authorization rules are additive, if a rule appears in a list it's safe to assume the subject has that permission,
 // even if that list is incomplete.
 #SubjectRulesReviewStatus: {
 	// ResourceRules is the list of actions the subject is allowed to perform on resources.
 	// The list ordering isn't significant, may contain duplicates, and possibly be incomplete.
 	resourceRules: [...#ResourceRule] @go(ResourceRules,[]ResourceRule) @protobuf(1,bytes,rep)
 	// NonResourceRules is the list of actions the subject is allowed to perform on non-resources.
 	// The list ordering isn't significant, may contain duplicates, and possibly be incomplete.
 	nonResourceRules: [...#NonResourceRule] @go(NonResourceRules,[]NonResourceRule) @protobuf(2,bytes,rep)
 	// Incomplete is true when the rules returned by this call are incomplete. This is most commonly
 	// encountered when an authorizer, such as an external authorizer, doesn't support rules evaluation.
 	incomplete: bool @go(Incomplete) @protobuf(3,bytes,rep)
 	// EvaluationError can appear in combination with Rules. It indicates an error occurred during
 	// rule evaluation, such as an authorizer that doesn't support rule evaluation, and that
 	// ResourceRules and/or NonResourceRules may be incomplete.
 	// +optional
 	evaluationError?: string @go(EvaluationError) @protobuf(4,bytes,opt)
 }
 // ResourceRule is the list of actions the subject is allowed to perform on resources. The list ordering isn't significant,
 // may contain duplicates, and possibly be incomplete.
 #ResourceRule: {
 	// Verb is a list of kubernetes resource API verbs, like: get, list, watch, create, update, delete, proxy.  "*" means all.
 	verbs: [...string] @go(Verbs,[]string) @protobuf(1,bytes,rep)
 	// APIGroups is the name of the APIGroup that contains the resources.  If multiple API groups are specified, any action requested against one of
 	// the enumerated resources in any API group will be allowed.  "*" means all.
 	// +optional
 	apiGroups?: [...string] @go(APIGroups,[]string) @protobuf(2,bytes,rep)
 	// Resources is a list of resources this rule applies to.  "*" means all in the specified apiGroups.
 	//  "*/foo" represents the subresource 'foo' for all resources in the specified apiGroups.
 	// +optional
 	resources?: [...string] @go(Resources,[]string) @protobuf(3,bytes,rep)
 	// ResourceNames is an optional white list of names that the rule applies to.  An empty set means that everything is allowed.  "*" means all.
 	// +optional
 	resourceNames?: [...string] @go(ResourceNames,[]string) @protobuf(4,bytes,rep)
 }
 // NonResourceRule holds information that describes a rule for the non-resource
 #NonResourceRule: {
 	// Verb is a list of kubernetes non-resource API verbs, like: get, post, put, delete, patch, head, options.  "*" means all.
 	verbs: [...string] @go(Verbs,[]string) @protobuf(1,bytes,rep)
 	// NonResourceURLs is a set of partial urls that a user should have access to.  *s are allowed, but only as the full,
 	// final step in the path.  "*" means all.
 	// +optional
 	nonResourceURLs?: [...string] @go(NonResourceURLs,[]string) @protobuf(2,bytes,rep)
 }
--- a/timoni/podinfo/cue.mod/gen/k8s.io/api/autoscaling/v1/register_go_gen.cue
+++ b/timoni/podinfo/cue.mod/gen/k8s.io/api/autoscaling/v1/register_go_gen.cue
@@ -0,0 +1,7 @@
 // Code generated by cue get go. DO NOT EDIT.
 //cue:generate cue get go k8s.io/api/autoscaling/v1
 package v1
 #GroupName: "autoscaling"
--- a/timoni/podinfo/cue.mod/gen/k8s.io/api/autoscaling/v1/types_go_gen.cue
+++ b/timoni/podinfo/cue.mod/gen/k8s.io/api/autoscaling/v1/types_go_gen.cue
@@ -0,0 +1,542 @@
 // Code generated by cue get go. DO NOT EDIT.
 //cue:generate cue get go k8s.io/api/autoscaling/v1
 package v1
 import (
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/api/resource"
 	"k8s.io/api/core/v1"
 )
 // CrossVersionObjectReference contains enough information to let you identify the referred resource.
 // +structType=atomic
 #CrossVersionObjectReference: {
 	// kind is the kind of the referent; More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
 	kind: string @go(Kind) @protobuf(1,bytes,opt)
 	// name is the name of the referent; More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
 	name: string @go(Name) @protobuf(2,bytes,opt)
 	// apiVersion is the API version of the referent
 	// +optional
 	apiVersion?: string @go(APIVersion) @protobuf(3,bytes,opt)
 }
 // specification of a horizontal pod autoscaler.
 #HorizontalPodAutoscalerSpec: {
 	// reference to scaled resource; horizontal pod autoscaler will learn the current resource consumption
 	// and will set the desired number of pods by using its Scale subresource.
 	scaleTargetRef: #CrossVersionObjectReference @go(ScaleTargetRef) @protobuf(1,bytes,opt)
 	// minReplicas is the lower limit for the number of replicas to which the autoscaler
 	// can scale down.  It defaults to 1 pod.  minReplicas is allowed to be 0 if the
 	// alpha feature gate HPAScaleToZero is enabled and at least one Object or External
 	// metric is configured.  Scaling is active as long as at least one metric value is
 	// available.
 	// +optional
 	minReplicas?: null | int32 @go(MinReplicas,*int32) @protobuf(2,varint,opt)
 	// maxReplicas is the upper limit for the number of pods that can be set by the autoscaler; cannot be smaller than MinReplicas.
 	maxReplicas: int32 @go(MaxReplicas) @protobuf(3,varint,opt)
 	// targetCPUUtilizationPercentage is the target average CPU utilization (represented as a percentage of requested CPU) over all the pods;
 	// if not specified the default autoscaling policy will be used.
 	// +optional
 	targetCPUUtilizationPercentage?: null | int32 @go(TargetCPUUtilizationPercentage,*int32) @protobuf(4,varint,opt)
 }
 // current status of a horizontal pod autoscaler
 #HorizontalPodAutoscalerStatus: {
 	// observedGeneration is the most recent generation observed by this autoscaler.
 	// +optional
 	observedGeneration?: null | int64 @go(ObservedGeneration,*int64) @protobuf(1,varint,opt)
 	// lastScaleTime is the last time the HorizontalPodAutoscaler scaled the number of pods;
 	// used by the autoscaler to control how often the number of pods is changed.
 	// +optional
 	lastScaleTime?: null | metav1.#Time @go(LastScaleTime,*metav1.Time) @protobuf(2,bytes,opt)
 	// currentReplicas is the current number of replicas of pods managed by this autoscaler.
 	currentReplicas: int32 @go(CurrentReplicas) @protobuf(3,varint,opt)
 	// desiredReplicas is the  desired number of replicas of pods managed by this autoscaler.
 	desiredReplicas: int32 @go(DesiredReplicas) @protobuf(4,varint,opt)
 	// currentCPUUtilizationPercentage is the current average CPU utilization over all pods, represented as a percentage of requested CPU,
 	// e.g. 70 means that an average pod is using now 70% of its requested CPU.
 	// +optional
 	currentCPUUtilizationPercentage?: null | int32 @go(CurrentCPUUtilizationPercentage,*int32) @protobuf(5,varint,opt)
 }
 // configuration of a horizontal pod autoscaler.
 #HorizontalPodAutoscaler: {
 	metav1.#TypeMeta
 	// Standard object metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
 	// +optional
 	metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt)
 	// spec defines the behaviour of autoscaler. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status.
 	// +optional
 	spec?: #HorizontalPodAutoscalerSpec @go(Spec) @protobuf(2,bytes,opt)
 	// status is the current information about the autoscaler.
 	// +optional
 	status?: #HorizontalPodAutoscalerStatus @go(Status) @protobuf(3,bytes,opt)
 }
 // list of horizontal pod autoscaler objects.
 #HorizontalPodAutoscalerList: {
 	metav1.#TypeMeta
 	// Standard list metadata.
 	// +optional
 	metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt)
 	// items is the list of horizontal pod autoscaler objects.
 	items: [...#HorizontalPodAutoscaler] @go(Items,[]HorizontalPodAutoscaler) @protobuf(2,bytes,rep)
 }
 // Scale represents a scaling request for a resource.
 #Scale: {
 	metav1.#TypeMeta
 	// Standard object metadata; More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata.
 	// +optional
 	metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt)
 	// spec defines the behavior of the scale. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status.
 	// +optional
 	spec?: #ScaleSpec @go(Spec) @protobuf(2,bytes,opt)
 	// status is the current status of the scale. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status. Read-only.
 	// +optional
 	status?: #ScaleStatus @go(Status) @protobuf(3,bytes,opt)
 }
 // ScaleSpec describes the attributes of a scale subresource.
 #ScaleSpec: {
 	// replicas is the desired number of instances for the scaled object.
 	// +optional
 	replicas?: int32 @go(Replicas) @protobuf(1,varint,opt)
 }
 // ScaleStatus represents the current status of a scale subresource.
 #ScaleStatus: {
 	// replicas is the actual number of observed instances of the scaled object.
 	replicas: int32 @go(Replicas) @protobuf(1,varint,opt)
 	// selector is the label query over pods that should match the replicas count. This is same
 	// as the label selector but in the string format to avoid introspection
 	// by clients. The string will be in the same format as the query-param syntax.
 	// More info about label selectors: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/
 	// +optional
 	selector?: string @go(Selector) @protobuf(2,bytes,opt)
 }
 // MetricSourceType indicates the type of metric.
 // +enum
 #MetricSourceType: string // #enumMetricSourceType
 #enumMetricSourceType:
 	#ObjectMetricSourceType |
 	#PodsMetricSourceType |
 	#ResourceMetricSourceType |
 	#ContainerResourceMetricSourceType |
 	#ExternalMetricSourceType
 // ObjectMetricSourceType is a metric describing a kubernetes object
 // (for example, hits-per-second on an Ingress object).
 #ObjectMetricSourceType: #MetricSourceType & "Object"
 // PodsMetricSourceType is a metric describing each pod in the current scale
 // target (for example, transactions-processed-per-second).  The values
 // will be averaged together before being compared to the target value.
 #PodsMetricSourceType: #MetricSourceType & "Pods"
 // ResourceMetricSourceType is a resource metric known to Kubernetes, as
 // specified in requests and limits, describing each pod in the current
 // scale target (e.g. CPU or memory).  Such metrics are built in to
 // Kubernetes, and have special scaling options on top of those available
 // to normal per-pod metrics (the "pods" source).
 #ResourceMetricSourceType: #MetricSourceType & "Resource"
 // ContainerResourceMetricSourceType is a resource metric known to Kubernetes, as
 // specified in requests and limits, describing a single container in each pod in the current
 // scale target (e.g. CPU or memory).  Such metrics are built in to
 // Kubernetes, and have special scaling options on top of those available
 // to normal per-pod metrics (the "pods" source).
 #ContainerResourceMetricSourceType: #MetricSourceType & "ContainerResource"
 // ExternalMetricSourceType is a global metric that is not associated
 // with any Kubernetes object. It allows autoscaling based on information
 // coming from components running outside of cluster
 // (for example length of queue in cloud messaging service, or
 // QPS from loadbalancer running outside of cluster).
 #ExternalMetricSourceType: #MetricSourceType & "External"
 // MetricSpec specifies how to scale based on a single metric
 // (only `type` and one other matching field should be set at once).
 #MetricSpec: {
 	// type is the type of metric source.  It should be one of "ContainerResource",
 	// "External", "Object", "Pods" or "Resource", each mapping to a matching field in the object.
 	// Note: "ContainerResource" type is available on when the feature-gate
 	// HPAContainerMetrics is enabled
 	type: #MetricSourceType @go(Type) @protobuf(1,bytes)
 	// object refers to a metric describing a single kubernetes object
 	// (for example, hits-per-second on an Ingress object).
 	// +optional
 	object?: null | #ObjectMetricSource @go(Object,*ObjectMetricSource) @protobuf(2,bytes,opt)
 	// pods refers to a metric describing each pod in the current scale target
 	// (for example, transactions-processed-per-second).  The values will be
 	// averaged together before being compared to the target value.
 	// +optional
 	pods?: null | #PodsMetricSource @go(Pods,*PodsMetricSource) @protobuf(3,bytes,opt)
 	// resource refers to a resource metric (such as those specified in
 	// requests and limits) known to Kubernetes describing each pod in the
 	// current scale target (e.g. CPU or memory). Such metrics are built in to
 	// Kubernetes, and have special scaling options on top of those available
 	// to normal per-pod metrics using the "pods" source.
 	// +optional
 	resource?: null | #ResourceMetricSource @go(Resource,*ResourceMetricSource) @protobuf(4,bytes,opt)
 	// containerResource refers to a resource metric (such as those specified in
 	// requests and limits) known to Kubernetes describing a single container in each pod of the
 	// current scale target (e.g. CPU or memory). Such metrics are built in to
 	// Kubernetes, and have special scaling options on top of those available
 	// to normal per-pod metrics using the "pods" source.
 	// This is an alpha feature and can be enabled by the HPAContainerMetrics feature flag.
 	// +optional
 	containerResource?: null | #ContainerResourceMetricSource @go(ContainerResource,*ContainerResourceMetricSource) @protobuf(7,bytes,opt)
 	// external refers to a global metric that is not associated
 	// with any Kubernetes object. It allows autoscaling based on information
 	// coming from components running outside of cluster
 	// (for example length of queue in cloud messaging service, or
 	// QPS from loadbalancer running outside of cluster).
 	// +optional
 	external?: null | #ExternalMetricSource @go(External,*ExternalMetricSource) @protobuf(5,bytes,opt)
 }
 // ObjectMetricSource indicates how to scale on a metric describing a
 // kubernetes object (for example, hits-per-second on an Ingress object).
 #ObjectMetricSource: {
 	// target is the described Kubernetes object.
 	target: #CrossVersionObjectReference @go(Target) @protobuf(1,bytes)
 	// metricName is the name of the metric in question.
 	metricName: string @go(MetricName) @protobuf(2,bytes)
 	// targetValue is the target value of the metric (as a quantity).
 	targetValue: resource.#Quantity @go(TargetValue) @protobuf(3,bytes)
 	// selector is the string-encoded form of a standard kubernetes label selector for the given metric.
 	// When set, it is passed as an additional parameter to the metrics server for more specific metrics scoping
 	// When unset, just the metricName will be used to gather metrics.
 	// +optional
 	selector?: null | metav1.#LabelSelector @go(Selector,*metav1.LabelSelector) @protobuf(4,bytes)
 	// averageValue is the target value of the average of the
 	// metric across all relevant pods (as a quantity)
 	// +optional
 	averageValue?: null | resource.#Quantity @go(AverageValue,*resource.Quantity) @protobuf(5,bytes)
 }
 // PodsMetricSource indicates how to scale on a metric describing each pod in
 // the current scale target (for example, transactions-processed-per-second).
