红帽全球峰会4.11.13. 在 AWS 中创建 control plane 机器
您必须在集群要使用的 Amazon Web Services(AWS)中创建 control plane 机器。
您可以使用提供的 CloudFormation 模板和自定义参数文件,创建代表 control plane 节点的 AWS 资源堆栈。
重要
CloudFormation 模板会创建一个堆栈,它代表三个 control plane 节点。
注意
如果不使用提供的 CloudFormation 模板来创建 control plane 节点,您必须检查提供的信息并手动创建基础架构。如果集群没有正确初始化,您可能需要联系红帽支持并提供您的安装日志。
先决条件
- 已配置了一个 AWS 帐户。
-
您可以通过运行
aws configure,将 AWS 密钥和区域添加到本地 AWS 配置集中。 - 已为集群生成 Ignition 配置文件。
- 您在 AWS 中创建并配置了 VPC 及相关子网。
- 您在 AWS 中创建并配置了 DNS、负载均衡器和监听程序。
- 您在 AWS 中创建了集群所需的安全组和角色。
- 已创建 bootstrap 机器。
流程
创建一个 JSON 文件,其包含模板所需的参数值:
[ { "ParameterKey": "InfrastructureName",1 "ParameterValue": "mycluster-<random_string>"2 }, { "ParameterKey": "RhcosAmi",3 "ParameterValue": "ami-<random_string>"4 }, { "ParameterKey": "AutoRegisterDNS",5 "ParameterValue": "yes"6 }, { "ParameterKey": "PrivateHostedZoneId",7 "ParameterValue": "<random_string>"8 }, { "ParameterKey": "PrivateHostedZoneName",9 "ParameterValue": "mycluster.example.com"10 }, { "ParameterKey": "Master0Subnet",11 "ParameterValue": "subnet-<random_string>"12 }, { "ParameterKey": "Master1Subnet",13 "ParameterValue": "subnet-<random_string>"14 }, { "ParameterKey": "Master2Subnet",15 "ParameterValue": "subnet-<random_string>"16 }, { "ParameterKey": "MasterSecurityGroupId",17 "ParameterValue": "sg-<random_string>"18 }, { "ParameterKey": "IgnitionLocation",19 "ParameterValue": "https://api-int.<cluster_name>.<domain_name>:22623/config/master"20 }, { "ParameterKey": "CertificateAuthorities",21 "ParameterValue": "data:text/plain;charset=utf-8;base64,ABC...xYz=="22 }, { "ParameterKey": "MasterInstanceProfileName",23 "ParameterValue": "<roles_stack>-MasterInstanceProfile-<random_string>"24 }, { "ParameterKey": "MasterInstanceType",25 "ParameterValue": "m5.xlarge"26 }, { "ParameterKey": "AutoRegisterELB",27 "ParameterValue": "yes"28 }, { "ParameterKey": "RegisterNlbIpTargetsLambdaArn",29 "ParameterValue": "arn:aws:lambda:<region>:<account_number>:function:<dns_stack_name>-RegisterNlbIpTargets-<random_string>"30 }, { "ParameterKey": "ExternalApiTargetGroupArn",31 "ParameterValue": "arn:aws:elasticloadbalancing:<region>:<account_number>:targetgroup/<dns_stack_name>-Exter-<random_string>"32 }, { "ParameterKey": "InternalApiTargetGroupArn",33 "ParameterValue": "arn:aws:elasticloadbalancing:<region>:<account_number>:targetgroup/<dns_stack_name>-Inter-<random_string>"34 }, { "ParameterKey": "InternalServiceTargetGroupArn",35 "ParameterValue": "arn:aws:elasticloadbalancing:<region>:<account_number>:targetgroup/<dns_stack_name>-Inter-<random_string>"36 } ]- 1
- 您的 Ignition 配置文件中为集群编码的集群基础架构名称。
- 2
- 指定从 Ignition 配置文件元数据中提取的基础架构名称,其格式为
<cluster-name>-<random-string>。 - 3
- 用于 control plane 机器的当前 Red Hat Enterprise Linux CoreOS (RHCOS) AMI。
- 4
- 指定
AWS::EC2::Image::Id值。 - 5
- 是否要执行 DNS etcd 注册。
- 6
- 指定
yes或no。如果指定yes,您必须提供托管区信息。 - 7
- 用来注册 etcd 目标的 Route 53 专用区 ID。
- 8
- 指定 DNS 和负载均衡的 CloudFormation 模板输出的
PrivateHostedZoneId值。 - 9
- 用来注册目标的 Route 53 区。
- 10
- 指定
<cluster_name>.<domain_name>,其中<domain_name>是您为集群生成install-config.yaml文件时所用的 Route 53 基域。请勿包含 AWS 控制台中显示的结尾句点 (.)。 - 11 13 15
- 在其中启动 control plane 机器的子网,最好是专用子网。
- 12 14 16
- 从 DNS 和负载均衡的 CloudFormation 模板输出的
PrivateSubnets值指定子网。 - 17
- 与 control plane 节点(也称为 master 节点)关联的 master 安全组 ID。
- 18
- 指定安全组和角色的 CloudFormation 模板输出的
MasterSecurityGroupId值。 - 19
- 从中获取 control plane Ignition 配置文件的位置。
- 20
- 指定生成的 Ignition 配置文件的位置,
https://api-int.<cluster_name>.<domain_name>:22623/config/master。 - 21
- 要使用的 base64 编码证书颁发机构字符串。
- 22
- 指定安装目录中
master.ign文件中的值。这个值是一个长字符串,格式为data:text/plain;charset=utf-8;base64,ABC…xYz==。 - 23
- 与 control plane 节点关联的 IAM 配置集。
- 24
- 指定安全组和角色的 CloudFormation 模板输出的
MasterInstanceProfile参数值。 - 25
- 用于 control plane 机器的 AWS 实例类型。
- 26
- 允许的值:
-
m4.xlarge -
m4.2xlarge -
m4.4xlarge -
m4.10xlarge -
m4.16xlarge -
m5.xlarge -
m5.2xlarge -
m5.4xlarge -
m5.8xlarge -
m5.12xlarge -
m5.16xlarge -
m5a.xlarge -
m5a.2xlarge -
m5a.4xlarge -
m5a.8xlarge -
m5a.10xlarge -
m5a.16xlarge -
c4.2xlarge -
c4.4xlarge -
c4.8xlarge -
c5.2xlarge -
c5.4xlarge -
c5.9xlarge -
c5.12xlarge -
c5.18xlarge -
c5.24xlarge -
c5a.2xlarge -
c5a.4xlarge -
c5a.8xlarge -
c5a.12xlarge -
c5a.16xlarge -
c5a.24xlarge -
r4.xlarge -
r4.2xlarge -
r4.4xlarge -
r4.8xlarge -
r4.16xlarge -
r5.xlarge -
r5.2xlarge -
r5.4xlarge -
r5.8xlarge -
r5.12xlarge -
r5.16xlarge -
r5.24xlarge -
r5a.xlarge -
r5a.2xlarge -
r5a.4xlarge -
r5a.8xlarge -
r5a.12xlarge -
r5a.16xlarge -
r5a.24xlarge
-
- 27
- 是否要注册网络负载均衡器 (NLB) 。
- 28
- 指定
yes或no。如果指定yes,您必须提供一个 Lambda Amazon Resource Name (ARN) 值。 - 29
- NLB IP 目标注册 lambda 组的 ARN。
- 30
- 指定 DNS 和负载均衡的 CloudFormation 模板输出的
RegisterNlbIpTargetsLambda值。如果将集群部署到 AWS GovCloud 区域,请使用arn:aws-us-gov。 - 31
- 外部 API 负载均衡器目标组的 ARN。
- 32
- 指定 DNS 和负载均衡的 CloudFormation 模板输出的
ExternalApiTargetGroupArn值。如果将集群部署到 AWS GovCloud 区域,请使用arn:aws-us-gov。 - 33
- 内部 API 负载均衡器目标组群的 ARN。
- 34
- 指定 DNS 和负载均衡的 CloudFormation 模板输出的
InternalApiTargetGroupArn值。如果将集群部署到 AWS GovCloud 区域,请使用arn:aws-us-gov。 - 35
- 内部服务负载均衡器目标组群的 ARN。
- 36
- 指定 DNS 和负载均衡的 CloudFormation 模板输出的
InternalServiceTargetGroupArn值。如果将集群部署到 AWS GovCloud 区域,请使用arn:aws-us-gov。
- 复制control plane 机器的 CloudFormation 模板一节中的模板,并将它以 YAML 文件形式保存到计算机上。此模板描述了集群所需的 control plane 机器。
-
如果您将
m5实例类型指定为MasterInstanceType的值,请将该实例类型添加到 CloudFormation 模板中的MasterInstanceType.AllowedValues参数。 启动 CloudFormation 模板,以创建代表 control plane 节点的 AWS 资源堆栈:
重要您必须在一行内输入命令。
$ aws cloudformation create-stack --stack-name <name>1 --template-body file://<template>.yaml2 --parameters file://<parameters>.json3 输出示例
arn:aws:cloudformation:us-east-1:269333783861:stack/cluster-control-plane/21c7e2b0-2ee2-11eb-c6f6-0aa34627df4b注意CloudFormation 模板会创建一个堆栈,它代表三个 control plane 节点。
确认模板组件已存在:
$ aws cloudformation describe-stacks --stack-name <name>
4.11.13.1. control plane 机器的 CloudFormation 模板
复制链接链接已复制到粘贴板!