 // The values will be averaged together before being compared to the target
 // value.
 #PodsMetricSource: {
 	// metricName is the name of the metric in question
 	metricName: string @go(MetricName) @protobuf(1,bytes)
 	// targetAverageValue is the target value of the average of the
 	// metric across all relevant pods (as a quantity)
 	targetAverageValue: resource.#Quantity @go(TargetAverageValue) @protobuf(2,bytes)
 	// selector is the string-encoded form of a standard kubernetes label selector for the given metric
 	// When set, it is passed as an additional parameter to the metrics server for more specific metrics scoping
 	// When unset, just the metricName will be used to gather metrics.
 	// +optional
 	selector?: null | metav1.#LabelSelector @go(Selector,*metav1.LabelSelector) @protobuf(3,bytes)
 }
 // ResourceMetricSource indicates how to scale on a resource metric known to
 // Kubernetes, as specified in requests and limits, describing each pod in the
 // current scale target (e.g. CPU or memory).  The values will be averaged
 // together before being compared to the target.  Such metrics are built in to
 // Kubernetes, and have special scaling options on top of those available to
 // normal per-pod metrics using the "pods" source.  Only one "target" type
 // should be set.
 #ResourceMetricSource: {
 	// name is the name of the resource in question.
 	name: v1.#ResourceName @go(Name) @protobuf(1,bytes)
 	// targetAverageUtilization is the target value of the average of the
 	// resource metric across all relevant pods, represented as a percentage of
 	// the requested value of the resource for the pods.
 	// +optional
 	targetAverageUtilization?: null | int32 @go(TargetAverageUtilization,*int32) @protobuf(2,varint,opt)
 	// targetAverageValue is the target value of the average of the
 	// resource metric across all relevant pods, as a raw value (instead of as
 	// a percentage of the request), similar to the "pods" metric source type.
 	// +optional
 	targetAverageValue?: null | resource.#Quantity @go(TargetAverageValue,*resource.Quantity) @protobuf(3,bytes,opt)
 }
 // ContainerResourceMetricSource indicates how to scale on a resource metric known to
 // Kubernetes, as specified in the requests and limits, describing a single container in
 // each of the pods of the current scale target(e.g. CPU or memory). The values will be
 // averaged together before being compared to the target. Such metrics are built into
 // Kubernetes, and have special scaling options on top of those available to
 // normal per-pod metrics using the "pods" source. Only one "target" type
 // should be set.
 #ContainerResourceMetricSource: {
 	// name is the name of the resource in question.
 	name: v1.#ResourceName @go(Name) @protobuf(1,bytes)
 	// targetAverageUtilization is the target value of the average of the
 	// resource metric across all relevant pods, represented as a percentage of
 	// the requested value of the resource for the pods.
 	// +optional
 	targetAverageUtilization?: null | int32 @go(TargetAverageUtilization,*int32) @protobuf(2,varint,opt)
 	// targetAverageValue is the target value of the average of the
 	// resource metric across all relevant pods, as a raw value (instead of as
 	// a percentage of the request), similar to the "pods" metric source type.
 	// +optional
 	targetAverageValue?: null | resource.#Quantity @go(TargetAverageValue,*resource.Quantity) @protobuf(3,bytes,opt)
 	// container is the name of the container in the pods of the scaling target.
 	container: string @go(Container) @protobuf(5,bytes,opt)
 }
 // ExternalMetricSource indicates how to scale on a metric not associated with
 // any Kubernetes object (for example length of queue in cloud
 // messaging service, or QPS from loadbalancer running outside of cluster).
 #ExternalMetricSource: {
 	// metricName is the name of the metric in question.
 	metricName: string @go(MetricName) @protobuf(1,bytes)
 	// metricSelector is used to identify a specific time series
 	// within a given metric.
 	// +optional
 	metricSelector?: null | metav1.#LabelSelector @go(MetricSelector,*metav1.LabelSelector) @protobuf(2,bytes,opt)
 	// targetValue is the target value of the metric (as a quantity).
 	// Mutually exclusive with TargetAverageValue.
 	// +optional
 	targetValue?: null | resource.#Quantity @go(TargetValue,*resource.Quantity) @protobuf(3,bytes,opt)
 	// targetAverageValue is the target per-pod value of global metric (as a quantity).
 	// Mutually exclusive with TargetValue.
 	// +optional
 	targetAverageValue?: null | resource.#Quantity @go(TargetAverageValue,*resource.Quantity) @protobuf(4,bytes,opt)
 }
 // MetricStatus describes the last-read state of a single metric.
 #MetricStatus: {
 	// type is the type of metric source.  It will be one of "ContainerResource",
 	// "External", "Object", "Pods" or "Resource", each corresponds to a matching field in the object.
 	// Note: "ContainerResource" type is available on when the feature-gate
 	// HPAContainerMetrics is enabled
 	type: #MetricSourceType @go(Type) @protobuf(1,bytes)
 	// object refers to a metric describing a single kubernetes object
 	// (for example, hits-per-second on an Ingress object).
 	// +optional
 	object?: null | #ObjectMetricStatus @go(Object,*ObjectMetricStatus) @protobuf(2,bytes,opt)
 	// pods refers to a metric describing each pod in the current scale target
 	// (for example, transactions-processed-per-second).  The values will be
 	// averaged together before being compared to the target value.
 	// +optional
 	pods?: null | #PodsMetricStatus @go(Pods,*PodsMetricStatus) @protobuf(3,bytes,opt)
 	// resource refers to a resource metric (such as those specified in
 	// requests and limits) known to Kubernetes describing each pod in the
 	// current scale target (e.g. CPU or memory). Such metrics are built in to
 	// Kubernetes, and have special scaling options on top of those available
 	// to normal per-pod metrics using the "pods" source.
 	// +optional
 	resource?: null | #ResourceMetricStatus @go(Resource,*ResourceMetricStatus) @protobuf(4,bytes,opt)
 	// containerResource refers to a resource metric (such as those specified in
 	// requests and limits) known to Kubernetes describing a single container in each pod in the
 	// current scale target (e.g. CPU or memory). Such metrics are built in to
 	// Kubernetes, and have special scaling options on top of those available
 	// to normal per-pod metrics using the "pods" source.
 	// +optional
 	containerResource?: null | #ContainerResourceMetricStatus @go(ContainerResource,*ContainerResourceMetricStatus) @protobuf(7,bytes,opt)
 	// external refers to a global metric that is not associated
 	// with any Kubernetes object. It allows autoscaling based on information
 	// coming from components running outside of cluster
 	// (for example length of queue in cloud messaging service, or
 	// QPS from loadbalancer running outside of cluster).
 	// +optional
 	external?: null | #ExternalMetricStatus @go(External,*ExternalMetricStatus) @protobuf(5,bytes,opt)
 }
 // HorizontalPodAutoscalerConditionType are the valid conditions of
 // a HorizontalPodAutoscaler.
 #HorizontalPodAutoscalerConditionType: string // #enumHorizontalPodAutoscalerConditionType
 #enumHorizontalPodAutoscalerConditionType:
 	#ScalingActive |
 	#AbleToScale |
 	#ScalingLimited
 // ScalingActive indicates that the HPA controller is able to scale if necessary:
 // it's correctly configured, can fetch the desired metrics, and isn't disabled.
 #ScalingActive: #HorizontalPodAutoscalerConditionType & "ScalingActive"
 // AbleToScale indicates a lack of transient issues which prevent scaling from occurring,
 // such as being in a backoff window, or being unable to access/update the target scale.
 #AbleToScale: #HorizontalPodAutoscalerConditionType & "AbleToScale"
 // ScalingLimited indicates that the calculated scale based on metrics would be above or
 // below the range for the HPA, and has thus been capped.
 #ScalingLimited: #HorizontalPodAutoscalerConditionType & "ScalingLimited"
 // HorizontalPodAutoscalerCondition describes the state of
 // a HorizontalPodAutoscaler at a certain point.
 #HorizontalPodAutoscalerCondition: {
 	// type describes the current condition
 	type: #HorizontalPodAutoscalerConditionType @go(Type) @protobuf(1,bytes)
 	// status is the status of the condition (True, False, Unknown)
 	status: v1.#ConditionStatus @go(Status) @protobuf(2,bytes)
 	// lastTransitionTime is the last time the condition transitioned from
 	// one status to another
 	// +optional
 	lastTransitionTime?: metav1.#Time @go(LastTransitionTime) @protobuf(3,bytes,opt)
 	// reason is the reason for the condition's last transition.
 	// +optional
 	reason?: string @go(Reason) @protobuf(4,bytes,opt)
 	// message is a human-readable explanation containing details about
 	// the transition
 	// +optional
 	message?: string @go(Message) @protobuf(5,bytes,opt)
 }
 // ObjectMetricStatus indicates the current value of a metric describing a
 // kubernetes object (for example, hits-per-second on an Ingress object).
 #ObjectMetricStatus: {
 	// target is the described Kubernetes object.
 	target: #CrossVersionObjectReference @go(Target) @protobuf(1,bytes)
 	// metricName is the name of the metric in question.
 	metricName: string @go(MetricName) @protobuf(2,bytes)
 	// currentValue is the current value of the metric (as a quantity).
 	currentValue: resource.#Quantity @go(CurrentValue) @protobuf(3,bytes)
 	// selector is the string-encoded form of a standard kubernetes label selector for the given metric
 	// When set in the ObjectMetricSource, it is passed as an additional parameter to the metrics server for more specific metrics scoping.
 	// When unset, just the metricName will be used to gather metrics.
 	// +optional
 	selector?: null | metav1.#LabelSelector @go(Selector,*metav1.LabelSelector) @protobuf(4,bytes)
 	// averageValue is the current value of the average of the
 	// metric across all relevant pods (as a quantity)
 	// +optional
 	averageValue?: null | resource.#Quantity @go(AverageValue,*resource.Quantity) @protobuf(5,bytes)
 }
 // PodsMetricStatus indicates the current value of a metric describing each pod in
 // the current scale target (for example, transactions-processed-per-second).
 #PodsMetricStatus: {
 	// metricName is the name of the metric in question
 	metricName: string @go(MetricName) @protobuf(1,bytes)
 	// currentAverageValue is the current value of the average of the
 	// metric across all relevant pods (as a quantity)
 	currentAverageValue: resource.#Quantity @go(CurrentAverageValue) @protobuf(2,bytes)
 	// selector is the string-encoded form of a standard kubernetes label selector for the given metric
 	// When set in the PodsMetricSource, it is passed as an additional parameter to the metrics server for more specific metrics scoping.
 	// When unset, just the metricName will be used to gather metrics.
 	// +optional
 	selector?: null | metav1.#LabelSelector @go(Selector,*metav1.LabelSelector) @protobuf(3,bytes)
 }
 // ResourceMetricStatus indicates the current value of a resource metric known to
 // Kubernetes, as specified in requests and limits, describing each pod in the
 // current scale target (e.g. CPU or memory).  Such metrics are built in to
 // Kubernetes, and have special scaling options on top of those available to
 // normal per-pod metrics using the "pods" source.
 #ResourceMetricStatus: {
 	// name is the name of the resource in question.
 	name: v1.#ResourceName @go(Name) @protobuf(1,bytes)
 	// currentAverageUtilization is the current value of the average of the
 	// resource metric across all relevant pods, represented as a percentage of
 	// the requested value of the resource for the pods.  It will only be
 	// present if `targetAverageValue` was set in the corresponding metric
 	// specification.
 	// +optional
 	currentAverageUtilization?: null | int32 @go(CurrentAverageUtilization,*int32) @protobuf(2,bytes,opt)
 	// currentAverageValue is the current value of the average of the
 	// resource metric across all relevant pods, as a raw value (instead of as
 	// a percentage of the request), similar to the "pods" metric source type.
 	// It will always be set, regardless of the corresponding metric specification.
 	currentAverageValue: resource.#Quantity @go(CurrentAverageValue) @protobuf(3,bytes)
 }
 // ContainerResourceMetricStatus indicates the current value of a resource metric known to
 // Kubernetes, as specified in requests and limits, describing a single container in each pod in the
 // current scale target (e.g. CPU or memory).  Such metrics are built in to
 // Kubernetes, and have special scaling options on top of those available to
 // normal per-pod metrics using the "pods" source.
 #ContainerResourceMetricStatus: {
 	// name is the name of the resource in question.
 	name: v1.#ResourceName @go(Name) @protobuf(1,bytes)
 	// currentAverageUtilization is the current value of the average of the
 	// resource metric across all relevant pods, represented as a percentage of
 	// the requested value of the resource for the pods.  It will only be
 	// present if `targetAverageValue` was set in the corresponding metric
 	// specification.
 	// +optional
 	currentAverageUtilization?: null | int32 @go(CurrentAverageUtilization,*int32) @protobuf(2,bytes,opt)
 	// currentAverageValue is the current value of the average of the
 	// resource metric across all relevant pods, as a raw value (instead of as
 	// a percentage of the request), similar to the "pods" metric source type.
 	// It will always be set, regardless of the corresponding metric specification.
 	currentAverageValue: resource.#Quantity @go(CurrentAverageValue) @protobuf(3,bytes)
 	// container is the name of the container in the pods of the scaling taget
 	container: string @go(Container) @protobuf(4,bytes,opt)
 }
 // ExternalMetricStatus indicates the current value of a global metric
 // not associated with any Kubernetes object.
 #ExternalMetricStatus: {
 	// metricName is the name of a metric used for autoscaling in
 	// metric system.
 	metricName: string @go(MetricName) @protobuf(1,bytes)
 	// metricSelector is used to identify a specific time series
 	// within a given metric.
 	// +optional
 	metricSelector?: null | metav1.#LabelSelector @go(MetricSelector,*metav1.LabelSelector) @protobuf(2,bytes,opt)
 	// currentValue is the current value of the metric (as a quantity)
 	currentValue: resource.#Quantity @go(CurrentValue) @protobuf(3,bytes)
 	// currentAverageValue is the current value of metric averaged over autoscaled pods.
 	// +optional
 	currentAverageValue?: null | resource.#Quantity @go(CurrentAverageValue,*resource.Quantity) @protobuf(4,bytes,opt)
 }
--- a/timoni/podinfo/cue.mod/gen/k8s.io/api/autoscaling/v2/register_go_gen.cue
+++ b/timoni/podinfo/cue.mod/gen/k8s.io/api/autoscaling/v2/register_go_gen.cue
@@ -0,0 +1,7 @@
 // Code generated by cue get go. DO NOT EDIT.
 //cue:generate cue get go k8s.io/api/autoscaling/v2
 package v2
 #GroupName: "autoscaling"
--- a/timoni/podinfo/cue.mod/gen/k8s.io/api/autoscaling/v2/types_go_gen.cue
+++ b/timoni/podinfo/cue.mod/gen/k8s.io/api/autoscaling/v2/types_go_gen.cue
@@ -0,0 +1,597 @@
 // Code generated by cue get go. DO NOT EDIT.