您可以使用以下 CloudFormation 模板来部署 OpenShift Container Platform 集群所需的 control plane 机器。
例 4.39. control plane 机器的 CloudFormation 模板
AWSTemplateFormatVersion: 2010-09-09
Description: Template for OpenShift Cluster Node Launch (EC2 master instances)
Parameters:
InfrastructureName:
AllowedPattern: ^([a-zA-Z][a-zA-Z0-9\-]{0,26})$
MaxLength: 27
MinLength: 1
ConstraintDescription: Infrastructure name must be alphanumeric, start with a letter, and have a maximum of 27 characters.
Description: A short, unique cluster ID used to tag nodes for the kubelet cloud provider.
Type: String
RhcosAmi:
Description: Current Red Hat Enterprise Linux CoreOS AMI to use for bootstrap.
Type: AWS::EC2::Image::Id
AutoRegisterDNS:
Default: "yes"
AllowedValues:
- "yes"
- "no"
Description: Do you want to invoke DNS etcd registration, which requires Hosted Zone information?
Type: String
PrivateHostedZoneId:
Description: The Route53 private zone ID to register the etcd targets with, such as Z21IXYZABCZ2A4.
Type: String
PrivateHostedZoneName:
Description: The Route53 zone to register the targets with, such as cluster.example.com. Omit the trailing period.
Type: String
Master0Subnet:
Description: The subnets, recommend private, to launch the master nodes into.
Type: AWS::EC2::Subnet::Id
Master1Subnet:
Description: The subnets, recommend private, to launch the master nodes into.
Type: AWS::EC2::Subnet::Id
Master2Subnet:
Description: The subnets, recommend private, to launch the master nodes into.
Type: AWS::EC2::Subnet::Id
MasterSecurityGroupId:
Description: The master security group ID to associate with master nodes.
Type: AWS::EC2::SecurityGroup::Id
IgnitionLocation:
Default: https://api-int.$CLUSTER_NAME.$DOMAIN:22623/config/master
Description: Ignition config file location.
Type: String
CertificateAuthorities:
Default: data:text/plain;charset=utf-8;base64,ABC...xYz==
Description: Base64 encoded certificate authority string to use.
Type: String
MasterInstanceProfileName:
Description: IAM profile to associate with master nodes.
Type: String
MasterInstanceType:
Default: m5.xlarge
Type: String
AllowedValues:
- "m4.xlarge"
- "m4.2xlarge"
- "m4.4xlarge"
- "m4.10xlarge"
- "m4.16xlarge"
- "m5.xlarge"
- "m5.2xlarge"
- "m5.4xlarge"
- "m5.8xlarge"
- "m5.12xlarge"
- "m5.16xlarge"
- "m5a.xlarge"
- "m5a.2xlarge"
- "m5a.4xlarge"
- "m5a.8xlarge"
- "m5a.10xlarge"
- "m5a.16xlarge"
- "c4.2xlarge"
- "c4.4xlarge"
- "c4.8xlarge"
- "c5.2xlarge"
- "c5.4xlarge"
- "c5.9xlarge"
- "c5.12xlarge"
- "c5.18xlarge"
- "c5.24xlarge"
- "c5a.2xlarge"
- "c5a.4xlarge"
- "c5a.8xlarge"
- "c5a.12xlarge"
- "c5a.16xlarge"
- "c5a.24xlarge"
- "r4.xlarge"
- "r4.2xlarge"
- "r4.4xlarge"
- "r4.8xlarge"
- "r4.16xlarge"
- "r5.xlarge"
- "r5.2xlarge"
- "r5.4xlarge"
- "r5.8xlarge"
- "r5.12xlarge"
- "r5.16xlarge"
- "r5.24xlarge"
- "r5a.xlarge"
- "r5a.2xlarge"
- "r5a.4xlarge"
- "r5a.8xlarge"
- "r5a.12xlarge"
- "r5a.16xlarge"
- "r5a.24xlarge"
AutoRegisterELB:
Default: "yes"
AllowedValues:
- "yes"
- "no"
Description: Do you want to invoke NLB registration, which requires a Lambda ARN parameter?