 //cue:generate cue get go k8s.io/api/autoscaling/v2
 package v2
 import (
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/api/core/v1"
 	"k8s.io/apimachinery/pkg/api/resource"
 )
 // HorizontalPodAutoscaler is the configuration for a horizontal pod
 // autoscaler, which automatically manages the replica count of any resource
 // implementing the scale subresource based on the metrics specified.
 #HorizontalPodAutoscaler: {
 	metav1.#TypeMeta
 	// metadata is the standard object metadata.
 	// More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
 	// +optional
 	metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt)
 	// spec is the specification for the behaviour of the autoscaler.
 	// More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status.
 	// +optional
 	spec?: #HorizontalPodAutoscalerSpec @go(Spec) @protobuf(2,bytes,opt)
 	// status is the current information about the autoscaler.
 	// +optional
 	status?: #HorizontalPodAutoscalerStatus @go(Status) @protobuf(3,bytes,opt)
 }
 // HorizontalPodAutoscalerSpec describes the desired functionality of the HorizontalPodAutoscaler.
 #HorizontalPodAutoscalerSpec: {
 	// scaleTargetRef points to the target resource to scale, and is used to the pods for which metrics
 	// should be collected, as well as to actually change the replica count.
 	scaleTargetRef: #CrossVersionObjectReference @go(ScaleTargetRef) @protobuf(1,bytes,opt)
 	// minReplicas is the lower limit for the number of replicas to which the autoscaler
 	// can scale down.  It defaults to 1 pod.  minReplicas is allowed to be 0 if the
 	// alpha feature gate HPAScaleToZero is enabled and at least one Object or External
 	// metric is configured.  Scaling is active as long as at least one metric value is
 	// available.
 	// +optional
 	minReplicas?: null | int32 @go(MinReplicas,*int32) @protobuf(2,varint,opt)
 	// maxReplicas is the upper limit for the number of replicas to which the autoscaler can scale up.
 	// It cannot be less that minReplicas.
 	maxReplicas: int32 @go(MaxReplicas) @protobuf(3,varint,opt)
 	// metrics contains the specifications for which to use to calculate the
 	// desired replica count (the maximum replica count across all metrics will
 	// be used).  The desired replica count is calculated multiplying the
 	// ratio between the target value and the current value by the current
 	// number of pods.  Ergo, metrics used must decrease as the pod count is
 	// increased, and vice-versa.  See the individual metric source types for
 	// more information about how each type of metric must respond.
 	// If not set, the default metric will be set to 80% average CPU utilization.
 	// +listType=atomic
 	// +optional
 	metrics?: [...#MetricSpec] @go(Metrics,[]MetricSpec) @protobuf(4,bytes,rep)
 	// behavior configures the scaling behavior of the target
 	// in both Up and Down directions (scaleUp and scaleDown fields respectively).
 	// If not set, the default HPAScalingRules for scale up and scale down are used.
 	// +optional
 	behavior?: null | #HorizontalPodAutoscalerBehavior @go(Behavior,*HorizontalPodAutoscalerBehavior) @protobuf(5,bytes,opt)
 }
 // CrossVersionObjectReference contains enough information to let you identify the referred resource.
 #CrossVersionObjectReference: {
 	// kind is the kind of the referent; More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
 	kind: string @go(Kind) @protobuf(1,bytes,opt)
 	// name is the name of the referent; More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
 	name: string @go(Name) @protobuf(2,bytes,opt)
 	// apiVersion is the API version of the referent
 	// +optional
 	apiVersion?: string @go(APIVersion) @protobuf(3,bytes,opt)
 }
 // MetricSpec specifies how to scale based on a single metric
 // (only `type` and one other matching field should be set at once).
 #MetricSpec: {
 	// type is the type of metric source.  It should be one of "ContainerResource", "External",
 	// "Object", "Pods" or "Resource", each mapping to a matching field in the object.
 	// Note: "ContainerResource" type is available on when the feature-gate
 	// HPAContainerMetrics is enabled
 	type: #MetricSourceType @go(Type) @protobuf(1,bytes)
 	// object refers to a metric describing a single kubernetes object
 	// (for example, hits-per-second on an Ingress object).
 	// +optional
 	object?: null | #ObjectMetricSource @go(Object,*ObjectMetricSource) @protobuf(2,bytes,opt)
 	// pods refers to a metric describing each pod in the current scale target
 	// (for example, transactions-processed-per-second).  The values will be
 	// averaged together before being compared to the target value.
 	// +optional
 	pods?: null | #PodsMetricSource @go(Pods,*PodsMetricSource) @protobuf(3,bytes,opt)
 	// resource refers to a resource metric (such as those specified in
 	// requests and limits) known to Kubernetes describing each pod in the
 	// current scale target (e.g. CPU or memory). Such metrics are built in to
 	// Kubernetes, and have special scaling options on top of those available
 	// to normal per-pod metrics using the "pods" source.
 	// +optional
 	resource?: null | #ResourceMetricSource @go(Resource,*ResourceMetricSource) @protobuf(4,bytes,opt)
 	// containerResource refers to a resource metric (such as those specified in
 	// requests and limits) known to Kubernetes describing a single container in
 	// each pod of the current scale target (e.g. CPU or memory). Such metrics are
 	// built in to Kubernetes, and have special scaling options on top of those
 	// available to normal per-pod metrics using the "pods" source.
 	// This is an alpha feature and can be enabled by the HPAContainerMetrics feature flag.
 	// +optional
 	containerResource?: null | #ContainerResourceMetricSource @go(ContainerResource,*ContainerResourceMetricSource) @protobuf(7,bytes,opt)
 	// external refers to a global metric that is not associated
 	// with any Kubernetes object. It allows autoscaling based on information
 	// coming from components running outside of cluster
 	// (for example length of queue in cloud messaging service, or
 	// QPS from loadbalancer running outside of cluster).
 	// +optional
 	external?: null | #ExternalMetricSource @go(External,*ExternalMetricSource) @protobuf(5,bytes,opt)
 }
 // HorizontalPodAutoscalerBehavior configures the scaling behavior of the target
 // in both Up and Down directions (scaleUp and scaleDown fields respectively).
 #HorizontalPodAutoscalerBehavior: {
 	// scaleUp is scaling policy for scaling Up.
 	// If not set, the default value is the higher of:
 	//   * increase no more than 4 pods per 60 seconds
 	//   * double the number of pods per 60 seconds
 	// No stabilization is used.
 	// +optional
 	scaleUp?: null | #HPAScalingRules @go(ScaleUp,*HPAScalingRules) @protobuf(1,bytes,opt)
 	// scaleDown is scaling policy for scaling Down.
 	// If not set, the default value is to allow to scale down to minReplicas pods, with a
 	// 300 second stabilization window (i.e., the highest recommendation for
 	// the last 300sec is used).
 	// +optional
 	scaleDown?: null | #HPAScalingRules @go(ScaleDown,*HPAScalingRules) @protobuf(2,bytes,opt)
 }
 // ScalingPolicySelect is used to specify which policy should be used while scaling in a certain direction
 #ScalingPolicySelect: string // #enumScalingPolicySelect
 #enumScalingPolicySelect:
 	#MaxChangePolicySelect |
 	#MinChangePolicySelect |
 	#DisabledPolicySelect
 // MaxChangePolicySelect  selects the policy with the highest possible change.
 #MaxChangePolicySelect: #ScalingPolicySelect & "Max"
 // MinChangePolicySelect selects the policy with the lowest possible change.
 #MinChangePolicySelect: #ScalingPolicySelect & "Min"
 // DisabledPolicySelect disables the scaling in this direction.
 #DisabledPolicySelect: #ScalingPolicySelect & "Disabled"
 // HPAScalingRules configures the scaling behavior for one direction.
 // These Rules are applied after calculating DesiredReplicas from metrics for the HPA.
 // They can limit the scaling velocity by specifying scaling policies.
 // They can prevent flapping by specifying the stabilization window, so that the
 // number of replicas is not set instantly, instead, the safest value from the stabilization
 // window is chosen.
 #HPAScalingRules: {
 	// stabilizationWindowSeconds is the number of seconds for which past recommendations should be
 	// considered while scaling up or scaling down.
 	// StabilizationWindowSeconds must be greater than or equal to zero and less than or equal to 3600 (one hour).
 	// If not set, use the default values:
 	// - For scale up: 0 (i.e. no stabilization is done).
 	// - For scale down: 300 (i.e. the stabilization window is 300 seconds long).
 	// +optional
 	stabilizationWindowSeconds?: null | int32 @go(StabilizationWindowSeconds,*int32) @protobuf(3,varint,opt)
 	// selectPolicy is used to specify which policy should be used.
 	// If not set, the default value Max is used.
 	// +optional
 	selectPolicy?: null | #ScalingPolicySelect @go(SelectPolicy,*ScalingPolicySelect) @protobuf(1,bytes,opt)
 	// policies is a list of potential scaling polices which can be used during scaling.
 	// At least one policy must be specified, otherwise the HPAScalingRules will be discarded as invalid
 	// +listType=atomic
 	// +optional
 	policies?: [...#HPAScalingPolicy] @go(Policies,[]HPAScalingPolicy) @protobuf(2,bytes,rep)
 }
 // HPAScalingPolicyType is the type of the policy which could be used while making scaling decisions.
 #HPAScalingPolicyType: string // #enumHPAScalingPolicyType
 #enumHPAScalingPolicyType:
 	#PodsScalingPolicy |
 	#PercentScalingPolicy
 // PodsScalingPolicy is a policy used to specify a change in absolute number of pods.
 #PodsScalingPolicy: #HPAScalingPolicyType & "Pods"
 // PercentScalingPolicy is a policy used to specify a relative amount of change with respect to
 // the current number of pods.
 #PercentScalingPolicy: #HPAScalingPolicyType & "Percent"
 // HPAScalingPolicy is a single policy which must hold true for a specified past interval.
 #HPAScalingPolicy: {
 	// type is used to specify the scaling policy.
 	type: #HPAScalingPolicyType @go(Type) @protobuf(1,bytes,opt,casttype=HPAScalingPolicyType)
 	// value contains the amount of change which is permitted by the policy.
 	// It must be greater than zero
 	value: int32 @go(Value) @protobuf(2,varint,opt)
 	// periodSeconds specifies the window of time for which the policy should hold true.
 	// PeriodSeconds must be greater than zero and less than or equal to 1800 (30 min).
 	periodSeconds: int32 @go(PeriodSeconds) @protobuf(3,varint,opt)
 }
 // MetricSourceType indicates the type of metric.
 #MetricSourceType: string // #enumMetricSourceType
 #enumMetricSourceType:
 	#ObjectMetricSourceType |
 	#PodsMetricSourceType |
 	#ResourceMetricSourceType |
 	#ContainerResourceMetricSourceType |
 	#ExternalMetricSourceType
 // ObjectMetricSourceType is a metric describing a kubernetes object
 // (for example, hits-per-second on an Ingress object).
 #ObjectMetricSourceType: #MetricSourceType & "Object"
 // PodsMetricSourceType is a metric describing each pod in the current scale
 // target (for example, transactions-processed-per-second).  The values
 // will be averaged together before being compared to the target value.
 #PodsMetricSourceType: #MetricSourceType & "Pods"
 // ResourceMetricSourceType is a resource metric known to Kubernetes, as
 // specified in requests and limits, describing each pod in the current
 // scale target (e.g. CPU or memory).  Such metrics are built in to
 // Kubernetes, and have special scaling options on top of those available
 // to normal per-pod metrics (the "pods" source).
 #ResourceMetricSourceType: #MetricSourceType & "Resource"
 // ContainerResourceMetricSourceType is a resource metric known to Kubernetes, as
 // specified in requests and limits, describing a single container in each pod in the current
 // scale target (e.g. CPU or memory).  Such metrics are built in to
 // Kubernetes, and have special scaling options on top of those available
 // to normal per-pod metrics (the "pods" source).
 #ContainerResourceMetricSourceType: #MetricSourceType & "ContainerResource"
 // ExternalMetricSourceType is a global metric that is not associated
 // with any Kubernetes object. It allows autoscaling based on information
 // coming from components running outside of cluster
 // (for example length of queue in cloud messaging service, or
 // QPS from loadbalancer running outside of cluster).
 #ExternalMetricSourceType: #MetricSourceType & "External"
 // ObjectMetricSource indicates how to scale on a metric describing a
 // kubernetes object (for example, hits-per-second on an Ingress object).
 #ObjectMetricSource: {
 	// describedObject specifies the descriptions of a object,such as kind,name apiVersion
 	describedObject: #CrossVersionObjectReference @go(DescribedObject) @protobuf(1,bytes)
 	// target specifies the target value for the given metric
 	target: #MetricTarget @go(Target) @protobuf(2,bytes)
 	// metric identifies the target metric by name and selector
 	metric: #MetricIdentifier @go(Metric) @protobuf(3,bytes)
 }
 // PodsMetricSource indicates how to scale on a metric describing each pod in
 // the current scale target (for example, transactions-processed-per-second).
 // The values will be averaged together before being compared to the target
 // value.
 #PodsMetricSource: {
 	// metric identifies the target metric by name and selector
 	metric: #MetricIdentifier @go(Metric) @protobuf(1,bytes)
 	// target specifies the target value for the given metric
 	target: #MetricTarget @go(Target) @protobuf(2,bytes)
 }
 // ResourceMetricSource indicates how to scale on a resource metric known to
 // Kubernetes, as specified in requests and limits, describing each pod in the
 // current scale target (e.g. CPU or memory).  The values will be averaged
 // together before being compared to the target.  Such metrics are built in to
 // Kubernetes, and have special scaling options on top of those available to
 // normal per-pod metrics using the "pods" source.  Only one "target" type
 // should be set.
 #ResourceMetricSource: {
 	// name is the name of the resource in question.
 	name: v1.#ResourceName @go(Name) @protobuf(1,bytes)
 	// target specifies the target value for the given metric
 	target: #MetricTarget @go(Target) @protobuf(2,bytes)
 }
 // ContainerResourceMetricSource indicates how to scale on a resource metric known to
 // Kubernetes, as specified in requests and limits, describing each pod in the
 // current scale target (e.g. CPU or memory).  The values will be averaged
 // together before being compared to the target.  Such metrics are built in to
 // Kubernetes, and have special scaling options on top of those available to
 // normal per-pod metrics using the "pods" source.  Only one "target" type
 // should be set.
 #ContainerResourceMetricSource: {
 	// name is the name of the resource in question.
 	name: v1.#ResourceName @go(Name) @protobuf(1,bytes)
 	// target specifies the target value for the given metric
 	target: #MetricTarget @go(Target) @protobuf(2,bytes)
 	// container is the name of the container in the pods of the scaling target
 	container: string @go(Container) @protobuf(3,bytes,opt)
 }
 // ExternalMetricSource indicates how to scale on a metric not associated with
 // any Kubernetes object (for example length of queue in cloud
 // messaging service, or QPS from loadbalancer running outside of cluster).
 #ExternalMetricSource: {
 	// metric identifies the target metric by name and selector
 	metric: #MetricIdentifier @go(Metric) @protobuf(1,bytes)
 	// target specifies the target value for the given metric
 	target: #MetricTarget @go(Target) @protobuf(2,bytes)
 }
 // MetricIdentifier defines the name and optionally selector for a metric
 #MetricIdentifier: {
 	// name is the name of the given metric
 	name: string @go(Name) @protobuf(1,bytes)
 	// selector is the string-encoded form of a standard kubernetes label selector for the given metric
 	// When set, it is passed as an additional parameter to the metrics server for more specific metrics scoping.
 	// When unset, just the metricName will be used to gather metrics.
 	// +optional
 	selector?: null | metav1.#LabelSelector @go(Selector,*metav1.LabelSelector) @protobuf(2,bytes)
 }
 // MetricTarget defines the target value, average value, or average utilization of a specific metric
 #MetricTarget: {
 	// type represents whether the metric type is Utilization, Value, or AverageValue
 	type: #MetricTargetType @go(Type) @protobuf(1,bytes)
 	// value is the target value of the metric (as a quantity).
 	// +optional
 	value?: null | resource.#Quantity @go(Value,*resource.Quantity) @protobuf(2,bytes,opt)
 	// averageValue is the target value of the average of the
 	// metric across all relevant pods (as a quantity)
 	// +optional
 	averageValue?: null | resource.#Quantity @go(AverageValue,*resource.Quantity) @protobuf(3,bytes,opt)
 	// averageUtilization is the target value of the average of the
 	// resource metric across all relevant pods, represented as a percentage of
 	// the requested value of the resource for the pods.
 	// Currently only valid for Resource metric source type
 	// +optional
 	averageUtilization?: null | int32 @go(AverageUtilization,*int32) @protobuf(4,bytes,opt)
 }
 // MetricTargetType specifies the type of metric being targeted, and should be either
 // "Value", "AverageValue", or "Utilization"
 #MetricTargetType: string // #enumMetricTargetType
 #enumMetricTargetType:
 	#UtilizationMetricType |
 	#ValueMetricType |
 	#AverageValueMetricType
 // UtilizationMetricType declares a MetricTarget is an AverageUtilization value
 #UtilizationMetricType: #MetricTargetType & "Utilization"
 // ValueMetricType declares a MetricTarget is a raw value
 #ValueMetricType: #MetricTargetType & "Value"
 // AverageValueMetricType declares a MetricTarget is an
 #AverageValueMetricType: #MetricTargetType & "AverageValue"
 // HorizontalPodAutoscalerStatus describes the current status of a horizontal pod autoscaler.
 #HorizontalPodAutoscalerStatus: {
 	// observedGeneration is the most recent generation observed by this autoscaler.
 	// +optional
 	observedGeneration?: null | int64 @go(ObservedGeneration,*int64) @protobuf(1,varint,opt)
 	// lastScaleTime is the last time the HorizontalPodAutoscaler scaled the number of pods,
 	// used by the autoscaler to control how often the number of pods is changed.
 	// +optional
 	lastScaleTime?: null | metav1.#Time @go(LastScaleTime,*metav1.Time) @protobuf(2,bytes,opt)
 	// currentReplicas is current number of replicas of pods managed by this autoscaler,
 	// as last seen by the autoscaler.
 	// +optional
 	currentReplicas?: int32 @go(CurrentReplicas) @protobuf(3,varint,opt)
 	// desiredReplicas is the desired number of replicas of pods managed by this autoscaler,
 	// as last calculated by the autoscaler.
 	desiredReplicas: int32 @go(DesiredReplicas) @protobuf(4,varint,opt)
 	// currentMetrics is the last read state of the metrics used by this autoscaler.
 	// +listType=atomic
 	// +optional
 	currentMetrics: [...#MetricStatus] @go(CurrentMetrics,[]MetricStatus) @protobuf(5,bytes,rep)
 	// conditions is the set of conditions required for this autoscaler to scale its target,
 	// and indicates whether or not those conditions are met.
 	// +patchMergeKey=type
 	// +patchStrategy=merge
 	// +listType=map
 	// +listMapKey=type
 	// +optional
 	conditions?: [...#HorizontalPodAutoscalerCondition] @go(Conditions,[]HorizontalPodAutoscalerCondition) @protobuf(6,bytes,rep)
 }
 // HorizontalPodAutoscalerConditionType are the valid conditions of
 // a HorizontalPodAutoscaler.
 #HorizontalPodAutoscalerConditionType: string // #enumHorizontalPodAutoscalerConditionType
 #enumHorizontalPodAutoscalerConditionType:
 	#ScalingActive |
 	#AbleToScale |
 	#ScalingLimited
 // ScalingActive indicates that the HPA controller is able to scale if necessary:
 // it's correctly configured, can fetch the desired metrics, and isn't disabled.
 #ScalingActive: #HorizontalPodAutoscalerConditionType & "ScalingActive"
 // AbleToScale indicates a lack of transient issues which prevent scaling from occurring,
 // such as being in a backoff window, or being unable to access/update the target scale.
 #AbleToScale: #HorizontalPodAutoscalerConditionType & "AbleToScale"
 // ScalingLimited indicates that the calculated scale based on metrics would be above or
 // below the range for the HPA, and has thus been capped.
 #ScalingLimited: #HorizontalPodAutoscalerConditionType & "ScalingLimited"
 // HorizontalPodAutoscalerCondition describes the state of
 // a HorizontalPodAutoscaler at a certain point.
 #HorizontalPodAutoscalerCondition: {
 	// type describes the current condition
 	type: #HorizontalPodAutoscalerConditionType @go(Type) @protobuf(1,bytes)
 	// status is the status of the condition (True, False, Unknown)
 	status: v1.#ConditionStatus @go(Status) @protobuf(2,bytes)
 	// lastTransitionTime is the last time the condition transitioned from
 	// one status to another
 	// +optional
 	lastTransitionTime?: metav1.#Time @go(LastTransitionTime) @protobuf(3,bytes,opt)
 	// reason is the reason for the condition's last transition.
 	// +optional
 	reason?: string @go(Reason) @protobuf(4,bytes,opt)
 	// message is a human-readable explanation containing details about
 	// the transition
 	// +optional
 	message?: string @go(Message) @protobuf(5,bytes,opt)
 }
 // MetricStatus describes the last-read state of a single metric.
 #MetricStatus: {
 	// type is the type of metric source.  It will be one of "ContainerResource", "External",
 	// "Object", "Pods" or "Resource", each corresponds to a matching field in the object.
 	// Note: "ContainerResource" type is available on when the feature-gate
 	// HPAContainerMetrics is enabled
 	type: #MetricSourceType @go(Type) @protobuf(1,bytes)
 	// object refers to a metric describing a single kubernetes object
 	// (for example, hits-per-second on an Ingress object).
 	// +optional
 	object?: null | #ObjectMetricStatus @go(Object,*ObjectMetricStatus) @protobuf(2,bytes,opt)
 	// pods refers to a metric describing each pod in the current scale target
 	// (for example, transactions-processed-per-second).  The values will be
 	// averaged together before being compared to the target value.
 	// +optional
 	pods?: null | #PodsMetricStatus @go(Pods,*PodsMetricStatus) @protobuf(3,bytes,opt)
 	// resource refers to a resource metric (such as those specified in
 	// requests and limits) known to Kubernetes describing each pod in the
 	// current scale target (e.g. CPU or memory). Such metrics are built in to
 	// Kubernetes, and have special scaling options on top of those available
 	// to normal per-pod metrics using the "pods" source.
 	// +optional
 	resource?: null | #ResourceMetricStatus @go(Resource,*ResourceMetricStatus) @protobuf(4,bytes,opt)
 	// container resource refers to a resource metric (such as those specified in
 	// requests and limits) known to Kubernetes describing a single container in each pod in the
 	// current scale target (e.g. CPU or memory). Such metrics are built in to
 	// Kubernetes, and have special scaling options on top of those available
 	// to normal per-pod metrics using the "pods" source.
 	// +optional
 	containerResource?: null | #ContainerResourceMetricStatus @go(ContainerResource,*ContainerResourceMetricStatus) @protobuf(7,bytes,opt)
 	// external refers to a global metric that is not associated
 	// with any Kubernetes object. It allows autoscaling based on information
 	// coming from components running outside of cluster
 	// (for example length of queue in cloud messaging service, or
 	// QPS from loadbalancer running outside of cluster).
 	// +optional
 	external?: null | #ExternalMetricStatus @go(External,*ExternalMetricStatus) @protobuf(5,bytes,opt)
 }
 // ObjectMetricStatus indicates the current value of a metric describing a
 // kubernetes object (for example, hits-per-second on an Ingress object).
 #ObjectMetricStatus: {
 	// metric identifies the target metric by name and selector
 	metric: #MetricIdentifier @go(Metric) @protobuf(1,bytes)
 	// current contains the current value for the given metric
 	current: #MetricValueStatus @go(Current) @protobuf(2,bytes)
 	// DescribedObject specifies the descriptions of a object,such as kind,name apiVersion
 	describedObject: #CrossVersionObjectReference @go(DescribedObject) @protobuf(3,bytes)
 }
 // PodsMetricStatus indicates the current value of a metric describing each pod in
 // the current scale target (for example, transactions-processed-per-second).
 #PodsMetricStatus: {
 	// metric identifies the target metric by name and selector
 	metric: #MetricIdentifier @go(Metric) @protobuf(1,bytes)
 	// current contains the current value for the given metric
 	current: #MetricValueStatus @go(Current) @protobuf(2,bytes)
 }
 // ResourceMetricStatus indicates the current value of a resource metric known to
 // Kubernetes, as specified in requests and limits, describing each pod in the
 // current scale target (e.g. CPU or memory).  Such metrics are built in to
 // Kubernetes, and have special scaling options on top of those available to
 // normal per-pod metrics using the "pods" source.
 #ResourceMetricStatus: {
 	// name is the name of the resource in question.
 	name: v1.#ResourceName @go(Name) @protobuf(1,bytes)
 	// current contains the current value for the given metric
 	current: #MetricValueStatus @go(Current) @protobuf(2,bytes)
 }
 // ContainerResourceMetricStatus indicates the current value of a resource metric known to
 // Kubernetes, as specified in requests and limits, describing a single container in each pod in the
 // current scale target (e.g. CPU or memory).  Such metrics are built in to
 // Kubernetes, and have special scaling options on top of those available to
 // normal per-pod metrics using the "pods" source.
 #ContainerResourceMetricStatus: {
 	// name is the name of the resource in question.
 	name: v1.#ResourceName @go(Name) @protobuf(1,bytes)
 	// current contains the current value for the given metric
 	current: #MetricValueStatus @go(Current) @protobuf(2,bytes)
 	// container is the name of the container in the pods of the scaling target
 	container: string @go(Container) @protobuf(3,bytes,opt)
 }
 // ExternalMetricStatus indicates the current value of a global metric
 // not associated with any Kubernetes object.
 #ExternalMetricStatus: {
 	// metric identifies the target metric by name and selector
 	metric: #MetricIdentifier @go(Metric) @protobuf(1,bytes)
 	// current contains the current value for the given metric
 	current: #MetricValueStatus @go(Current) @protobuf(2,bytes)
 }
 // MetricValueStatus holds the current value for a metric
 #MetricValueStatus: {
 	// value is the current value of the metric (as a quantity).
 	// +optional
 	value?: null | resource.#Quantity @go(Value,*resource.Quantity) @protobuf(1,bytes,opt)
 	// averageValue is the current value of the average of the
 	// metric across all relevant pods (as a quantity)
 	// +optional
 	averageValue?: null | resource.#Quantity @go(AverageValue,*resource.Quantity) @protobuf(2,bytes,opt)
 	// currentAverageUtilization is the current value of the average of the
 	// resource metric across all relevant pods, represented as a percentage of
 	// the requested value of the resource for the pods.
 	// +optional
 	averageUtilization?: null | int32 @go(AverageUtilization,*int32) @protobuf(3,bytes,opt)
 }
 // HorizontalPodAutoscalerList is a list of horizontal pod autoscaler objects.
 #HorizontalPodAutoscalerList: {
 	metav1.#TypeMeta
 	// metadata is the standard list metadata.
 	// +optional
 	metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt)
 	// items is the list of horizontal pod autoscaler objects.
 	items: [...#HorizontalPodAutoscaler] @go(Items,[]HorizontalPodAutoscaler) @protobuf(2,bytes,rep)
 }
--- a/timoni/podinfo/cue.mod/gen/k8s.io/api/batch/v1/register_go_gen.cue
+++ b/timoni/podinfo/cue.mod/gen/k8s.io/api/batch/v1/register_go_gen.cue
@@ -0,0 +1,7 @@
 // Code generated by cue get go. DO NOT EDIT.
 //cue:generate cue get go k8s.io/api/batch/v1
 package v1
 #GroupName: "batch"
--- a/timoni/podinfo/cue.mod/gen/k8s.io/api/batch/v1/types_go_gen.cue
+++ b/timoni/podinfo/cue.mod/gen/k8s.io/api/batch/v1/types_go_gen.cue
@@ -0,0 +1,693 @@
 // Code generated by cue get go. DO NOT EDIT.
 //cue:generate cue get go k8s.io/api/batch/v1
 package v1
 import (
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	corev1 "k8s.io/api/core/v1"
 	"k8s.io/apimachinery/pkg/types"
 )
 // All Kubernetes labels need to be prefixed with Kubernetes to distinguish them from end-user labels
 // More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#label-selector-and-annotation-conventions
 _#labelPrefix: "batch.kubernetes.io/"
 // CronJobScheduledTimestampAnnotation is the scheduled timestamp annotation for the Job.
 // It records the original/expected scheduled timestamp for the running job, represented in RFC3339.
 // The CronJob controller adds this annotation if the CronJobsScheduledAnnotation feature gate (beta in 1.28) is enabled.
 #CronJobScheduledTimestampAnnotation: "batch.kubernetes.io/cronjob-scheduled-timestamp"
 #JobCompletionIndexAnnotation:        "batch.kubernetes.io/job-completion-index"
 // JobTrackingFinalizer is a finalizer for Job's pods. It prevents them from
 // being deleted before being accounted in the Job status.
 //
 // Additionally, the apiserver and job controller use this string as a Job
 // annotation, to mark Jobs that are being tracked using pod finalizers.
 // However, this behavior is deprecated in kubernetes 1.26. This means that, in
 // 1.27+, one release after JobTrackingWithFinalizers graduates to GA, the
 // apiserver and job controller will ignore this annotation and they will
 // always track jobs using finalizers.