Type: String
RegisterNlbIpTargetsLambdaArn:
Description: ARN for NLB IP target registration lambda. Supply the value from the cluster infrastructure or select "no" for AutoRegisterELB.
Type: String
ExternalApiTargetGroupArn:
Description: ARN for external API load balancer target group. Supply the value from the cluster infrastructure or select "no" for AutoRegisterELB.
Type: String
InternalApiTargetGroupArn:
Description: ARN for internal API load balancer target group. Supply the value from the cluster infrastructure or select "no" for AutoRegisterELB.
Type: String
InternalServiceTargetGroupArn:
Description: ARN for internal service load balancer target group. Supply the value from the cluster infrastructure or select "no" for AutoRegisterELB.
Type: String
Metadata:
AWS::CloudFormation::Interface:
ParameterGroups:
- Label:
default: "Cluster Information"
Parameters:
- InfrastructureName
- Label:
default: "Host Information"
Parameters:
- MasterInstanceType
- RhcosAmi
- IgnitionLocation
- CertificateAuthorities
- MasterSecurityGroupId
- MasterInstanceProfileName
- Label:
default: "Network Configuration"
Parameters:
- VpcId
- AllowedBootstrapSshCidr
- Master0Subnet
- Master1Subnet
- Master2Subnet
- Label:
default: "DNS"
Parameters:
- AutoRegisterDNS
- PrivateHostedZoneName
- PrivateHostedZoneId
- Label:
default: "Load Balancer Automation"
Parameters:
- AutoRegisterELB
- RegisterNlbIpTargetsLambdaArn
- ExternalApiTargetGroupArn
- InternalApiTargetGroupArn
- InternalServiceTargetGroupArn
ParameterLabels:
InfrastructureName:
default: "Infrastructure Name"
VpcId:
default: "VPC ID"
Master0Subnet:
default: "Master-0 Subnet"
Master1Subnet:
default: "Master-1 Subnet"
Master2Subnet:
default: "Master-2 Subnet"
MasterInstanceType:
default: "Master Instance Type"
MasterInstanceProfileName:
default: "Master Instance Profile Name"
RhcosAmi:
default: "Red Hat Enterprise Linux CoreOS AMI ID"
BootstrapIgnitionLocation:
default: "Master Ignition Source"
CertificateAuthorities:
default: "Ignition CA String"
MasterSecurityGroupId:
default: "Master Security Group ID"
AutoRegisterDNS:
default: "Use Provided DNS Automation"
AutoRegisterELB:
default: "Use Provided ELB Automation"
PrivateHostedZoneName:
default: "Private Hosted Zone Name"
PrivateHostedZoneId:
default: "Private Hosted Zone ID"
Conditions:
DoRegistration: !Equals ["yes", !Ref AutoRegisterELB]
DoDns: !Equals ["yes", !Ref AutoRegisterDNS]
Resources:
Master0:
Type: AWS::EC2::Instance
Properties:
ImageId: !Ref RhcosAmi
BlockDeviceMappings:
- DeviceName: /dev/xvda
Ebs:
VolumeSize: "120"
VolumeType: "gp2"
IamInstanceProfile: !Ref MasterInstanceProfileName
InstanceType: !Ref MasterInstanceType
NetworkInterfaces:
- AssociatePublicIpAddress: "false"
DeviceIndex: "0"
GroupSet:
- !Ref "MasterSecurityGroupId"
SubnetId: !Ref "Master0Subnet"
UserData:
Fn::Base64: !Sub
- '{"ignition":{"config":{"merge":[{"source":"${SOURCE}"}]},"security":{"tls":{"certificateAuthorities":[{"source":"${CA_BUNDLE}"}]}},"version":"3.1.0"}}'
- {
SOURCE: !Ref IgnitionLocation,