 #JobTrackingFinalizer: "batch.kubernetes.io/job-tracking"
 // The Job labels will use batch.kubernetes.io as a prefix for all labels
 // Historically the job controller uses unprefixed labels for job-name and controller-uid and
 // Kubernetes continutes to recognize those unprefixed labels for consistency.
 #JobNameLabel: "batch.kubernetes.io/job-name"
 // ControllerUid is used to programatically get pods corresponding to a Job.
 // There is a corresponding label without the batch.kubernetes.io that we support for legacy reasons.
 #ControllerUidLabel: "batch.kubernetes.io/controller-uid"
 // Annotation indicating the number of failures for the index corresponding
 // to the pod, which are counted towards the backoff limit.
 #JobIndexFailureCountAnnotation: "batch.kubernetes.io/job-index-failure-count"
 // Annotation indicating the number of failures for the index corresponding
 // to the pod, which don't count towards the backoff limit, according to the
 // pod failure policy. When the annotation is absent zero is implied.
 #JobIndexIgnoredFailureCountAnnotation: "batch.kubernetes.io/job-index-ignored-failure-count"
 // Job represents the configuration of a single job.
 #Job: {
 	metav1.#TypeMeta
 	// Standard object's metadata.
 	// More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
 	// +optional
 	metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt)
 	// Specification of the desired behavior of a job.
 	// More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
 	// +optional
 	spec?: #JobSpec @go(Spec) @protobuf(2,bytes,opt)
 	// Current status of a job.
 	// More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
 	// +optional
 	status?: #JobStatus @go(Status) @protobuf(3,bytes,opt)
 }
 // JobList is a collection of jobs.
 #JobList: {
 	metav1.#TypeMeta
 	// Standard list metadata.
 	// More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
 	// +optional
 	metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt)
 	// items is the list of Jobs.
 	items: [...#Job] @go(Items,[]Job) @protobuf(2,bytes,rep)
 }
 // CompletionMode specifies how Pod completions of a Job are tracked.
 // +enum
 #CompletionMode: string // #enumCompletionMode
 #enumCompletionMode:
 	#NonIndexedCompletion |
 	#IndexedCompletion
 // NonIndexedCompletion is a Job completion mode. In this mode, the Job is
 // considered complete when there have been .spec.completions
 // successfully completed Pods. Pod completions are homologous to each other.
 #NonIndexedCompletion: #CompletionMode & "NonIndexed"
 // IndexedCompletion is a Job completion mode. In this mode, the Pods of a
 // Job get an associated completion index from 0 to (.spec.completions - 1).
 // The Job is  considered complete when a Pod completes for each completion
 // index.
 #IndexedCompletion: #CompletionMode & "Indexed"
 // PodFailurePolicyAction specifies how a Pod failure is handled.
 // +enum
 #PodFailurePolicyAction: string // #enumPodFailurePolicyAction
 #enumPodFailurePolicyAction:
 	#PodFailurePolicyActionFailJob |
 	#PodFailurePolicyActionFailIndex |
 	#PodFailurePolicyActionIgnore |
 	#PodFailurePolicyActionCount
 // This is an action which might be taken on a pod failure - mark the
 // pod's job as Failed and terminate all running pods.
 #PodFailurePolicyActionFailJob: #PodFailurePolicyAction & "FailJob"
 // This is an action which might be taken on a pod failure - mark the
 // Job's index as failed to avoid restarts within this index. This action
 // can only be used when backoffLimitPerIndex is set.
 #PodFailurePolicyActionFailIndex: #PodFailurePolicyAction & "FailIndex"
 // This is an action which might be taken on a pod failure - the counter towards
 // .backoffLimit, represented by the job's .status.failed field, is not
 // incremented and a replacement pod is created.
 #PodFailurePolicyActionIgnore: #PodFailurePolicyAction & "Ignore"
 // This is an action which might be taken on a pod failure - the pod failure
 // is handled in the default way - the counter towards .backoffLimit,
 // represented by the job's .status.failed field, is incremented.
 #PodFailurePolicyActionCount: #PodFailurePolicyAction & "Count"
 // +enum
 #PodFailurePolicyOnExitCodesOperator: string // #enumPodFailurePolicyOnExitCodesOperator
 #enumPodFailurePolicyOnExitCodesOperator:
 	#PodFailurePolicyOnExitCodesOpIn |
 	#PodFailurePolicyOnExitCodesOpNotIn
 #PodFailurePolicyOnExitCodesOpIn:    #PodFailurePolicyOnExitCodesOperator & "In"
 #PodFailurePolicyOnExitCodesOpNotIn: #PodFailurePolicyOnExitCodesOperator & "NotIn"
 // PodReplacementPolicy specifies the policy for creating pod replacements.
 // +enum
 #PodReplacementPolicy: string // #enumPodReplacementPolicy
 #enumPodReplacementPolicy:
 	#TerminatingOrFailed |
 	#Failed
 // TerminatingOrFailed means that we recreate pods
 // when they are terminating (has a metadata.deletionTimestamp) or failed.
 #TerminatingOrFailed: #PodReplacementPolicy & "TerminatingOrFailed"
 // Failed means to wait until a previously created Pod is fully terminated (has phase
 // Failed or Succeeded) before creating a replacement Pod.
 #Failed: #PodReplacementPolicy & "Failed"
 // PodFailurePolicyOnExitCodesRequirement describes the requirement for handling
 // a failed pod based on its container exit codes. In particular, it lookups the
 // .state.terminated.exitCode for each app container and init container status,
 // represented by the .status.containerStatuses and .status.initContainerStatuses
 // fields in the Pod status, respectively. Containers completed with success
 // (exit code 0) are excluded from the requirement check.
 #PodFailurePolicyOnExitCodesRequirement: {
 	// Restricts the check for exit codes to the container with the
 	// specified name. When null, the rule applies to all containers.
 	// When specified, it should match one the container or initContainer
 	// names in the pod template.
 	// +optional
 	containerName?: null | string @go(ContainerName,*string) @protobuf(1,bytes,opt)
 	// Represents the relationship between the container exit code(s) and the
 	// specified values. Containers completed with success (exit code 0) are
 	// excluded from the requirement check. Possible values are:
 	//
 	// - In: the requirement is satisfied if at least one container exit code
 	//   (might be multiple if there are multiple containers not restricted
 	//   by the 'containerName' field) is in the set of specified values.
 	// - NotIn: the requirement is satisfied if at least one container exit code
 	//   (might be multiple if there are multiple containers not restricted
 	//   by the 'containerName' field) is not in the set of specified values.
 	// Additional values are considered to be added in the future. Clients should
 	// react to an unknown operator by assuming the requirement is not satisfied.
 	operator: #PodFailurePolicyOnExitCodesOperator @go(Operator) @protobuf(2,bytes,req)
 	// Specifies the set of values. Each returned container exit code (might be
 	// multiple in case of multiple containers) is checked against this set of
 	// values with respect to the operator. The list of values must be ordered
 	// and must not contain duplicates. Value '0' cannot be used for the In operator.
 	// At least one element is required. At most 255 elements are allowed.
 	// +listType=set
 	values: [...int32] @go(Values,[]int32) @protobuf(3,varint,rep)
 }
 // PodFailurePolicyOnPodConditionsPattern describes a pattern for matching
 // an actual pod condition type.
 #PodFailurePolicyOnPodConditionsPattern: {
 	// Specifies the required Pod condition type. To match a pod condition
 	// it is required that specified type equals the pod condition type.
 	type: corev1.#PodConditionType @go(Type) @protobuf(1,bytes,req)
 	// Specifies the required Pod condition status. To match a pod condition
 	// it is required that the specified status equals the pod condition status.
 	// Defaults to True.
 	status: corev1.#ConditionStatus @go(Status) @protobuf(2,bytes,req)
 }
 // PodFailurePolicyRule describes how a pod failure is handled when the requirements are met.
 // One of onExitCodes and onPodConditions, but not both, can be used in each rule.
 #PodFailurePolicyRule: {
 	// Specifies the action taken on a pod failure when the requirements are satisfied.
 	// Possible values are:
 	//
 	// - FailJob: indicates that the pod's job is marked as Failed and all
 	//   running pods are terminated.
 	// - FailIndex: indicates that the pod's index is marked as Failed and will
 	//   not be restarted.
 	//   This value is alpha-level. It can be used when the
 	//   `JobBackoffLimitPerIndex` feature gate is enabled (disabled by default).
 	// - Ignore: indicates that the counter towards the .backoffLimit is not
 	//   incremented and a replacement pod is created.
 	// - Count: indicates that the pod is handled in the default way - the
 	//   counter towards the .backoffLimit is incremented.
 	// Additional values are considered to be added in the future. Clients should
 	// react to an unknown action by skipping the rule.
 	action: #PodFailurePolicyAction @go(Action) @protobuf(1,bytes,req)
 	// Represents the requirement on the container exit codes.
 	// +optional
 	onExitCodes?: null | #PodFailurePolicyOnExitCodesRequirement @go(OnExitCodes,*PodFailurePolicyOnExitCodesRequirement) @protobuf(2,bytes,opt)
 	// Represents the requirement on the pod conditions. The requirement is represented
 	// as a list of pod condition patterns. The requirement is satisfied if at
 	// least one pattern matches an actual pod condition. At most 20 elements are allowed.
 	// +listType=atomic
 	// +optional
 	onPodConditions: [...#PodFailurePolicyOnPodConditionsPattern] @go(OnPodConditions,[]PodFailurePolicyOnPodConditionsPattern) @protobuf(3,bytes,opt)
 }
 // PodFailurePolicy describes how failed pods influence the backoffLimit.
 #PodFailurePolicy: {
 	// A list of pod failure policy rules. The rules are evaluated in order.
 	// Once a rule matches a Pod failure, the remaining of the rules are ignored.
 	// When no rule matches the Pod failure, the default handling applies - the
 	// counter of pod failures is incremented and it is checked against
 	// the backoffLimit. At most 20 elements are allowed.
 	// +listType=atomic
 	rules: [...#PodFailurePolicyRule] @go(Rules,[]PodFailurePolicyRule) @protobuf(1,bytes,opt)
 }
 // JobSpec describes how the job execution will look like.
 #JobSpec: {
 	// Specifies the maximum desired number of pods the job should
 	// run at any given time. The actual number of pods running in steady state will
 	// be less than this number when ((.spec.completions - .status.successful) < .spec.parallelism),
 	// i.e. when the work left to do is less than max parallelism.
 	// More info: https://kubernetes.io/docs/concepts/workloads/controllers/jobs-run-to-completion/
 	// +optional
 	parallelism?: null | int32 @go(Parallelism,*int32) @protobuf(1,varint,opt)
 	// Specifies the desired number of successfully finished pods the
 	// job should be run with.  Setting to null means that the success of any
 	// pod signals the success of all pods, and allows parallelism to have any positive
 	// value.  Setting to 1 means that parallelism is limited to 1 and the success of that
 	// pod signals the success of the job.
 	// More info: https://kubernetes.io/docs/concepts/workloads/controllers/jobs-run-to-completion/
 	// +optional
 	completions?: null | int32 @go(Completions,*int32) @protobuf(2,varint,opt)
 	// Specifies the duration in seconds relative to the startTime that the job
 	// may be continuously active before the system tries to terminate it; value
 	// must be positive integer. If a Job is suspended (at creation or through an
 	// update), this timer will effectively be stopped and reset when the Job is
 	// resumed again.
 	// +optional
 	activeDeadlineSeconds?: null | int64 @go(ActiveDeadlineSeconds,*int64) @protobuf(3,varint,opt)
 	// Specifies the policy of handling failed pods. In particular, it allows to
 	// specify the set of actions and conditions which need to be
 	// satisfied to take the associated action.
 	// If empty, the default behaviour applies - the counter of failed pods,
 	// represented by the jobs's .status.failed field, is incremented and it is
 	// checked against the backoffLimit. This field cannot be used in combination
 	// with restartPolicy=OnFailure.
 	//
 	// This field is beta-level. It can be used when the `JobPodFailurePolicy`
 	// feature gate is enabled (enabled by default).
 	// +optional
 	podFailurePolicy?: null | #PodFailurePolicy @go(PodFailurePolicy,*PodFailurePolicy) @protobuf(11,bytes,opt)
 	// Specifies the number of retries before marking this job failed.
 	// Defaults to 6
 	// +optional
 	backoffLimit?: null | int32 @go(BackoffLimit,*int32) @protobuf(7,varint,opt)
 	// Specifies the limit for the number of retries within an
 	// index before marking this index as failed. When enabled the number of
 	// failures per index is kept in the pod's
 	// batch.kubernetes.io/job-index-failure-count annotation. It can only
 	// be set when Job's completionMode=Indexed, and the Pod's restart
 	// policy is Never. The field is immutable.
 	// This field is alpha-level. It can be used when the `JobBackoffLimitPerIndex`
 	// feature gate is enabled (disabled by default).
 	// +optional
 	backoffLimitPerIndex?: null | int32 @go(BackoffLimitPerIndex,*int32) @protobuf(12,varint,opt)
 	// Specifies the maximal number of failed indexes before marking the Job as
 	// failed, when backoffLimitPerIndex is set. Once the number of failed
 	// indexes exceeds this number the entire Job is marked as Failed and its
 	// execution is terminated. When left as null the job continues execution of
 	// all of its indexes and is marked with the `Complete` Job condition.
 	// It can only be specified when backoffLimitPerIndex is set.
 	// It can be null or up to completions. It is required and must be
 	// less than or equal to 10^4 when is completions greater than 10^5.
 	// This field is alpha-level. It can be used when the `JobBackoffLimitPerIndex`
 	// feature gate is enabled (disabled by default).
 	// +optional
 	maxFailedIndexes?: null | int32 @go(MaxFailedIndexes,*int32) @protobuf(13,varint,opt)
 	// A label query over pods that should match the pod count.
 	// Normally, the system sets this field for you.
 	// More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors
 	// +optional
 	selector?: null | metav1.#LabelSelector @go(Selector,*metav1.LabelSelector) @protobuf(4,bytes,opt)
 	// manualSelector controls generation of pod labels and pod selectors.
 	// Leave `manualSelector` unset unless you are certain what you are doing.
 	// When false or unset, the system pick labels unique to this job
 	// and appends those labels to the pod template.  When true,
 	// the user is responsible for picking unique labels and specifying
 	// the selector.  Failure to pick a unique label may cause this
 	// and other jobs to not function correctly.  However, You may see
 	// `manualSelector=true` in jobs that were created with the old `extensions/v1beta1`
 	// API.
 	// More info: https://kubernetes.io/docs/concepts/workloads/controllers/jobs-run-to-completion/#specifying-your-own-pod-selector
 	// +optional
 	manualSelector?: null | bool @go(ManualSelector,*bool) @protobuf(5,varint,opt)
 	// Describes the pod that will be created when executing a job.
 	// The only allowed template.spec.restartPolicy values are "Never" or "OnFailure".
 	// More info: https://kubernetes.io/docs/concepts/workloads/controllers/jobs-run-to-completion/
 	template: corev1.#PodTemplateSpec @go(Template) @protobuf(6,bytes,opt)
 	// ttlSecondsAfterFinished limits the lifetime of a Job that has finished
 	// execution (either Complete or Failed). If this field is set,
 	// ttlSecondsAfterFinished after the Job finishes, it is eligible to be
 	// automatically deleted. When the Job is being deleted, its lifecycle
 	// guarantees (e.g. finalizers) will be honored. If this field is unset,
 	// the Job won't be automatically deleted. If this field is set to zero,
 	// the Job becomes eligible to be deleted immediately after it finishes.
 	// +optional
 	ttlSecondsAfterFinished?: null | int32 @go(TTLSecondsAfterFinished,*int32) @protobuf(8,varint,opt)
 	// completionMode specifies how Pod completions are tracked. It can be
 	// `NonIndexed` (default) or `Indexed`.
 	//
 	// `NonIndexed` means that the Job is considered complete when there have
 	// been .spec.completions successfully completed Pods. Each Pod completion is
 	// homologous to each other.
 	//
 	// `Indexed` means that the Pods of a
 	// Job get an associated completion index from 0 to (.spec.completions - 1),
 	// available in the annotation batch.kubernetes.io/job-completion-index.
 	// The Job is considered complete when there is one successfully completed Pod
 	// for each index.
 	// When value is `Indexed`, .spec.completions must be specified and
 	// `.spec.parallelism` must be less than or equal to 10^5.
 	// In addition, The Pod name takes the form
 	// `$(job-name)-$(index)-$(random-string)`,
 	// the Pod hostname takes the form `$(job-name)-$(index)`.
 	//
 	// More completion modes can be added in the future.
 	// If the Job controller observes a mode that it doesn't recognize, which
 	// is possible during upgrades due to version skew, the controller
 	// skips updates for the Job.
 	// +optional
 	completionMode?: null | #CompletionMode @go(CompletionMode,*CompletionMode) @protobuf(9,bytes,opt,casttype=CompletionMode)
 	// suspend specifies whether the Job controller should create Pods or not. If
 	// a Job is created with suspend set to true, no Pods are created by the Job
 	// controller. If a Job is suspended after creation (i.e. the flag goes from
 	// false to true), the Job controller will delete all active Pods associated
 	// with this Job. Users must design their workload to gracefully handle this.
 	// Suspending a Job will reset the StartTime field of the Job, effectively
 	// resetting the ActiveDeadlineSeconds timer too. Defaults to false.
 	//
 	// +optional
 	suspend?: null | bool @go(Suspend,*bool) @protobuf(10,varint,opt)
 	// podReplacementPolicy specifies when to create replacement Pods.
 	// Possible values are:
 	// - TerminatingOrFailed means that we recreate pods
 	//   when they are terminating (has a metadata.deletionTimestamp) or failed.
 	// - Failed means to wait until a previously created Pod is fully terminated (has phase
 	//   Failed or Succeeded) before creating a replacement Pod.
 	//
 	// When using podFailurePolicy, Failed is the the only allowed value.
 	// TerminatingOrFailed and Failed are allowed values when podFailurePolicy is not in use.
 	// This is an alpha field. Enable JobPodReplacementPolicy to be able to use this field.
 	// +optional
 	podReplacementPolicy?: null | #PodReplacementPolicy @go(PodReplacementPolicy,*PodReplacementPolicy) @protobuf(14,bytes,opt,casttype=podReplacementPolicy)
 }
 // JobStatus represents the current state of a Job.
 #JobStatus: {
 	// The latest available observations of an object's current state. When a Job
 	// fails, one of the conditions will have type "Failed" and status true. When
 	// a Job is suspended, one of the conditions will have type "Suspended" and
 	// status true; when the Job is resumed, the status of this condition will
 	// become false. When a Job is completed, one of the conditions will have
 	// type "Complete" and status true.
 	// More info: https://kubernetes.io/docs/concepts/workloads/controllers/jobs-run-to-completion/
 	// +optional
 	// +patchMergeKey=type
 	// +patchStrategy=merge
 	// +listType=atomic
 	conditions?: [...#JobCondition] @go(Conditions,[]JobCondition) @protobuf(1,bytes,rep)
 	// Represents time when the job controller started processing a job. When a
 	// Job is created in the suspended state, this field is not set until the
 	// first time it is resumed. This field is reset every time a Job is resumed
 	// from suspension. It is represented in RFC3339 form and is in UTC.
 	// +optional
 	startTime?: null | metav1.#Time @go(StartTime,*metav1.Time) @protobuf(2,bytes,opt)
 	// Represents time when the job was completed. It is not guaranteed to
 	// be set in happens-before order across separate operations.
 	// It is represented in RFC3339 form and is in UTC.
 	// The completion time is only set when the job finishes successfully.
 	// +optional
 	completionTime?: null | metav1.#Time @go(CompletionTime,*metav1.Time) @protobuf(3,bytes,opt)
 	// The number of pending and running pods.
 	// +optional
 	active?: int32 @go(Active) @protobuf(4,varint,opt)
 	// The number of pods which reached phase Succeeded.
 	// +optional
 	succeeded?: int32 @go(Succeeded) @protobuf(5,varint,opt)
 	// The number of pods which reached phase Failed.
 	// +optional
 	failed?: int32 @go(Failed) @protobuf(6,varint,opt)
 	// The number of pods which are terminating (in phase Pending or Running
 	// and have a deletionTimestamp).
 	//
 	// This field is alpha-level. The job controller populates the field when
 	// the feature gate JobPodReplacementPolicy is enabled (disabled by default).
 	// +optional
 	terminating?: null | int32 @go(Terminating,*int32) @protobuf(11,varint,opt)
 	// completedIndexes holds the completed indexes when .spec.completionMode =
 	// "Indexed" in a text format. The indexes are represented as decimal integers
 	// separated by commas. The numbers are listed in increasing order. Three or
 	// more consecutive numbers are compressed and represented by the first and
 	// last element of the series, separated by a hyphen.
 	// For example, if the completed indexes are 1, 3, 4, 5 and 7, they are
 	// represented as "1,3-5,7".
 	// +optional
 	completedIndexes?: string @go(CompletedIndexes) @protobuf(7,bytes,opt)
 	// FailedIndexes holds the failed indexes when backoffLimitPerIndex=true.
 	// The indexes are represented in the text format analogous as for the
 	// `completedIndexes` field, ie. they are kept as decimal integers
 	// separated by commas. The numbers are listed in increasing order. Three or
 	// more consecutive numbers are compressed and represented by the first and
 	// last element of the series, separated by a hyphen.
 	// For example, if the failed indexes are 1, 3, 4, 5 and 7, they are
 	// represented as "1,3-5,7".
 	// This field is alpha-level. It can be used when the `JobBackoffLimitPerIndex`
 	// feature gate is enabled (disabled by default).
 	// +optional
 	failedIndexes?: null | string @go(FailedIndexes,*string) @protobuf(10,bytes,opt)
 	// uncountedTerminatedPods holds the UIDs of Pods that have terminated but
 	// the job controller hasn't yet accounted for in the status counters.
 	//
 	// The job controller creates pods with a finalizer. When a pod terminates
 	// (succeeded or failed), the controller does three steps to account for it
 	// in the job status:
 	//
 	// 1. Add the pod UID to the arrays in this field.
 	// 2. Remove the pod finalizer.
 	// 3. Remove the pod UID from the arrays while increasing the corresponding
 	//     counter.
 	//
 	// Old jobs might not be tracked using this field, in which case the field
 	// remains null.
 	// +optional
 	uncountedTerminatedPods?: null | #UncountedTerminatedPods @go(UncountedTerminatedPods,*UncountedTerminatedPods) @protobuf(8,bytes,opt)
 	// The number of pods which have a Ready condition.
 	//
 	// This field is beta-level. The job controller populates the field when
 	// the feature gate JobReadyPods is enabled (enabled by default).
 	// +optional
 	ready?: null | int32 @go(Ready,*int32) @protobuf(9,varint,opt)
 }
 // UncountedTerminatedPods holds UIDs of Pods that have terminated but haven't
 // been accounted in Job status counters.
 #UncountedTerminatedPods: {
 	// succeeded holds UIDs of succeeded Pods.
 	// +listType=set
 	// +optional
 	succeeded?: [...types.#UID] @go(Succeeded,[]types.UID) @protobuf(1,bytes,rep,casttype=k8s.io/apimachinery/pkg/types.UID)
 	// failed holds UIDs of failed Pods.
 	// +listType=set
 	// +optional
 	failed?: [...types.#UID] @go(Failed,[]types.UID) @protobuf(2,bytes,rep,casttype=k8s.io/apimachinery/pkg/types.UID)
 }
 #JobConditionType: string // #enumJobConditionType
 #enumJobConditionType:
 	#JobSuspended |
 	#JobComplete |
 	#JobFailed |
 	#JobFailureTarget
 // JobSuspended means the job has been suspended.
 #JobSuspended: #JobConditionType & "Suspended"
 // JobComplete means the job has completed its execution.
 #JobComplete: #JobConditionType & "Complete"
 // JobFailed means the job has failed its execution.
 #JobFailed: #JobConditionType & "Failed"
 // FailureTarget means the job is about to fail its execution.
 #JobFailureTarget: #JobConditionType & "FailureTarget"
 // JobCondition describes current state of a job.
 #JobCondition: {
 	// Type of job condition, Complete or Failed.
 	type: #JobConditionType @go(Type) @protobuf(1,bytes,opt,casttype=JobConditionType)
 	// Status of the condition, one of True, False, Unknown.
 	status: corev1.#ConditionStatus @go(Status) @protobuf(2,bytes,opt,casttype=k8s.io/api/core/v1.ConditionStatus)
 	// Last time the condition was checked.
 	// +optional
 	lastProbeTime?: metav1.#Time @go(LastProbeTime) @protobuf(3,bytes,opt)
 	// Last time the condition transit from one status to another.
 	// +optional
 	lastTransitionTime?: metav1.#Time @go(LastTransitionTime) @protobuf(4,bytes,opt)
 	// (brief) reason for the condition's last transition.
 	// +optional
 	reason?: string @go(Reason) @protobuf(5,bytes,opt)
 	// Human readable message indicating details about last transition.
 	// +optional
 	message?: string @go(Message) @protobuf(6,bytes,opt)
 }
 // JobTemplateSpec describes the data a Job should have when created from a template
 #JobTemplateSpec: {
 	// Standard object's metadata of the jobs created from this template.
 	// More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
 	// +optional
 	metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt)
 	// Specification of the desired behavior of the job.
 	// More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
 	// +optional
 	spec?: #JobSpec @go(Spec) @protobuf(2,bytes,opt)
 }
 // CronJob represents the configuration of a single cron job.
 #CronJob: {
 	metav1.#TypeMeta
 	// Standard object's metadata.
 	// More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
 	// +optional
 	metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt)
 	// Specification of the desired behavior of a cron job, including the schedule.
 	// More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
 	// +optional
 	spec?: #CronJobSpec @go(Spec) @protobuf(2,bytes,opt)
 	// Current status of a cron job.
 	// More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
 	// +optional
 	status?: #CronJobStatus @go(Status) @protobuf(3,bytes,opt)
 }
 // CronJobList is a collection of cron jobs.
 #CronJobList: {
 	metav1.#TypeMeta
 	// Standard list metadata.
 	// More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
 	// +optional
 	metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt)
 	// items is the list of CronJobs.
 	items: [...#CronJob] @go(Items,[]CronJob) @protobuf(2,bytes,rep)
 }
 // CronJobSpec describes how the job execution will look like and when it will actually run.
 #CronJobSpec: {
 	// The schedule in Cron format, see https://en.wikipedia.org/wiki/Cron.
 	schedule: string @go(Schedule) @protobuf(1,bytes,opt)
 	// The time zone name for the given schedule, see https://en.wikipedia.org/wiki/List_of_tz_database_time_zones.
 	// If not specified, this will default to the time zone of the kube-controller-manager process.
 	// The set of valid time zone names and the time zone offset is loaded from the system-wide time zone
 	// database by the API server during CronJob validation and the controller manager during execution.
 	// If no system-wide time zone database can be found a bundled version of the database is used instead.
 	// If the time zone name becomes invalid during the lifetime of a CronJob or due to a change in host
 	// configuration, the controller will stop creating new new Jobs and will create a system event with the
 	// reason UnknownTimeZone.
 	// More information can be found in https://kubernetes.io/docs/concepts/workloads/controllers/cron-jobs/#time-zones
 	// +optional
 	timeZone?: null | string @go(TimeZone,*string) @protobuf(8,bytes,opt)
 	// Optional deadline in seconds for starting the job if it misses scheduled
 	// time for any reason.  Missed jobs executions will be counted as failed ones.
 	// +optional
 	startingDeadlineSeconds?: null | int64 @go(StartingDeadlineSeconds,*int64) @protobuf(2,varint,opt)
 	// Specifies how to treat concurrent executions of a Job.
 	// Valid values are:
 	//
 	// - "Allow" (default): allows CronJobs to run concurrently;
 	// - "Forbid": forbids concurrent runs, skipping next run if previous run hasn't finished yet;
 	// - "Replace": cancels currently running job and replaces it with a new one
 	// +optional
 	concurrencyPolicy?: #ConcurrencyPolicy @go(ConcurrencyPolicy) @protobuf(3,bytes,opt,casttype=ConcurrencyPolicy)
 	// This flag tells the controller to suspend subsequent executions, it does
 	// not apply to already started executions.  Defaults to false.
 	// +optional
 	suspend?: null | bool @go(Suspend,*bool) @protobuf(4,varint,opt)
 	// Specifies the job that will be created when executing a CronJob.
 	jobTemplate: #JobTemplateSpec @go(JobTemplate) @protobuf(5,bytes,opt)
 	// The number of successful finished jobs to retain. Value must be non-negative integer.
 	// Defaults to 3.
 	// +optional
 	successfulJobsHistoryLimit?: null | int32 @go(SuccessfulJobsHistoryLimit,*int32) @protobuf(6,varint,opt)
 	// The number of failed finished jobs to retain. Value must be non-negative integer.
 	// Defaults to 1.
 	// +optional
 	failedJobsHistoryLimit?: null | int32 @go(FailedJobsHistoryLimit,*int32) @protobuf(7,varint,opt)
 }
 // ConcurrencyPolicy describes how the job will be handled.
 // Only one of the following concurrent policies may be specified.
 // If none of the following policies is specified, the default one
 // is AllowConcurrent.