CA_BUNDLE: !Ref CertificateAuthorities,
}
Tags:
- Key: !Join ["", ["kubernetes.io/cluster/", !Ref InfrastructureName]]
Value: "shared"
RegisterMaster0:
Condition: DoRegistration
Type: Custom::NLBRegister
Properties:
ServiceToken: !Ref RegisterNlbIpTargetsLambdaArn
TargetArn: !Ref ExternalApiTargetGroupArn
TargetIp: !GetAtt Master0.PrivateIp
RegisterMaster0InternalApiTarget:
Condition: DoRegistration
Type: Custom::NLBRegister
Properties:
ServiceToken: !Ref RegisterNlbIpTargetsLambdaArn
TargetArn: !Ref InternalApiTargetGroupArn
TargetIp: !GetAtt Master0.PrivateIp
RegisterMaster0InternalServiceTarget:
Condition: DoRegistration
Type: Custom::NLBRegister
Properties:
ServiceToken: !Ref RegisterNlbIpTargetsLambdaArn
TargetArn: !Ref InternalServiceTargetGroupArn
TargetIp: !GetAtt Master0.PrivateIp
Master1:
Type: AWS::EC2::Instance
Properties:
ImageId: !Ref RhcosAmi
BlockDeviceMappings:
- DeviceName: /dev/xvda
Ebs:
VolumeSize: "120"
VolumeType: "gp2"
IamInstanceProfile: !Ref MasterInstanceProfileName
InstanceType: !Ref MasterInstanceType
NetworkInterfaces:
- AssociatePublicIpAddress: "false"
DeviceIndex: "0"
GroupSet:
- !Ref "MasterSecurityGroupId"
SubnetId: !Ref "Master1Subnet"
UserData:
Fn::Base64: !Sub
- '{"ignition":{"config":{"merge":[{"source":"${SOURCE}"}]},"security":{"tls":{"certificateAuthorities":[{"source":"${CA_BUNDLE}"}]}},"version":"3.1.0"}}'
- {
SOURCE: !Ref IgnitionLocation,
CA_BUNDLE: !Ref CertificateAuthorities,
}
Tags:
- Key: !Join ["", ["kubernetes.io/cluster/", !Ref InfrastructureName]]
Value: "shared"
RegisterMaster1:
Condition: DoRegistration
Type: Custom::NLBRegister
Properties:
ServiceToken: !Ref RegisterNlbIpTargetsLambdaArn
TargetArn: !Ref ExternalApiTargetGroupArn
TargetIp: !GetAtt Master1.PrivateIp
RegisterMaster1InternalApiTarget:
Condition: DoRegistration
Type: Custom::NLBRegister
Properties:
ServiceToken: !Ref RegisterNlbIpTargetsLambdaArn
TargetArn: !Ref InternalApiTargetGroupArn
TargetIp: !GetAtt Master1.PrivateIp
RegisterMaster1InternalServiceTarget:
Condition: DoRegistration
Type: Custom::NLBRegister
Properties:
ServiceToken: !Ref RegisterNlbIpTargetsLambdaArn
TargetArn: !Ref InternalServiceTargetGroupArn
TargetIp: !GetAtt Master1.PrivateIp
Master2:
Type: AWS::EC2::Instance
Properties:
ImageId: !Ref RhcosAmi
BlockDeviceMappings:
- DeviceName: /dev/xvda
Ebs:
VolumeSize: "120"
VolumeType: "gp2"
IamInstanceProfile: !Ref MasterInstanceProfileName
InstanceType: !Ref MasterInstanceType
NetworkInterfaces:
- AssociatePublicIpAddress: "false"
DeviceIndex: "0"
GroupSet:
- !Ref "MasterSecurityGroupId"
SubnetId: !Ref "Master2Subnet"
UserData:
Fn::Base64: !Sub
- '{"ignition":{"config":{"merge":[{"source":"${SOURCE}"}]},"security":{"tls":{"certificateAuthorities":[{"source":"${CA_BUNDLE}"}]}},"version":"3.1.0"}}'
- {
SOURCE: !Ref IgnitionLocation,
CA_BUNDLE: !Ref CertificateAuthorities,
}
Tags:
- Key: !Join ["", ["kubernetes.io/cluster/", !Ref InfrastructureName]]
Value: "shared"
RegisterMaster2:
Condition: DoRegistration
Type: Custom::NLBRegister
Properties:
ServiceToken: !Ref RegisterNlbIpTargetsLambdaArn