 // +enum
 #ConcurrencyPolicy: string // #enumConcurrencyPolicy
 #enumConcurrencyPolicy:
 	#AllowConcurrent |
 	#ForbidConcurrent |
 	#ReplaceConcurrent
 // AllowConcurrent allows CronJobs to run concurrently.
 #AllowConcurrent: #ConcurrencyPolicy & "Allow"
 // ForbidConcurrent forbids concurrent runs, skipping next run if previous
 // hasn't finished yet.
 #ForbidConcurrent: #ConcurrencyPolicy & "Forbid"
 // ReplaceConcurrent cancels currently running job and replaces it with a new one.
 #ReplaceConcurrent: #ConcurrencyPolicy & "Replace"
 // CronJobStatus represents the current state of a cron job.
 #CronJobStatus: {
 	// A list of pointers to currently running jobs.
 	// +optional
 	// +listType=atomic
 	active?: [...corev1.#ObjectReference] @go(Active,[]corev1.ObjectReference) @protobuf(1,bytes,rep)
 	// Information when was the last time the job was successfully scheduled.
 	// +optional
 	lastScheduleTime?: null | metav1.#Time @go(LastScheduleTime,*metav1.Time) @protobuf(4,bytes,opt)
 	// Information when was the last time the job successfully completed.
 	// +optional
 	lastSuccessfulTime?: null | metav1.#Time @go(LastSuccessfulTime,*metav1.Time) @protobuf(5,bytes,opt)
 }
--- a/timoni/podinfo/cue.mod/gen/k8s.io/api/certificates/v1/register_go_gen.cue
+++ b/timoni/podinfo/cue.mod/gen/k8s.io/api/certificates/v1/register_go_gen.cue
@@ -0,0 +1,7 @@
 // Code generated by cue get go. DO NOT EDIT.
 //cue:generate cue get go k8s.io/api/certificates/v1
 package v1
 #GroupName: "certificates.k8s.io"
--- a/timoni/podinfo/cue.mod/gen/k8s.io/api/certificates/v1/types_go_gen.cue
+++ b/timoni/podinfo/cue.mod/gen/k8s.io/api/certificates/v1/types_go_gen.cue
@@ -0,0 +1,318 @@
 // Code generated by cue get go. DO NOT EDIT.
 //cue:generate cue get go k8s.io/api/certificates/v1
 package v1
 import (
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/api/core/v1"
 )
 // CertificateSigningRequest objects provide a mechanism to obtain x509 certificates
 // by submitting a certificate signing request, and having it asynchronously approved and issued.
 //
 // Kubelets use this API to obtain:
 //  1. client certificates to authenticate to kube-apiserver (with the "kubernetes.io/kube-apiserver-client-kubelet" signerName).
 //  2. serving certificates for TLS endpoints kube-apiserver can connect to securely (with the "kubernetes.io/kubelet-serving" signerName).
 //
 // This API can be used to request client certificates to authenticate to kube-apiserver
 // (with the "kubernetes.io/kube-apiserver-client" signerName),
 // or to obtain certificates from custom non-Kubernetes signers.
 #CertificateSigningRequest: {
 	metav1.#TypeMeta
 	// +optional
 	metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt)
 	// spec contains the certificate request, and is immutable after creation.
 	// Only the request, signerName, expirationSeconds, and usages fields can be set on creation.
 	// Other fields are derived by Kubernetes and cannot be modified by users.
 	spec: #CertificateSigningRequestSpec @go(Spec) @protobuf(2,bytes,opt)
 	// status contains information about whether the request is approved or denied,
 	// and the certificate issued by the signer, or the failure condition indicating signer failure.
 	// +optional
 	status?: #CertificateSigningRequestStatus @go(Status) @protobuf(3,bytes,opt)
 }
 // CertificateSigningRequestSpec contains the certificate request.
 #CertificateSigningRequestSpec: {
 	// request contains an x509 certificate signing request encoded in a "CERTIFICATE REQUEST" PEM block.
 	// When serialized as JSON or YAML, the data is additionally base64-encoded.
 	// +listType=atomic
 	request: bytes @go(Request,[]byte) @protobuf(1,bytes,opt)
 	// signerName indicates the requested signer, and is a qualified name.
 	//
 	// List/watch requests for CertificateSigningRequests can filter on this field using a "spec.signerName=NAME" fieldSelector.
 	//
 	// Well-known Kubernetes signers are:
 	//  1. "kubernetes.io/kube-apiserver-client": issues client certificates that can be used to authenticate to kube-apiserver.
 	//   Requests for this signer are never auto-approved by kube-controller-manager, can be issued by the "csrsigning" controller in kube-controller-manager.
 	//  2. "kubernetes.io/kube-apiserver-client-kubelet": issues client certificates that kubelets use to authenticate to kube-apiserver.
 	//   Requests for this signer can be auto-approved by the "csrapproving" controller in kube-controller-manager, and can be issued by the "csrsigning" controller in kube-controller-manager.
 	//  3. "kubernetes.io/kubelet-serving" issues serving certificates that kubelets use to serve TLS endpoints, which kube-apiserver can connect to securely.
 	//   Requests for this signer are never auto-approved by kube-controller-manager, and can be issued by the "csrsigning" controller in kube-controller-manager.
 	//
 	// More details are available at https://k8s.io/docs/reference/access-authn-authz/certificate-signing-requests/#kubernetes-signers
 	//
 	// Custom signerNames can also be specified. The signer defines:
 	//  1. Trust distribution: how trust (CA bundles) are distributed.
 	//  2. Permitted subjects: and behavior when a disallowed subject is requested.
 	//  3. Required, permitted, or forbidden x509 extensions in the request (including whether subjectAltNames are allowed, which types, restrictions on allowed values) and behavior when a disallowed extension is requested.
 	//  4. Required, permitted, or forbidden key usages / extended key usages.
 	//  5. Expiration/certificate lifetime: whether it is fixed by the signer, configurable by the admin.
 	//  6. Whether or not requests for CA certificates are allowed.
 	signerName: string @go(SignerName) @protobuf(7,bytes,opt)
 	// expirationSeconds is the requested duration of validity of the issued
 	// certificate. The certificate signer may issue a certificate with a different
 	// validity duration so a client must check the delta between the notBefore and
 	// and notAfter fields in the issued certificate to determine the actual duration.
 	//
 	// The v1.22+ in-tree implementations of the well-known Kubernetes signers will
 	// honor this field as long as the requested duration is not greater than the
 	// maximum duration they will honor per the --cluster-signing-duration CLI
 	// flag to the Kubernetes controller manager.
 	//
 	// Certificate signers may not honor this field for various reasons:
 	//
 	//   1. Old signer that is unaware of the field (such as the in-tree
 	//      implementations prior to v1.22)
 	//   2. Signer whose configured maximum is shorter than the requested duration
 	//   3. Signer whose configured minimum is longer than the requested duration
 	//
 	// The minimum valid value for expirationSeconds is 600, i.e. 10 minutes.
 	//
 	// +optional
 	expirationSeconds?: null | int32 @go(ExpirationSeconds,*int32) @protobuf(8,varint,opt)
 	// usages specifies a set of key usages requested in the issued certificate.
 	//
 	// Requests for TLS client certificates typically request: "digital signature", "key encipherment", "client auth".
 	//
 	// Requests for TLS serving certificates typically request: "key encipherment", "digital signature", "server auth".
 	//
 	// Valid values are:
 	//  "signing", "digital signature", "content commitment",
 	//  "key encipherment", "key agreement", "data encipherment",
 	//  "cert sign", "crl sign", "encipher only", "decipher only", "any",
 	//  "server auth", "client auth",
 	//  "code signing", "email protection", "s/mime",
 	//  "ipsec end system", "ipsec tunnel", "ipsec user",
 	//  "timestamping", "ocsp signing", "microsoft sgc", "netscape sgc"
 	// +listType=atomic
 	usages?: [...#KeyUsage] @go(Usages,[]KeyUsage) @protobuf(5,bytes,opt)
 	// username contains the name of the user that created the CertificateSigningRequest.
 	// Populated by the API server on creation and immutable.
 	// +optional
 	username?: string @go(Username) @protobuf(2,bytes,opt)
 	// uid contains the uid of the user that created the CertificateSigningRequest.
 	// Populated by the API server on creation and immutable.
 	// +optional
 	uid?: string @go(UID) @protobuf(3,bytes,opt)
 	// groups contains group membership of the user that created the CertificateSigningRequest.
 	// Populated by the API server on creation and immutable.
 	// +listType=atomic
 	// +optional
 	groups?: [...string] @go(Groups,[]string) @protobuf(4,bytes,rep)
 	// extra contains extra attributes of the user that created the CertificateSigningRequest.
 	// Populated by the API server on creation and immutable.
 	// +optional
 	extra?: {[string]: #ExtraValue} @go(Extra,map[string]ExtraValue) @protobuf(6,bytes,rep)
 }
 // "kubernetes.io/kube-apiserver-client" signer issues client certificates that can be used to authenticate to kube-apiserver.
 // Never auto-approved by kube-controller-manager.
 // Can be issued by the "csrsigning" controller in kube-controller-manager.
 #KubeAPIServerClientSignerName: "kubernetes.io/kube-apiserver-client"
 // "kubernetes.io/kube-apiserver-client-kubelet" issues client certificates that kubelets use to authenticate to kube-apiserver.
 // Can be auto-approved by the "csrapproving" controller in kube-controller-manager.
 // Can be issued by the "csrsigning" controller in kube-controller-manager.
 #KubeAPIServerClientKubeletSignerName: "kubernetes.io/kube-apiserver-client-kubelet"
 // "kubernetes.io/kubelet-serving" issues serving certificates that kubelets use to serve TLS endpoints,
 // which kube-apiserver can connect to securely.
 // Never auto-approved by kube-controller-manager.
 // Can be issued by the "csrsigning" controller in kube-controller-manager.
 #KubeletServingSignerName: "kubernetes.io/kubelet-serving"
 // ExtraValue masks the value so protobuf can generate
 // +protobuf.nullable=true
 // +protobuf.options.(gogoproto.goproto_stringer)=false
 #ExtraValue: [...string]
 // CertificateSigningRequestStatus contains conditions used to indicate
 // approved/denied/failed status of the request, and the issued certificate.
 #CertificateSigningRequestStatus: {
 	// conditions applied to the request. Known conditions are "Approved", "Denied", and "Failed".
 	// +listType=map
 	// +listMapKey=type
 	// +optional
 	conditions?: [...#CertificateSigningRequestCondition] @go(Conditions,[]CertificateSigningRequestCondition) @protobuf(1,bytes,rep)
 	// certificate is populated with an issued certificate by the signer after an Approved condition is present.
 	// This field is set via the /status subresource. Once populated, this field is immutable.
 	//
 	// If the certificate signing request is denied, a condition of type "Denied" is added and this field remains empty.
 	// If the signer cannot issue the certificate, a condition of type "Failed" is added and this field remains empty.
 	//
 	// Validation requirements:
 	//  1. certificate must contain one or more PEM blocks.
 	//  2. All PEM blocks must have the "CERTIFICATE" label, contain no headers, and the encoded data
 	//   must be a BER-encoded ASN.1 Certificate structure as described in section 4 of RFC5280.
 	//  3. Non-PEM content may appear before or after the "CERTIFICATE" PEM blocks and is unvalidated,
 	//   to allow for explanatory text as described in section 5.2 of RFC7468.
 	//
 	// If more than one PEM block is present, and the definition of the requested spec.signerName
 	// does not indicate otherwise, the first block is the issued certificate,
 	// and subsequent blocks should be treated as intermediate certificates and presented in TLS handshakes.
 	//
 	// The certificate is encoded in PEM format.
 	//
 	// When serialized as JSON or YAML, the data is additionally base64-encoded, so it consists of:
 	//
 	//     base64(
 	//     -----BEGIN CERTIFICATE-----
 	//     ...
 	//     -----END CERTIFICATE-----
 	//     )
 	//
 	// +listType=atomic
 	// +optional
 	certificate?: bytes @go(Certificate,[]byte) @protobuf(2,bytes,opt)
 }
 // RequestConditionType is the type of a CertificateSigningRequestCondition
 #RequestConditionType: string // #enumRequestConditionType
 #enumRequestConditionType:
 	#CertificateApproved |
 	#CertificateDenied |
 	#CertificateFailed
 // Approved indicates the request was approved and should be issued by the signer.
 #CertificateApproved: #RequestConditionType & "Approved"
 // Denied indicates the request was denied and should not be issued by the signer.
 #CertificateDenied: #RequestConditionType & "Denied"
 // Failed indicates the signer failed to issue the certificate.
 #CertificateFailed: #RequestConditionType & "Failed"
 // CertificateSigningRequestCondition describes a condition of a CertificateSigningRequest object
 #CertificateSigningRequestCondition: {
 	// type of the condition. Known conditions are "Approved", "Denied", and "Failed".
 	//
 	// An "Approved" condition is added via the /approval subresource,
 	// indicating the request was approved and should be issued by the signer.
 	//
 	// A "Denied" condition is added via the /approval subresource,
 	// indicating the request was denied and should not be issued by the signer.
 	//
 	// A "Failed" condition is added via the /status subresource,
 	// indicating the signer failed to issue the certificate.
 	//
 	// Approved and Denied conditions are mutually exclusive.
 	// Approved, Denied, and Failed conditions cannot be removed once added.
 	//
 	// Only one condition of a given type is allowed.
 	type: #RequestConditionType @go(Type) @protobuf(1,bytes,opt,casttype=RequestConditionType)
 	// status of the condition, one of True, False, Unknown.
 	// Approved, Denied, and Failed conditions may not be "False" or "Unknown".
 	status: v1.#ConditionStatus @go(Status) @protobuf(6,bytes,opt,casttype=k8s.io/api/core/v1.ConditionStatus)
 	// reason indicates a brief reason for the request state
 	// +optional
 	reason?: string @go(Reason) @protobuf(2,bytes,opt)
 	// message contains a human readable message with details about the request state
 	// +optional
 	message?: string @go(Message) @protobuf(3,bytes,opt)
 	// lastUpdateTime is the time of the last update to this condition
 	// +optional
 	lastUpdateTime?: metav1.#Time @go(LastUpdateTime) @protobuf(4,bytes,opt)
 	// lastTransitionTime is the time the condition last transitioned from one status to another.
 	// If unset, when a new condition type is added or an existing condition's status is changed,
 	// the server defaults this to the current time.
 	// +optional
 	lastTransitionTime?: metav1.#Time @go(LastTransitionTime) @protobuf(5,bytes,opt)
 }
 // CertificateSigningRequestList is a collection of CertificateSigningRequest objects
 #CertificateSigningRequestList: {
 	metav1.#TypeMeta
 	// +optional
 	metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt)
 	// items is a collection of CertificateSigningRequest objects
 	items: [...#CertificateSigningRequest] @go(Items,[]CertificateSigningRequest) @protobuf(2,bytes,rep)
 }
 // KeyUsage specifies valid usage contexts for keys.
 // See:
 //
 //	https://tools.ietf.org/html/rfc5280#section-4.2.1.3
 //	https://tools.ietf.org/html/rfc5280#section-4.2.1.12
 //
 // +enum
 #KeyUsage: string // #enumKeyUsage
 #enumKeyUsage:
 	#UsageSigning |
 	#UsageDigitalSignature |
 	#UsageContentCommitment |
 	#UsageKeyEncipherment |
 	#UsageKeyAgreement |
 	#UsageDataEncipherment |
 	#UsageCertSign |
 	#UsageCRLSign |
 	#UsageEncipherOnly |
 	#UsageDecipherOnly |
 	#UsageAny |
 	#UsageServerAuth |
 	#UsageClientAuth |
 	#UsageCodeSigning |
 	#UsageEmailProtection |
 	#UsageSMIME |
 	#UsageIPsecEndSystem |
 	#UsageIPsecTunnel |
 	#UsageIPsecUser |
 	#UsageTimestamping |
 	#UsageOCSPSigning |
 	#UsageMicrosoftSGC |
 	#UsageNetscapeSGC
 #UsageSigning:           #KeyUsage & "signing"
 #UsageDigitalSignature:  #KeyUsage & "digital signature"
 #UsageContentCommitment: #KeyUsage & "content commitment"
 #UsageKeyEncipherment:   #KeyUsage & "key encipherment"
 #UsageKeyAgreement:      #KeyUsage & "key agreement"
 #UsageDataEncipherment:  #KeyUsage & "data encipherment"
 #UsageCertSign:          #KeyUsage & "cert sign"
 #UsageCRLSign:           #KeyUsage & "crl sign"
 #UsageEncipherOnly:      #KeyUsage & "encipher only"
 #UsageDecipherOnly:      #KeyUsage & "decipher only"
 #UsageAny:               #KeyUsage & "any"
 #UsageServerAuth:        #KeyUsage & "server auth"
 #UsageClientAuth:        #KeyUsage & "client auth"
 #UsageCodeSigning:       #KeyUsage & "code signing"
 #UsageEmailProtection:   #KeyUsage & "email protection"
 #UsageSMIME:             #KeyUsage & "s/mime"
 #UsageIPsecEndSystem:    #KeyUsage & "ipsec end system"
 #UsageIPsecTunnel:       #KeyUsage & "ipsec tunnel"
 #UsageIPsecUser:         #KeyUsage & "ipsec user"
 #UsageTimestamping:      #KeyUsage & "timestamping"
 #UsageOCSPSigning:       #KeyUsage & "ocsp signing"
 #UsageMicrosoftSGC:      #KeyUsage & "microsoft sgc"
 #UsageNetscapeSGC:       #KeyUsage & "netscape sgc"
--- a/timoni/podinfo/cue.mod/gen/k8s.io/api/coordination/v1/register_go_gen.cue
+++ b/timoni/podinfo/cue.mod/gen/k8s.io/api/coordination/v1/register_go_gen.cue
@@ -0,0 +1,7 @@
 // Code generated by cue get go. DO NOT EDIT.
 //cue:generate cue get go k8s.io/api/coordination/v1
 package v1
 #GroupName: "coordination.k8s.io"
--- a/timoni/podinfo/cue.mod/gen/k8s.io/api/coordination/v1/types_go_gen.cue
+++ b/timoni/podinfo/cue.mod/gen/k8s.io/api/coordination/v1/types_go_gen.cue
@@ -0,0 +1,61 @@
 // Code generated by cue get go. DO NOT EDIT.
 //cue:generate cue get go k8s.io/api/coordination/v1
 package v1
 import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 // Lease defines a lease concept.
 #Lease: {
 	metav1.#TypeMeta
 	// More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
 	// +optional
 	metadata?: metav1.#ObjectMeta @go(ObjectMeta) @protobuf(1,bytes,opt)
 	// spec contains the specification of the Lease.
 	// More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
 	// +optional
 	spec?: #LeaseSpec @go(Spec) @protobuf(2,bytes,opt)
 }
 // LeaseSpec is a specification of a Lease.
 #LeaseSpec: {
 	// holderIdentity contains the identity of the holder of a current lease.
 	// +optional
 	holderIdentity?: null | string @go(HolderIdentity,*string) @protobuf(1,bytes,opt)
 	// leaseDurationSeconds is a duration that candidates for a lease need
 	// to wait to force acquire it. This is measure against time of last
 	// observed renewTime.
 	// +optional
 	leaseDurationSeconds?: null | int32 @go(LeaseDurationSeconds,*int32) @protobuf(2,varint,opt)
 	// acquireTime is a time when the current lease was acquired.
 	// +optional
 	acquireTime?: null | metav1.#MicroTime @go(AcquireTime,*metav1.MicroTime) @protobuf(3,bytes,opt)
 	// renewTime is a time when the current holder of a lease has last
 	// updated the lease.
 	// +optional
 	renewTime?: null | metav1.#MicroTime @go(RenewTime,*metav1.MicroTime) @protobuf(4,bytes,opt)
 	// leaseTransitions is the number of transitions of a lease between
 	// holders.
 	// +optional
 	leaseTransitions?: null | int32 @go(LeaseTransitions,*int32) @protobuf(5,varint,opt)
 }
 // LeaseList is a list of Lease objects.
 #LeaseList: {
 	metav1.#TypeMeta
 	// Standard list metadata.
 	// More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
 	// +optional
 	metadata?: metav1.#ListMeta @go(ListMeta) @protobuf(1,bytes,opt)
 	// items is a list of schema objects.
 	items: [...#Lease] @go(Items,[]Lease) @protobuf(2,bytes,rep)
 }
--- a/timoni/podinfo/cue.mod/gen/k8s.io/api/core/v1/annotation_key_constants_go_gen.cue
+++ b/timoni/podinfo/cue.mod/gen/k8s.io/api/core/v1/annotation_key_constants_go_gen.cue
@@ -0,0 +1,147 @@
 // Code generated by cue get go. DO NOT EDIT.
 //cue:generate cue get go k8s.io/api/core/v1
 package v1
 // ImagePolicyFailedOpenKey is added to pods created by failing open when the image policy
 // webhook backend fails.
 #ImagePolicyFailedOpenKey: "alpha.image-policy.k8s.io/failed-open"
 // MirrorAnnotationKey represents the annotation key set by kubelets when creating mirror pods
 #MirrorPodAnnotationKey: "kubernetes.io/config.mirror"
 // TolerationsAnnotationKey represents the key of tolerations data (json serialized)
 // in the Annotations of a Pod.
 #TolerationsAnnotationKey: "scheduler.alpha.kubernetes.io/tolerations"
 // TaintsAnnotationKey represents the key of taints data (json serialized)
 // in the Annotations of a Node.
 #TaintsAnnotationKey: "scheduler.alpha.kubernetes.io/taints"
 // SeccompPodAnnotationKey represents the key of a seccomp profile applied
 // to all containers of a pod.
 // Deprecated: set a pod security context `seccompProfile` field.
 #SeccompPodAnnotationKey: "seccomp.security.alpha.kubernetes.io/pod"
 // SeccompContainerAnnotationKeyPrefix represents the key of a seccomp profile applied
 // to one container of a pod.
 // Deprecated: set a container security context `seccompProfile` field.
 #SeccompContainerAnnotationKeyPrefix: "container.seccomp.security.alpha.kubernetes.io/"
 // SeccompProfileRuntimeDefault represents the default seccomp profile used by container runtime.
 // Deprecated: set a pod or container security context `seccompProfile` of type "RuntimeDefault" instead.
 #SeccompProfileRuntimeDefault: "runtime/default"
 // SeccompProfileNameUnconfined is the unconfined seccomp profile.
 #SeccompProfileNameUnconfined: "unconfined"
 // SeccompLocalhostProfileNamePrefix is the prefix for specifying profiles loaded from the node's disk.
 #SeccompLocalhostProfileNamePrefix: "localhost/"
 // AppArmorBetaContainerAnnotationKeyPrefix is the prefix to an annotation key specifying a container's apparmor profile.
 #AppArmorBetaContainerAnnotationKeyPrefix: "container.apparmor.security.beta.kubernetes.io/"
 // AppArmorBetaDefaultProfileAnnotationKey is the annotation key specifying the default AppArmor profile.
 #AppArmorBetaDefaultProfileAnnotationKey: "apparmor.security.beta.kubernetes.io/defaultProfileName"
 // AppArmorBetaAllowedProfilesAnnotationKey is the annotation key specifying the allowed AppArmor profiles.
 #AppArmorBetaAllowedProfilesAnnotationKey: "apparmor.security.beta.kubernetes.io/allowedProfileNames"
 // AppArmorBetaProfileRuntimeDefault is the profile specifying the runtime default.
 #AppArmorBetaProfileRuntimeDefault: "runtime/default"
 // AppArmorBetaProfileNamePrefix is the prefix for specifying profiles loaded on the node.
 #AppArmorBetaProfileNamePrefix: "localhost/"
 // AppArmorBetaProfileNameUnconfined is the Unconfined AppArmor profile
 #AppArmorBetaProfileNameUnconfined: "unconfined"
 // DeprecatedSeccompProfileDockerDefault represents the default seccomp profile used by docker.
 // Deprecated: set a pod or container security context `seccompProfile` of type "RuntimeDefault" instead.
 #DeprecatedSeccompProfileDockerDefault: "docker/default"
 // PreferAvoidPodsAnnotationKey represents the key of preferAvoidPods data (json serialized)
 // in the Annotations of a Node.
 #PreferAvoidPodsAnnotationKey: "scheduler.alpha.kubernetes.io/preferAvoidPods"
 // ObjectTTLAnnotationKey represents a suggestion for kubelet for how long it can cache
 // an object (e.g. secret, config map) before fetching it again from apiserver.
 // This annotation can be attached to node.
 #ObjectTTLAnnotationKey: "node.alpha.kubernetes.io/ttl"
 // annotation key prefix used to identify non-convertible json paths.
 #NonConvertibleAnnotationPrefix: "non-convertible.kubernetes.io"
 _#kubectlPrefix:                 "kubectl.kubernetes.io/"
 // LastAppliedConfigAnnotation is the annotation used to store the previous
 // configuration of a resource for use in a three way diff by UpdateApplyAnnotation.
 #LastAppliedConfigAnnotation: "kubectl.kubernetes.io/last-applied-configuration"
 // AnnotationLoadBalancerSourceRangesKey is the key of the annotation on a service to set allowed ingress ranges on their LoadBalancers
 //
 // It should be a comma-separated list of CIDRs, e.g. `0.0.0.0/0` to
 // allow full access (the default) or `18.0.0.0/8,56.0.0.0/8` to allow
 // access only from the CIDRs currently allocated to MIT & the USPS.
 //
 // Not all cloud providers support this annotation, though AWS & GCE do.
 #AnnotationLoadBalancerSourceRangesKey: "service.beta.kubernetes.io/load-balancer-source-ranges"
 // EndpointsLastChangeTriggerTime is the annotation key, set for endpoints objects, that
 // represents the timestamp (stored as RFC 3339 date-time string, e.g. '2018-10-22T19:32:52.1Z')
 // of the last change, of some Pod or Service object, that triggered the endpoints object change.
 // In other words, if a Pod / Service changed at time T0, that change was observed by endpoints
 // controller at T1, and the Endpoints object was changed at T2, the
 // EndpointsLastChangeTriggerTime would be set to T0.
 //
 // The "endpoints change trigger" here means any Pod or Service change that resulted in the
 // Endpoints object change.
 //
 // Given the definition of the "endpoints change trigger", please note that this annotation will
 // be set ONLY for endpoints object changes triggered by either Pod or Service change. If the
 // Endpoints object changes due to other reasons, this annotation won't be set (or updated if it's
 // already set).
 //
 // This annotation will be used to compute the in-cluster network programming latency SLI, see
 // https://github.com/kubernetes/community/blob/master/sig-scalability/slos/network_programming_latency.md
 #EndpointsLastChangeTriggerTime: "endpoints.kubernetes.io/last-change-trigger-time"
 // EndpointsOverCapacity will be set on an Endpoints resource when it
 // exceeds the maximum capacity of 1000 addresses. Initially the Endpoints
 // controller will set this annotation with a value of "warning". In a
 // future release, the controller may set this annotation with a value of
 // "truncated" to indicate that any addresses exceeding the limit of 1000
 // have been truncated from the Endpoints resource.
 #EndpointsOverCapacity: "endpoints.kubernetes.io/over-capacity"
 // MigratedPluginsAnnotationKey is the annotation key, set for CSINode objects, that is a comma-separated
 // list of in-tree plugins that will be serviced by the CSI backend on the Node represented by CSINode.
 // This annotation is used by the Attach Detach Controller to determine whether to use the in-tree or
 // CSI Backend for a volume plugin on a specific node.
 #MigratedPluginsAnnotationKey: "storage.alpha.kubernetes.io/migrated-plugins"
 // PodDeletionCost can be used to set to an int32 that represent the cost of deleting
 // a pod compared to other pods belonging to the same ReplicaSet. Pods with lower
 // deletion cost are preferred to be deleted before pods with higher deletion cost.
 // Note that this is honored on a best-effort basis, and so it does not offer guarantees on
 // pod deletion order.
 // The implicit deletion cost for pods that don't set the annotation is 0, negative values are permitted.
 //
 // This annotation is beta-level and is only honored when PodDeletionCost feature is enabled.
 #PodDeletionCost: "controller.kubernetes.io/pod-deletion-cost"
 // DeprecatedAnnotationTopologyAwareHints can be used to enable or disable
 // Topology Aware Hints for a Service. This may be set to "Auto" or
 // "Disabled". Any other value is treated as "Disabled". This annotation has
 // been deprecated in favor of the "service.kubernetes.io/topology-mode"
 // annotation.
 #DeprecatedAnnotationTopologyAwareHints: "service.kubernetes.io/topology-aware-hints"
 // AnnotationTopologyMode can be used to enable or disable Topology Aware
 // Routing for a Service. Well known values are "Auto" and "Disabled".
 // Implementations may choose to develop new topology approaches, exposing
 // them with domain-prefixed values. For example, "example.com/lowest-rtt"
 // could be a valid implementation-specific value for this annotation. These
 // heuristics will often populate topology hints on EndpointSlices, but that
 // is not a requirement.
 #AnnotationTopologyMode: "service.kubernetes.io/topology-mode"
--- a/Show More
+++ b/Show More
		`@@ -0,0 +1 @@`
							`timoni/podinfo/cue.mod/** linguist-vendored`
`@@ -1,4 +1,4 @@`
	`FROM golang:1.18`	`FROM golang:1.21`

	`WORKDIR /workspace`	`WORKDIR /workspace`
		`@@ -1 +0,0 @@`
			`module: "github.com/stefanprodan/podinfo/cue"`