TargetArn: !Ref ExternalApiTargetGroupArn
TargetIp: !GetAtt Master2.PrivateIp
RegisterMaster2InternalApiTarget:
Condition: DoRegistration
Type: Custom::NLBRegister
Properties:
ServiceToken: !Ref RegisterNlbIpTargetsLambdaArn
TargetArn: !Ref InternalApiTargetGroupArn
TargetIp: !GetAtt Master2.PrivateIp
RegisterMaster2InternalServiceTarget:
Condition: DoRegistration
Type: Custom::NLBRegister
Properties:
ServiceToken: !Ref RegisterNlbIpTargetsLambdaArn
TargetArn: !Ref InternalServiceTargetGroupArn
TargetIp: !GetAtt Master2.PrivateIp
EtcdSrvRecords:
Condition: DoDns
Type: AWS::Route53::RecordSet
Properties:
HostedZoneId: !Ref PrivateHostedZoneId
Name: !Join [".", ["_etcd-server-ssl._tcp", !Ref PrivateHostedZoneName]]
ResourceRecords:
- !Join [
" ",
["0 10 2380", !Join [".", ["etcd-0", !Ref PrivateHostedZoneName]]],
]
- !Join [
" ",
["0 10 2380", !Join [".", ["etcd-1", !Ref PrivateHostedZoneName]]],
]
- !Join [
" ",
["0 10 2380", !Join [".", ["etcd-2", !Ref PrivateHostedZoneName]]],
]
TTL: 60
Type: SRV
Etcd0Record:
Condition: DoDns
Type: AWS::Route53::RecordSet
Properties:
HostedZoneId: !Ref PrivateHostedZoneId
Name: !Join [".", ["etcd-0", !Ref PrivateHostedZoneName]]
ResourceRecords:
- !GetAtt Master0.PrivateIp
TTL: 60
Type: A
Etcd1Record:
Condition: DoDns
Type: AWS::Route53::RecordSet
Properties:
HostedZoneId: !Ref PrivateHostedZoneId
Name: !Join [".", ["etcd-1", !Ref PrivateHostedZoneName]]
ResourceRecords:
- !GetAtt Master1.PrivateIp
TTL: 60
Type: A
Etcd2Record:
Condition: DoDns
Type: AWS::Route53::RecordSet
Properties:
HostedZoneId: !Ref PrivateHostedZoneId
Name: !Join [".", ["etcd-2", !Ref PrivateHostedZoneName]]
ResourceRecords:
- !GetAtt Master2.PrivateIp
TTL: 60
Type: A
Outputs:
PrivateIPs:
Description: The control-plane node private IP addresses.
Value:
!Join [
",",
[!GetAtt Master0.PrivateIp, !GetAtt Master1.PrivateIp, !GetAtt Master2.PrivateIp]
]
'%20d='M201.5%20305.5c-13.8%200-24.9-11.1-24.9-24.6%200-13.8%2011.1-24.9%2024.9-24.9%2013.6%200%2024.6%2011.1%2024.6%2024.9%200%2013.6-11.1%2024.6-24.6%2024.6zM504%20256c0%20137-111%20248-248%20248S8%20393%208%20256%20119%208%20256%208s248%20111%20248%20248zm-132.3-41.2c-9.4%200-17.7%203.9-23.8%2010-22.4-15.5-52.6-25.5-86.1-26.6l17.4-78.3%2055.4%2012.5c0%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.3%2024.9-24.9s-11.1-24.9-24.9-24.9c-9.7%200-18%205.8-22.1%2013.8l-61.2-13.6c-3-.8-6.1%201.4-6.9%204.4l-19.1%2086.4c-33.2%201.4-63.1%2011.3-85.5%2026.8-6.1-6.4-14.7-10.2-24.1-10.2-34.9%200-46.3%2046.9-14.4%2062.8-1.1%205-1.7%2010.2-1.7%2015.5%200%2052.6%2059.2%2095.2%20132%2095.2%2073.1%200%20132.3-42.6%20132.3-95.2%200-5.3-.6-10.8-1.9-15.8%2031.3-16%2019.8-62.5-14.9-62.5zM302.8%20331c-18.2%2018.2-76.1%2017.9-93.6%200-2.2-2.2-6.1-2.2-8.3%200-2.5%202.5-2.5%206.4%200%208.6%2022.8%2022.8%2087.3%2022.8%20110.2%200%202.5-2.2%202.5-6.1%200-8.6-2.2-2.2-6.1-2.2-8.3%200zm7.7-75c-13.6%200-24.6%2011.1-24.6%2024.9%200%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.1%2024.9-24.6%200-13.8-11-24.9-24.9-24.9z'/%3e%3c/svg%3e){kind=small}